TWI650658B - Method and system for querying data through verification of identity and authorization - Google Patents
Method and system for querying data through verification of identity and authorization Download PDFInfo
- Publication number
- TWI650658B TWI650658B TW106132683A TW106132683A TWI650658B TW I650658 B TWI650658 B TW I650658B TW 106132683 A TW106132683 A TW 106132683A TW 106132683 A TW106132683 A TW 106132683A TW I650658 B TWI650658 B TW I650658B
- Authority
- TW
- Taiwan
- Prior art keywords
- data
- authorization
- authorization certificate
- requester
- data requester
- Prior art date
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 423
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000012795 verification Methods 0.000 title claims description 12
- 238000004590 computer program Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 24
- 230000005540 biological transmission Effects 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- XXQCMVYBAALAJK-UHFFFAOYSA-N ethyl n-[4-[benzyl(2-phenylethyl)amino]-2-(2-phenylethyl)-1h-imidazo[4,5-c]pyridin-6-yl]carbamate Chemical compound N=1C=2C(N(CCC=3C=CC=CC=3)CC=3C=CC=CC=3)=NC(NC(=O)OCC)=CC=2NC=1CCC1=CC=CC=C1 XXQCMVYBAALAJK-UHFFFAOYSA-N 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
本發明提供一種身份認證及授權證明之資料查詢方法與系統,該方法與系統包括:接收資料擁有者發送的授權請求;對所述資料擁有者的身份進行認證;當所述資料擁有者的身份通過認證後,根據所述資料擁有者的授權請求,生成授權證明;將生成的授權證明發送給所述資料擁有者以使所述資料擁有者將所述生成的授權證明提供給資料需求方;接收所述資料需求方提供的授權證明;認證所述資料需求方提供的授權證明是否有效;當所述資料需求方提供的授權證明有效時,根據所述資料需求方提供的授權證明,運算出所述資料需求方所需的資料;將所述資料發送給所述資料需求方。 The invention provides a data query method and system for identity authentication and authorization certificate, the method and system comprising: receiving an authorization request sent by a data owner; authenticating the identity of the data owner; and determining the identity of the data owner After the authentication, the authorization certificate is generated according to the authorization request of the data owner; and the generated authorization certificate is sent to the data owner to enable the data owner to provide the generated authorization certificate to the data requester; Receiving the authorization certificate provided by the data requester; authenticating whether the authorization certificate provided by the data requester is valid; and when the authorization certificate provided by the data requester is valid, calculating according to the authorization certificate provided by the data demander Information required by the data requester; the data is sent to the data requester.
Description
本發明涉及資訊傳輸領域,尤其涉及一種身份認證及授權證明之資料查詢方法與系統。 The invention relates to the field of information transmission, in particular to a data query method and system for identity authentication and authorization certificate.
現有技術中,資料的查詢與審核多數是採用直接審核文件正本的方式,並且由資料擁有者直接提供資料給資料需求方。這種資訊傳輸方式效率較低,且從授權查詢到傳輸文件均採用手動的方式,操作起來不夠便捷,也不夠智能。另外,由資料擁有者直接提供的資料也存在不真實的情況,這樣,則給資料需求者帶來使用困擾。 In the prior art, most of the data inquiry and auditing adopts the method of directly reviewing the original document, and the data owner directly provides the data to the data demanding party. This kind of information transmission method is inefficient, and the manual query is used from the authorization query to the transmission file, which is not convenient and not intelligent enough. In addition, the information provided directly by the data owner is also untrue, which will cause problems for the data users.
鑒於以上內容,有必要提供一種身份認證及授權證明之資料查詢方法與系統,以獲取到更真實的資料,使資料的查詢更有效率,也更加智能化。 In view of the above, it is necessary to provide a data query method and system for identity authentication and authorization certificate to obtain more real data, making data query more efficient and intelligent.
一種身份認證及授權證明之資料查詢系統,應用於資料提供者,所述身份認證及授權證明之資料查詢系統與資料擁有者及資料需求方相通信,所述身份認證及授權證明之資料查詢系統包括:接收模組,用於接收所述資料擁有者發送的授權請求;身份認證模組,用於對所述資料擁有者的身份進行認證;授權證明產生模組,用於當所述資料擁有者的身份通過認證後,根據所述資料擁有者的授權請求,生成授權證明;發送模組,用於將生成的授權證明發 送給所述資料擁有者以使所述資料擁有者將所述生成的授權證明提供給所述資料需求方;所述接收模組,還用於接收所述資料需求方提供的授權證明;授權證明認證模組,用於認證所述資料需求方提供的授權證明是否有效;授權證明運算模組,用於當所述資料需求方提供的授權證明有效時,根據所述資料需求方提供的授權證明,運算出所述資料需求方所需的資料;及所述發送模組,還用於將所述資料發送給所述資料需求方。 A data inquiry system for identity authentication and authorization certificate is applied to a data provider, and the data inquiry system of the identity authentication and authorization certificate communicates with a data owner and a data requester, and the data authentication system for the identity authentication and authorization certificate The method includes: a receiving module, configured to receive an authorization request sent by the data owner; an identity authentication module, configured to authenticate the identity of the data owner; and an authorization certificate generating module, configured to have the data After the identity of the person is authenticated, an authorization certificate is generated according to the authorization request of the data owner; and the sending module is configured to send the generated authorization certificate Giving the data owner to the data owner to provide the generated authorization certificate to the data requester; the receiving module is further configured to receive the authorization certificate provided by the data requester; a certification certification module for authenticating whether the authorization certificate provided by the data requester is valid; and an authorization certification operation module for authorizing the authorization provided by the data requester when the authorization certificate provided by the data requester is valid Proving that the data required by the data requester is calculated; and the sending module is further configured to send the data to the data requester.
一種身份認證及授權證明之身份認證及授權證明之資料查詢方法,該方法包括:第一接收步驟,接收所述資料擁有者發送的授權請求;身份認證步驟,對所述資料擁有者的身份進行認證;授權證明產生步驟,當所述資料擁有者的身份通過認證後,根據所述資料擁有者的授權請求,生成授權證明;第一發送步驟,將生成的授權證明發送給所述資料擁有者以使所述資料擁有者將所述生成的授權證明提供給所述資料需求方;第二接收步驟,接收所述資料需求方提供的授權證明;授權證明認證步驟,認證所述資料需求方提供的授權證明是否有效;授權證明運算步驟,當所述資料需求方提供的授權證明有效時,根據所述資料需求方提供的授權證明,運算出所述資料需求方所需的資料;及第二發送步驟,將所述資料發送給所述資料需求方。 A method for querying an identity authentication and authorization certificate for an identity authentication and authorization certificate, the method comprising: a first receiving step of receiving an authorization request sent by the data owner; and an identity authentication step of performing identity of the data owner Authentication; the authorization certification generating step, when the identity of the data owner is authenticated, generating an authorization certificate according to the authorization request of the data owner; the first sending step, sending the generated authorization certificate to the data owner So that the data owner provides the generated authorization certificate to the data requester; the second receiving step receives the authorization certificate provided by the data requester; the authorization certification authentication step, and the certification data requester provides Whether the authorization certificate is valid; the authorization certification operation step, when the authorization certificate provided by the data requester is valid, calculates the information required by the data demander according to the authorization certificate provided by the data requester; and the second The sending step sends the data to the data requester.
相較於現有技術,本發明提供的身份認證及授權證明之身份認證及授權證明之資料查詢方法與系統身份認證及授權證明之資料查詢方法,可以提供一種更有效率且更加真實的資訊傳輸方法,使資料查詢更加智能化。 Compared with the prior art, the data authentication method for identity authentication and authorization certificate provided by the present invention and the data query method for system identity authentication and authorization certificate can provide a more efficient and more realistic information transmission method. To make data query more intelligent.
11‧‧‧資料提供者 11‧‧‧Information provider
2‧‧‧資料擁有者 2‧‧‧ Data owner
3‧‧‧資料需求方 3‧‧‧ data demand side
13‧‧‧資料庫 13‧‧‧Database
10‧‧‧身份認證及授權證明之資料查詢系統 10‧‧‧Information authentication system for identity authentication and authorization
101‧‧‧接收模組 101‧‧‧ receiving module
102‧‧‧授權證明認證模組 102‧‧‧Authorization certification module
103‧‧‧授權證明產生模組 103‧‧‧Authorization certificate generation module
104‧‧‧發送模組 104‧‧‧Transmission module
105‧‧‧授權證明運算模組 105‧‧‧Authorization certification computing module
106‧‧‧身份認證模組 106‧‧‧ identity authentication module
圖1是本發明身份認證及授權證明之資料查詢方法的較佳實施方式的應用環境示意圖。 1 is a schematic diagram of an application environment of a preferred embodiment of a method for querying an identity authentication and authorization certificate according to the present invention.
圖2是本發明身份認證及授權證明之資料查詢系統的較佳實施方式的功能模塊圖。 2 is a functional block diagram of a preferred embodiment of a data query system for identity authentication and authorization certificates of the present invention.
圖3是本發明身份認證及授權證明之資料查詢方法的較佳實施方式的流程圖。 3 is a flow chart of a preferred embodiment of the method for querying the identity authentication and authorization certificate of the present invention.
圖4是本發明身份認證及授權證明之資料查詢系統與資料擁有者交互的較佳實施方式的示意圖。 4 is a schematic diagram of a preferred embodiment of the data query system of the identity authentication and authorization certificate of the present invention interacting with the data owner.
圖5是本發明身份認證及授權證明之資料查詢系統與資料需求方交互的較佳實施方式的示意圖。 FIG. 5 is a schematic diagram of a preferred embodiment of the data query system of the identity authentication and authorization certificate of the present invention interacting with the data requester.
圖6是本發明以Token為授權證明的身份認證及授權證明之資料查詢方法的較佳實施方式的流程圖。 FIG. 6 is a flow chart of a preferred embodiment of the method for querying the identity authentication and authorization certificate of the present invention with Token as the authorization certificate.
圖7是本發明以Token為授權證明的身份認證及授權證明之資料查詢系統與資料擁有者交互的較佳實施方式的示意圖。 FIG. 7 is a schematic diagram of a preferred embodiment of the data query system for authenticating and authenticating the identification and authorization certificate of the present invention with the data owner.
圖8是本發明以Token為授權證明的身份認證及授權證明之資料查詢系統與資料需求方交互的較佳實施方式的示意圖。 FIG. 8 is a schematic diagram of a preferred embodiment of the data query system for interacting with the data requester with the token authentication and authorization certificate in the present invention.
圖9是本發明以數字版權檔案為授權證明的身份認證及授權證明之資料查詢方法的較佳實施方式的流程圖。 FIG. 9 is a flow chart of a preferred embodiment of the method for querying the identity authentication and authorization certificate of the present invention using the digital copyright file as an authorization certificate.
圖10是本發明以數字版權檔案為授權證明的身份認證及授權證明之資料查詢系統與資料擁有者交互的較佳實施方式的示意圖。 FIG. 10 is a schematic diagram of a preferred embodiment of the data query system for interacting with the data owner of the identity authentication and authorization certificate with the digital copyright file as the authorization certificate.
圖11是本發明以數字版權檔案為授權證明的身份認證及授權證明之資料查詢系統與資料需求方交互的較佳實施方式的示意圖。 FIG. 11 is a schematic diagram of a preferred embodiment of the data query system for interacting with the data requester of the identity authentication and authorization certificate with the digital copyright file as the authorization certificate.
圖12是本發明以Token為授權證明並接收查詢信息的身份認證及授權證明之資料查詢方法的較佳實施方式的流程圖。 FIG. 12 is a flow chart of a preferred embodiment of the data query method of the present invention for authenticating and receiving the identity authentication and authorization certificate of the query information.
圖13是本發明以Token為授權證明並接收查詢信息的身份認證及授權證明之資料查詢系統與資料擁有者交互的較佳實施方式的示意圖。 FIG. 13 is a schematic diagram of a preferred embodiment of the present invention for interacting with a data owner by using a Token as an authorization certificate and receiving an identity authentication and authorization certificate for query information.
圖14是本發明以Token為授權證明並接收查詢信息的身份認證及授權證明之資料查詢系統與資料需求方交互的較佳實施方式的示意圖。 FIG. 14 is a schematic diagram of a preferred embodiment of the present invention for interacting with a data requesting party by using a Token as an authorization certificate and receiving an identity authentication and authorization certificate for querying information.
圖15是本發明以數字版權檔案為授權證明並接收查詢信息的身份認證及授權證明之資料查詢方法的較佳實施方式的流程圖。 15 is a flow chart of a preferred embodiment of the data query method for authenticating and authenticating the identity verification and authorization certificate of the present invention with the digital copyright file as the authorization certificate.
圖16是本發明以數字版權檔案為授權證明並接收查詢信息的身份認證及授權證明之資料查詢系統與資料擁有者交互的較佳實施方式的示意圖。 16 is a schematic diagram of a preferred embodiment of the data query system of the present invention for interacting with a data owner by using a digital copyright file as an authorization certificate and receiving identity verification and authorization certificates for query information.
圖17是本發明以數字版權檔案為授權證明並接收查詢信息的身份認證及授權證明之資料查詢系統與資料需求方交互的較佳實施方式的示意圖。 17 is a schematic diagram of a preferred embodiment of the present invention for interacting with a data requesting party by using a digital copyright file as an authorization certificate and receiving an identity authentication and authorization certificate for querying information.
參閱圖1所示,是本發明身份認證及授權證明之身份認證及授權證明之資料查詢方法的較佳實施方式的應用環境示意圖。在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11分別與資料擁有者2及資料需求方3相通信。 Referring to FIG. 1 , it is a schematic diagram of an application environment of a preferred embodiment of the method for querying the identity authentication and authorization certificate of the identity authentication and authorization certificate of the present invention. In this embodiment, the data authentication system 10 for the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data owner 2 and the data requester 3, respectively.
在本實施例中,所述資料提供者11用於管理所述資料擁有者2的資料,所述資料提供者11包括,但不限於:會計、銀行、金融機構、上游應收賬款廠商、戶政事務所、醫院、供應商、學研機構等等,本發明對所述資料提供者11的身份不做限制。 In this embodiment, the data provider 11 is configured to manage the data of the data owner 2, and the data provider 11 includes, but is not limited to, an accounting, a bank, a financial institution, an upstream accounts receivable vendor, The household office, the hospital, the supplier, the academic research institution, and the like, the present invention does not limit the identity of the data provider 11.
在本實施例中,所述資料擁有者2用於提供資料,所述資料擁有者2包括,但不限於:企業、法人或個人等。 In this embodiment, the data owner 2 is used to provide information, and the data owner 2 includes, but is not limited to, a business, a legal person or an individual.
在本實施例中,所述資料需求方3為需要資料的一方,所述資料需求方3包括,但不限於:會計、銀行、金融機構、醫院、供應商、學研機構、監管機構等。 In this embodiment, the data demander 3 is a party that needs data, and the data demander 3 includes, but is not limited to, an accountant, a bank, a financial institution, a hospital, a supplier, a research institution, a regulatory agency, and the like.
在本實施例中,所述資料提供者11用於根據所述資料擁有者2的授權請求提供授權證明,並根據所述資料需求方3提供的授權證明及所述資料需求方3的查詢信息以授權所述資料需求方3進行資料的查詢。 In this embodiment, the data provider 11 is configured to provide an authorization certificate according to the authorization request of the data owner 2, and according to the authorization certificate provided by the data requester 3 and the query information of the data requester 3 In order to authorize the data requester 3 to conduct data inquiry.
所述資料庫13與所述身份認證及授權證明之資料查詢系統10進行通信連接。所述資料庫13存儲各個應用領域中與用戶相關的重要資料項目。在本實施方式中,所述資料庫13存儲所述資料擁有者2提供的資料項目,以供所述資料需求方3根據授權證明查詢所述資料庫13中的資料。所述資料項目包括:賬本、存入及提出金額、交易時間、餘額、其他交易記錄等。在不同的應用領域,所述資料項目還可以包括資產、債務、病歷、信用、學歷等。所述資料庫13還存儲所述資料提供者11生成的資料等。 The database 13 is in communication connection with the data query system 10 of the identity authentication and authorization certificate. The database 13 stores important data items related to users in various application fields. In this embodiment, the database 13 stores the data items provided by the data owner 2 for the data requester 3 to query the data in the database 13 according to the authorization certificate. The data items include: ledger, deposit and offer amount, transaction time, balance, other transaction records, and the like. In different application fields, the data item may also include assets, debts, medical records, credits, education, and the like. The database 13 also stores materials and the like generated by the material provider 11.
在本實施例中,所述身份認證及授權證明之資料查詢系統10可以運行於計算機裝置中,該計算機裝置是一種能夠按照事先設定或存儲的指令,自動進行數值計算和/或信息處理的設備,其硬件包括但不限於微處理器、專用集成電路(Application Specific Integrated Circuit,ASIC)、可編程門陣列(Field-Programmable Gate Array,FPGA)、數字處理器(Digital Signal Processor,DSP)、嵌入式設備等。所述計算機裝置包括但不限於單個網路伺服器、多個網路伺服器組成的伺服器組或基於雲計算(Cloud Computing)的由大量主機或網路伺服器構成的雲,其中,雲計算是分布式計算的一種,由一群鬆散耦合的計算機集組成的一個超級虛擬計算機。 In this embodiment, the identity authentication and authorization certificate data query system 10 can be run in a computer device, which is a device capable of automatically performing numerical calculation and/or information processing according to an instruction set or stored in advance. The hardware includes but is not limited to a microprocessor, an application specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a digital signal processor (DSP), and an embedded Equipment, etc. The computer device includes, but is not limited to, a single network server, a server group composed of a plurality of network servers, or a Cloud Computing-based cloud composed of a large number of hosts or network servers, wherein the cloud computing It is a kind of distributed computing, a super virtual computer composed of a group of loosely coupled computers.
參閱圖2所示,是本發明身份認證及授權證明之資料查詢系統的較佳實施方式的功能模塊圖。在本實施方式中,所述身份認證及授權證明之資料查詢系統10可以被分割成一個或多個模組。例如,所述身份認證及授權證明之資料查詢系統10被分割成接收模組101、授權證明認證模組102、授權證明 產生模組103、發送模組104、授權證明運算模組105及身份認證模組106。關於各模組的詳細功能將在後文圖3至圖17中作具體描述。 Referring to FIG. 2, it is a functional block diagram of a preferred embodiment of the data query system of the identity authentication and authorization certificate of the present invention. In this embodiment, the data query system 10 of the identity authentication and authorization certificate may be divided into one or more modules. For example, the data query system 10 of the identity authentication and authorization certificate is divided into a receiving module 101, an authorization certificate authentication module 102, and an authorization certificate. The module 103, the transmitting module 104, the authorization certificate computing module 105, and the identity authentication module 106 are generated. The detailed functions of each module will be specifically described later in FIGS. 3 to 17.
參閱圖3所示,是本發明身份認證及授權證明之資料查詢方法的較佳實施方式的流程圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 3, it is a flow chart of a preferred embodiment of the method for querying the identity authentication and authorization certificate of the present invention. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
步驟S10,接收模組101接收所述資料擁有者2發送的授權請求。 In step S10, the receiving module 101 receives the authorization request sent by the data owner 2.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料擁有者2相通信。 In the present embodiment, the data authentication system 10 of the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data owner 2.
在本實施例中,所述授權請求中包括以下一項或者多項的組合:所述資料擁有者2的身份證明、所述資料擁有者2的名稱、所述資料需求方3的身份證明、所述資料需求方3的名稱、授權範圍條件等。 In this embodiment, the authorization request includes a combination of one or more of the following: an identity certificate of the data owner 2, a name of the data owner 2, an identity certificate of the data requester 3, and a The name of the data requester 3, the scope of the authorization scope, and the like.
所述授權範圍條件包括以下一種或者多種的組合:查詢者(資料需求方3)、查詢有效期間、可查詢最大次數、查詢科目、查詢科目的時間點等。 The authorization scope condition includes one or more of the following combinations: the querier (data demand side 3), the query validity period, the maximum number of queries that can be queried, the query subject, and the time point of the query subject.
在本實施例中,所述資料需求方3與所述資料提供者11通信連接。 In this embodiment, the data requester 3 is communicatively coupled to the data provider 11.
步驟S11,身份認證模組106對所述資料擁有者2的身份進行認證。 In step S11, the identity authentication module 106 authenticates the identity of the data owner 2.
在本實施例中,所述資料擁有者2在發送所述授權請求給所述身份認證模組106的同時,將所述資料擁有者2的身份證明及所述資料擁有者2的名稱一併發送給所述身份認證模組106。 In this embodiment, the data owner 2 sends the authorization request to the identity authentication module 106, and the identity certificate of the data owner 2 and the name of the data owner 2 are combined. Sended to the identity authentication module 106.
在本實施例中,所述身份認證模組106預先存儲至少一個用戶的身份證明及至少一個用戶的名稱,以用於對不同用戶的身份進行認證。 In this embodiment, the identity authentication module 106 pre-stores the identity certificate of at least one user and the name of at least one user for authenticating the identity of different users.
在本實施例中,所述身份認證模組106在獲取了所述資料擁有者2的身份證明及所述資料擁有者2的名稱後,將所述資料擁有者2的身份證明及所述資料擁有者2的名稱與預先存儲的所述至少一個用戶的身份證明及所述至少一個用戶的名稱進行匹配。當所述資料擁有者2的身份證明及所述資料擁有者2 的名稱與預先存儲的所述至少一個用戶的身份證明及所述至少一個用戶的名稱匹配成功時,所述身份認證模組106確認所述資料擁有者2的身份有效;當所述資料擁有者2的身份證明及所述資料擁有者2的名稱與預先存儲的所述至少一個用戶的身份證明及所述至少一個用戶的名稱匹配失敗時,所述身份認證模組106確認所述資料擁有者2的身份無效。 In this embodiment, after the identity authentication module 106 obtains the identity certificate of the data owner 2 and the name of the data owner 2, the identity certificate of the data owner 2 and the data are obtained. The name of the owner 2 matches the pre-stored identification of the at least one user and the name of the at least one user. When the identity holder 2 has the identity certificate and the data owner 2 When the name matches the pre-stored identity certificate of the at least one user and the name of the at least one user, the identity authentication module 106 confirms that the identity of the material owner 2 is valid; when the data owner When the identity of 2 and the name of the data owner 2 fail to match the pre-stored identity certificate of the at least one user and the name of the at least one user, the identity authentication module 106 confirms the data owner 2's identity is invalid.
步驟S12,當所述資料擁有者2的身份通過認證後,授權證明產生模組103根據所述資料擁有者2的授權請求,生成授權證明。 Step S12, after the identity of the data owner 2 is authenticated, the authorization certificate generation module 103 generates an authorization certificate according to the authorization request of the data owner 2.
在本實施例中,所述資料提供者11作為資料的管理者,在確認所述資料擁有者2的身份有效後,根據所述資料擁有者2的授權請求生成授權證明。 In the present embodiment, the data provider 11 as the manager of the data, after confirming that the identity of the material owner 2 is valid, generates an authorization certificate according to the authorization request of the material owner 2.
在本實施例中,所述授權明證與所述授權請求相對應,所述授權證明產生模組103根據所述授權請求的內容確定授權範圍。 In this embodiment, the authorization certificate corresponds to the authorization request, and the authorization certificate generation module 103 determines the authorization range according to the content of the authorization request.
在本實施例中,所述授權證明包括以下一項或者多項的組合: In this embodiment, the authorization certificate includes a combination of one or more of the following:
所述資料擁有者2的身份證明、所述資料擁有者2的名稱、所述資料提供者11的身份證明、所述資料提供者11的名稱、所述資料需求方3的身份證明、所述資料需求方3的名稱、授權範圍條件等。 The identity certificate of the data owner 2, the name of the data owner 2, the identity certificate of the data provider 11, the name of the data provider 11, the identity certificate of the data requester 3, the said The name of the data requester 3, the scope of the authorization scope, and so on.
所述授權範圍條件包括以下一種或者多種的組合:查詢者(資料需求方3)、查詢有效期間、可查詢最大次數、查詢科目、查詢科目的時間點等。 The authorization scope condition includes one or more of the following combinations: the querier (data demand side 3), the query validity period, the maximum number of queries that can be queried, the query subject, and the time point of the query subject.
在本實施例中,所述授權證明產生模組103根據所述資料擁有者2的授權請求,生成授權證明包括以下兩種方式: In this embodiment, the authorization certificate generation module 103 generates the authorization certificate according to the authorization request of the data owner 2, and includes the following two methods:
(1)所述授權證明產生模組103根據所述授權請求確定授權範圍,並根據所述授權範圍生成檔案及一組與所述檔案對應的令牌Token,將所述檔案存儲於所述資料庫13內。 (1) The authorization certificate generation module 103 determines an authorization scope according to the authorization request, and generates a file and a set of token Tokens corresponding to the file according to the authorization scope, and stores the file in the data. Within the library 13.
(2)所述授權證明產生模組103根據所述授權請求確定授權範圍,並根據所述授權範圍生成一個數字版權(Digital Rights)檔案。 (2) The authorization certificate generation module 103 determines an authorization range according to the authorization request, and generates a digital rights file according to the authorization range.
所述令牌Token是一種用於進行身份認證的令牌。不同的Token對應於不同的數據操作。 The token Token is a token used for identity authentication. Different Tokens correspond to different data operations.
所述數字版權檔案的處理方式包括對授權範圍內容的資料進行資料提供者11的簽章加密處理,並附加使用規則,這樣,只有預設用戶可以根據所述使用規則,並通過密碼解鎖所述資料,以使用所述資料。 The processing method of the digital copyright file includes performing the signature encryption processing of the data provider 11 on the data of the authorization scope content, and attaching the usage rule, so that only the preset user can unlock the password according to the usage rule and by using the password. Information to use the information.
當然,在其他實施例中,所述授權證明產生模組103根據所述資料擁有者2的授權請求生成授權證明也可以採取其他方式,本發明對生成所述授權證明的方式不做限制。 Of course, in other embodiments, the authorization certificate generation module 103 may generate another authorization manner according to the authorization request of the data owner 2, and the present invention does not limit the manner in which the authorization certificate is generated.
步驟S13,發送模組104將生成的授權證明發送給所述資料擁有者2以使所述資料擁有者2將所述生成的授權證明提供給所述資料需求方3。 In step S13, the sending module 104 sends the generated authorization certificate to the data owner 2 to cause the data owner 2 to provide the generated authorization certificate to the data requester 3.
在本實施例中,對於所述資料擁有者2將所述生成的授權證明提供給所述資料需求方3的方式不做限制。例如:所述資料擁有者2可以採用郵件、社交軟件、電子文件等方式將所述生成的授權證明提供給所述資料需求方3。 In the present embodiment, the manner in which the material owner 2 provides the generated authorization certificate to the data requester 3 is not limited. For example, the data owner 2 may provide the generated authorization certificate to the data requester 3 by means of mail, social software, electronic files, or the like.
步驟S14,所述接收模組101接收所述資料需求方3提供的授權證明。 In step S14, the receiving module 101 receives the authorization certificate provided by the data requester 3.
在本實施例中,在所述發送模組104將所述生成的授權證明發送給所述資料擁有者2後,所述資料擁有者2接收所述生成的授權證明,並將所述生成的授權證明提供給所述資料需求方3。所述資料需求方3將所述生成的授權證明發送給所述資料提供者11,所述資料提供者11通過所述接收模組101接收所述資料需求方3提供的授權證明。 In this embodiment, after the sending module 104 sends the generated authorization certificate to the data owner 2, the data owner 2 receives the generated authorization certificate, and the generated A certificate of authorization is provided to the data requester 3 . The data requester 3 sends the generated authorization certificate to the data provider 11, and the data provider 11 receives the authorization certificate provided by the data requester 3 through the receiving module 101.
在本實施例中,所述接收模組101還用於接收所述資料需求方3的查詢信息。 In this embodiment, the receiving module 101 is further configured to receive the query information of the data requester 3.
在本實施例中,所述查詢信息包括所述資料需求方3需要進行查詢授權的範圍及內容等。 In this embodiment, the query information includes a range and content of the data requestor 3 that needs to perform query authorization.
步驟S15,所述授權證明認證模組102認證所述資料需求方3提供的授權證明是否有效。 In step S15, the authorization certification module 102 authenticates whether the authorization certificate provided by the data requester 3 is valid.
在本實施例中,所述授權證明認證模組102根據所述資料需求方3提供的授權證明中提供的信息確認所述資料需求方3提供的授權證明的有效性。 In this embodiment, the authorization certificate authentication module 102 confirms the validity of the authorization certificate provided by the data requester 3 according to the information provided in the authorization certificate provided by the data requester 3.
在本實施例中,所述授權證明認證模組102將所述資料需求方3提供的授權證明與預先存儲的發送給所述資料擁有者2的授權證明進行匹配。 In this embodiment, the authorization certificate authentication module 102 matches the authorization certificate provided by the data requester 3 with the pre-stored authorization certificate sent to the data owner 2.
當所述資料需求方3提供的授權證明與預先存儲的發送給所述資料擁有者2的授權證明信息完全匹配時,所述授權證明認證模組102確認所述資料需求方3提供的授權證明有效;當所述資料需求方3提供的授權證明與預先存儲的發送給所述資料擁有者2的授權證明信息不完全匹配時,所述授權證明認證模組102確認所述資料需求方3提供的授權證明無效。 When the authorization certificate provided by the data requester 3 completely matches the pre-stored authorization certificate information sent to the data owner 2, the authorization certification module 102 confirms the authorization certificate provided by the data requester 3. Valid; when the authorization certificate provided by the data requester 3 does not completely match the pre-stored authorization certificate information sent to the data owner 2, the authorization certification module 102 confirms that the data requester 3 provides The authorization certificate is invalid.
具體地,所述授權證明認證模組102根據所述資料需求方3提供的授權證明的不同形式,以下面兩種具體方式對所述資料需求方3提供的授權證明的有效性進行認證: Specifically, the authorization certification module 102 authenticates the validity of the authorization certificate provided by the data requester 3 according to different forms of the authorization certificate provided by the data demander 3 in the following two specific manners:
(1)當所述資料需求方3提供的授權證明為Token時,所述授權證明認證模組102將所述資料需求方3提供的Token中的信息與預先存儲的發送給所述資料擁有者2的Token中的信息進行匹配;當所述資料需求方3提供的Token中的信息與預先存儲的發送給所述資料擁有者2的Token中的信息完全匹配時,所述授權證明認證模組102確定所述資料需求方3提供的Token有效;當所述資料需求方3提供的Token中的信息與預先存儲的發送給所述資料擁有者 的Token中的信息不完全匹配時,所述授權證明認證模組102確定所述資料需求方3提供的Token無效。 (1) When the authorization certificate provided by the data requester 3 is Token, the authorization certification module 102 sends the information in the Token provided by the data requester 3 to the data owner in advance. The information in the Token of 2 is matched; when the information in the Token provided by the data requester 3 completely matches the information stored in the Token sent to the material owner 2 in advance, the authorization certification module Determining that the Token provided by the data demander 3 is valid; when the information in the Token provided by the data requester 3 is pre-stored and sent to the data owner When the information in the Token does not completely match, the authorization certificate authentication module 102 determines that the Token provided by the data requester 3 is invalid.
例如:所述授權證明認證模組102確認該令牌Token對應於資料庫13中,該令牌Token所代表的查詢者是否為資料需求方3、查詢時間是否在查詢有效期間、查詢次數是否已超過可查詢最大次數等等。 For example, the authorization certificate authentication module 102 confirms that the token Token corresponds to the database, and the querier represented by the token Token is the data demander 3, whether the query time is valid during the query, and whether the query number has been More than the maximum number of queries can be queried.
(2)當所述資料需求方3提供的授權證明為數字版權檔案時,所述授權證明認證模組102解密所述資料需求方3提供的數字版權檔案,得到解密後的所述數字版權檔案的簽章,並驗證解密後的所述數字版權檔案的簽章是否為所述資料提供者11的簽章。當所述解密後的所述數字版權檔案的簽章為所述資料提供者11的簽章時,所述授權證明認證模組102確定所述資料需求方3提供的數字版權檔案有效;當所述解密後的所述數字版權檔案的簽章不為所述資料提供者11的簽章時,所述授權證明認證模組102確定所述資料需求方3提供的數字版權檔案無效。 (2) When the authorization certificate provided by the data requester 3 is a digital copyright file, the authorization certificate authentication module 102 decrypts the digital copyright file provided by the data requester 3 to obtain the decrypted digital copyright file. And signing the signature of the decrypted digital copyright file as the signature of the data provider 11. When the signature of the decrypted digital copyright file is the signature of the data provider 11, the authorization certification module 102 determines that the digital copyright file provided by the data requester 3 is valid; When the signature of the decrypted digital copyright file is not the signature of the data provider 11, the authorization certification module 102 determines that the digital copyright file provided by the data requester 3 is invalid.
例如:所述授權證明認證模組102確認該數字版權檔案內,查詢者是否為資料需求方3、查詢時間是否在查詢有效期間、查詢次數是否已超過可查詢最大次數等等。 For example, the authorization certificate authentication module 102 confirms whether the querier is the data demander in the digital copyright file, whether the query time is valid during the query, whether the query times have exceeded the maximum number of queries, and the like.
步驟S16,當所述資料需求方3提供的授權證明有效時,授權證明運算模組105根據所述資料需求方3提供的授權證明,運算出所述資料需求方3所需的資料。 In step S16, when the authorization certificate provided by the data requester 3 is valid, the authorization certification operation module 105 calculates the data required by the data demander 3 according to the authorization certificate provided by the data demander 3.
在本實施例中,所述授權證明運算模組105根據所述資料需求方3提供的授權證明,運算出所述資料需求方3所需的資料包括: In this embodiment, the authorization certification operation module 105 calculates the information required by the data requester 3 according to the authorization certificate provided by the data requester 3, including:
(1)當所述資料需求方3提供的授權證明為Token時,所述授權證明運算模組105根據所述資料庫13內與所述資料需求方3提供的Token相對應的查詢範圍與條件,查詢所需的資料。 (1) When the authorization certificate provided by the data requester 3 is Token, the authorization certification operation module 105 according to the query scope and condition corresponding to the Token provided by the data demander 3 in the database 13 , query the required information.
(2)當所述資料需求方3提供的授權證明為數字版權檔案時,所述授權證明運算模組105產生對應於所述資料需求方3提供的數字版權檔案的查詢範圍與條件,並根據所述數字版權檔案的查詢範圍與條件查詢所需的資料。 (2) when the authorization certificate provided by the data requester 3 is a digital copyright file, the authorization certification operation module 105 generates a query scope and conditions corresponding to the digital copyright file provided by the data demander 3, and according to The scope of the digital copyright file is queried and the information required for the conditional inquiry.
當然,在其他實施例中,所述授權證明運算模組105也可以採取其他方式根據所述資料需求方3提供的授權證明運算出所述資料需求方3所需的資料,本發明在此不作限制。 Of course, in other embodiments, the authorization certification operation module 105 may perform other methods according to the authorization certificate provided by the data requester 3 to calculate the data required by the data requester 3, and the present invention does not limit.
步驟S17,所述發送模組104將所述資料發送給所述資料需求方3。 In step S17, the sending module 104 sends the data to the data requester 3.
在本實施例中,當所述接收模組101在接收所述資料需求方3提供的授權證明的同時,還接收了所述資料需求方3的查詢信息,且所述資料需求方3提供的授權證明有效時,所述授權證明運算模組105根據所述資料需求方3提供的授權證明及所述查詢信息,運算出所述資料需求方3所需的資料。 In this embodiment, when the receiving module 101 receives the authorization certificate provided by the data requester 3, it also receives the query information of the data requester 3, and the data requester 3 provides When the authorization certificate is valid, the authorization certificate calculation module 105 calculates the data required by the data requester 3 according to the authorization certificate provided by the data requester 3 and the inquiry information.
具體地,所述身份認證及授權證明之資料查詢系統10還執行以下步驟: Specifically, the data query system 10 of the identity authentication and authorization certificate performs the following steps:
(1)當所述資料需求方3提供的授權證明為Token時,在所述的資料庫13內查詢與所述資料需求方3提供的Token對應的查詢範圍與條件,並根據所述查詢信息在所述資料需求方3提供的Token對應的查詢範圍與條件內進行檢索,獲得檢索的文檔,並將所述檢索的文檔發送給所述資料需求方3。 (1) When the authorization certificate provided by the data requester 3 is Token, query the query scope and conditions corresponding to the Token provided by the data requester 3 in the database 13, and according to the query information Searching within the query scope and conditions corresponding to the Token provided by the data requester 3, obtaining the retrieved document, and transmitting the retrieved document to the data requester 3.
(2)當所述資料需求方3提供的授權證明為數字版權檔案時,根據所述查詢信息在所述資料需求方3提供的數字版權檔案的查詢範圍與條件進行檢索,獲得檢索的文檔,並將所述檢索的文檔發送給所述資料需求方3。 (2) When the authorization certificate provided by the data requester 3 is a digital copyright file, the search scope and conditions of the digital copyright file provided by the data requester 3 are searched according to the query information, and the retrieved document is obtained. And sending the retrieved document to the data requester 3.
參閱圖4所示,是本發明身份認證及授權證明之資料查詢系統與資料擁有者交互的較佳實施方式的示意圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 4, it is a schematic diagram of a preferred embodiment of the data query system of the identity authentication and authorization certificate of the present invention interacting with the data owner. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料擁有者2相通信。所述身份認證及授權證明之資料查詢系統10在與所述資料擁有者2交互的過程中,執行步驟S10、S11、S12及S13。即接收模組101接收所述資料擁有者2發送的授權請求,身份認證模組106對所述資料擁有者2的身份進行認證。當所述資料擁有者2的身份通過認證後,授權證明產生模組103根據所述資料擁有者2的授權請求,生成授權證明。發送模組104將生成的授權證明發送給所述資料擁有者2以使所述資料擁有者2將所述生成的授權證明提供給所述資料需求方3。 In the present embodiment, the data authentication system 10 of the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data owner 2. The data query system 10 of the identity authentication and authorization certificate performs steps S10, S11, S12, and S13 in the process of interacting with the material owner 2. That is, the receiving module 101 receives the authorization request sent by the data owner 2, and the identity authentication module 106 authenticates the identity of the data owner 2. After the identity of the data owner 2 is authenticated, the authorization certificate generation module 103 generates an authorization certificate according to the authorization request of the data owner 2. The sending module 104 sends the generated authorization certificate to the material owner 2 to cause the material owner 2 to provide the generated authorization certificate to the data requester 3.
參閱圖5所示,是本發明身份認證及授權證明之資料查詢系統與資料需求方交互的較佳實施方式的示意圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 5, it is a schematic diagram of a preferred embodiment of the data query system of the identity authentication and authorization certificate of the present invention interacting with the data requester. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料需求方3相通信。所述身份認證及授權證明之資料查詢系統10在與所述資料需求方3交互的過程中,執行步驟S14、S15、S16及S17。即接收模組101接收所述資料需求方3提供的授權證明,授權證明認證模組102認證所述資料需求方3提供的授權證明是否有效,當所述資料需求方3提供的授權證明有效時,授權證明運算模組105根據所述資料需求方3提供的授權證明,運算出所述資料需求方3所需的資料,發送模組104將所述資料發送給所述資料需求方。 In the present embodiment, the data authentication system 10 for the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data requester 3. The data query system 10 of the identity authentication and authorization certificate performs steps S14, S15, S16, and S17 in the process of interacting with the data requester 3. That is, the receiving module 101 receives the authorization certificate provided by the data requester 3, and the authorization certification module 102 authenticates whether the authorization certificate provided by the data requester 3 is valid, when the authorization certificate provided by the data requester 3 is valid. The authorization verification operation module 105 calculates the data required by the data requester 3 according to the authorization certificate provided by the data requester 3, and the transmission module 104 transmits the data to the data requester.
參閱圖6所示,是本發明以Token為授權證明的身份認證及授權證明之資料查詢方法的較佳實施方式的流程圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 6, it is a flowchart of a preferred embodiment of the data query method for identity authentication and authorization certificate with Token as the authorization certificate. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
步驟S20,所述接收模組101接收所述資料擁有者2發送的授權請求。 In step S20, the receiving module 101 receives an authorization request sent by the data owner 2.
步驟S21,所述身份認證模組106對所述資料擁有者2的身份進行認證。 In step S21, the identity authentication module 106 authenticates the identity of the data owner 2.
步驟S22,當所述資料擁有者2的身份通過認證後,所述授權證明產生模組103根據所述授權請求確定授權範圍,並根據所述授權範圍生成檔案及一組與所述檔案對應的令牌Token,將所述檔案存儲於所述資料庫13內。 Step S22, after the identity of the data owner 2 is authenticated, the authorization certificate generation module 103 determines an authorization range according to the authorization request, and generates an archive and a set of files corresponding to the file according to the authorization scope. The token Token stores the file in the database 13.
在本實施例中,所述檔案包括所述身份認證及授權證明之資料查詢系統10根據所述授權證明的申請範圍及查詢條件等從所述資料擁有者2處獲取的可供所述資料需求方3進行查詢的資料。 In this embodiment, the file includes the information requesting system 10 of the identity authentication and authorization certificate, and the data request available from the data owner 2 according to the application scope and the query condition of the authorization certificate. Party 3 to query the information.
在本實施例中,所述資料庫13存儲所述資料擁有者2的查詢範圍與條件,以及所述資料提供者11生成的授權資料等。 In this embodiment, the database 13 stores the query scope and conditions of the data owner 2, and the authorization data generated by the data provider 11.
在本實施例中,生成的Token是唯一的,也就是說,在一次授權過程中,產生一組唯一的Token。 In this embodiment, the generated Token is unique, that is, in a single authorization process, a unique set of Tokens is generated.
步驟S23,所述發送模組104將生成的Token發送給所述資料擁有者2以使所述資料擁有者2將所述生成的Token提供給所述資料需求方3。 In step S23, the sending module 104 sends the generated Token to the data owner 2 to enable the data owner 2 to provide the generated Token to the data requester 3.
步驟S24,所述接收模組101接收所述資料需求方3提供的Token。 In step S24, the receiving module 101 receives the Token provided by the data requester 3.
步驟S25,所述授權證明認證模組102認證所述資料需求方3提供的Token是否有效。 In step S25, the authorization certification module 102 authenticates whether the Token provided by the data requester 3 is valid.
在本實施例中,所述授權證明認證模組102將所述資料需求方3提供的Token中的信息與預先存儲的發送給所述資料擁有者2的Token中的信息進行匹配;當所述資料需求方3提供的Token中的信息與預先存儲的發送給所述資料擁有者2的Token中的信息完全匹配時,所述授權證明認證模組102確定所述資料需求方提供的Token有效;當所述資料需求方3提供的Token中的信息與預先存儲的發送給所述資料擁有者的Token中的信息不完全匹配時,所述授權證明認證模組102確定所述資料需求方提供的Token無效。 In this embodiment, the authorization certificate authentication module 102 matches the information in the Token provided by the data requester 3 with the pre-stored information in the Token sent to the data owner 2; When the information in the Token provided by the data requester 3 and the pre-stored information in the Token sent to the data owner 2 are completely matched, the authorization certification module 102 determines that the Token provided by the data requester is valid; When the information in the Token provided by the data requester 3 does not completely match the pre-stored information in the Token sent to the data owner, the authorization certification module 102 determines the provision provided by the data requester. Token is invalid.
在本實施例中,需要說明的是,當所述授權證明認證模組102確認所述資料需求方提供的Token無效時,終止本次查詢。 In this embodiment, it should be noted that when the authorization certificate authentication module 102 confirms that the Token provided by the data requester is invalid, the query is terminated.
步驟S26,當所述資料需求方3提供的Token有效時,所述授權證明運算模組105將所述資料庫13內與所述資料需求方3提供的Token的查詢範圍與條件相對應的資料確定為所述資料需求方3所需的資料。 In step S26, when the Token provided by the data requester 3 is valid, the authorization certification operation module 105 compares the query range and the condition of the Token provided in the database 13 with the data requester 3. Determine the information required for the data requester 3.
步驟S27,所述發送模組104將所述資料發送給所述資料需求方3。 In step S27, the sending module 104 sends the data to the data requester 3.
參閱圖7所示,是本發明以Token為授權證明的身份認證及授權證明之資料查詢系統與資料擁有者交互的較佳實施方式的示意圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 7, it is a schematic diagram of a preferred embodiment of the data query system of the present invention for interacting with the data owner with the identity authentication and authorization certificate of Token as the authorization certificate. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料擁有者2相通信。所述身份認證及授權證明之資料查詢系統10在與所述資料擁有者2交互的過程中,執行步驟S20、S21、S22及S23。即所述接收模組101接收所述資料擁有者2發送的授權請求,所述身份認證模組106對所述資料擁有者2的身份進行認證。當所述資料擁有者2的身份通過認證後,所述授權證明產生模組103根據所述授權請求確定授權範圍,並根據所述授權範圍生成檔案及一組與所述檔案對應的令牌Token,將所述檔案存儲於所述的資料庫13內。所述發送模組104將生成的Token發送給所述資料擁有者2以使所述資料擁有者2將所述生成的Token提供給所述資料需求方3。 In the present embodiment, the data authentication system 10 of the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data owner 2. The data query system 10 of the identity authentication and authorization certificate performs steps S20, S21, S22, and S23 in the process of interacting with the material owner 2. That is, the receiving module 101 receives the authorization request sent by the data owner 2, and the identity authentication module 106 authenticates the identity of the data owner 2. After the identity of the data owner 2 is authenticated, the authorization certificate generation module 103 determines an authorization range according to the authorization request, and generates an archive and a set of token Tokens corresponding to the file according to the authorization scope. The file is stored in the database 13. The sending module 104 sends the generated Token to the data owner 2 to cause the data owner 2 to provide the generated Token to the data requester 3.
參閱圖8所示,是本發明以Token為授權證明的身份認證及授權證明之資料查詢系統與資料需求方交互的較佳實施方式的示意圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 8 , it is a schematic diagram of a preferred embodiment of the present invention for interacting with a data requesting party by using a Token as an authentication certificate and an authentication certificate. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料需求方3相通信。所述身份認 證及授權證明之資料查詢系統10在與所述資料需求方3交互的過程中,執行步驟S24、S25、S26及S27。即所述接收模組101接收所述資料需求方3提供的Token,所述授權證明認證模組102認證所述資料需求方3提供的Token是否有效。當所述資料需求方3提供的Token有效時,所述授權證明運算模組105所述資料庫13內與所述資料需求方3提供的Token的查詢範圍與條件相對應的資料確定為所述資料需求方3所需的資料。所述發送模組104將所述資料發送給所述資料需求方3。 In the present embodiment, the data authentication system 10 for the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data requester 3. The identity The data inquiry system 10 of the certificate and the authorization certificate executes steps S24, S25, S26, and S27 in the process of interacting with the material demander 3. That is, the receiving module 101 receives the Token provided by the data requester 3, and the authorization certification module 102 authenticates whether the Token provided by the data requester 3 is valid. When the Token provided by the data requester 3 is valid, the data corresponding to the query range and the condition of the Token provided by the data requester 3 in the database 13 of the authorization certification operation module 105 is determined as Information required by the data requester 3. The sending module 104 sends the data to the data requester 3.
參閱圖9所示,是本發明以數字版權檔案為授權證明的身份認證及授權證明之資料查詢方法的較佳實施方式的流程圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 9, a flow chart of a preferred embodiment of the data query method for identity authentication and authorization certificate using the digital copyright file as an authorization certificate is shown. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
步驟S30,所述接收模組101接收所述資料擁有者2發送的授權請求。 Step S30, the receiving module 101 receives an authorization request sent by the data owner 2.
步驟S31,所述身份認證模組106對所述資料擁有者2的身份進行認證。 In step S31, the identity authentication module 106 authenticates the identity of the data owner 2.
步驟S32,當所述資料擁有者2的身份通過認證後,所述授權證明產生模組103根據所述授權請求確定授權範圍,並根據所述授權範圍生成一個數字版權檔案。 Step S32, after the identity of the data owner 2 is authenticated, the authorization certificate generation module 103 determines an authorization scope according to the authorization request, and generates a digital copyright file according to the authorization scope.
在本實施例中,生成的數字版權檔案是一個簽章加密的檔案。所述身份認證及授權證明之資料查詢系統10可以對所述生成的數字版權檔案進行解密驗章,以讀取所述生成的數字版權檔案的內容。 In this embodiment, the generated digital copyright file is a signature encrypted file. The data query system 10 of the identity authentication and authorization certificate may decrypt the generated digital copyright file to read the content of the generated digital copyright file.
步驟S33,所述發送模組104將生成的數字版權檔案發送給所述資料擁有者2以使所述資料擁有者2將所述生成的數字版權檔案提供給所述資料需求方3。 Step S33, the sending module 104 sends the generated digital copyright file to the data owner 2 to enable the data owner 2 to provide the generated digital copyright file to the data requester 3.
步驟S34,所述接收模組101接收所述資料需求方3提供的數字版權檔案。 Step S34, the receiving module 101 receives the digital copyright file provided by the data requester 3.
步驟S35,所述授權證明認證模組102認證所述資料需求方3提供的數字版權檔案是否有效。 In step S35, the authorization certification module 102 authenticates whether the digital copyright file provided by the data requester 3 is valid.
在本實施例中,所述授權證明認證模組102解密驗章所述資料需求方3提供的數字版權檔案,並將解密驗章後的檔案包含的信息與預先存儲的發送給所述資料擁有者2的數字版權檔案的信息進行匹配;當所述解密驗章後的檔案包含的信息與預先存儲的發送給所述資料擁有者2的數字版權檔案的信息完全匹配時,所述授權證明認證模組102確定所述資料需求方3提供的數字版權檔案有效;當所述解密後的檔案包含的信息與預先存儲的發送給所述資料擁有者2的數字版權檔案的信息不完全匹配時,所述授權證明認證模組102確定所述資料需求方3提供的數字版權檔案無效。 In this embodiment, the authorization certificate authentication module 102 decrypts the digital copyright file provided by the data requester 3, and decrypts the information contained in the archived file and the pre-stored information to be sent to the data. The information of the digital copyright file of the person 2 is matched; when the information contained in the file after the decryption check is completely matched with the information stored in advance to the digital copyright file of the material owner 2, the authorization certificate is authenticated. The module 102 determines that the digital copyright file provided by the data requester 3 is valid; when the information contained in the decrypted file does not completely match the information stored in advance to the digital copyright file of the data owner 2, The authorization certificate authentication module 102 determines that the digital copyright file provided by the data requester 3 is invalid.
在本實施例中,所述解密後的檔案包含的信息包括所述資料擁有者2的身份證明、所述資料擁有者2的名稱、所述資料提供者11的身份證明、所述資料提供者11的名稱、所述資料需求方3的身份證明、所述資料需求方3的名稱、授權範圍條件等。 In this embodiment, the decrypted file includes information including the identity certificate of the data owner 2, the name of the data owner 2, the identity certificate of the data provider 11, and the data provider. The name of 11, the identification of the data requester 3, the name of the data requester 3, the scope of the authorization scope, and the like.
所述授權範圍條件包括以下一種或者多種的組合:有效期間、查詢的最大次數、查詢科目的時間點、查詢科目等。 The authorization scope condition includes a combination of one or more of the following: a valid period, a maximum number of queries, a time point of querying a subject, a query subject, and the like.
在本實施例中,需要說明的是,當所述授權證明認證模組102確認所述資料需求方3提供的數字版權檔案無效時,終止本次查詢。 In this embodiment, it should be noted that when the authorization certificate authentication module 102 confirms that the digital copyright file provided by the data requester 3 is invalid, the current query is terminated.
步驟S36,當所述資料需求方3提供的數字版權檔案有效時,所述授權證明運算模組105產生對應於所述資料需求方3提供的數字版權檔案的所述資料需求方3能讀取的加密文件,並將所述加密文件確定為所述資料需求方3所需的資料。 Step S36, when the digital copyright file provided by the data requester 3 is valid, the authorization certification operation module 105 generates the data demander 3 corresponding to the digital copyright file provided by the data requester 3 to read Encrypting the file and determining the encrypted file as the data required by the data requester 3.
步驟S37,所述發送模組104將所述資料發送給所述資料需求方3。 In step S37, the sending module 104 sends the data to the data requester 3.
參閱圖10所示,是本發明以數字版權檔案為授權證明的身份認證及授權證明之資料查詢系統與資料擁有者交互的較佳實施方式的示意圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 10, it is a schematic diagram of a preferred embodiment of the data query system for interacting with the data owner of the identity authentication and authorization certificate with the digital copyright file as the authorization certificate. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料擁有者2相通信。所述身份認證及授權證明之資料查詢系統10在與所述資料擁有者2交互的過程中,執行步驟S30、S31、S32及S33。即所述接收模組101接收所述資料擁有者2發送的授權請求。所述身份認證模組106對所述資料擁有者2的身份進行認證。當所述資料擁有者2的身份通過認證後,所述授權證明產生模組103根據所述授權請求確定授權範圍,並根據所述授權範圍生成一個數字版權檔案。所述發送模組104將生成的數字版權檔案發送給所述資料擁有者2以使所述資料擁有者2將所述生成的數字版權檔案提供給所述資料需求方3。 In the present embodiment, the data authentication system 10 of the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data owner 2. The data query system 10 of the identity authentication and authorization certificate performs steps S30, S31, S32, and S33 in the process of interacting with the material owner 2. That is, the receiving module 101 receives the authorization request sent by the data owner 2. The identity authentication module 106 authenticates the identity of the data owner 2. After the identity of the data owner 2 is authenticated, the authorization certificate generation module 103 determines an authorization scope according to the authorization request, and generates a digital copyright file according to the authorization scope. The sending module 104 sends the generated digital copyright file to the data owner 2 to enable the data owner 2 to provide the generated digital copyright file to the data requester 3.
參閱圖11所示,是本發明以數字版權檔案為授權證明的身份認證及授權證明之資料查詢系統與資料需求方交互的較佳實施方式的示意圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 11, it is a schematic diagram of a preferred embodiment of the data query system for interacting with the data requester of the present invention with the digital copyright file as the authorization certificate. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料需求方3相通信。所述身份認證及授權證明之資料查詢系統10在與所述資料需求方3交互的過程中,執行步驟S34、S35、S36及S37。即所述接收模組101接收所述資料需求方3提供的數字版權檔案。所述授權證明認證模組102認證所述資料需求方3提供的數字版權檔案是否有效。當所述資料需求方3提供的數字版權檔案有效時,所述授權證明運算模組105產生對應於所述資料需求方3提供的數字版權檔案的所述資料 需求方3能讀取的加密文件,並將所述加密文件確定為所述資料需求方3所需的資料。所述發送模組104將所述資料發送給所述資料需求方3。 In the present embodiment, the data authentication system 10 for the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data requester 3. The data query system 10 of the identity authentication and authorization certificate performs steps S34, S35, S36, and S37 in the process of interacting with the data requester 3. That is, the receiving module 101 receives the digital copyright file provided by the data requester 3. The authorization certification module 102 authenticates whether the digital copyright file provided by the data requester 3 is valid. When the digital copyright file provided by the data requester 3 is valid, the authorization certification operation module 105 generates the data corresponding to the digital copyright file provided by the data requester 3. The encrypted file that the demanding party 3 can read and determines the encrypted file as the data required by the data demander 3. The sending module 104 sends the data to the data requester 3.
參閱圖12所示,是本發明以Token為授權證明並接收查詢信息的身份認證及授權證明之資料查詢方法的較佳實施方式的流程圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 12, it is a flowchart of a preferred embodiment of the data query method of the present invention for authenticating and receiving the identity authentication and authorization certificate of the query information. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
步驟S40,所述接收模組101接收所述資料擁有者2發送的授權請求。 Step S40, the receiving module 101 receives an authorization request sent by the data owner 2.
步驟S41,所述身份認證模組106對所述資料擁有者2的身份進行認證。 In step S41, the identity authentication module 106 authenticates the identity of the data owner 2.
步驟S42,當所述資料擁有者2的身份通過認證後,所述授權證明產生模組103根據所述授權請求確定授權範圍,並根據所述授權範圍生成檔案及一組與所述檔案對應的令牌Token,將所述檔案存儲於所述資料庫13內。 Step S42, after the identity of the data owner 2 is authenticated, the authorization certificate generation module 103 determines an authorization scope according to the authorization request, and generates an archive and a set of files corresponding to the file according to the authorization scope. The token Token stores the file in the database 13.
步驟S43,所述發送模組104將生成的Token發送給所述資料擁有者2以使所述資料擁有者2將所述生成的Token提供給所述資料需求方3。 In step S43, the sending module 104 sends the generated Token to the data owner 2 to enable the data owner 2 to provide the generated Token to the data requester 3.
步驟S44,所述接收模組101接收所述資料需求方3提供的Token及查詢信息。 Step S44, the receiving module 101 receives the Token and the query information provided by the data requester 3.
在本實施例中,所述查詢信息包括所述資料需求方3需要進行查詢的範圍及內容等。 In this embodiment, the query information includes a range and content of the query that the data requester 3 needs to perform.
步驟S45,所述授權證明認證模組102認證所述資料需求方3提供的Token是否有效。 In step S45, the authorization certification module 102 authenticates whether the Token provided by the data requester 3 is valid.
在本實施例中,需要說明的是,當所述授權證明認證模組102確認所述資料需求方3提供的Token無效時,終止本次查詢。 In this embodiment, it should be noted that when the authorization certificate authentication module 102 confirms that the Token provided by the data requester 3 is invalid, the current query is terminated.
步驟S46,當所述資料需求方3提供的Token有效時,所述授權證明運算模組105在所述資料庫13內查詢與所述資料需求方3提供的Token的查 詢範圍與條件對應的資料,並根據所述查詢信息在所述資料需求方3提供的Token的查詢範圍與條件對應的資料內進行檢索,獲得檢索的文檔。 In step S46, when the Token provided by the data requester 3 is valid, the authorization certification operation module 105 queries the database 13 for the Token provided by the data requester 3. The data corresponding to the scope and the condition is searched, and the search information is searched according to the query information and the data corresponding to the query scope and the condition provided by the data requester 3, and the retrieved document is obtained.
步驟S47,所述發送模組104將所述檢索的文檔發送給所述資料需求方3。 Step S47, the sending module 104 sends the retrieved document to the data requester 3.
參閱圖13所示,是本發明以Token為授權證明並接收查詢信息的身份認證及授權證明之資料查詢系統與資料擁有者交互的較佳實施方式的示意圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 13, it is a schematic diagram of a preferred embodiment of the present invention for interacting with a data owner by using a Token as an authorization certificate and receiving an identity authentication and authorization certificate for querying information. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料擁有者2相通信。所述身份認證及授權證明之資料查詢系統10在與所述資料擁有者2交互的過程中,執行步驟S40、S41、S42及S43。即所述接收模組101接收所述資料擁有者2發送的授權請求。所述身份認證模組106對所述資料擁有者2的身份進行認證。當所述資料擁有者2的身份通過認證後,所述授權證明產生模組103根據所述授權請求確定授權範圍,並根據所述授權範圍生成檔案及一組與所述檔案對應的令牌Token,將所述檔案存儲於所述資料庫13內。所述發送模組104將生成的Token發送給所述資料擁有者2以使所述資料擁有者2將所述生成的Token提供給所述資料需求方3。 In the present embodiment, the data authentication system 10 of the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data owner 2. The data query system 10 of the identity authentication and authorization certificate performs steps S40, S41, S42, and S43 in the process of interacting with the material owner 2. That is, the receiving module 101 receives the authorization request sent by the data owner 2. The identity authentication module 106 authenticates the identity of the data owner 2. After the identity of the data owner 2 is authenticated, the authorization certificate generation module 103 determines an authorization range according to the authorization request, and generates an archive and a set of token Tokens corresponding to the file according to the authorization scope. The file is stored in the database 13. The sending module 104 sends the generated Token to the data owner 2 to cause the data owner 2 to provide the generated Token to the data requester 3.
參閱圖14所示,是本發明以Token為授權證明並接收查詢信息的身份認證及授權證明之資料查詢系統與資料需求方交互的較佳實施方式的示意圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 14, it is a schematic diagram of a preferred embodiment of the present invention for interacting with a data requesting party by using a Token as an authorization certificate and receiving an identity authentication and authorization certificate for querying information. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料需求方3相通信。所述身份認 證及授權證明之資料查詢系統10在與所述資料需求方3交互的過程中,執行步驟S44、S45、S46及S47。即所述接收模組101接收所述資料需求方3提供的Token及查詢信息。所述授權證明認證模組102認證所述資料需求方3提供的Token是否有效。當所述資料需求方3提供的Token有效時,所述授權證明運算模組105在所述資料庫13內查詢與所述資料需求方3提供的Token的查詢範圍與條件對應的資料,並根據所述查詢信息在所述資料需求方3提供的Token的查詢範圍與條件對應的資料內進行檢索,獲得檢索的文檔。所述發送模組104將所述檢索的文檔發送給所述資料需求方3。 In the present embodiment, the data authentication system 10 for the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data requester 3. The identity The data inquiry system 10 of the certificate and the authorization certificate executes steps S44, S45, S46 and S47 in the process of interacting with the material demander 3. That is, the receiving module 101 receives the Token and the query information provided by the data requester 3. The authorization certificate authentication module 102 authenticates whether the Token provided by the data requester 3 is valid. When the Token provided by the data requester 3 is valid, the authorization certification operation module 105 queries the database 13 for the data corresponding to the query scope and condition of the Token provided by the data requester 3, and according to The query information is searched in the data corresponding to the query scope and the condition of the Token provided by the data requester 3, and the retrieved document is obtained. The sending module 104 sends the retrieved document to the data requester 3.
參閱圖15所示,是本發明以數字版權檔案為授權證明並接收查詢信息的身份認證及授權證明之資料查詢方法的較佳實施方式的流程圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 15, a flow chart of a preferred embodiment of the present invention for authenticating a digital copyright file as an authorization certificate and receiving an identity verification and authorization certificate for querying information is shown. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
步驟S50,所述接收模組101接收所述資料擁有者2發送的授權請求。 Step S50, the receiving module 101 receives an authorization request sent by the data owner 2.
步驟S51,所述身份認證模組106對所述資料擁有者2的身份進行認證。 In step S51, the identity authentication module 106 authenticates the identity of the data owner 2.
步驟S52,當所述資料擁有者2的身份通過認證後,所述授權證明產生模組103根據所述授權請求確定授權範圍,並根據所述授權範圍生成一個數字版權檔案。 Step S52: After the identity of the data owner 2 is authenticated, the authorization certificate generation module 103 determines an authorization scope according to the authorization request, and generates a digital copyright file according to the authorization scope.
步驟S53,所述發送模組104將生成的數字版權檔案發送給所述資料擁有者2以使所述資料擁有者2將所述生成的數字版權檔案提供給所述資料需求方3。 Step S53, the sending module 104 sends the generated digital copyright file to the data owner 2 to enable the data owner 2 to provide the generated digital copyright file to the data requester 3.
步驟S54,所述接收模組101接收所述資料需求方3提供的數字版權檔案及查詢信息。 Step S54, the receiving module 101 receives the digital copyright file and the query information provided by the data requester 3.
步驟S55,所述授權證明認證模組102解密驗章所述資料需求方3提供的數字版權檔案,根據解密驗章後的檔案包含的信息認證所述資料需求方3提供的數字版權檔案是否有效。 Step S55, the authorization certificate authentication module 102 decrypts the digital copyright file provided by the data requester 3, and authenticates whether the digital copyright file provided by the data requester 3 is valid according to the information contained in the file after decryption and verification. .
在本實施例中,需要說明的是,當所述授權證明認證模組102確認所述資料需求方3提供的數字版權檔案無效時,終止本次查詢。 In this embodiment, it should be noted that when the authorization certificate authentication module 102 confirms that the digital copyright file provided by the data requester 3 is invalid, the current query is terminated.
步驟S56,當所述資料需求方3提供的數字版權檔案有效時,所述授權證明運算模組105根據所述查詢信息在所述解密驗章後的檔案內進行檢索,獲得檢索的文檔,同時將所述檢索的文檔加密。 In step S56, when the digital copyright file provided by the data requester 3 is valid, the authorization certification operation module 105 searches the file after the decryption and verification according to the query information, and obtains the retrieved document. Encrypting the retrieved document.
步驟S57,所述發送模組104將加密後的檢索的文檔發送給所述資料需求方3。 In step S57, the sending module 104 sends the encrypted retrieved document to the data requester 3.
在本實施例中,所述加密後的檢索的文檔只有所述資料需求方3可讀取。 In this embodiment, the encrypted retrieved document is readable only by the data requester 3.
參閱圖16所示,是本發明以數字版權檔案為授權證明並接收查詢信息的身份認證及授權證明之資料查詢系統與資料擁有者交互的較佳實施方式的示意圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 16, it is a schematic diagram of a preferred embodiment of the present invention for interacting with a data owner by using a digital copyright file as an authorization certificate and receiving an identity authentication and authorization certificate for querying information. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料擁有者2相通信。所述身份認證及授權證明之資料查詢系統10在與所述資料擁有者2交互的過程中,執行步驟S50、S51、S52及S53。即所述接收模組101接收所述資料擁有者2發送的授權請求。所述身份認證模組106對所述資料擁有者2的身份進行認證。當所述資料擁有者2的身份通過認證後,所述授權證明產生模組103根據所述授權請求確定授權範圍,並根據所述授權範圍生成一個數字版權檔案。所述發送模組104 將生成的數字版權檔案發送給所述資料擁有者2以使所述資料擁有者2將所述生成的數字版權檔案提供給所述資料需求方3。 In the present embodiment, the data authentication system 10 of the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data owner 2. The data query system 10 of the identity authentication and authorization certificate performs steps S50, S51, S52, and S53 in the process of interacting with the material owner 2. That is, the receiving module 101 receives the authorization request sent by the data owner 2. The identity authentication module 106 authenticates the identity of the data owner 2. After the identity of the data owner 2 is authenticated, the authorization certificate generation module 103 determines an authorization scope according to the authorization request, and generates a digital copyright file according to the authorization scope. The sending module 104 The generated digital copyright file is sent to the material owner 2 to cause the material owner 2 to provide the generated digital copyright file to the material demander 3.
參閱圖17所示,是本發明以數字版權檔案為授權證明並接收查詢信息的身份認證及授權證明之資料查詢系統與資料需求方交互的較佳實施方式的示意圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。 Referring to FIG. 17, it is a schematic diagram of a preferred embodiment of the present invention for interacting with a data requesting party by using a digital copyright file as an authorization certificate and receiving an identity authentication and authorization certificate for querying information. The order of the steps in the flowchart may be changed according to different requirements, and some steps may be omitted or combined.
在本實施例中,所述身份認證及授權證明之資料查詢系統10應用於資料提供者11,所述資料提供者11與所述資料需求方3相通信。所述身份認證及授權證明之資料查詢系統10在與所述資料需求方3交互的過程中,執行步驟S54、S55、S56及S57。即所述接收模組101接收所述資料需求方3提供的數字版權檔案及查詢信息。所述授權證明認證模組102解密驗章所述資料需求方提供的數字版權檔案,根據所述解密驗章後的檔案包含的信息認證所述資料需求方3提供的數字版權檔案是否有效。當所述資料需求方3提供的數字版權檔案有效時,所述授權證明運算模組105根據所述查詢信息在所述解密驗章後的檔案內進行檢索,獲得檢索的文檔,同時將所述檢索的文檔加密。所述發送模組104將加密後的檢索的文檔發送給所述資料需求方3。 In the present embodiment, the data authentication system 10 for the identity authentication and authorization certificate is applied to the data provider 11, and the data provider 11 communicates with the data requester 3. The data query system 10 of the identity authentication and authorization certificate performs steps S54, S55, S56, and S57 in the process of interacting with the data requester 3. That is, the receiving module 101 receives the digital copyright file and the query information provided by the data requester 3. The authorization certificate authentication module 102 decrypts the digital copyright file provided by the data requester according to the verification, and authenticates whether the digital copyright file provided by the data requester 3 is valid according to the information contained in the file after the decryption check. When the digital copyright file provided by the data requester 3 is valid, the authorization certification operation module 105 performs a search in the file after the decryption and verification according to the query information, and obtains the retrieved document, and simultaneously The retrieved document is encrypted. The sending module 104 sends the encrypted retrieved document to the data requester 3.
以上實施例僅用以說明本發明的技術方案而非限制,儘管參照以上較佳實施例對本發明進行了詳細說明,本領域的普通技術人員應當理解,可以對本發明的技術方案進行修改或者等同替換都不應脫離本發明技術方案的精神和範圍。 The above embodiments are only used to illustrate the technical solutions of the present invention and are not intended to be limiting, and the present invention will be described in detail with reference to the preferred embodiments. Neither should the spirit and scope of the technical solutions of the present invention be deviated.
在本發明所提供的幾個實施例中,應該理解到,所揭露的系統,裝置和方法,可以透過其它的方式實現。例如,以上所描述的裝置實施例僅僅是示意性的,例如,所述模組的劃分,僅僅為一種邏輯功能劃分,實際實現時可以有另外的劃分方式。 In the several embodiments provided by the present invention, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the modules is only a logical function division, and the actual implementation may have another division manner.
所述作為分離部件說明的模組可以是或者也可以不是物理上分開的,作為模組顯示的部件可以是或者也可以不是物理單元,即可以位於一個地方,或者也可以分布到多個網路單元上。可以根據實際的需要選擇其中的部分或者全部模組來實現本實施例方案的目的。 The modules described as separate components may or may not be physically separated. The components displayed as modules may or may not be physical units, that is, may be located in one place, or may be distributed to multiple networks. On the unit. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本發明各個實施例中的各功能模組可以集成在一個處理單元中,也可以是各個單元單獨物理存在,也可以兩個或兩個以上單元集成在一個單元中。上述集成的單元既可以采用硬件的形式實現,也可以采用硬件加軟體功能模組的形式實現。 In addition, each functional module in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software function modules.
上述以軟體功能模組的形式實現的集成的單元,可以存儲在一個計算機可讀取存儲介質中。上述軟體功能模組存儲在一個存儲介質中,包括若干指令用以使得一台計算機設備(可以是個人計算機,伺服器,或者網路設備等)或處理器(processor)執行本發明各個實施例所述方法的部分步驟。 The above-described integrated unit implemented in the form of a software function module can be stored in a computer readable storage medium. The software function module is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to execute various embodiments of the present invention. Part of the steps of the method.
後續申請專利範圍中的某些電腦程式產品請求項全部以電腦程式 流程為依據,與前述的流程圖中的電腦程式流程內容對應一致。因此,這些電腦程式產品請求項,應當理解為主要透過說明書記載的電腦程式實現前述解決方案的功能模組架構,而不應當理解為主要通過硬體方式實現該解決方案的實體裝置。 Some computer program product requests in the scope of subsequent patent applications are all computer programs. Based on the flow, it corresponds to the content of the computer program flow in the above flow chart. Therefore, these computer program product requests should be understood as a functional module architecture that implements the foregoing solution mainly through the computer program described in the specification, and should not be construed as a physical device that implements the solution mainly by hardware.
對於本領域技術人員而言,顯然本發明不限於上述示範性實施例的細節,而且在不背離本發明的精神或基本特徵的情況下,能夠以其他的具體形式實現本發明。因此,無論從哪一點來看,均應將實施例看作是示範性的,而且是非限制性的,本發明的範圍由所附申請專利範圍而不是上述說明限定,因此旨在將落在申請專利範圍的等同要件的含義和範圍內的所有變化涵括在本發明內。不應將申請專利範圍中的任何附關聯圖標記視為限制所涉及的申請專利範圍。此外,顯然“包括”一詞不排除其他單元或步驟,單數不排除複數。系統 申請專利範圍中陳述的多個單元或裝置也可以由一個單元或裝置透過軟體或者硬件來實現。“第一”,“第二”(如果存在)等詞語用來表示名稱,而並不表示任何特定的順序。 It is apparent to those skilled in the art that the present invention is not limited to the details of the above-described exemplary embodiments, and the present invention can be embodied in other specific forms without departing from the spirit or essential characteristics of the invention. Therefore, the embodiments are to be considered as illustrative and not restrictive, and the scope of the invention is defined by the scope of the appended claims rather than the description All changes that come within the meaning and range of equivalents of the scope of the invention are included in the invention. Any accompanying drawing marks in the scope of the patent application should not be construed as limiting the scope of the patent application involved. In addition, it is to be understood that the word "comprising" does not exclude other elements or steps. system A plurality of units or devices recited in the scope of the claims may also be implemented by a unit or device through software or hardware. Words such as "first" and "second" (if present) are used to denote a name and do not denote any particular order.
最後應說明的是,以上實施例僅用以說明本發明的技術方案而非限制,儘管參照較佳實施例對本發明進行了詳細說明,本領域的普通技術人員應當理解,可以對本發明的技術方案進行修改或等同替換,而不脫離本發明技術方案的精神和範圍。 It should be noted that the above embodiments are only for explaining the technical solutions of the present invention and are not intended to be limiting, and the present invention will be described in detail with reference to the preferred embodiments. Modifications or equivalents are made without departing from the spirit and scope of the invention.
Claims (19)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW106132683A TWI650658B (en) | 2017-09-22 | 2017-09-22 | Method and system for querying data through verification of identity and authorization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW106132683A TWI650658B (en) | 2017-09-22 | 2017-09-22 | Method and system for querying data through verification of identity and authorization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201816638A TW201816638A (en) | 2018-05-01 |
| TWI650658B true TWI650658B (en) | 2019-02-11 |
Family
ID=62949279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW106132683A TWI650658B (en) | 2017-09-22 | 2017-09-22 | Method and system for querying data through verification of identity and authorization |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI650658B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI766430B (en) * | 2020-11-10 | 2022-06-01 | 林庠序 | De-centralized data authorization control system capable of dynamically adjusting data authorization policy |
| TWI790985B (en) * | 2021-10-28 | 2023-01-21 | 市民永續股份有限公司 | Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system |
| TWI829218B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of indirectly transferring read token through third-party service subsystem |
| TWI829222B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing third-party service subsystem to provide accessible data list to data requester device |
| TWI829216B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of forwarding token request through third-party service subsystem |
| TWI829219B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of transferring read token from block chain subsystem to data requester device |
| TWI829217B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of flexibly adjusting data authorization policy |
| TWI829221B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of allowing data requestetr device to inspect correctness of data authorization policy stored in block chain subsystem |
| TWI829215B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token |
| TWI829220B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing smart contract to generate and transfer authorization token |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109063682A (en) * | 2018-08-28 | 2018-12-21 | 袁重玉 | A kind of method of Internet authentication authorization and data survey service |
| TWI691857B (en) * | 2018-11-30 | 2020-04-21 | 財團法人工業技術研究院 | Digital rights management system and digital rights protection method |
| CN114553432B (en) * | 2022-01-28 | 2023-08-18 | 中国银联股份有限公司 | Identity authentication method, device, equipment and computer-readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200424866A (en) * | 2002-12-19 | 2004-11-16 | Ibm | Method and system for peer-to-peer authorization |
| CN102546648A (en) * | 2012-01-18 | 2012-07-04 | Ut斯达康通讯有限公司 | Resource access authorization method |
| CN104255007A (en) * | 2011-09-29 | 2014-12-31 | 甲骨文国际公司 | Oauth framework |
| US20160337370A1 (en) * | 2015-05-13 | 2016-11-17 | Sony Computer Entertainment America Llc | Portable profile access token |
-
2017
- 2017-09-22 TW TW106132683A patent/TWI650658B/en active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200424866A (en) * | 2002-12-19 | 2004-11-16 | Ibm | Method and system for peer-to-peer authorization |
| CN104255007A (en) * | 2011-09-29 | 2014-12-31 | 甲骨文国际公司 | Oauth framework |
| CN102546648A (en) * | 2012-01-18 | 2012-07-04 | Ut斯达康通讯有限公司 | Resource access authorization method |
| US20160337370A1 (en) * | 2015-05-13 | 2016-11-17 | Sony Computer Entertainment America Llc | Portable profile access token |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI766430B (en) * | 2020-11-10 | 2022-06-01 | 林庠序 | De-centralized data authorization control system capable of dynamically adjusting data authorization policy |
| TWI829218B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of indirectly transferring read token through third-party service subsystem |
| TWI829222B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing third-party service subsystem to provide accessible data list to data requester device |
| TWI829216B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of forwarding token request through third-party service subsystem |
| TWI829219B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of transferring read token from block chain subsystem to data requester device |
| TWI829217B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of flexibly adjusting data authorization policy |
| TWI829221B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of allowing data requestetr device to inspect correctness of data authorization policy stored in block chain subsystem |
| TWI829215B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token |
| TWI829220B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing smart contract to generate and transfer authorization token |
| TWI790985B (en) * | 2021-10-28 | 2023-01-21 | 市民永續股份有限公司 | Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201816638A (en) | 2018-05-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI650658B (en) | Method and system for querying data through verification of identity and authorization | |
| US20240403871A1 (en) | System for verification of pseudonymous credentials for digital identities with managed access to personal data on trust networks | |
| US11777726B2 (en) | Methods and systems for recovering data using dynamic passwords | |
| US11210661B2 (en) | Method for providing payment gateway service using UTXO-based protocol and server using same | |
| JP6841911B2 (en) | Information protection systems and methods | |
| US20190295069A1 (en) | Systems and methods for integrating cryptocurrency wallet identifiers with digital certificates | |
| KR102116235B1 (en) | Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network | |
| US20220360446A1 (en) | Dynamic implementation and management of hash-based consent and permissioning protocols | |
| KR102118962B1 (en) | Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network | |
| CN107622210B (en) | Data query method and system for identity authentication and authorization certificate | |
| TWI650723B (en) | Asset certificate authorization query method and system | |
| AU2017225928A1 (en) | Systems and methods for distributed data sharing with asynchronous third-party attestation | |
| US12028458B2 (en) | Systems and methods for user identity | |
| KR102118935B1 (en) | Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network | |
| US20230418979A1 (en) | Data resolution using user domain names | |
| US20210056227A1 (en) | Privacy friendly decentralized ledger based identity management system and methods | |
| WO2023098769A1 (en) | Identity authentication method, electronic device and computer-readable storage medium | |
| CN111105235A (en) | Blockchain-based supply chain transaction privacy protection system, method and related equipment | |
| CN111079190A (en) | Block chain supply chain transaction hiding dynamic supervision system and method | |
| EP3883204B1 (en) | System and method for secure generation, exchange and management of a user identity data using a blockchain | |
| US20240113881A1 (en) | Authorized users and experiences authenticated/managed by non-fungible token (nft) ownership | |
| CN110992034A (en) | Supply chain transaction privacy protection system and method based on block chain and related equipment | |
| JP7222436B2 (en) | Security control method, information processing device and security control program | |
| EP4407498A1 (en) | Method for providing and verifying personal data | |
| KR102763726B1 (en) | Detailed access control system in cloud and permissioned blockchain environment and the method thereof |