[go: up one dir, main page]

CN116070273A - Personal data cross-network application program circulation method and system - Google Patents

Personal data cross-network application program circulation method and system Download PDF

Info

Publication number
CN116070273A
CN116070273A CN202310102668.6A CN202310102668A CN116070273A CN 116070273 A CN116070273 A CN 116070273A CN 202310102668 A CN202310102668 A CN 202310102668A CN 116070273 A CN116070273 A CN 116070273A
Authority
CN
China
Prior art keywords
network application
application program
personal data
digital identity
target user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202310102668.6A
Other languages
Chinese (zh)
Inventor
请求不公布姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Zhengbei Investment Co ltd
Original Assignee
Zhuhai Zhengbei Investment Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Zhengbei Investment Co ltd filed Critical Zhuhai Zhengbei Investment Co ltd
Priority to CN202310102668.6A priority Critical patent/CN116070273A/en
Publication of CN116070273A publication Critical patent/CN116070273A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a method and a system for transferring personal data across network application programs, wherein the method comprises the steps that a first network application program sends request information for acquiring the personal data of a target user to a second network application program; the second network application program sends second digital identity information and request information for acquiring personal data of the target user to the digital identity authentication server, and the digital identity authentication server sends request information for checking the identity of the user and an authorization request to the digital identity carrier device corresponding to the target user; the digital identity carrier device acquires identity authentication data, and returns an authentication result to the digital identity authentication server when the identity authentication data passes the verification; the digital identity authentication server checks the authentication result, for example, the authentication result sends the digital identity authentication result and the authorization result of personal data acquisition to the second network application program through the check. The invention also provides a system for realizing the method. The invention can avoid the excessive collection of personal data.

Description

Personal data cross-network application program circulation method and system
Technical Field
The invention relates to the technical field of personal data security, in particular to a personal data cross-network application program circulation method and a system for realizing the method.
Background
With the rapid development of internet technology, users are gradually used to finish various operations, transacting business and acquiring service on line. The internet technology brings convenience to users for handling business and brings potential safety hazards to the users, for example, personal data of the users can be leaked due to circulation among network application programs.
For example, a user often needs to register or log in when using a web application, and the web application typically collects personal data of the user, such as the name of the user, the phone number, the birth year and month, the current geographical location of the user, and so on. When a user uses a web application program, a cross-application personal data flow operation is often needed, for example, the user currently uses the current web application program to browse information, when the user clicks a link for browsing a page, the user jumps to another web application program, and if the user wants to browse the page in the other web application program, the user is often required to register or log in the other web application program. In order to avoid a user entering a lot of information in another network application, the other network application will typically obtain personal data of the user from the current network application, such as obtaining a head portrait, a nickname of the user, even obtaining a mobile phone number of the user, a current geographical location, etc. At this time, the user personal data is circulated between two different network applications by involving the circulation of the user personal data across the network applications, i.e., the user personal data is acquired from the current network application by another network application.
Because it is often difficult for a user to control the range of personal data that flows across the web application, for example, it is often difficult for a user to manage which personal data is acquired by another web application, how the acquired personal data is used, etc., leakage of personal data of the user is very likely to be caused. The existing personal data flow method of the cross-network application program has the following defects: firstly, currently, most network application programs take real name identity information (such as an identity card number and a mobile phone number) of a user as identification when realizing personal data sharing circulation of the user across the network application programs, so that user identification across the network application programs is realized. Secondly, because a method or a mechanism for users to intensively inquire and manage the personal data cross-network application flow records is lacking at present, the users cannot effectively manage the personal data of the users, and the phenomenon that the personal data is flowed across the network application programs and the users do not feel and the personal data is provided beyond the required range easily occurs.
Disclosure of Invention
It is a first object of the present invention to provide a method of personal data cross-web application streaming that effectively avoids excessive collection of user personal data.
The second object of the present invention is to provide a personal data cross-web application program circulation system for implementing the personal data cross-web application program circulation method.
In order to achieve the first object, the present invention provides a method for transferring personal data across web applications, including a first web application sending request information for obtaining personal data of a target user to a second web application; the second network application program sends second digital identity information and request information for acquiring personal data of the target user to the digital identity authentication server, and the digital identity authentication server identifies the target user according to the second digital identity information and sends request information for checking the identity of the user and an authorization request to a digital identity carrier device corresponding to the target user; the digital identity carrier device acquires identity authentication data and checks the acquired identity authentication data, and if the identity authentication data passes the check, an authentication result and an authorization signature value are returned to the digital identity authentication server; the digital identity authentication server checks the authentication result, if the authentication result passes the check, the digital identity authentication result and the authorization result of personal data acquisition are sent to the second network application program, the second network application program sends first digital identity information of the target user to the first network application program through the digital identity authentication server, personal data of the target user is sent to the first network application program, and the first network application program matches the personal data of the target user with the first digital identity information.
According to the scheme, when the first network application program needs to acquire the personal data of the target user from the second network application program, the target user needs to use the digital identity carrier device for authentication, the digital identity authentication server sends the first digital identity information used by the first network application program of the target user character to the first network application program, and the second network application program sends the personal data of the target user to the first network application program, so that the first network application program can be prevented from directly acquiring sensitive information such as the name and the mobile phone number of the target user, and the personal data is prevented from being excessively acquired.
In addition, because the circulated personal data is authorized by the target user, that is, the target user knows that the second network application program is collecting the personal data when using the digital identity carrier device for authentication, the target user cannot be collected without knowledge, once the target user finds that the personal data collected by the first network application program exceeds the stated range, the target user can refuse to perform authentication, and the first network application program can be prevented from collecting the personal data in an out-of-range mode.
In a preferred embodiment, after the second network application transmits the personal data of the target user to the first network application, the second network application further performs: at least one of the digital authentication server, the first network application and the second network application transmits personal data sharing operation record information to the personal data management platform.
It can be seen that once the first network application collects the personal data of the target user, the target user can check the condition of the personal data collected by the first network application through the personal data management platform, so as to monitor whether the first network application uses the personal data in an out-of-range mode or not in the future.
The further scheme is that the sending of the personal data sharing operation record information to the personal data management platform at least comprises one of the following: the first network application program name, the second network application program name, the range and the purpose of personal data of the target user, the time when the second network application program sends the personal data of the target user to the first network application program, and the authorization signature value.
It can be seen that the target user can check the collected condition of the personal data, especially the range and the purpose of the personal data through the personal data management platform, so as to supervise whether the first target application program uses the personal data beyond the range.
Further, the verifying the authentication result by the digital identity authentication server includes: the digital identity carrier device encrypts the authentication result by using a private key, and the digital identity authentication server decrypts the authentication result by using a public key; if the digital identity authentication server can decrypt the authentication result by using the public key, the authentication result is confirmed to pass verification.
Therefore, the authentication result can be checked quickly and simply by encrypting and decrypting the data by using the preset public key and private key.
The second network application program sends the first digital identity information of the target user to the first network application program through the digital identity authentication server, and also sends the first data association information; the second network application program also transmits second data association information when transmitting personal data of the target user to the first network application program; the first network application matches the first digital identity information with personal data of the target user based on the first data association information and the second data association information.
In general, the first data association information and the second data association information are the same association information or are corresponding association information, and the first network application program can quickly match the first digital identity information with the personal data of the target user according to the first data association information and the second data association information, so that the acquisition of the personal data of the target user is completed.
The further scheme is that the first data association information and the second data association information are service data hash values or data service serial numbers.
Therefore, the first data association information and the second data association information are characterized by calculating the hash value of the service data, the uniqueness of the hash function calculation result is utilized to enable the uniqueness of the first data association information and the second data association information, and the error matching of the first digital identity information and the personal data of the target user is avoided.
Further, the first network application program sends request information for acquiring personal data of the target user to the second network application program, wherein the request information comprises: the acquired personal data range and the application.
The request information of the first network application program limits the acquired personal data range and the application, and the target user can know the acquired personal data range and the application of the first network application program when authorized, so that the collected personal use can be effectively monitored.
In order to achieve the second objective, the personal data cross-web application circulation system provided by the present invention includes a first web application, a second web application, a digital authentication server, and a digital identity carrier device: the first network application program is used for sending request information for acquiring personal data of the target user to the second network application program; the second network application program is used for sending second digital identity information and request information for acquiring personal data of the target user to the digital identity authentication server, and the digital identity authentication server identifies the target user according to the second digital identity information and sends verification user identity request information and an authorization request to a digital identity carrier device corresponding to the target user; the digital identity carrier device is used for acquiring identity authentication data and checking the acquired identity authentication data, and if the identity authentication data passes the check, an authentication result and an authorization signature value are returned to the digital identity authentication server; the digital identity authentication server is used for checking the authentication result, if the authentication result passes the check, the digital identity authentication result and the authorization result of personal data acquisition are sent to the second network application program, the second network application program sends the first digital identity information of the target user to the first network application program through the digital identity authentication server, the personal data of the target user is sent to the first network application program, and the first network application program matches the personal data of the target user with the first digital identity information.
Drawings
FIG. 1 is a block diagram of an embodiment of a personal data cross-web application streaming system of the present invention.
Fig. 2 is a first portion of a flow chart of an embodiment of a personal data cross-web application streaming method of the present invention.
FIG. 3 is a second portion of a flow chart of an embodiment of a method of personal data cross-web application streaming of the present invention.
The invention is further described below with reference to the drawings and examples.
Detailed Description
According to the personal data cross-network application program circulation method, the digital identity of the target user is converted through the digital identity authentication server, and when the first network application program acquires the personal data, the target user is required to use the digital identity carrier device to carry out identity authentication, and the personal data can be transmitted to the first network application program only after the identity authentication, so that the target user can know the collection condition of the personal data, and the use range of the personal data can be conveniently managed and controlled in the future.
Personal data across web application streaming system embodiments:
referring to fig. 1, the present embodiment is applied between a plurality of network applications, specifically, includes a network application 11 as a first network application and a network application 12 as a second network application, where the network application 11 is a network application that needs to obtain personal data of a target user, and the network application 12 is a network application that sends personal data of the target user. In this embodiment, the client of the web application 11, 12 may run on a smart terminal, for example, a client APP of the web application 11, 12 is installed on a smart phone, and the user may make shopping, chat, etc. through the web application 11, 12.
The network applications 11, 12 each interact with the digital identity authentication server 13, where the digital identity authentication server 13 is a public server that manages the digital identities of multiple users, for example, a user may register on the digital identity authentication server 13 and obtain the digital identities, the user needs to register on the digital identity authentication server 13 by means of real name authentication, the digital identity authentication server 13 sets the digital identities of the respective network applications for the user, for example, the user sets a digital identity in the network application 11, where the digital identity is ID-a, sets another digital identity in the network application 12, where the digital identity is ID-B, and so on, each digital identity may be an identity, i.e. an ID number.
This embodiment requires the target user 15 to be authenticated and authorized by the digital identity carrier device 14. The digital identity carrier device 14 is a small-sized security device, and a security chip is arranged in the digital identity carrier device, and a security chip operating system is operated on the security chip and is used for realizing the functions of security storage, encryption and decryption operation, interaction and the like of data. The encryption and decryption algorithm can be implemented by a known algorithm, such as a public cryptographic algorithm, a commercial cryptographic algorithm, and the like. The digital identity carrier device 14 may receive the identity authentication data input by the target user 15, where the identity authentication data may be biometric data such as a fingerprint, an iris, or the like, or may be a password preset by the target user 15, and the digital identity carrier device 14 may verify the received identity authentication data, for example, to verify whether the received fingerprint data is consistent with the pre-stored fingerprint data, and return an authentication result.
In addition, the personal data cross-web application circulation system may further provide a personal data management platform, which may receive personal data sharing operation record information sent by one or more of the digital authentication server 13, the web application 11, or the web application 12.
Personal data cross-network application program circulation method embodiment:
the flow of the personal data cross-web application circulation method is described below with reference to fig. 2 and 3. First, when the user uses the web application 11, if the web application 11 needs to acquire the personal data of the target user 15 from another web application, for example, the web application 12, step S1 is performed, and the web application 11 transmits request information for acquiring the personal data of the target user 15 to the web application 12. Preferably, the request information for acquiring the personal data of the target user 15 sent by the network application 11 includes the acquired personal data range, the application, and the like, where the personal data range is specific content of the acquired personal data, for example, the mobile phone number of the target user 15, the current geographical location, the browsing record, the purchasing record, and the like of the target user 15 on the network application 11, and the application of the personal data is how to use the personal data after the network application 11 acquires the personal data, for example, recommending a commodity to the target user 15 by using the personal data, sending a short message, and the like.
Also, the request information sent by the web application 11 to the web application 12 also includes a unique identification of the target user in the web application 12, such as a user identification number, nickname, etc. of the target user 15 in the web application 12.
After receiving the request information of the web application 11, the web application 12 performs step S2 to transmit the second digital authentication information ID-B registered by the target user 15 on the digital authentication server 13 and the request information for acquiring the personal data of the target user 15 to the digital authentication server 13. Since the target user 15 has registered, in advance, the digital identity information used by the plurality of network applications 11, 12 on the digital authentication server 13, the network application 12 registers the second digital identity information of the target user 15.
After receiving the request information for acquiring the personal data of the target user 15 sent by the network application 12, the digital authentication server 13 performs step S3, and identifies the identity of the target user 15 according to the second digital identity information ID-B sent by the network application 12. Since the digital identity authentication server 13 records the digital identity information of the target user 15 in advance in the respective network application programs 11, 12, the identity of the target user 15 can be determined by only acquiring which network application program the currently received digital identity information is transmitted by and knowing the specific digital identity information.
The digital identity authentication server 13 then sends request information to verify the identity of the user to the digital identity carrier device 14 corresponding to the target user and sends a request to authorize this data flow behaviour. Each target user 15 uses his own digital identity carrier device 14, each digital identity carrier device 14 being provided with a communication module, e.g. a bluetooth module or a WIFI module, the digital identity authentication server 13 may send request information for verifying the user identity to the digital identity carrier device 14 via the network.
Next, the digital identity carrier device 14 needs to verify the identity of the target user 15, specifically, step S5 is performed, and the digital identity carrier device 14 sends information requesting to obtain the identity authentication data and authorization signature of the target user 15. For example, the digital identity carrier device 14 is provided with a display screen, and the range and purpose of the current data stream are displayed on the display screen, and the user can input a fingerprint or password after agreeing to authorization. Alternatively, the digital identity carrier device 14 is provided with a speaker through which the relevant information is broadcast.
After receiving the prompt information, the target user 15 performs step S5 to input the identity authentication data to the digital identity carrier device 14. For example, the digital identity carrier device 14 is provided with a fingerprint acquisition module for receiving fingerprint data input by the target user 15, or the digital identity carrier device 14 is provided with an iris acquisition module for receiving iris data input by the target user 15, or the digital identity carrier device 14 is provided with a password keyboard for receiving a password input by the target user 15.
Next, the digital identity carrier device 14 performs step S6 to verify the identity authentication data input by the target user 15. Since the digital identity carrier device 14 stores the identity authentication data recorded by the target user 15 in advance, after the digital identity carrier device 14 receives the identity authentication data input by the target user 15, the received identity authentication data is compared with the identity authentication data stored by the digital identity carrier device 14 itself, so as to determine whether the identity authentication data input by the target user 15 passes the verification. If the identity authentication data received by the digital identity carrier means 14 is consistent with the pre-stored identity authentication data, the identity authentication data is confirmed to pass the verification, otherwise, the identity authentication data is confirmed to not pass the verification. If the verification is not passed, a prompt is issued, for example, the digital identity carrier unit 14 outputs a prompt that the verification is not passed through a display or speaker.
If the digital identity carrier means 14 confirms that the identity authentication data passes the verification, step S7 is performed, and an authentication result and an authorization signature value are returned to the digital identity authentication server 13. For example, the digital identity carrier device 14 encrypts the authentication result using a preset private key, and the authentication result that the digital identity carrier device 14 transmits to the digital identity authentication server 13 is the encrypted data. Also, the digital identity carrier device 14 will produce an authorization signature that is generated by the security chip in the digital identity carrier device 14 and may be calculated using a hash algorithm such that the authorization signature is not the same for each transmission.
Then, the digital authentication server 13 performs step S8 to verify the received authentication result. Specifically, the digital identity authentication server 13 stores a public key that matches the private key used by the digital identity carrier device 14, decrypts the authentication result using the public key, and if the authentication result can be correctly decrypted using the public key, it indicates that the authentication result is an untampered authentication result, and confirms that the authentication result passes verification. If the public key cannot be used for correct decryption, the authentication result may be tampered, and at this time, the digital identity authentication server 13 confirms that the authentication of the digital identity fails to verify.
If the authentication result sent by the digital identity authentication server 13 to the digital identity carrier device 14 is verified successfully, step S9 is performed to send the digital identity authentication result and the authorization result for personal data acquisition to the network application 12. Since the authentication result of the confirmation target user 15 is verified, the transmission of the digital authentication result to the web application 12 is the result of successful authentication. And, the result of the authorization is that the target user 15 agrees to authorize the network application 12 to transmit the authorization information of the personal data to the network application 11.
Then, the web application 12 performs step S10 of transmitting the first digital identity information ID-a of the target user 15 to the web application 11 through the digital authentication server 13. Specifically, the network application 12 first sends a digital identity conversion request to the digital identity authentication server 13, that is, converts the second digital identity information ID-B used by the network application 12 into the first digital identity information ID-a used by the network application 11. After receiving the conversion request, the digital authentication server 13 converts the digital identity information. Since the digital authentication server 13 stores digital identity information used by the target user 15 in a plurality of network applications, the digital authentication server 13 can quickly acquire the first digital identity information ID-a used by the target user 15 in the network application 11 after determining the identity of the target user. Finally, the digital authentication server 13 sends the first digital identity information ID-a to the network application 11.
Preferably, when the first digital identity information ID-a of the target user 15 is transmitted to the network application 11, first data association information is also transmitted, for example, the first data association information is a service data hash value or a data service serial number, and if the first data association information is a service data hash value, the hash value is generated using a hash function, and the uniqueness of the hash value generated each time is ensured.
Also, the web application 12 executes step S11 to transmit the personal data of the target user 15, that is, the personal data requested to be acquired by the web application 11 in step S1, to the web application 11. Preferably, when the network application 12 sends personal data to the network application 11, second data association information is also sent, and the second data association information is also a service data hash value or a data service serial number. If the first data-associated information is a traffic data hash value, the second data-associated information is also a traffic data hash value, and the two traffic data hash values are corresponding. If the first data-associated information is a data traffic sequence number, the second data-associated information is also a data traffic sequence number, and the value of the sequence number of the first data-associated information is equal to that of the second data-associated information.
Next, the network application 11 performs step S12 of matching the personal data of the target user 15 with the first digital identity information ID-a, specifically, matching the first digital identity information ID-a with the personal data of the target user 15 according to the first data association information and the second data association information. Since the first data-associated information and the second data-associated information are correlated with each other, the web application 11 can accurately match the first digital identity information ID-a with the personal data of the target user 15, thereby acquiring the personal data of the target user 15.
Finally, one or more of the digital authentication server 13, the network application 11, and the network application 12 transmits the personal data sharing operation record information to the personal data management platform, wherein the transmitted personal data sharing operation record information includes at least one of the following: the name of the web application 11 or 12, the range and use of the personal data of the target user, the time when the web application 12 transmits the personal data of the target user 15 to the web application 11, the authorization signature value, and the like.
In this way, the target user 15 can monitor the use of personal data by the network application 11 by checking the authorized use of personal data including the range of personal data authorized for use by the network application 11, the use, and the like through the personal data management platform. It can be seen that the target user 15 can timely learn about the use condition of personal data.
In addition, the identity of the target user is controlled by the digital identity authentication server 13 between the network application 11 and the network application 12, that is, the digital identity authentication server 13 converts the second digital identity information ID-B into the first digital identity information ID-a, so that the network application 11 does not contact sensitive personal information of the target user 15, and the security of personal data can be effectively protected. The invention also can avoid a plurality of network application programs to connect the personal data in series, and further collect the personal data.
Finally, it should be emphasized that the foregoing is merely a preferred embodiment of the present invention, and is not intended to limit the invention, but rather that various changes and modifications can be made by those skilled in the art without departing from the spirit and principles of the invention, and any modifications, equivalent substitutions, improvements, etc. are intended to be included within the scope of the present invention.

Claims (10)

1. A method for personal data across-network application program streaming, comprising:
the first network application program sends request information for acquiring personal data of a target user to the second network application program;
the method is characterized in that:
the second network application program sends second digital identity information and request information for acquiring personal data of a target user to a digital identity authentication server, and the digital identity authentication server identifies the target user according to the second digital identity information and sends request information for checking the identity of the user and an authorization request to a digital identity carrier device corresponding to the target user;
the digital identity carrier device acquires identity authentication data and checks the acquired identity authentication data, and if the identity authentication data passes the check, an authentication result and an authorization signature value are returned to the digital identity authentication server;
and if the authentication result passes the verification, the digital identity authentication server sends a digital identity authentication result and an authorization result for acquiring personal data to the second network application program, the second network application program sends first digital identity information of the target user to the first network application program through the digital identity authentication server, and sends personal data of the target user to the first network application program, and the first network application program matches the personal data of the target user with the first digital identity information.
2. The personal data cross-web application circulation method of claim 1, wherein:
after the second network application program sends the personal data of the target user to the first network application program, the second network application program further executes:
at least one of the digital identity authentication server, the first network application program and the second network application program sends personal data sharing operation record information to a personal data management platform.
3. The personal data cross-web application circulation method of claim 2, wherein:
the sending of the personal data sharing operation record information to the personal data management platform comprises at least one of the following: the first network application program name, the second network application program name, the range and the purpose of personal data of the target user, the time when the second network application program sends the personal data of the target user to the first network application program, and the authorization signature value.
4. A personal data cross-web application streaming method according to any of claims 1 to 3, wherein:
the verifying the authentication result by the digital identity authentication server comprises the following steps: the digital identity carrier device encrypts an authentication result by using a private key, and the digital identity authentication server decrypts the authentication result by using a public key;
and if the digital identity authentication server can decrypt the authentication result by using the public key, confirming that the authentication result passes verification.
5. A personal data cross-web application streaming method according to any of claims 1 to 3, wherein:
the second network application program sends first digital identity information of the target user to the first network application program through the digital identity authentication server, and also sends first data association information;
the second network application program also transmits second data association information when transmitting the personal data of the target user to the first network application program;
the first network application program matches the first digital identity information with the personal data of the target user according to the first data association information and the second data association information.
6. The personal data cross-web application circulation method of claim 5, wherein:
the first data association information and the second data association information are service data hash values or data service serial numbers.
7. A personal data cross-web application streaming method according to any of claims 1 to 3, wherein:
the first network application program sends request information for acquiring personal data of a target user to the second network application program, wherein the request information comprises the following steps: the acquired personal data range and the application.
8. The personal data cross-network application program circulation system is characterized by comprising a first network application program, a second network application program, a digital identity authentication server and a digital identity carrier device:
the first network application program is used for sending request information for acquiring personal data of a target user to the second network application program;
the second network application program is used for sending second digital identity information and request information for acquiring personal data of a target user to a digital identity authentication server, and the digital identity authentication server identifies the target user according to the second digital identity information and sends verification user identity request information and an authorization request to a digital identity carrier device corresponding to the target user;
the digital identity carrier device is used for acquiring identity authentication data, checking the acquired identity authentication data, and returning an authentication result and an authorization signature value to the digital identity authentication server if the identity authentication data passes the check;
the digital identity authentication server is used for checking the authentication result, if the authentication result passes the check, the digital identity authentication result and the authorization result of personal data acquisition are sent to the second network application program, the second network application program sends first digital identity information of the target user to the first network application program through the digital identity authentication server, personal data of the target user is sent to the first network application program, and the first network application program matches the personal data of the target user with the first digital identity information.
9. The personal data cross-web application circulation system of claim 8, wherein:
the system also comprises a personal data management platform, wherein the personal data management platform is used for receiving personal data sharing operation record information sent by at least one of the digital identity authentication server, the first network application program and the second network application program.
10. The personal data cross-web application circulation system of claim 9, wherein:
the personal data sharing operation record information at least comprises one of the following: the first network application program name, the second network application program name, the range and the purpose of personal data of the target user, the time when the second network application program sends the personal data of the target user to the first network application program, and the authorization signature value.
CN202310102668.6A 2023-02-08 2023-02-08 Personal data cross-network application program circulation method and system Withdrawn CN116070273A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310102668.6A CN116070273A (en) 2023-02-08 2023-02-08 Personal data cross-network application program circulation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310102668.6A CN116070273A (en) 2023-02-08 2023-02-08 Personal data cross-network application program circulation method and system

Publications (1)

Publication Number Publication Date
CN116070273A true CN116070273A (en) 2023-05-05

Family

ID=86181707

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310102668.6A Withdrawn CN116070273A (en) 2023-02-08 2023-02-08 Personal data cross-network application program circulation method and system

Country Status (1)

Country Link
CN (1) CN116070273A (en)

Similar Documents

Publication Publication Date Title
US10554420B2 (en) Wireless connections to a wireless access point
CN110324276B (en) Method, system, terminal and electronic device for logging in application
US10305902B2 (en) Two-channel authentication proxy system capable of detecting application tampering and method therefor
US10615974B2 (en) Security authentication system for generating secure key by combining multi-user authentication elements and security authentication method therefor
CN107181714B (en) Verification method and device based on service code and generation method and device of service code
US20150208238A1 (en) Terminal identity verification and service authentication method, system and terminal
CN104412273A (en) Method and system for activation
US10615975B2 (en) Security authentication method for generating secure key by combining authentication elements of multi-users
JP2001186122A (en) Authentication system and authentication method
US20140013116A1 (en) Apparatus and method for performing over-the-air identity provisioning
US20200259815A1 (en) User enrollment and authentication across providers having trusted authentication and identity management services
KR102481213B1 (en) System and method for login authentication processing
CN106656955A (en) Communication method and system and user terminal
CN114257410A (en) Identity authentication method and device based on digital certificate, and computer equipment
JP5665592B2 (en) Server apparatus, computer system, and login method thereof
KR102053993B1 (en) Method for Authenticating by using Certificate
CN116070273A (en) Personal data cross-network application program circulation method and system
CN104683977A (en) Management method and management device of service data
CN118381626B (en) Inter-application authentication method, device and readable storage medium
CN110225515B (en) Authentication management system, method and device
KR101510473B1 (en) Method and system of strengthening security of member information offered to contents provider
CN116956257A (en) Data authorization management method and device, electronic equipment and storage medium
JP2014045233A (en) Electronic certificate issuing method
CN119966677A (en) Joint login method and login device based on national secret algorithm
CN116436677A (en) Data transmission method and device and terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20230505