WO2015035907A1

WO2015035907A1 - Databox system for data exchanges and service acquirement and sensing, and operation method thereof

Info

Publication number: WO2015035907A1
Application number: PCT/CN2014/086202
Authority: WO
Inventors: 任浙东
Original assignee: 杭州万格网络科技有限公司
Priority date: 2013-09-10
Filing date: 2014-09-10
Publication date: 2015-03-19
Also published as: CN103442084B; CN103442084A

Abstract

The present invention relates to the technical field of networking, and specifically a mail-type and directory-type databox system for data exchanges and service acquirement and sensing. Provided is an effective directory-type navigation service that integrates different services so as to provide more convenient and rapid services to users. Data exchanges are enabled via e-mail exchanges between mailboxes, and directory service is provided to users using IVR voice commands. A uniform method is provided to enable data exchanges between service providers, between service providers and users, and between users. While individuals and enterprises utilize and provide services, data is transmitted and received like e-mails, and the data also seamlessly interacts with the private clouds or business systems of the individuals and enterprises. Directory-type navigation service and interactive response-type services are provided to users. The three aspects described above integrate services and data on different service provider systems for users.

Description

Data box system for exchanging data, acquiring and sensing services and using method thereof

Technical field

The invention belongs to the technical field of networks, and specifically relates to a data box system for mailing and directory exchange data, acquiring and sensing services and a using method thereof.

Background technique

With the rapid development of the mobile Internet and the advent of the cloud computing era, users enjoy the cloud services while using smart devices such as mobile phones. However, users' data is scattered in the systems of various service providers and cannot be effectively integrated. Together; the inflexibility and inconvenience of finding and using service providers through smart devices such as mobile phones, there is an urgent need for a more efficient way to provide directory-based navigation services; and how individuals and businesses can use themselves while providing and providing services. The private cloud and business system interact, lacking an effective method; whether each service provider can exchange data for users through a unified method.

Summary of the invention

In order to solve the above problems, the present invention provides a data box system capable of effectively providing a directory-type navigation service, integrating different services, exchanging data, acquiring and sensing services, and using the same. Provide users with more convenient and fast service.

a data box system for exchanging data, acquiring and sensing services, characterized by including a service provider and a user,

among them,

The service provider provides a data box for each user or service provider and provides at least one data box address for each data box;

The user or service provider uses the client or logs into its own data box, specifies the address of the data box of itself or the other party, and exchanges data, acquisition and sensing services with the specified data box through a commonly adhered protocol.

The service provider is multiple, the service provider implements a trust relationship through a digital certificate or an RSA/DES/HASH security algorithm or a password, or establishes a trust relationship by trusting a service provider, and the users or service providers of different service providers themselves Data exchange, acquisition and awareness services are provided through data box addresses provided by different service providers.

The user or the service provider can bind the data box address to the account provided by the trust service provider, and select the policy setting whether to disclose all or several of the bound data box addresses, thereby facilitating other users or service providers to pass the The account gets these data box addresses.

The user or service provider can log in to the data box through the portal provided by the service provider or through the client.

Any client that can access the data box can exchange data, acquire and sense services with the data box, which is a system, software or program.

The data box system provides a directory for each data box that describes the service.

The service is a service program that extends the data box system with other systems, software, or programs.

The service program is extended or attached to the data box through an adapter, and is configured or dynamically registered to the directory of the data box description service.

The services include: mailbox service, message service, chat or message service, status notification service, data management and statistical analysis or chart service, e-commerce or shopping or group purchase service, online survey service, question and answer service, web navigation service, network Disk or archive service, document service, File conversion services such as format conversion or compression or download or thumbnail or file services, pages or components or applications or files or photo albums, subscription and publishing services such as RSS, advertising services, blogs or microblogging services, encyclopedia services, post bar services, forums Internet services such as services, chat dating, video and audio services, financial or news information services, pictorial services, dictionary services, translation services, custody services, directory services, tracing or donation services, online mediation and rental services, gaming services , collaborative office management services, collaborative development services, remote control services, mobile phones or SMS or MMS or contacts or voice or office services, photo services, voice services, review and comment services, template services, consulting or design or carpooling or Life services such as lottery or recharge or repayment or payment, print service, online payment service, business opportunity service, anti-virus service, search service, desktop service, travel plan or cloud application service such as CRM or Invoicing, distance education service, teleconference Service, telemedicine service, voicemail service, meter Services, storage services, sensor services, mapping and remote sensing services, location services, virtual reality service, enhance one or more real service.

The extended format of the data box address is a data box address/service name/sub-service name/..., and the data box system quickly locates the service program to process the request according to the extended format of the data box address.

One request and response data in the data box is called a data piece, and the data box system stores the data of each transmission and response in a format and saves it.

A data piece is composed of two parts of data transmitted and responded. The two parts of the data content include one or more of a directory service, a service-related data message, and a UI interface-related data Ui, or none of them. The data content of the response part contains the data that Status describes the response status.

In addition, the present invention also provides a method of using a data box system for exchanging data, acquiring and sensing services.

A method for using a data box system for exchanging data, acquiring and sensing services, comprising: the following steps:

1. The user logs in to his or her own data box, or through the client, which includes the service provider himself;

2. The user specifies the data box address of the other party, and the other party refers to himself, other users or service providers;

3. The data box system or client where the user data box is located resolves the address of the other party's data box, and sends a service request to the data box system where the other data box is located, and if it is the data box system or client where the user data box is located, When the data file function is stored locally, the data of the service request is saved to the user's data box or the client local;

4. After receiving the request, the data box system where the other party's data box is located first confirms whether the received data box address is correct, and whether the user's identity is valid or trusted. If invalid or untrusted, according to the policy, whether to respond or not; receiving the service request Data and save it to the data box; the data box system where the other data box is located determines whether the data box system provides a service program for these service requests, and if so, runs these service programs for processing, and describes the directory status of the response status. The processing result, Ui and other data are sent to the data box system where the data box is located. Otherwise, the response status, directory service, UI and other data responses are directly sent to the data box system or client where the user data box is located; the data box; The response data will also be saved to the other party's data box;

5. The data box system or client where the user data box is located receives the response data, and if the data box system in which the user data box is located or the client has the function of locally storing data pieces, the response data is saved to the corresponding data piece. This is the process of completing this request and response.

The data box system identifies whether the sender identity is valid or trusted for the data item, and the user can check and manage the data pieces in the data box.

The data box system or client can provide the user with a UI interface for further selection of services and associated with the returned processing result data.

If the data piece contains data such as Services, Ui, or the UI program provided by the data box system for the data format, the user can Step 2-5 is started again according to the UI interface of the directory service and data, wherein the data box address specified in step 2 can be an extended format with a service name.

The step 2 includes: 1) the user specifies the account on the trusted service provider of the other party; 2) the data box system or the client where the user data box is located sends a request to the trusted service provider to find the data box address bound by the other party account 3) After obtaining the data box address bound to the other party's account, use the data box address specified by the other party's account by default, or the user directly selects the data box address.

The client can access the data box address of the other party without logging in, and the data box system where the data box of the other party is located directly confirms that the identity of the sender is unknown or untrusted, and selects whether the response is rejected according to the policy.

The client may use a trust token generated by the user's data box system and the other party's data box system for the user's appointment or dynamic interaction, and when the client holds the trust token to access the other party's data box, The identity of the data box owned by the user may be indicated, the trust token being a certificate issued by the data box system in which the user data box is located and the data box system of the other party, or a password, or a specific session cookie value.

The design idea of the system and the method is derived from the widely used electronic mailbox, IVR voice navigation and the like. Data exchange is realized by means of e-mail mail transmission, and the directory service is provided to users by means of IVR voice instruction work. The technical effects achieved are:

1. Provide a unified method for data exchange between service providers, between service providers and users, and between users and users;

2. While individuals and enterprises use and provide services, data is sent and received as mail, and these data can seamlessly interact with their own private cloud and business systems;

3, Provide a simple access method, combined with the data and its own private cloud, business system seamless interaction capabilities, to provide users with directory-based navigation services, interactive and responsive services, like IVR voice command button 1, button 2 ...and then press 1, button 2... intuitive and convenient;

4. Based on the above three points, the services and data that the user integrates on each service provider system.

DRAWINGS

Figure 1 A, B service providers establish a trust relationship.

Figure 2 A, B service provider establishes a trust relationship through C trust service provider.

Figure 3 A service provider's data box address.

Figure 4 The user owns the data box of the A service provider.

Figure 5 The user owns the account of the C trust service provider and binds multiple data box addresses.

Figure 6 shows the directory-based service provided by the data box address, which is similar in structure to IVR voice navigation.

Figure 7 Example of REST operation.

Figure 8 operating mechanism.

Figure 9 Extended data processing program.

Figure 10 Establish a trust relationship directly between service providers.

Figure 11 The trust relationship is established indirectly between the service providers through the trust service provider.

Figure 12 Directory Service UI interface.

Figure 13 Directory service photo photos UI interface.

Figure 14 Directory Service Photo Photo's "Latest Photos" user interface.

Figure 15 supports other service programs through adapter extensions.

Figure 16 Schematic diagram of the user's use of the data box.

Figure 17 Steps for the client to access the data box without logging in.

Figure 18 The mode in which the user uses the client's local storage.

Figure 19 Flowchart of the mode stored by the user using the other party's data box agent.

detailed description

The design idea of the DataBox data box stems from the widely used e-mail, IVR voice navigation and so on. The DataBox data box uses the method of “sending mail to the other party's email address or accessing its own mailbox to obtain mail” to obtain and exchange information with the sensing service, and the two parties exchange data with each other. At the same time, it provides catalogue-type convenient service in combination with the work similar to the IVR voice command. .

In the network, the e-mail can automatically receive e-mails sent by any e-mail address on the network, and can store electronic files in various formats such as a specified size. Its characteristics are that people can receive and send letters at any time, solve the limitations of time and space, greatly improve work efficiency, and provide great convenience for office automation and commercial activities.

IVR (Interactive Voice Response) is an interactive voice response. You only need to use the phone to enter the service center and listen to the mobile entertainment products according to the operation prompts. The related information can be played according to the content input by the user. IVR is available 24 hours a day, 7 days a week. IVR handles a large amount of day-to-day business for businesses without having to go through a business representative. Customers can input information to the enterprise host through button or voice selection, access various types of enterprise databases (through ODBC) within the allowed range, and self-service to obtain a variety of services, so that business representatives have more time to serve customers with special requirements.

The DataBox data box design is as follows:

2.1. Data box service provider, trust service provider

A service provider is provided for providing data box services. Considering the security of the transmitted data, the confidentiality, the certainty of the identity of the exchanged parties, the non-repudiation, and the non-modifiability, usually the service provider can realize the trust through digital certificates, RSA/DES/HASH security algorithms or passwords. Relationship (Figure 1). At the same time, it is also considered that there will be countless service providers on the huge Internet. Usually, service providers can establish trust relationships through trust service providers (Figure 2).

2.2. User

A service called a user who uses a data box service and at least one data box address is provided by the service provider. In the Internet, the format of the data item address emulates the email address (but different from the email address) can be: username! CPU name. For example, databox! Onegrid.cn. At the same time, the service provider itself also has a data box address (Figure 3), which can be:! Hostname, for example! Onegrid.cn. In addition, a user on the Internet usually has multiple data box addresses, such as databox! A service provider (Figure 4), databox! B service provider. In order to implement the functions of single sign-on and network ID card between the trust service providers, the user can apply for registration of an account at the trust service provider, and the account will bind these data box addresses to the user (Fig. 5).

2.3. Data box address

The service provider provides the data box service to the user through the data box system. These services are usually related to their own business, system functions or operational strategies. For example, a mail system operator can provide a mail service as a service provider, a blog system operator can provide a blog service as a service provider, an archive system operator can provide an archive service as a service provider, and an e-commerce enterprise can provide an e-commerce service as a service provider, etc. Wait. A service provider's data box system has at least one directory service. At the same time, these services form a tree directory. In order to facilitate users to quickly locate services, the data box address format can be extended to:

Data box address / service name / sub-service name / ···

For example (Figure 6):

Onegrid.cn service provider offers:

! Onegrid.cn/register provides registration services

! Onegrid.cn/product provides catalog service

! Onegrid.cn/product/databox provides data box product service

! Onegrid.cn! Product/databox/order provides ordering services for data box products

Where register, product, databox, and order are service names, and databox is the subservice name of product, and order is the subservice name of databox.

Databox! Onegrid.cn (user databox on onegrid.cn service provider)

Databox! Onegrid.cn/photos provides photo directory service

Databox! Onegrid.cn/photos/family provides home photo browsing service

Databox! Onegrid.cn/leaveword provides message service

Where photos, photos.family, leaveword are service names, and family is the sub-service name of photos

If the data box address does not carry any service name, it means that it points to a default directory service.

2.4. Data box data transfer protocol and format

The data transfer of the data box considers the widely used protocols such as HTTP(S) and S-HTTP, and refers to the design and development method of REST. Different from the design of the mailbox system:

First, it is not limited to data transfer between data boxes. Any client (system, software, program, etc.) that can access the data box can transfer data with the data box.

Second, the requested service name can be carried on the specified data box address.

Third, as the standard format of the email (RFC822), the data transmitted and responded to the data box is also in a standard format and is defined using XML (Marking Language). The XML is defined as follows:

Transmitted data format:

Description:

(1) Support group sending, CC, Bcc, reply, forwarding and other functions;

(2) Not all transmissions, there are Service, Message, UI and other parts. For example, when requesting to get the photo of the other party, you do not need to have the Service and UI parts; if you ask the other party to browse the photos I send, you often need the UI part to facilitate the other party to browse my photos; if you request the other party to use the service I provide , often need the Services section to facilitate browsing of directory-based services;

(3) Custom information is like a mailbox starting with X-.

The data format of the response:

Description:

(1) When the Code of Status is -1 (rejected), 0 (waiting for user confirmation), it does not respond to data such as Services, Message, UI, etc.; when the Code of Status is 0 (waiting for user confirmation), it indicates that the user can check and receive The data piece is manually responded to or replied to the piece; when the Status Code is 1 (allowed), not all of them respond to data such as Services, Message, UI, etc., and may respond to only one or more of them. For example, the data box service that sends the mail is only allowed to respond to the status;

(2) Custom information is like a mailbox starting with X-.

Fourth, unlike the mail system, the data box system can provide data processing programs for standard data format extensions. For example, for the mail service with the service /email, the mail processing program is provided to transfer the mail to the mailbox system; for the message service with the service /leaveword, the message processing program is provided to save the message to the website message system; for the service, /products/ The order message service provides an order processing program to save the order to the company's online sales system;

Fifth, referring to the style of REST development design (Figure 7), the REST URL specification for the data box service request is

HTTP(s)://hostname/username/servicename/servicename/...

At the same time, use a unified way (or method) GET, POST, PUT, DELETE to simply operate the service resources.

Applied to the data box, such as:

Data box address:! Onegrid.cn

Sixth, like the mail in the mailbox, called the data in the data box, also supports group sending, CC, Bcc, forwarding and other functions. That is to say, the format of the data piece is composed of two parts: transmission and response.

2.5. Working principle

2.5.1. When accessing the data box of a service provider or user, you must specify the address of the other party's data box, just as you must enter the email address of the other party when sending an email. At the same time, the data box can be accessed through the client software program as if the mailbox was accessed through the Foxmail client software.

2.5.2. Operating mechanism

First, the preparation stage. Access the client (system, software, program, etc.) of the data box, specify the address of the other party's data box, the service requested, and the data to be transmitted. Can provide users with a directory-based selection service, a form-based environment for writing data, or The system, software, programs, etc. are automatically generated according to requirements.

Second, the transmission phase. According to the data box address of the other party, the data is sent to the data box system of the service provider of the other party through the data transmission protocol through the network.

Third, the certification phase. After receiving the request from the service provider's data box system, first confirm whether the data box address specified by the sender is correct, and whether the sender's identity is valid (it is also possible to select whether to authenticate the sender according to the policy).

Fourth, the receiving phase. Receive data and save it to a data box (called a data piece). At the same time, it is judged whether the data box system provides a processing program for these data extensions, and if so, the programs are run for processing. Here, the user can set the policy of data reception according to the humanized configuration service provided by the data box system.

Fifth, the response phase. Finally, the received and processed result responses will be described to the client.

Specifically as shown in Figure 8.

A, confirm the data box address

Confirm that the requested data box address exists. If not, the response is rejected.

B, confirm the identity of the sender

A. If the sender does not log in to the data box service provider and the trust provider, send the request directly.

A.1. The data box system of the other service provider confirms that the identity of the sender is unknown or untrusted.

B. If the sender logs in to the data box service provider and sends a request

B.1. If the sender's data box service provider is the service provider, the sender's identity is confirmed to be trustworthy.

B.2. If the sender's data box service provider is a trusted service provider, the sender's identity can be trusted by the security technology trusted by both parties.

B.3. If the sender's data box service provider is an untrusted service provider, it is confirmed that the sender's identity is not trusted.

C. If the sender logs in to the trusted provider, then send the request

C.1. It is confirmed by the security technology between the service provider and the trust provider that the identity of the sender is credible.

D. If the sender uses the trust provider account to single sign in to the data box service provider and then send the request

D.1. If the sender's data box service provider is the service provider, the sender's identity is confirmed to be trustworthy.

D.2. If the sender sends the request in the role of the data box address, the sender identity process is the same as the B process.

D.3. If the sender sends a request by trusting the service provider's account role, the sender's identity can be trusted by the three-party trusted security technology. In addition, under certain application requirements, it is necessary to further confirm whether the account of the trust provider is trusted. The confirmation strategy can be selected as follows:

D.3.1. Access Trust The service provider verifies that the sender's data box address matches the account number. If it does not match, the sender's identity is forged and the response is rejected.

D.3.2. Access Trust The service provider verifies that the sender's data box service provider is the service provider that passes the authentication, and then confirms that the sender's identity is trusted. If not, the sender is required to manually verify that the current request is from the website under the trust provider's website domain, similar to the online shopping online payment process.

C. User's data receiving strategy The service provider data box system should provide a user-friendly configuration interface to facilitate the user to set the data receiving strategy. For example, in the use of the service provider data box system, a global policy can be set, or a special policy for providing a service provider's account for certain data box addresses or trusts. These policies may be that if the sender's identity is unknown or untrustworthy, the user must manually confirm and choose whether to adopt the same policy in the future; if the sender's identity is trusted, respond immediately, and so on.

D, extended data processing program

A data box system is different from a mail system, not just for receiving mail. More importantly, the data box and the service or service system provided by the service provider are usually connected. For example, the service provider provides the user with the hosting service of the website, then the user's data box can provide the external message service, and the message data from the data box is automatically processed into the message system of the website; the service provider sells the product and has the invoicing. System, then the service provider's data box can provide product ordering service to the outside, and the order from the data box is processed into the invoicing system automatically. As shown in Figure 9.

E, response results

Unlike the mailbox system, in order to ensure the continuity of the data box service and the interaction with the client, the response processing is usually real-time. Moreover, the data content of the response contains the result of the program processing in addition to the result of receiving the data.

2.5.3. Working process

In Figure 10 and Figure 11, user a registers and uses data box a at service provider s0.com and service provider s1.com respectively! S0.com, a! S1.com, user b registers with service provider s1.com and uses data box b! S1.com.

In Figure 11, user a registers account ca with the trusted service provider c and binds the data box a he uses! S0.com, a! S1.com, user b registers account cb with the trusted service provider c and binds the data box b he uses! S1.com.

In FIG. 10, a trust relationship is directly established between the service provider s0.com and the service provider s1.com. In FIG. 11, the service provider s0.com and the service provider s1.com establish a trust relationship indirectly through the trust service provider c.

User b accesses his own data box b! After s1.com, try to access user a's data box a! An example of the process of s0.com is as follows:

The first step is to specify the data box address a! S0.com

In the second step, the data box system s1.com is located to send a request for obtaining a directory service to the service provider s0.com where the target data box address is located. At the same time, the system will save this request to the data box.

A. The technology used in this solution is that the service provider s0.com uses REST to provide directory services.

REST defines a set of architectural principles that you can use to design system resources-centric Web services, including how clients written in different languages can process and transfer resource state over HTTP. If you consider the number of Web services that use it, REST has become the most important Web service design pattern in recent years.

The data box address of user a at the service provider s0.com is a! S0.com, then the service provider s1.com can think that the REST URL of the service provider s0.com is http://s0.com/a, method: GET.

B. The technology used in this scheme is based on the HTTPS protocol to achieve mutual trust authentication.

HTTPS (full name: Hypertext Transfer Protocol over Secure Socket Layer) is an HTTP channel for security purposes. It is simply a secure version of HTTP. That is, the SSL layer is added under HTTP, and the security foundation of HTTPS is SSL. The SSL protocol is located between the TCP/IP protocol and various application layer protocols to provide security support for data communication. The SSL protocol can be divided into two layers: the SSL Record Protocol: it is built on a reliable transport protocol (such as TCP) to provide basic functions such as data encapsulation, compression, and encryption for higher layer protocols. SSL Handshake Protocol: It is built on the SSL record protocol to authenticate the identity, negotiate encryption algorithms, and exchange encryption keys before the actual data transmission begins.

The workflow of the SSL protocol: 1) The client sends a start message "Hello" to the server to start a new session connection; 2) The server determines whether it needs to generate a new master key based on the customer information, and the server responds if needed The customer's "Hello" information will contain the information needed to generate the master key; 3) the client generates a master key based on the received server response information, and encrypts it with the server's public key and transmits it to the server; 4) Server The master key is restored and returned to the client with a message authenticated by the master key to allow the client to authenticate the server.

The service provider s1.com sends a request to the service provider s0.com, then the service provider s1.com is the client, and the service provider s0.com is the server. The service provider s1.com and the service provider s0.com perform an SSL handshake through digital certificates trusted by each other. In FIG. 10, digital certificates that are trusted to each other can be issued by the root certificate of the trusted service provider c (including the root certificate provided by the authority). Through this handshake, the authentication of the trust relationship is completed, and the service provider s0.com can also determine whether the identity of the sender is trustworthy.

Whether the identity of the sender is trustworthy, its role is to describe its credibility, so that users can define policies or processes. It is not entirely possible to believe that the request was sent by the sender himself. Because there are inevitably other risks, for example, the service provider s1.com actively spoofs, or is hacked, causing the identity of the user b to be falsified to try to access.

The following situations often require further authentication of the identity of the visitor.

1. Determine whether the identity of the sender can obtain more services or data than anonymous users or other member users;

2. Determine whether the sender's identity is a member of the system; (Currently many systems support single sign-on and use OAuth technology)

The OAUTH protocol provides a secure, open and easy standard for authorizing user resources. The difference from the previous authorization method is that the OAUTH authorization does not enable the third party to touch the user's account information (such as the user name and password), that is, the third party can apply for the user resource without using the user's username and password. Authorization, so OAUTH is safe.

3. Other possible situations

The technology adopted in this solution is consistent with the current mainstream single sign-on strategy. An authentication WEB page of the service provider s0.com is popped up, and the sender is informed to input more security information such as a picture verification code on this page. confirm.

In the third step, the service provider s0.com confirms whether the recipient's data box address exists, and confirms the identity of the sender, receives the requested data according to the policy, and runs the corresponding program to return data such as the directory service. At the same time, these received, responsive data will also be saved to the data box.

The default definition of the scheme to receive request data is:

For some services + for certain data box addresses + select allow, wait for user confirmation, reject policy

Among them, waiting for the user to confirm the policy means that the request response requires the user to manually respond, similar to the prompting strategy when the webpage loads some unknown or unsafe controls.

E.g:

Service: Directory Service

Target data box address: all

Strategy: Allow

Returns data such as directory services based on the standard format of the data box response data. The data for the directory service is as follows:

In the fourth step, the service provider s1.com receives the response data and saves the data to the corresponding data piece, which indicates the process of completing the request and response. In order to ensure the continuity of the data box service and the interaction with the client, the data box system usually provides the user with a UI interface for further selection of services. For example, if the user dials a voice call, the voice prompt presses the 1 button to obtain the photo service, and the 2 button to obtain the message service requires keyboard operation. See Figure 12 for an example.

In the fifth step, the user further selects the service, for example, the user presses the 1 button to obtain the photo service according to the voice prompt.

The sixth step is to run according to the first step to the fourth step. Only the data box address of this request has a service name, such as:

Data box address: a! S0.com/photos

REST URL: http(s)://s0.com/a/photos

Method: GET

At the same time, in the third step, data of the directory service, photos, and the like are returned according to the standard format of the data box response data.

The data for the directory service is as follows:

The photo data is as follows:

At the same time, the service provider s0.com provides UI data for the above data, as shown in the following example:

The above package is a form of the UI specification. It is a component for displaying the latest photos, similar to the controls on the web page. When the service provider's data box system does not have this component, it can be downloaded through the specified plugin path.

In the fourth step, the UI interface of the directory service is changed to the following example form of FIG.

For example, if the user dials the voice prompt and presses the 1 button, the voice prompts to press the 1 button to obtain the home photo service, and press the 2 button to obtain the personal photo service.

At the same time, the data box system of the service provider s1.com displays the operation interface shown in FIG. 14 according to the data data and the UI.

In the seventh step, the user can further select the service, for example, the user continues to press the button to obtain the service according to the voice prompt.

For example, see the specific photo of "Happy Home":

Data box address: a! S0.com/photos/family/f0

REST URL: http(s)://s0.com/a/photos/family/f0

Method: GET

Browse personal photos:

Data box address: a! S0.com/photos/person

REST URL: http(s)://s0.com/a/photos/person

Method: GET

and many more

In the eighth step, repeat the steps from step 1 to step 4.

2.6. The key basic functions of the data box system:

The key basic functions of the data box system are:

(1) providing the user with one or more data boxes, each data box having at least one data box address;

(2) Analyze the data box address and its extended format, and communicate with other data box systems, support sending data for the user, and support whether the received data box address is correct and the sender's identity is valid for each request. Or be trusted, and select responses based on policies, receive data, and save data pieces;

(3) Parsing the data format of the data piece transmission and response, and providing the user with a UI interface to achieve interactivity;

(4) Provide data storage function for each data box, and mark whether the identity of the sender is valid or trusted;

(5) Support users to log in to their own data box, and support users to manage data pieces in the data box;

(6) Provide a directory function for describing each service box and support different service directory data for different data box addresses and their extended format requests;

(7) Support to extend or hook other service programs, and support forwarding of service requests to the corresponding service program for processing and response, and (8) support for the extended service program configuration or dynamic registration to the directory of the data box description service;

(9) Support users to access the data box using the client

Here are a few key extensions:

(1) The function of generating a trust token for the client by interacting with other data box systems;

(2) The function of storing data pieces by the agent;

2.7. Extension support for other service programs

This solution uses an adapter to extend or hook up other service programs. The key role of the adapter is to achieve the conversion between the data piece and the data format required by the service program. The adapter is applied between the data box system and the service program, as shown in Figure 15.

When the service requests, the data box system sends the data transfer data to the adapter, and the adapter converts the data into the data required by the service program according to the format protocol, thereby satisfying the data processing needs of the service program.

After the service program is processed, the result data is converted into data piece response data by the adapter, and then the response service request is encapsulated by the data box system.

Typically, adapters are designed and developed based on service programs. Since the data piece format is a canonical protocol format, this solution can be extended to support any form of service program. Such as email services, message services, chat or messaging services, status notification services, data management and statistical analysis or charting services, e-commerce or shopping or group purchase services, online survey services, question and answer services, web navigation services, web or archive services, Document services, format conversion or file services such as compression or download or thumbnails, data sharing services such as pages or components or applications or files or photo albums, subscription and publishing services such as RSS, advertising services, blogs or microblogging services, encyclopedia services, post bars Services such as services, forum services, chat dating, online social services, video and audio services, financial or news information services, pictorial services, dictionary services, translation services, custody services, directory services, tracing or donation, public services, online mediation and rental services , game services, collaborative office management services, collaborative development services, remote control services, mobile phones or SMS or MMS or contacts or voice or office services, photo services, voice services, review and comment services, template services, consulting or design Or carpool or lottery or recharge or repayment or payment Such as life services, print services, online payment services, business opportunities, anti-virus services, search services, desktop services, travel plans or CRM or Invoicing cloud application services, distance education services, teleconferencing services, telemedicine services, voicemail Services, computing services, storage services, sensor services, maps and satellite remote sensing services, location services, virtual reality services, augmented reality services, and more.

The data box system provides a directory function that describes the service. These extended service programs are configured or dynamically registered to the directory of the data box description service.

2.8. Trust Service Provider Extension Application

In addition to establishing a trust relationship between the service provider s0.com and the service provider s1.com in the above process, the trust service provider c can also be extended to:

A. Single sign-on for user a and user b

The trust relationship between the trust service provider c and the service provider s0.com and the service provider s1.com is fully utilized, and after the users a and b log in to the trusted service provider c, the login to the service provider data box system is automatically switched.

At the same time, combined with OAuth technology, the service provider s0.com and the service provider s1.com use the account of the trusted service provider c to log in.

B. When user b accesses the data box of user a, the user A's data box address of the user a is replaced with "user a's account ca on the trusted service provider c". Because user a is likely to have a data box address on many service providers, and it is difficult to remember. Thus, the data box system can implement this functionality based on the services provided by the trusted service provider c.

The first step is to specify the account a of user a on the trusted service provider c.

In the second step, the data box system s1.com is located to send a request for the data box address bound by the account ca to the trusted service provider c.

Here, the service provider s1.com and the trusted service provider c can still perform handshake authentication via SSL, which is one. Second, user a can trust service provider c to set an account disclosure policy:

For certain data box addresses, some accounts + select public policy permission, wait for user confirmation, reject

As defined by default:

Data box address: all

Account: All

Strategy: Allow

In the third step, after obtaining the data box address, the default data box address specified by the user b account ca is preferred, and of course, the user b can select the data box address.

The fourth step is to follow the steps from step 1 to step 4 mentioned in the above 2.5.3. working process.

The default service provided by the data box

In order to better use the data box to serve and live, it should provide by default: mailbox, message, message, status notification and other services.

For example, user b can use the data box address a! S0.com:

Service Description: Email user a

Data box address: a! S0.com/email

REST URL: http(s)://s0.com/a/email

Method: POST

Service Description: Leave a message to the user

Data box address: a! S0.com/leaveword

REST URL: http(s)://s0.com/a/leaveword

Method: POST

Service Description: Send a message to user a

Data box address: a! S0.com/message

REST URL: http(s)://s0.com/a/message

Method: POST

2.8. Basic functions that trust service providers and data box service providers should implement

2.8.1. Trust Service Provider

A. Registration, auditing of data box service providers and credit rating functions

B. Issuing the function of the digital certificate of the data box service provider

C. Certification of data box service providers and credit rating functions

D. Register user accounts and bind data box addresses

E. Function of authenticating user account and data box address

F. Find the function of user account and data box address

G. Other basic functions

2.8.2. Trust Service Provider

A. Register and use the data box function

B. The function of authenticating the identity of the sender

C. The function of the proxy access trust service provider to find the user account and the data box address

D. Implement the function of encapsulating data box transmission and response data according to the data box data standard format

E. Implement the data box response directory service and the UI interface function of the data

F. Implementing single sign-on to a trusted service provider account via OAuth

G. Implement automatic switch login from the trusted service provider login user

H. Functions for implementing data box data item operations such as batch mark status, reply, response, forwarding, group sending, deletion, etc.

I. Implement the data box extension or hook service program and configure or dynamically register to the directory function describing the service

J. Implement the function of interacting with other data boxes to generate trust tokens for users

K. Support client access to data box functions

L. Other basic functions

Third, the steps to log in to the data box

As shown in Figure 16:

3.1. Based on the data box address

Step one, the user logs in to his own data box; ← → like: the user logs in to his mailbox

i. may be a user accessing a data box system provided by a service provider through a browser or client software;

Ii. can use the client (system, software, programs, etc.) to automatically log in to the data box system provided by the service provider;

Iii. Other ways to log in to the data box system provided by the service provider;

Iv. describe how the user is the identity of the data box owner;

Step 2, specify the address of the other party's data box; ← → like: specify the other party's email address

Step 3: The data box system where the data box is located parses the data box address of the other party, and is connected and transmitted with the data box system where the other data box is located, and the system saves the current transmission to the data box;

←→ is like: the sender's mail server is connected to the recipient's mailbox's receiving email server.

Step 4: After receiving the request, the data box system where the data box of the other party receives the request first confirms whether the received data box address is correct, and whether the identity of the sender is valid or trusted, and if invalid or untrusted, according to the policy, whether to respond or not is rejected. Receive the data, save it to the data box, and determine if a handler is available for these data extensions, and if so, run the program for processing. Finally, the response status, the results of the directory service and processing, the Ui and other data responses will be described to the client. At the same time, the received and responsive data will be saved to the other party's data box.

←→Different: The mailbox system (1) does not confirm the identity of the sender, (2) does not support the extension of the mail content processing program, and (3) only responds to the status of the description, which has a great relationship with the application scenario.

Step 5: The data box system where the data box is located receives the response data, and saves the data to the corresponding data piece, that is, the process of completing the request and the response. In order to ensure the continuity of the data box service and the interaction with the client, the data box system can provide the user with a UI interface for further selecting the service and related to the returned processing result data.

←→Different: The mailbox system ends when it receives the response data.

←→ like: voice call, voice prompt press 1 button to get photo service, press 2 button to get message service, etc. need keyboard operation.

In step 6, the user further selects the service and starts running again from step two. The designated data box address usually carries the service name.

←→ is like: voice call, the user presses the 1 button to get the photo service according to the voice prompt.

3.2. Account based on trusted service provider

Step one, the user logs in to his own data box;

Step 2: Specify an account on the trusted service provider of the other party;

Step 3: The data box system where the data box is located sends a request to the trusted service provider to find the data box address bound by the other party's account.

Step 4: After obtaining the data box address bound to the other party's account, it is preferred to use the data box address specified by the other party's account by default, and of course, the user can select the data box address therein.

Step 5, repeat the above steps 3.1. Steps 3 to 6 based on the data box address

3.3. Processing data pieces in the data box

Step one, the user logs in to his own data box;

Step 2: Check and manage the data items in the data box, for example, perform marking status, reply, response, forwarding, group sending, and the like;

Step 3: If the data component includes data such as Services, UI, or the UI program provided by the data box system for the data format, the user may perform the above step 3.1 based on the data box interface according to the UI interface of the directory service and the data. Step six;

Fourth, the client does not log in to access the data box step

The data box system allows the client to access the data box through a contracted protocol. The specified data box address can be accessed without logging in. After receiving the request, the data box system where the other party's data box is located directly confirms that the sender's identity is unknown or untrusted, and selects whether the response is rejected according to the policy. Use the steps in Figure 17.

Five, the client based on the use of trust tokens

The data box system where the user data box is located can generate a trust token for the user by interacting or dynamically interacting with the data box system of the other party. The role of the token is to indicate the identity of the data box owned by the user when the client used by the user holds the trust token to access the other party's data box. The token may be a certificate issued by the data box system in which the user data box is located with the other party's data box system, or a password, or a specific session cookie value.

The user uses the mode of the client's local storage. The usage steps are as shown in Figure 18. In this mode, the client has the ability to store locally, so usually the client is a fat client.

The user uses the mode stored by the other party's data box agent. The usage steps are as shown in FIG. 19. In this mode, the client's local storage capacity is limited or not, so usually the client is a thin client, such as a browser.

Claims

a data box system for exchanging data, acquiring and sensing services, characterized by including a service provider and a user,

among them,

The service provider provides a data box for each user or service provider and provides at least one data box address for each data box;

The user or service provider uses the client or logs into its own data box, specifies the address of the data box of itself or the other party, and exchanges data, acquisition and sensing services with the specified data box through a commonly adhered protocol.
The data box system for exchanging data and acquiring and sensing services according to claim 1, wherein the number of the service providers is multiple, and the service providers implement trust by using digital certificates or RSA/DES/HASH security algorithms or passwords. Relationships, or trust trust providers to establish trust relationships. Users or service providers of different service providers exchange data, acquire and sense services with each other through data box addresses provided by different service providers.
The data box system for exchanging data and acquiring and sensing services according to claim 1, wherein the user or the service provider can bind the data box address to the account provided by the trust service provider, and select the policy setting. Whether to disclose all or some of the bound data box addresses, so that other users or service providers can obtain these data box addresses through the account.
The data box system for exchanging data, acquiring and sensing services according to claim 1, wherein the user or service provider can log in to the data box through an portal provided by a service provider or through a client.
The data box system for exchanging data and acquiring and sensing services according to claim 1 or 4, wherein any client capable of accessing the data box can exchange data, acquire and sense services with the data box, the client The end is a system, software or program.
A data box system for exchanging data, obtaining and sensing services according to claim 1, wherein the data box system provides a directory for each data box to describe the service.
The data box system for exchanging data, obtaining and sensing services according to claim 6, wherein the service is a service program that the data box system expands with other systems, software or programs.
The data box system for exchanging data, obtaining and sensing services according to claim 7, wherein the service program is extended or attached to the data box by using an adapter, and is configured or dynamically registered to the data box description service. On the directory.
The data box system for exchanging data, acquiring and sensing services according to claim 6 or 7 or 8, wherein the service comprises: a mailbox service, a message service, a chat or message service, a status notification service, and a data management. File services, pages or with statistical analysis or charting services, e-commerce or shopping or group purchase services, online survey services, question and answer services, web navigation services, web or archive services, document services, format conversion or compression or download or thumbnails Component or Data sharing services such as applications or documents or photo albums, subscription and publishing services such as RSS, advertising services, blogs or microblogging services, encyclopedia services, post bar services, forum services, chat dating, and other online social services, audio and video services, financial or news information. Services, pictorial services, dictionary services, translation services, custody services, directory services, public services such as tracing or donation, online mediation and rental services, gaming services, collaborative office management services, collaborative development services, remote control services, mobile phones or SMS or MMS or address book or voice or office services, photo service, voice service, review and comment service, template service, consultation or design or carpool or lottery or recharge or repayment or payment, etc., life service, print service, online payment Service, opportunity service, anti-virus service, search service, desktop service, travel plan or cloud application service such as CRM or Invoicing, distance education service, teleconferencing service, telemedicine service, voice mail service, computing service, storage service, sensor Service, map and satellite remote sensing services, bits Services, virtual reality service, enhance one or more real service.
The data box system for exchanging data, obtaining and sensing services according to claim 6 or 7 or 8, wherein the extended format of the data box address is a data box address/service name/sub-service name/..., data The box system quickly locates the service program to process the request based on the extended format of the data box address.
The data box system for exchanging data, obtaining and sensing services according to claim 1, wherein: one request and response data in the data box is called a data piece, and the data box system will follow the data of each transmission and response. The format package is saved as a data piece and saved.
The data box system for exchanging data, obtaining and sensing services according to claim 11, wherein a data piece is composed of two parts of data transmitted and responded, and the two parts of the data content include a directory service, and a service. One or more of the data message, the UI U related to the UI interface, or none of the data content of the response part contains data indicating the status of the response.
The method for using a data box system for exchanging data and acquiring and sensing services according to claim 1, comprising the steps of:

1. The user logs in to his or her own data box, or through the client, which includes the service provider himself;

2. The user specifies the data box address of the other party, and the other party refers to himself, other users or service providers;

3. The data box system or client where the user data box is located resolves the address of the other party's data box, and sends a service request to the data box system where the other data box is located, and if it is the data box system or client where the user data box is located, When the data file function is stored locally, the data of the service request is saved to the user's data box or the client local;

4. After receiving the request, the data box system where the other party's data box is located first confirms whether the received data box address is correct, and whether the user's identity is valid or trusted. If invalid or untrusted, according to the policy, whether to respond or not; Service request data and save it to the data box; the data box system where the other data box is located determines whether the data box system provides a service program for these service requests, and if so, runs these service programs for processing, and describes the response status, The data of the directory service, the processing result, the Ui, and the like are sent to the data box system where the data box is located. If otherwise, the response status, the directory service, the UI, and the like are directly sent to the data box system or the client where the user data box is located; Box; response data will also be saved to the other party's data box;

5. The data box system or client where the user data box is located receives the response data, and if the data box system in which the user data box is located or the client has the function of locally storing data pieces, the response data is saved to the corresponding data piece. This is the process of completing this request and response.
The method for using a data box system for exchanging data, obtaining and sensing services according to claim 13, wherein the data box system marks whether the identity of the sender is valid or trusted for the data item, and the user can check and manage the data box. Data pieces.
The method for using a data box system for exchanging data, obtaining and sensing services according to claim 13, wherein the data box system or the client can provide the user with further selection of services and related to the returned processing result data. UI interface.
The method for using a data box system for exchanging data and acquiring and sensing services according to claim 13, wherein if the data item includes data such as Services, Ui, or the UI program provided by the data box system for the data format, Then, the user can start running again according to step 2-5 according to the UI interface of the directory service and data, wherein the data box address specified in step 2 can be an extended format with a service name.
The method for using a data box system for exchanging data and obtaining and sensing services according to claim 13, wherein the step 2 comprises: 1) the user specifies an account on the trusted service provider of the other party; 2) the user data The data box system or client where the box is located sends a request to the trusted service provider to find the data box address bound by the other party's account; 3) after obtaining the data box address bound to the other party's account, the data box address specified by the other party's account is used by default. Or the user directly selects the data box address.
The method for using the data box system for exchanging data and acquiring and sensing services according to claim 13, wherein the client can access the data box address of the other party without the login, and the data of the data box of the other party. After receiving the request, the box system directly confirms that the sender's identity is unknown or untrusted, and selects whether the response is rejected according to the policy.
The method for using the data exchange system for exchanging data and acquiring and sensing according to claim 13, wherein the client can use the data box system where the user is located and the data box system of the other party to make an appointment for the user or Dynamically generated trust token, when the client holds the trust token to access the other party data box, it can indicate the identity of the data box owned by the user, and the trust token is the data box where the user data box is located System and partner's data box system A certificate issued together, or a password, or a specific session cookie value.