阅读说明：本技术 数据授权方法及装置、计算机可读存储介质、计算机设备 (Data authorization method and device, computer readable storage medium and computer equipment ) 是由 汤奇峰 龙文明 于 2021-09-18 设计创作，主要内容包括：一种数据授权方法及装置、计算机可读存储介质、计算机设备,其中,所述方法包括：在接收到使用主体对目标共享数据的授权请求时,向提供所述目标共享数据的归属主体转发所述授权请求；获取所述归属主体针对所述授权请求的反馈,若所述反馈为同意授权,则确定用于获取所述目标共享数据的数据令牌；将所述数据令牌发送给所述使用主体,以使得所述使用主体基于所述数据令牌从去中心化的存储系统中获取所述目标共享数据。由此,能够提供一种有效的数据授权方法,以实现数据在拥有者和使用者之间的安全流转。(A data authorization method and device, a computer readable storage medium and a computer device are provided, wherein the method comprises the following steps: upon receiving an authorization request for target shared data using a principal, forwarding the authorization request to a home principal that provides the target shared data; obtaining feedback of the attribution main body aiming at the authorization request, and if the feedback is authorization approval, determining a data token for obtaining the target shared data; sending the data token to the usage principal such that the usage principal retrieves the target shared data from a decentralized storage system based on the data token. Therefore, an effective data authorization method can be provided to realize the safe circulation of data between the owner and the user.)

1. A method for authorizing data, the method comprising:

upon receiving an authorization request for target shared data using a principal, forwarding the authorization request to a home principal that provides the target shared data;

obtaining feedback of the attribution main body aiming at the authorization request, and if the feedback is authorization approval, determining a data token for obtaining the target shared data;

sending the data token to the usage principal such that the usage principal retrieves the target shared data from a decentralized storage system based on the data token.

2. The method according to claim 1 or the method, wherein the authorization request sent to the home agent comprises one or more of identity information of the usage agent, information of the target shared data, and identity information of the home agent.

3. The method according to claim 1 or 2, wherein the authorization request sent to the home agent further comprises a restriction rule for limiting the usage scope of the target shared data.

4. The method according to claim 1 or 2, wherein the information of the target shared data comprises a data type of the target shared data, and the target shared data comprises one or more data types of identity data, equipment data, account data, social relationship data and network behavior data of the home agent.

5. The method of claim 1, further comprising:

storing one or more of the identity information of the usage principal, the identity information of the attribution principal, the authorization request and the feedback into a blockchain.

6. The method of claim 1, further comprising:

obtaining shared data provided by the attribution main body, wherein the shared data comprises the target shared data;

storing the shared data in the decentralized storage system.

7. The method of claim 6, wherein after obtaining the shared data provided by the home agent, further comprising:

determining a public key of the attribution subject, and performing asymmetric encryption on the shared data based on the public key of the attribution subject to obtain original data;

the storing the shared data in the decentralized storage system comprises:

storing the raw data in the decentralized storage system;

the method further comprises the following steps:

when the original data is to be processed, the original data is decrypted by the private key of the attribution main body to obtain the shared data.

8. The method of claim 7, further comprising:

generating a data fingerprint of the raw data based on the public key of the attribution principal, the data fingerprint being used to identify the attribution principal of the raw data.

9. The method of claim 8, wherein after storing the shared data in the decentralized storage system, further comprising:

and receiving a storage identifier returned by the decentralized storage system based on the shared data, wherein the storage identifier is used for acquiring the shared data.

10. The method of claim 9, further comprising:

and storing one or more of the identity information of the attribution subject, the content information of the shared data, the data fingerprint of the original data and the storage identification corresponding to the shared data into a block chain.

11. The method of claim 9, wherein after the feedback is an authorization grant, the method further comprises:

copying the target shared data from shared data stored in the decentralized storage system according to the storage identifier and the authorization request;

and encrypting the copied target shared data by using the public key of the using main body, and storing the encrypted target shared data into the decentralized storage system, so that the using main body decrypts the encrypted target shared data by using the private key of the using main body after acquiring the encrypted target shared data to obtain the target shared data.

12. The method of claim 11, further comprising:

and storing one or more of the identity information of the using subject, the identity information of the attribution subject and the related information of the copied target shared data into a block chain.

13. The method of claim 1 or 6, further comprising:

receiving a registration request of a main body, wherein the registration request comprises registration information of the main body, and the main body comprises a home main body and/or a use main body;

and verifying the identity of the main body according to the registration information, wherein when the identity verification of the main body passes, the main body is successfully registered, and the main body which is successfully registered is allowed to execute the data authorization method.

14. The method of claim 13, further comprising:

after the main body is successfully registered, determining a public key and a private key of the main body;

and sending the public key and the private key of the main body to the main body.

15. The method of claim 14, further comprising:

encrypting the registration information through the public key of the main body, and correspondingly storing the encrypted registration information and the identification of the main body to a block chain;

and generating the public key of the registered main body according to the identification of the main body.

16. A data authorization apparatus, characterized in that the apparatus comprises:

an authorization request receiving module, configured to, when receiving an authorization request for target shared data by a use subject, forward the authorization request to a home subject that provides the target shared data;

the authorization module is used for obtaining feedback of the attribution main body aiming at the authorization request, and if the feedback is authorization approval, a data token used for obtaining the target shared data is determined;

a token sending module, configured to send the data token to the usage subject, so that the usage subject obtains the target shared data from a decentralized storage system based on the data token.

17. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 15.

18. A computer device comprising a memory and a processor, the memory having stored thereon a computer program operable on the processor, wherein the processor, when executing the computer program, performs the steps of the method of any of claims 1 to 15.

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a data authorization method and apparatus, a computer-readable storage medium, and a computer device.

Background

Under the large background that data and land, labor force, capital and technology become production elements together, the requirements of data sharing, exchange and circulation are increasing; however, with the development of network and big data technology, data security and personal privacy become insurmountable problems of digital economy; the data use boundary of ownership, rights and interests transfer and the like of the data is fuzzy and even chaotic. Therefore, the right of data (including personal data, group data, organization data and the like) is cleared, a good data authorization mode is formed, the incentive mechanism of the data market can be played, the value effect of the data is released, and the rapid development of digital economy is promoted.

However, there is currently no effective data authorization method to achieve secure data transfer between the owner and the user.

Disclosure of Invention

The invention solves the technical problem of how to provide an effective data authorization method to realize the safe circulation of data between an owner and a user.

In order to solve the above problem, an embodiment of the present invention provides a data authorization method, including: upon receiving an authorization request for target shared data using a principal, forwarding the authorization request to a home principal that provides the target shared data; obtaining feedback of the attribution main body aiming at the authorization request, and if the feedback is authorization approval, determining a data token for obtaining the target shared data; sending the data token to the usage principal such that the usage principal retrieves the target shared data from a decentralized storage system based on the data token.

Optionally, the authorization request sent to the home agent includes one or more of identity information of the using agent, information of the target shared data, and identity information of the home agent.

Optionally, the authorization request sent to the home agent further includes a constraint rule, where the constraint rule is used to limit the usage range of the target shared data.

Optionally, the information of the target shared data includes a data type of the target shared data, and the target shared data includes one or more data types of identity data, device data, account data, social relationship data, and network behavior data of the attribution principal.

Optionally, the method further includes: storing one or more of the identity information of the usage principal, the identity information of the attribution principal, the authorization request and the feedback into a blockchain.

Optionally, the method further includes: obtaining shared data provided by the attribution main body, wherein the shared data comprises the target shared data; storing the shared data in the decentralized storage system.

Optionally, after obtaining the shared data provided by the home agent, the method further includes: determining a public key of the attribution subject, and performing asymmetric encryption on the shared data based on the public key of the attribution subject to obtain original data; the storing the shared data in the decentralized storage system comprises: storing the raw data in the decentralized storage system; the method further comprises the following steps: when the original data is to be processed, the original data is decrypted by the private key of the attribution main body to obtain the shared data.

Optionally, the method further includes: generating a data fingerprint of the raw data based on the public key of the attribution principal, the data fingerprint being used to identify the attribution principal of the raw data.

Optionally, after the storing the shared data in the decentralized storage system, the method further includes: and receiving a storage identifier returned by the decentralized storage system based on the shared data, wherein the storage identifier is used for acquiring the shared data.

Optionally, the method further includes: and storing one or more of the identity information of the attribution subject, the content information of the shared data, the data fingerprint of the original data and the storage identification corresponding to the shared data into a block chain.

Optionally, after the feedback is that authorization is granted, the method further includes: copying the target shared data from shared data stored in the decentralized storage system according to the storage identifier and the authorization request; and encrypting the copied target shared data by using the public key of the using main body, and storing the encrypted target shared data into the decentralized storage system, so that the using main body decrypts the encrypted target shared data by using the private key of the using main body after acquiring the encrypted target shared data to obtain the target shared data.

Optionally, the method further includes: and storing one or more of the identity information of the using subject, the identity information of the attribution subject and the related information of the copied target shared data into a block chain.

Optionally, the method further includes: receiving a registration request of a main body, wherein the registration request comprises registration information of the main body, and the main body comprises a home main body and/or a use main body; and verifying the identity of the main body according to the registration information, wherein when the identity verification of the main body passes, the main body is successfully registered, and the main body which is successfully registered is allowed to execute the data authorization method.

Optionally, the method further includes: after the main body is successfully registered, determining a public key and a private key of the main body; and sending the public key and the private key of the main body to the main body.

Optionally, the method further includes: encrypting the registration information through the public key of the main body, and correspondingly storing the encrypted registration information and the identification of the main body to a block chain; and generating the public key of the registered main body according to the identification of the main body.

An embodiment of the present invention further provides a data authorization apparatus, including: an authorization request receiving module, configured to, when receiving an authorization request for target shared data by a use subject, forward the authorization request to a home subject that provides the target shared data; the authorization module is used for obtaining feedback of the attribution main body aiming at the authorization request, and if the feedback is authorization approval, a data token used for obtaining the target shared data is determined; a token sending module, configured to send the data token to the usage subject, so that the usage subject obtains the target shared data from a decentralized storage system based on the data token.

Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of any of the methods.

The embodiment of the present invention further provides a computer device, which includes a memory and a processor, where the memory stores a computer program that can be executed on the processor, and when the processor executes the computer program, the processor executes the steps of any one of the methods

Compared with the prior art, the technical scheme of the embodiment of the application has the following beneficial effects:

the data authorization method provided by the embodiment of the invention comprises the following steps: upon receiving an authorization request for target shared data using a principal, forwarding the authorization request to a home principal that provides the target shared data; obtaining feedback of the attribution main body for the authorization request, and if the feedback is authorization approval, determining that the use main body obtains a data token of the target shared data, so that the use main body obtains the target shared data from a decentralized storage system based on the data token; sending the data token to the usage subject. Compared with the prior art, the scheme of the invention provides a decentralized data authorization scheme, and provides a uniform storage system for data access of individuals, organizations and groups. When the user main body needs to use the data of other main bodies, a set of complete authorization mechanism is provided for the user main body, the safe circulation of the data between different main bodies (including the attribution main body corresponding to the data owner and the user main body corresponding to the data user) is realized, and the condition that the shared data of the user main body is used can be ensured to be informed by the data attribution main body. Therefore, the unified storage of mass data is met, and the point-to-point access requirement among different data is met.

Further, the attribution main body can store the data in a decentralized storage system, the using main body can submit an authorization request to the attribution main body, and the attribution main body finally determines whether to give authorization to the using main body or not according to the identity of the using main body of the authorization request, the data type and the using range of the authorization data required at this time, the reward amount and the like. The using subject initiates a data acquisition request to the decentralized storage system before using the personal data, and permits the using subject to acquire the data when the decentralized storage system verifies the data token for acquiring the data. Otherwise, the using principal needs to re-submit the authorization request to the computer device to obtain authorization of the attribution principal. After obtaining the data use authorization, the using main body can pay certain remuneration to the attribution main body, so that the attribution main body is stimulated to share the data and improve the enthusiasm of the data.

Furthermore, shared data of the attributive main body can be stored in the data platform, the data platform provides storage space for the shared data of the main body, and a mechanism for safely sharing the data is also provided. The data stored in the data platform can be used only after being authorized by the attribution subject, and the data maintenance and management are convenient. Furthermore, the scheme stores the authorization request and the feedback information in the block chain every time, and can perform authorization tracing of data. If there is a case where a subject uses shared data of the home agent without being authorized by the home agent, or a subject continues to use shared data of the home agent if authorization has been invalid due to expiration or the like, the responsibility of the subject can be traced back.

Drawings

Fig. 1 is an application scenario diagram of a data authorization method according to an embodiment of the present invention;

FIG. 2 is a diagram illustrating a first data authorization method according to an embodiment of the present invention;

FIG. 3 is a diagram illustrating a second data authorization method according to an embodiment of the present invention;

FIG. 4 is a diagram illustrating a data registration procedure according to an embodiment of the present invention;

FIG. 5 is a diagram illustrating steps of data replication according to an embodiment of the present invention;

FIG. 6 is a diagram illustrating a process of registering a subject according to an embodiment of the present invention;

FIG. 7 is a block diagram of a data platform according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a data authorization apparatus according to an embodiment of the present invention.

Detailed Description

As background, there is currently no effective data authorization method to achieve secure data flow between the owner and the user.

The ownership of personal and government data is relatively clear with respect to the current type of data, while the ownership of corporate or corporate (e.g., enterprise) data is vaguer and is subject to further generalization. However, even for personal data with relatively detailed ownership, there are still illegal collections, violating the minimum necessary principle, being unknown to the third party when using the data, and so on.

In order to solve the above problem, an embodiment of the present invention provides a data authorization method, including: upon receiving an authorization request for target shared data using a principal, forwarding the authorization request to a home principal that provides the target shared data; obtaining feedback of the attribution main body aiming at the authorization request, and if the feedback is authorization approval, determining a data token for obtaining the target shared data; sending the data token to the usage principal such that the usage principal retrieves the target shared data from a decentralized storage system based on the data token.

The method can provide a decentralized data authorization scheme, and provides a uniform storage system for data access of individuals or organizations or groups. When the using main body needs to use the data of other main bodies, a set of complete authorization mechanism is provided for the using main body, the interactive authorization of the data use among different main bodies is realized, and the condition that the data attribution main body knows the use condition of the shared data of the data attribution main body can be ensured. Therefore, the unified storage of mass data is met, and the point-to-point access requirement among different data is met.

In order to make the present application clearer, a brief introduction will be made to some of the nouns or contents referred to in the present application.

1. A decentralized storage system. In the embodiment of the invention, the decentralized storage system is a storage system which dispersedly stores data on a plurality of independent devices. The traditional network storage system adopts a centralized storage server to store all data, and the performance of the storage server will influence the performance of the system at the moment, so that the requirement of large-scale storage application cannot be met. The decentralized storage system is technically different from distributed storage, an expandable system structure is adopted, a plurality of storage servers are used for sharing storage load, and the position server is used for positioning storage information, so that the reliability, the availability and the access efficiency of the system are improved. The decentralized storage system can meet the requirements of safer, more reliable and more controllable storage in a more decentralized and less reliable network environment.

Optionally, an interplanetary File System (IPFS) is used as the decentralized storage System, and the IPFS has the characteristics of permanent decentralized and shared files, point-to-point, content addressable, versioned, and the like. The interplanetary file system is a network transport protocol aimed at creating persistent and distributed storage and sharing of files. IPFS is a content addressable peer-to-peer hypermedia distribution protocol. Nodes in the IPFS network will constitute a distributed file system, IPFS is an open source code project, and has been developed by Protocol laboratories (Protocol Labs) with the help of open source communities since 2014.

It should be noted that other systems that meet the de-centralized storage requirements may be used for the de-centralized storage system 102.

2. And (5) block chains. The block chain in the embodiment of the invention is a distributed shared account book and database, and has the characteristics of decentralization, no tampering, trace leaving in the whole process, traceability, collective maintenance, openness and transparency and the like. The block chain may be based on a public chain such as an etherhouse, and the etherhouse is selected in consideration of convenience in issuing a data token and writing an intelligent contract. Any individual, group, or organization can become a complete node of the block chain, and the larger the scale, the closer the reliability is to 100%.

3. Ether house (Ethereum). In the embodiment of the invention, the Ether house is an open-source public block chain platform with an intelligent contract function. An ethernet Virtual Machine (also referred to as a "Virtual Machine") that provides decentralization through its dedicated cryptocurrency ethernet (Ether) to handle point-to-point contracts.

4. Identity-Based cryptography (IBC). In the embodiment of the invention, the IBC is an asymmetric Public Key cryptosystem, the concept of which is proposed by Shamir in 1984, the identification cryptosystem is the same as the traditional Public Key cryptosystem (PKI), each user has a pair of associated Public Key and private Key, and the IBC is mainly characterized in that the Public Key certificate in the PKI system does not need to be generated and managed in the system, but the identification disclosed by the user, such as name, identification number, IP address, email address, mobile phone number and the like, is taken as the Public Key, and the Public Key does not need to be additionally generated and stored and only needs to be published in a certain way.

5. An asymmetric encryption algorithm. In the embodiment of the invention, the asymmetric encryption algorithm needs two keys: public keys (public keys for short) and private keys (private keys for short). The public key and the private key are a pair, and if data is encrypted by the public key, the data can be decrypted only by the corresponding private key. Alternatively, the asymmetric encryption algorithm may include a public key cryptography algorithm (also referred to as an RSA algorithm), an Elliptic curve public key cryptography algorithm (ECC), an Elliptic curve public key cryptography algorithm (also referred to as an SM2 algorithm), and the like.

In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.

Referring to fig. 1, fig. 1 is an application scenario diagram of a data authorization method according to an embodiment of the present invention, a data platform 10 may include a computer device 101 and a decentralized storage system 102, and the data platform is used for implementing data sharing between different principals (including a attribution principal and a usage principal). The home agent of the target shared data (represented in fig. 1 by terminal 11) may upload the target shared data to the computer device 101, which the computer device 101 stores in the decentralized storage system 102. When a user (represented by a terminal 12 in fig. 1) needs to obtain target shared data, an authorization request may be sent to the computer device 101, and after receiving the authorization request, the computer device 101 provides a data token for obtaining the target shared data to the user (i.e., the terminal 12), and the terminal 12 may obtain the target shared data from the decentralized storage system 102 through the data token.

The computer device in fig. 1 may be a computer, a server or a server cluster, a cloud platform, or other devices with communication and data processing capabilities. The terminals 11 and 12 in fig. 1 may be a mobile phone, a computer, a smart watch, or other devices capable of initiating a data acquisition request.

Referring to fig. 2 and fig. 3, fig. 2 and fig. 3 are schematic diagrams of two data authorization methods according to an embodiment of the present invention, the methods in fig. 2 and fig. 3 may be applied in the scenario in fig. 1, the method in fig. 2 may include the following steps S201 to S203, and the method in fig. 3 may include the following steps S301 to S307, which are specifically as follows:

step S201, when receiving an authorization request for target shared data from a using entity, forwards the authorization request to a home entity providing the target shared data.

The subject may also be referred to as a user or an object. Each body corresponds to an Identity (ID), which identifies the body. The identity of the principal may include a user name, user number, cell phone number, electronic mailbox (E-mail) address, etc.

The use subject of the target shared data refers to a subject to use the target shared data, and the use subject can process and use the target shared data after being authorized by the attribution subject.

The attribution agent of the target shared data means an agent that provides the target shared data, and the attribution agent can have a decision right on transmission, processing, storage, use, destruction, and the like of the data provided by the attribution agent.

The target shared data refers to data for which the request is authorized, which is generally provided into the data platform by other subjects than the using subject. Each home agent provides shared data to the data platform, and a single authorization request may request use of all or a portion of the shared data as the target shared data for which the authorization request is directed.

The authorization request is a request for acquiring the target shared data, which is transmitted to the computer device (e.g., the computer device 101 in fig. 1) using the terminal of the subject (e.g., the terminal 11 in fig. 1). Optionally, a client corresponding to the data platform 10 in fig. 1 may be installed on a terminal using the main body. When the user agent needs to obtain data shared by other agents, the data to be obtained is target shared data, and the user agent may execute step S301 in fig. 3 to send an authorization request to the computer device in the data platform. Optionally, the authorization request may be sent by the client.

Optionally, a client corresponding to the data platform is also installed on the terminal of the attribution main body, and the attribution main body may open the client on the terminal to view the specific content of the authorization request.

Optionally, the computer device may send the authorization request to the terminal of the home agent by using a mail, a network message, a mobile phone short message, or the like.

In a particular embodiment, the authorization request sent by the computer device to the home agent includes at least one or more of: (1) using identity information of the principal; (2) information of the target shared data; (3) identity information of the home agent. These are explained below:

(1) the identity information of the using subject is information for identifying the identity of the using subject. Using the identity information of the principal may specifically include: an account name (User ID), an IP address, etc. of the usage subject; when the user is an individual, the identity information may include a name, an identification number, and the like; if the subject is a group, the identity information may include a group registration number, a group name, etc.; if the subject is an organization, the identity information may include a uniform social credit code, organization name, etc.

(2) The information of the target shared data is information for determining the target shared data. The information of the target shared data may include a data type, a keyword, and the like of the data to be acquired.

Wherein the data type may be divided according to the characteristics of the home agent. For example, if the home agent is a person, the shared data provided by the home agent may include the following data types:

1) identity data. In order to complete most network behaviors, an individual user submits personal basic information including name, gender, age, identification number, telephone number, email address, home address and the like according to the requirements of a service provider, and the contents can be used as identity data. Further, sometimes identity data may also include relatively private personal essential information such as marital, letter, occupation, work units, income, and so on.

2) Device data. The present invention relates to a system and method for managing a Secure data Memory Card (Secure Digital Memory Card, SD) of a computer terminal device, and more particularly, to a system and method for managing a Secure data Memory Card (Secure Digital Memory Card, SD) of a computer terminal device (including mobile and fixed terminals) used by a consumer.

3) Account data. The system mainly comprises an internet bank account, a third-party payment account, a social account, an important mailbox account and the like.

4) Social relationship data. This includes mainly the friend relationship, family member information, work unit information, etc.

5) Network behavior data. The data mainly refers to data recorded by internet surfing behaviors, such as various activities of a consumer on the internet, such as internet surfing time, internet surfing place, input records, chatting and friend making, website access behaviors, network game behaviors and other personal information.

The data types may further include: 5) privacy data. The method mainly comprises address book information, call records, short Message records, chat records of Instant Messaging (IM) software, personal videos, photos and the like.

Optionally, when providing the shared data, the home agent may enter the shared data by type according to the data type, and the authorization request may include the data type of the target shared data, so that the computer device or the home agent determines which data in the shared data specifically needs to be acquired by the using agent. For another example, the computer device or the attribution main body may determine which data in the shared data is specifically required to be acquired by the using main body according to the keyword (such as an identification number, a contact address, a mobile phone number, and the like) carried in the authorization request.

(3) The identity information of the attribution main body is information for identifying the identity of the attribution main body. The specific explanation of the identity information of the home agent refers to the above-mentioned description using the identity information of the agent, and is not described herein again.

In another specific embodiment, the authorization request sent by the computer device to the attribution principal may further include (4) a constraint rule, in addition to the contents of (1) to (3) above, which is explained as follows:

(4) and a constraint rule which is a rule for limiting the use range of the target shared data. The constraint rules may include a time limit for the target shared data to be used by the using agent, a scope for the target shared data to be used after the using agent obtains the target shared data, for example, the target shared data may be used within one or more businesses or organizations, or the target shared data may be used in one or more aspects of research, market research, and the like.

In another embodiment, the data platform of the present invention can provide a platform for transforming data sharing into consideration, and the constraint rule may further include an amount of consideration the subject is willing to pay for using the target shared data.

Alternatively, the constraint rules may be set uniformly by the data platform, for example, when the data lifetime of a certain data type is determined, the corresponding reward amount is determined. Referring to table 1, table 1 provides a specific constraint rule according to an embodiment of the present invention.

TABLE 1

The shared data is managed in a grading way, the reward amount intervals corresponding to different grades and the service life of the data are different, and the basic information and the equipment information belong to a sensitive grade; social relation and network behavior information belong to a sensitive second level; the privacy information and the account information are sensitive three levels; this classification will affect pricing of the information and third party usage restrictions, with higher grades, higher prices and stricter constraints.

Therefore, the attribution main body can convert own shared data into consideration through the data platform, and the main body can use the shared data of other main bodies for compensation, so that the legal and orderly use of private data of individuals or enterprises can be promoted, the activity of data elements is exerted, and the digital economy is vigorously developed. And each attribution subject can be stimulated to perfect private data and improve data quality through a data paid use mechanism.

Step S202, obtaining feedback of the attribution main body aiming at the authorization request, and if the feedback is authorization approval, determining that the using main body obtains the data token of the target shared data.

Specifically, after the computer device receives the authorization request, identifies the home agent according to the authorization request, and executes step S302 in fig. 3, and forwards the authorization request to the terminal of the home agent (i.e., the terminal 12 in fig. 1) so that the home agent determines whether to approve the use of the target shared data by the use agent.

The home agent may perform step S303 in fig. 3, sending feedback to the computer device. If the attribution main body agrees to use the main body to use the target shared data, the attribution main body returns the feedback of agreeing to authorization to the computer equipment through the terminal of the attribution main body; if not, the attribution main body returns the feedback of refusing authorization to the computer equipment through the terminal.

Optionally, after the computer device receives the feedback, step S304 in fig. 3 may be executed to forward the feedback to the terminal of the user subject to inform the user subject whether the authorization request is granted.

A data token (token) is a credential that uses a principal to retrieve data from a decentralized storage system. Alternatively, the decentralized storage system may assign a one-time-use data token for each data acquisition and send the data token to the computer device. Alternatively, the data token may be generated by the computer device and sent to the decentralized storage system.

Step S203, sending the data token to the usage subject, so that the usage subject obtains the target shared data from the decentralized storage system based on the data token.

The computer device sends the data token to the user agent (or terminal called user agent) after generating the data token or retrieving the data token from the decentralized storage system. Optionally, the computer device may send the data token to the terminal using the main body by means of a mail, a network message, a mobile phone short message, or the like. Alternatively, the computer device may send the data token while forwarding the above-mentioned feedback to the usage subject (as in step S304 in fig. 3).

The terminal using the subject may open the client after receiving the data token, and proceed to step S305, and send a data acquisition request to the decentralized storage system based on the data token.

The decentralized storage system receives the data acquisition request, and executes step S306 to verify the validity of the data token. Optionally, the decentralized storage system may determine, through the data token, whether the data acquisition is authorized by the attribution agent, and if the determination result is yes, the data acquisition is verified. It should be noted that, the decentralized storage system may also verify the validity of the data token in combination with a constraint rule of the target shared data, for example, the constraint rule defines that the lifetime of the target shared data by the subject is within one year from a year, if the current time is within the lifetime, the verification is passed, otherwise, the verification is not passed.

After the verification of the validity of the token is passed, the decentralized storage system executes step S307 to transmit the target shared data to the terminal using the subject.

By the data authorization method, the attribution main body can store the data in the decentralized storage system, the using main body can submit the authorization request to the attribution main body, and the attribution main body finally determines whether to authorize the using main body or not according to the identity of the using main body of the authorization request, the data type and the use range of the authorization data required at this time, the reward amount and the like. The using subject initiates a data acquisition request to the decentralized storage system before using the personal data, and permits the using subject to acquire the data when the decentralized storage system verifies the data token for acquiring the data. Otherwise, the using principal needs to re-submit the authorization request to the computer device to obtain authorization of the attribution principal. After obtaining the data use authorization, the using main body can pay certain remuneration to the attribution main body, so that the attribution main body is stimulated to share the data and improve the enthusiasm of the data.

In one embodiment, referring to fig. 1 and 3, the data platform 10 of fig. 1 may further include a block chain 103. The blockchain 103 is used for storing data storage, authorization and usage records each time in the data authorization method, and the blockchain 103 can also be used for storing information of each subject. The method of fig. 2 may further include: the computer device stores one or more of the identity information of the using principal, the identity information of the attribution principal, the authorization request and the feedback into a blockchain. Therefore, the computer equipment stores the interaction process and the authorization result (namely feedback) of the authorization application of the main use body in the block chain.

Further, due to the use of block-chain technology, the reward may be a digital token (e.g., bitcoin, etc.), and the unit reward amount may be a digital token. The subject can acquire the digital token through means of currency exchange, mine excavation and the like, and when the subject applies for target shared data of a certain subject, a certain digital token needs to be paid as a reward, and the mine excavation adopts a Proof of rights of stick (PoS) consensus mechanism. The blockchain and decentralized memory system may use the same token and employ the same consensus mechanism for block expansion.

In an embodiment, the data authorization method of the embodiment of the present invention may further include a data registration step, where the data registration step may specifically include: obtaining shared data provided by the attribution main body, wherein the shared data comprises the target shared data; storing the shared data in the decentralized storage system.

Alternatively, the home agent may enter the shared data at the client based on different data types (e.g., home agent's identity data, device data, account data, social relationship data, network behavior data, etc.). Or the attribution subject may enter the shared data and upload the shared data to the data platform, and the data platform identifies the data type of the shared data according to the characteristics of the shared data, such as keywords, to obtain one or more data types. Optionally, after the data platform identifies the data type of the shared data, the identification result may be returned to the client of the attribution main body, so that the attribution main body confirms the identification result.

Specifically, the data registration step may specifically include steps S30a, S30b, and S30c of fig. 3, in which: the computer device executes step S30a, acquiring shared data from the home agent; the computer device performs step S30b, sending the shared data to the decentralized storage system; upon receipt by the decentralized storage system, step S30c is executed to store the shared data.

Optionally, before the computer device obtains the shared data from the home agent, the method may further include: the attribution main body sends a data registration request to the computer equipment, the registration request carries the identity information of the attribution main body, and the computer equipment allows the data storage of the attribution main body after the identity information of the attribution main body is verified.

In a specific embodiment, please refer to fig. 3 and 4, fig. 4 is a schematic diagram of another data registration step in the embodiment of the present invention, and in step S30a in fig. 3, after the computer device acquires the shared data provided by the attribution principal, steps S401 to S403 may further be included, in which:

s401, the computer device determines the public key of the attribution subject, and carries out asymmetric encryption on the shared data based on the public key of the attribution subject to obtain original data.

The public key is also a public key in the asymmetric encryption algorithm, and the public key of each principal may be generated based on the identity (e.g., user name) or identity information (e.g., certificate number) of the principal. The public key of the attribution main body can be recorded as owerpubkey, and the public key of the using main body can be recorded as userPubKey. Optionally, the computer device generates the public key of each principal through an Identity-Based cryptography (IBC) system.

In a particular embodiment, a computer device obtains a public key of a home agent from a blockchain. That is, when the computer device needs to encrypt the shared data of a certain attribution principal, the public key of the attribution principal needs to be acquired from the blockchain.

Specifically, the computer device performs asymmetric encryption on the shared data by using an SM2 algorithm to obtain original data, and the asymmetric encryption process may be represented as: the method includes encrypting data in parentheses, where the cData is original data, encrypting 2.encryption () denotes encrypting data in parentheses, and data is shared data.

In another specific embodiment, the data authorization method may further include: generating a data fingerprint of the raw data based on the public key of the attribution principal, the data fingerprint being used to identify the attribution principal of the raw data.

Specifically, after the computer equipment obtains the original data, a data fingerprint of the original data can be generated and recorded as fp; the data fingerprint may be generated by a hash algorithm (e.g., a 256-bit hash algorithm, etc.), or the like. The process of generating a data fingerprint may be represented as: the data platform can determine the attribution subject of the original data according to the data fingerprint, thereby carrying out identity recognition; it can also be determined from the data fingerprint whether the original data was tampered after being stored in the decentralized storage system, thereby ensuring data security.

S402, the computer device sends the original data to the decentralized storage system.

At S403, the decentralized storage system stores the raw data (corresponding to the storing step at S30 c).

In a specific embodiment of step S403, after the shared data is stored in the decentralized storage system, the method further includes: and the computer equipment receives a storage identifier returned by the decentralized storage system based on the shared data, wherein the storage identifier is used for acquiring the shared data.

Taking IPFS as an example, the computer device stores the original data into the IPFS, and the IPFS returns a unique mark of the currently stored data (i.e. the original data) and is denoted as ipfsHash, and the generation process may be represented as: and ipfsHash is ipfs.save (cData, innerToken), wherein ipfs.save () represents to store data in brackets, innerToken is a token for communicating the block chain and the IPFS, and the IPFS can be accessed by the ipfsHash to obtain original data.

Optionally, the original data provided by the attribution agent may be stored in an original data area, where the original data area is a preset storage area in the decentralized storage system. Therefore, the original data is separated from other data (such as target shared data, target shared data and the like), and the data in the original data area is prevented from being influenced by the problems of other storage areas.

Through the steps of fig. 4, the shared data belonging to the subject can be stored in the data platform, and the data platform provides a storage space for the shared data of the subject and also provides a mechanism for safely sharing the data. The data stored in the data platform can be used only after being authorized by the attribution subject, and the data maintenance and management are convenient. Furthermore, the scheme stores the authorization request and the feedback information in the block chain every time, and can perform authorization tracing of data. If there is a case where a subject uses shared data of the home agent without being authorized by the home agent, or a subject continues to use shared data of the home agent if authorization has been invalid due to expiration or the like, the responsibility of the subject can be traced back.

In one embodiment, for the original data generated and stored in steps S401 to S403, if a subsequent computer device or a using subject or other device wants to process the original data, the original data needs to be decrypted by a private key of the belonging subject to obtain shared data, and the shared data can be used.

Since the target shared data may be all or part of the content of the shared data, in step S202 in fig. 2, when the subject is used to obtain the target shared data from the decentralized storage system, the computer device needs to first parse the encrypted shared data (i.e., the original data), extract the target shared data from the shared data, store the target shared data in the decentralized storage system, and then use the subject to obtain the target shared data from the decentralized storage system.

Optionally, after the attribution subject logs in the data platform, the authorization request can be checked, and a feedback of the authorization request is sent to the computer device. Further, the private key of the home agent may be provided to the computer device when the home agent logs on to the data platform, e.g., the identity of the home agent may need to be verified based on the identity information/identity of the home agent and the private key of the home agent when the home agent logs on. Alternatively, the private key of the home agent may be provided to the computer device when the home agent sends feedback to the computer device agreeing to authorization. The computer device caches the private key, decrypts the original data of the attribution main body by using the private key, and destroys the cached private key of the attribution main body after decrypting the original data.

In one embodiment, after the feedback of step S202 in fig. 2 is that authorization is granted, the data authorization method may further include the step of data copying: copying the target shared data from shared data stored in the decentralized storage system according to the storage identifier and the authorization request; and encrypting the copied target shared data by using the public key of the using main body, and storing the encrypted target shared data into the decentralized storage system, so that the using main body decrypts the encrypted target shared data by using the private key of the using main body after acquiring the encrypted target shared data to obtain the target shared data. Referring to fig. 5, fig. 5 is a schematic diagram of a data replication step according to an embodiment of the present invention, including:

the computer device executes step S501, and generates a data acquisition identifier of the target shared data according to the authorization request. Further, a data acquisition identifier of the target shared data is generated according to the data type of the target shared data in the authorization request and the identity information (such as the user ID) of the attribution subject of the target shared data. For example, taking IPFS as an example, the process of generating the data acquisition identifier can be represented as: ipfsHash1 ═ getIpfsHash (owerrid, type); wherein, the ipfsHash1 is a data acquisition identifier, getIpfsHash () represents to generate a data acquisition identifier according to the data in the parenthesis, owerrid is the user ID of the attribution subject, and type is the data type of the target shared data.

The computer device determines a storage identity of the attribution principal and retrieves raw data from the decentralized storage system according to the determined storage identity. Optionally, the computer device may execute step S502 to send a request for obtaining the original data to the decentralized storage system, where the request for obtaining the data includes the storage identifier. After the decentralized storage system receives the raw data acquisition request, step S503 is executed to send the raw data to the computer device.

After the computer device receives the original data, step S504 is performed, the original data is decrypted by using the private key of the attribution agent, shared data is obtained, and target shared data is obtained from the shared data. If the original data is encrypted based on the SM2 algorithm, the process of decrypting the original data can be expressed as: data sm2.decryption (cData, ownerPriKey); wherein, the data is shared data, SM2.decryption () represents that the SM2 encryption algorithm is used to decrypt the data in the bracket, and the owerpikekey is the private key of the attribution subject.

The computer device executes step S505 to encrypt the target shared data based on the identity information of the using principal (e.g., using the principal' S public key, denoted as userPubKey). Taking the SM2 encryption algorithm as an example, this encryption can be expressed as: the method includes encrypting (data) a command, wherein the command is encrypted, and the command is encrypted.

The computer device executes step S506 to send the encrypted target shared data to the decentralized storage system. Step S507 is executed by the decentralized storage system, and the encrypted target shared data is stored. Optionally, the encrypted target shared data is stored in another data area in the decentralized storage system: an authorized data area.

Taking the IPFS as an example, after the current storage, the IPFS returns a unique mark of the encrypted target shared data, which is denoted as ipfsHash1, and the generation process can be represented as follows: the ipfsHash1 is ipfs.save (cDataUser, innerToken), where ipfs.save () represents to store data in parentheses, and innerToken is a token (i.e., a data token in fig. 2) communicating with the IPFS, and may access the IPFS through the ipfsHash1 to obtain encrypted target shared data. Further, the obtaining of the target encrypted data using the subject includes: using the subject to obtain the encrypted target shared data cDataUser from the IPFS through the data token, the obtaining step may be represented as: tdatauser ═ IPFS. getdata (ipfsHash1, innerToken), IPFS. getdata () represents the data obtained from IPFS according to the content in parentheses. After the encrypted target shared data is obtained, the body is used for decrypting the cDataUser by using a private key usePriKey of the body, and the target shared data is obtained.

Optionally, referring to fig. 5 above, fig. 5 may further include step S508, and the computer device may send information related to the step of copying data in fig. 5 to the block chain, so as to store the information into the block chain (i.e., S509 in fig. 5), so as to save a trace of this data copying process. The information related to the data copying step may specifically include: using one or more of identity information of a principal, identity information of the attribution principal, and information related to the replicated target shared data. Further, the identity information of the usage subject may include an identification (userID) of the usage subject, etc., the identity information of the home subject may include an identification (owerrid) of the home subject, and the related information of the copied target shared data may include a unique mark (ipfsHash1) of the encrypted target shared data, a data type (type) of the target shared data, a constraint rule (rulmap), a data token (inertoken), etc.

Further, the data token may be generated according to the identity information of the usage subject, the identity information of the attribution subject, and related information of the copied target shared data, for example, innerToken ═ sha256 (owerrid, userID, ipfsHash, type, rulmap), where sha256() is a hash value obtained by performing 256-bit hash calculation on data in parentheses, and the hash value is used as the data token.

Further, the IPFS returns a data token to the computer device in step S506, so that the computer device determines the data token for acquiring the target shared data in step S202 in fig. 2 is executed, and step S203 is executed to send the data token to the user.

In one embodiment, the data authorization method of the embodiment of the present invention may further include a step of registering the principals to receive registration requests of the principals (including the attribution principal or the usage principal), allow only the registered principals to acquire shared data in the data platform through the authorization request, and allow only the registered principals to upload the shared data to the data platform. Referring to fig. 6, fig. 6 is a schematic diagram illustrating a main body registration step, where the main body registration step may include S601:

s601, the computer equipment receives a registration request of the main body. Wherein, the registration request includes the registration information of the main body, and the main body includes an attribution main body and/or a usage main body.

The registration request is a request sent by the main body to the computer device through the terminal (or an APP installed on the terminal). In one particular example, the principal uploads its identity information via the APP and sends a registration request to the computer device. And after the computer equipment receives the registration request, auditing the registration request according to the identity information of the main body.

The registration information may include identity information of the subject, for example, if the subject is an individual, the identity information may include a name, an identification number, a mobile phone number, a communication address, an email address, a driving license, a social security number, and the like; if the subject is a group, the identity information may include a group registration number, a group name, etc.; if the subject is an organization, the identity information may include a uniform social credit code, organization name, etc. The registration information may also include device information (e.g., device model, identification number of the device, IP address, etc.), type information of the subject (e.g., person, group, organization, etc.) that sent the registration information. Further, in the process of registering the subject, the subject to which the subject belongs and the subject to which the subject is used are not distinguished, and only the classification of the group is distinguished, and the group may include: individuals, groups, institutions, etc.

S602, the computer device verifies the identity of the subject according to the registration information, and determines that the subject is successfully registered when the verification is passed. The computer device allows the principal who has successfully registered to execute the data authorization method of the embodiment of the invention.

Optionally, the data platform according to the embodiment of the present invention may set a tracing function, and locate a specific object in the society according to the identity information of the principal when the principal registers, where the specific object refers to a specific person, a specific group, or a specific organization.

In one embodiment, the computer device may verify the identity of the principal to a third-party organization according to the identity information of the principal to determine whether the principal can locate a specific object, and the object meets the requirement, and if the object meeting the requirement can be located, verify the identity of the principal. Further, if the third party organization generates the fee in the process of checking the identity, the third party organization can pay on line by the main body registered at this time.

In another embodiment, after receiving the authorization request of the usage subject, the computer device allows the usage subject to obtain the corresponding target shared data if it is detected that the usage subject is a successfully registered subject. And if the user main body is detected to be the main body which is not successfully registered, returning a registration prompt to the user main body, and enabling the user main body to send an authorization request after the registration is successful.

In another embodiment, after receiving the request for uploading the shared data from the home agent, the computer device allows the home agent to upload the shared data if it is detected that the home agent is a successfully registered agent. And if the attribution main body is detected to be a main body which is not successfully registered, returning a registration prompt to the attribution main body, and uploading the shared data after the attribution main body successfully registers.

Optionally, after determining that the registration of the subject is successful, the computer device allocates a unique identification number to the subject, and records the unique identification number as the identification of the subject.

In another embodiment, please continue to refer to fig. 6, after determining that the registration of the principal is successful, the computer device generates the public key and the private key of the principal, and sends the public key and the private key of the principal to the principal through step S603, and the public key and the private key are saved by the principal itself. The public and private keys of the principal may be used in the aforementioned data authorization scheme. Optionally, the private key of the principal is calculated by the KGC according to the public parameters of the IBC system, the master key, and the identity of the principal. The private key is kept secret by the user. The user's public key is determined by the user's identity or the user's identity information, so that a fair third party (e.g., a CA center) is no longer required to ensure the authenticity of the user's public key.

In another specific example, please continue to refer to fig. 6, which may further include step S604, where the computer device encrypts the registration information through the public key of the principal; step S605 is executed, and the encrypted registration information and the main body identification are correspondingly stored in the block chain; and generating a public key of the registration main body according to the identification of the main body, wherein the identification of the main body is used for identifying the main body to which the encrypted registration information belongs. In order to ensure information security, the public key and the private key are not uploaded to the blockchain.

The blockchain in the embodiment of the invention is mainly used for storing some information with small data volume in the steps of main body registration, data authorization, data registration and the like so as to record the public key and identity information of the main body, the change trace of the data and the like.

Referring to fig. 7, fig. 7 is a schematic structural diagram of a data platform, where operations of a computer device in the data platform may be performed by functional modules of a blockchain 701, and a subject (including a use subject and a home subject) may implement data sharing and data authorization and use through the data platform. The functional modules of the blockchain 701 may include at least a data registration contract module 7011, a subject registration contract module 7012, and an authorization contract module 7013, and the blockchain 701 may further include a blockcontent 7014, and the like. The data registration contract module 7011 mainly provides a function of data registration for the attribution main body, and provides an entry for entry of shared data, and after the shared data is registered, the encrypted shared data is stored in an original data area of decentralized storage. The main body registration contract module 7012 mainly provides a function of registration for the main body, and the main body generates a public and private key pair and an identification number of the main body after successful registration. The authorization contract module 7013 mainly provides services such as forwarding, approval and the like of an authorization application when the main body initiates an authorization request; the block contents 7014 mainly include the steps of registration of a main body, data authorization, data registration, and the like, and may further include account information of each main body, which is used to count data tokens owned by the main body, and records of transactions performed by the data tokens at each time, and the like. The data platform may also include a decentralized storage system 702, which may include a raw data area 7021 and an authorized data area 7022.

Referring to fig. 8, an embodiment of the present invention further provides a data authorization apparatus 80, including: an authorization request receiving module 801, configured to, when receiving an authorization request for target shared data by a use subject, forward the authorization request to a home subject that provides the target shared data; an authorization module 802, configured to obtain feedback of the attribution agent for the authorization request, and if the feedback indicates that authorization is granted, determine a data token for obtaining the target shared data; a token sending module 803, configured to send the data token to the usage subject, so that the usage subject obtains the target shared data from a decentralized storage system based on the data token.

Optionally, the authorization request sent to the home agent includes one or more of identity information of the using agent, information of the target shared data, and identity information of the home agent.

Optionally, the authorization request sent to the home agent further includes a constraint rule, where the constraint rule is used to limit the usage range of the target shared data.

Optionally, the information of the target shared data includes a data type of the target shared data, and the target shared data includes one or more data types of identity data, device data, account data, social relationship data, and network behavior data of the attribution principal.

Optionally, the data authorization apparatus 80 may further include: a first storage module to store one or more of the identity information of the using principal, the identity information of the attribution principal, the authorization request, and the feedback into a blockchain.

Optionally, the data authorization apparatus 80 may further include: a shared data obtaining module, configured to obtain shared data provided by the attribution main body, where the shared data includes the target shared data; and the shared data uploading module is used for storing the shared data into the decentralized storage system.

Optionally, after acquiring the shared data provided by the home agent, the data authorization apparatus 80 may further include: the encryption module is used for determining the public key of the attribution subject and carrying out asymmetric encryption on the shared data based on the public key of the attribution subject to obtain original data; the shared data uploading module is further used for storing the original data into the decentralized storage system; when the original data is to be processed, the original data is decrypted by a private key of the attribution main body to obtain the shared data.

Optionally, the data authorization apparatus 80 may further include: and the data fingerprint generating module is used for generating a data fingerprint of the original data based on the public key of the attribution main body, and the data fingerprint is used for identifying the attribution main body of the original data.

Optionally, after storing the shared data in the decentralized storage system, the data authorization apparatus 80 may further include: and the storage identifier receiving module is used for receiving a storage identifier returned by the decentralized storage system based on the shared data, wherein the storage identifier is used for acquiring the shared data.

Optionally, the data authorization apparatus 80 may further include: and the second storage module is used for storing one or more of the identity information of the attribution main body, the content information of the shared data, the data fingerprint of the original data and the storage identification corresponding to the shared data into a block chain.

Optionally, after the feedback is that authorization is granted, the data authorization apparatus 80 may further include: a data replication module for replicating the target shared data from shared data stored in the decentralized storage system according to the storage identifier and the authorization request; and the copied encryption module is used for encrypting the copied target shared data by using the public key of the using main body and storing the encrypted target shared data into the decentralized storage system, so that the using main body decrypts the encrypted target shared data by using the private key of the using main body after acquiring the encrypted target shared data to obtain the target shared data.

Optionally, the data authorization apparatus 80 may further include: and the third storage module is used for storing one or more of the identity information of the using main body, the identity information of the attribution main body and the related information of the copied target shared data into the block chain.

Optionally, the data authorization apparatus 80 may further include: a registration request receiving module, configured to receive a registration request of a main body, where the registration request includes registration information of the main body, and the main body includes a home main body and/or a use main body; and the successful registration module is used for verifying the identity of the main body according to the registration information, and when the identity verification of the main body passes, the main body is successfully registered, and the successfully registered main body is allowed to execute the data authorization method.

Optionally, the data authorization apparatus 80 may further include: the public and private key determining module is used for determining a public key and a private key of the main body after the main body is successfully registered; and the public and private key sending module is used for sending the public key and the private key of the main body to the main body.

Optionally, the data authorization apparatus 80 may further include: the fourth storage module is used for encrypting the registration information through the public key of the main body and correspondingly storing the encrypted registration information and the identification of the main body into the block chain; and generating the public key of the registered main body according to the identification of the main body.

For more details on the working principle and working mode of the data authorization apparatus 80, reference may be made to fig. 2 to 6 for the description of the data authorization method, which is not described herein again.

An embodiment of the present invention further provides a storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the steps of the data authorization method in any one of fig. 2 or fig. 6. The storage medium may be a computer-readable storage medium, and may include, for example, a non-volatile (non-volatile) or non-transitory (non-transitory) memory, and may further include an optical disc, a mechanical hard disk, a solid state hard disk, and the like.

The embodiment of the present invention further provides a computer device, which includes a memory and a processor, where the memory stores a computer program that can be executed on the processor, and when the processor executes the computer program, the processor executes the steps of the data authorization method in any one of fig. 2 or fig. 6.

It should be understood that the term "and/or" herein is merely one type of association relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this document indicates that the former and latter related objects are in an "or" relationship.

The "plurality" appearing in the embodiments of the present application means two or more.

The descriptions of the first, second, etc. appearing in the embodiments of the present application are only for illustrating and differentiating the objects, and do not represent the order or the particular limitation of the number of the devices in the embodiments of the present application, and do not constitute any limitation to the embodiments of the present application.

The term "connect" in the embodiments of the present application refers to various connection manners, such as direct connection or indirect connection, to implement communication between devices, which is not limited in this embodiment of the present application.

It should be understood that, in the embodiment of the present application, the processor may be a Central Processing Unit (CPU), and the processor may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. The procedures or functions according to the embodiments of the present application are wholly or partially generated when the computer instructions or the computer program are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire or wirelessly. It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

In the several embodiments provided in the present application, it should be understood that the disclosed method, apparatus and system may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative; for example, the division of the unit is only a logic function division, and there may be another division manner in actual implementation; for example, various elements or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be physically included alone, or two or more units may be integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.

The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute some steps of the methods according to the embodiments of the present invention.

Although the present invention is disclosed above, the present invention is not limited thereto. Various changes and modifications may be effected therein by one skilled in the art without departing from the spirit and scope of the invention as defined in the appended claims.