CN116561777A

CN116561777A - Data processing method and device

Info

Publication number: CN116561777A
Application number: CN202310404599.4A
Authority: CN
Inventors: 谢宗华
Original assignee: Zhejiang eCommerce Bank Co Ltd
Current assignee: Zhejiang eCommerce Bank Co Ltd
Priority date: 2023-04-11
Filing date: 2023-04-11
Publication date: 2023-08-08

Abstract

The embodiment of the specification provides a data processing method and device, wherein the method is applied to a data provider and comprises the following steps: acquiring target task data according to a received task data request, wherein the task data request comprises a data request party identifier corresponding to a data request party and task scene information; extracting a target scene label corresponding to the task scene information according to the task scene information; determining a scene identification code according to the data requester identification and the target scene label; encrypting the target task data according to the scene identification code to generate target encrypted data corresponding to the target task data; and marking the target encrypted data based on the target scene tag, obtaining marked encrypted data, and transmitting the marked encrypted data to the data requester. And the isolation between different task scenes is enhanced by checking the data requester identifier and the task scene tag corresponding to the data requester, and the special effect is achieved by marking the scene tag with the data.

Description

Data processing method and device

Technical Field

The embodiment of the specification relates to the technical field of computers, in particular to a data processing method.

Background

In the actual task processing, various enterprises and other organizations generate a lot of task related data. Each organization often delegates to process task related data. The trustee needs to ensure the security and confidentiality of the trustee data in the full life cycle of the data, specifically, the trustee must not exceed the agreed processing purpose, processing mode and the like, and the trustee data information is processed.

At present, the consignee and the trusted party can avoid certain legal risks and ensure the safety of data storage by signing a secret protocol and encrypting and storing the data. However, the trusted party does not have a strict management flow in the task processing process using the trusted party data, so that the application scene of the data is effectively restricted within a specified range. Based on this, there is a need for a more reliable scheme specification for the use of data.

Disclosure of Invention

In view of this, the present embodiments provide a data processing method. One or more embodiments of the present specification also relate to a data processing apparatus, a computing device, a computer-readable storage medium, and a computer program that solve the technical drawbacks of the prior art.

According to a first aspect of embodiments of the present specification, there is provided a data processing method, applied to a data provider, comprising:

acquiring target task data according to a received task data request, wherein the task data request comprises a data request party identifier corresponding to a data request party and task scene information;

extracting a target scene label corresponding to the task scene information according to the task scene information;

determining a scene identification code according to the data requester identification and the target scene label;

encrypting the target task data according to the scene identification code to generate target encrypted data corresponding to the target task data;

and marking the target encrypted data based on the target scene tag, obtaining marked encrypted data, and transmitting the marked encrypted data to the data requester.

According to a second aspect of embodiments of the present specification, there is provided a data processing method, applied to a data requester, comprising:

a task data request is sent to a data provider, wherein the task data request comprises a data request party identifier corresponding to the data request party and task scene information;

receiving marked encryption data sent by a data provider based on a task data request, wherein the marked encryption data comprises target encryption data and a target scene tag;

Receiving a data processing request aiming at target encrypted data, wherein the data processing request carries scene information to be processed;

acquiring a to-be-processed scene tag corresponding to the to-be-processed scene information according to the to-be-processed scene information;

under the condition that the to-be-processed scene tag is matched with the target scene tag, acquiring initial processing data corresponding to the data processing request according to the target encryption data, and marking the initial processing data based on the target scene tag to acquire target processing data.

According to a third aspect of embodiments of the present specification, there is provided a data processing system comprising a data requester and a data provider:

the data request party comprises a task data request sent to the data provider, wherein the task data request comprises a data request party identifier corresponding to the data request party and task scene information;

the data provider acquires target task data according to a received task data request, wherein the task data request comprises a data request identifier corresponding to the data request and task scene information; extracting a target scene label corresponding to the task scene information according to the task scene information; determining a scene identification code according to the data requester identification and the target scene label; encrypting the target task data according to the scene identification code to generate target encrypted data corresponding to the target task data; marking target encrypted data based on the target scene tag, obtaining marked encrypted data, and transmitting the marked encrypted data to a data requester;

The data request party also comprises mark encryption data sent by the data provider based on the task data request, wherein the mark encryption data comprises target encryption data and a target scene tag; receiving a data processing request aiming at target encrypted data, wherein the data processing request carries scene information to be processed; acquiring a to-be-processed scene tag corresponding to the to-be-processed scene information according to the to-be-processed scene information; under the condition that the scene label to be processed is matched with the target scene label, acquiring initial processing data corresponding to the data processing request according to the target encryption data; the initial processing data is marked based on the target scene tag, and target processing data is obtained.

According to a fourth aspect of embodiments of the present specification, there is provided a data processing apparatus configured to a data provider, comprising:

the first acquisition module is configured to acquire target task data according to a received task data request, wherein the task data request comprises a data request party identifier corresponding to a data request party and task scene information;

the extraction module is configured to extract a target scene label corresponding to the task scene information according to the task scene information;

The determining module is configured to determine a scene identification code according to the data requester identification and the target scene label;

the encryption module is configured to encrypt the target task data according to the scene identification code and generate target encrypted data corresponding to the target task data;

and a transmitting module configured to tag the target encrypted data based on the target scene tag, obtain the tagged encrypted data, and transmit the tagged encrypted data to the data requester.

According to a fifth aspect of embodiments of the present disclosure, there is provided a data processing apparatus configured to a data requester, including:

the request module is configured to send a task data request to the data provider, wherein the task data request comprises a data requester identifier corresponding to the data requester and task scene information;

a first receiving module configured to receive tag encryption data transmitted by a data provider based on a task data request, wherein the tag encryption data includes target encryption data and a target scene tag;

the second receiving module is configured to receive a data processing request aiming at target encrypted data, wherein the data processing request carries scene information to be processed;

the second acquisition module is configured to acquire a to-be-processed scene tag corresponding to the to-be-processed scene information according to the to-be-processed scene information;

The third acquisition module is configured to acquire initial processing data corresponding to the data processing request according to the target encryption data under the condition that the to-be-processed scene tag is matched with the target scene tag, and to mark the initial processing data based on the target scene tag to acquire the target processing data.

According to a sixth aspect of embodiments of the present specification, there is provided a computing device comprising:

a memory and a processor;

the memory is configured to store computer executable instructions that, when executed by the processor, perform the steps of the data processing method described above.

According to a seventh aspect of the embodiments of the present specification, there is provided a computer readable storage medium storing computer executable instructions which, when executed by a processor, implement the steps of the data processing method described above.

According to one embodiment of the specification, target task data is obtained according to a received task data request, wherein the task data request comprises a data request party identifier corresponding to a data request party and task scene information; extracting a target scene label corresponding to the task scene information according to the task scene information; determining a scene identification code according to the data requester identification and the target scene label; encrypting the target task data according to the scene identification code to generate target encrypted data corresponding to the target task data; and marking the target encrypted data based on the target scene tag, obtaining marked encrypted data, and transmitting the marked encrypted data to the data requester.

The method comprises the steps of extracting relevant information of a data requester carried in a task data request, checking a data requester identifier corresponding to the data requester and a task scene label, encrypting target task data applied by the data requester according to the data requester identifier and a unique scene code corresponding to the target scene label under the condition that the checking is passed, marking the encrypted target encrypted data according to the target scene label, and sending marked encrypted data to the data requester, so that the encrypted isolation of the task data according to actual task scenes is realized, the isolation among different data processing main bodies and different task scenes is enhanced, and the safety of data information is improved. In addition, because the data sent to the data requesting party carries the tag, the card point verification can be carried out according to the application range and the use purpose of the tag on the data in the process of applying for and processing the data in the subsequent data requesting party, so that the strict management on the full life cycle of the data is realized, and the special effect of special numbers is achieved.

Drawings

FIG. 1 is a flow chart of a data processing method applied to a data provider provided in one embodiment of the present disclosure;

FIG. 2 is a flow chart of a data processing method applied to a data requester according to one embodiment of the present specification;

FIG. 3 is a system diagram of a data processing system according to one embodiment of the present disclosure;

FIG. 4 is a process flow diagram of a data processing method according to one embodiment of the present disclosure;

FIG. 5 is a schematic diagram of a data processing apparatus configured at a data provider according to one embodiment of the present disclosure;

FIG. 6 is a schematic diagram of a data processing apparatus configured at a data requester according to an embodiment of the present disclosure;

FIG. 7 is a block diagram of a computing device provided in one embodiment of the present description.

Detailed Description

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many other forms than described herein and similarly generalized by those skilled in the art to whom this disclosure pertains without departing from the spirit of the disclosure and, therefore, this disclosure is not limited by the specific implementations disclosed below.

The terminology used in the one or more embodiments of the specification is for the purpose of describing particular embodiments only and is not intended to be limiting of the one or more embodiments of the specification. As used in this specification, one or more embodiments and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any or all possible combinations of one or more of the associated listed items.

It should be understood that, although the terms first, second, etc. may be used in one or more embodiments of this specification to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first may also be referred to as a second, and similarly, a second may also be referred to as a first, without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.

Furthermore, it should be noted that, user information (including, but not limited to, user equipment information, user personal information, etc.) and data (including, but not limited to, data for analysis, stored data, presented data, etc.) according to one or more embodiments of the present disclosure are information and data authorized by a user or sufficiently authorized by each party, and the collection, use, and processing of relevant data is required to comply with relevant laws and regulations and standards of relevant countries and regions, and is provided with corresponding operation entries for the user to select authorization or denial.

First, terms related to one or more embodiments of the present specification will be explained.

Data blood-edge relationship: refers to the relationship formed between data from generation, processing, fusion, circulation and destruction in the whole life cycle of the data. Since the link relationship of data generation is recorded, similar to human blood vessel transfer, it is called data blood relationship.

Symmetric encryption algorithm: the symmetric encryption algorithm is that a data sender processes plaintext (original data) and an encryption key together through a special encryption algorithm, and then the plaintext and the encryption key are changed into complex encrypted ciphertext to be sent out. After receiving the ciphertext, the receiver needs to decrypt the ciphertext by using the encryption key and the inverse algorithm of the same algorithm to restore the ciphertext into readable plaintext if the receiver wants to interpret the ciphertext. In the symmetric encryption algorithm, only one key is used, and both the sender and the receiver encrypt and decrypt data by using the key.

Peer-to-peer cryptographic algorithm: is a symmetric encryption algorithm specified in the national commercial cryptographic algorithm (SM series algorithm).

md5 encryption algorithm (information digest algorithm): is a widely used cryptographic hash function that produces a 128 bit (16 byte) hash value to ensure that the information transfer is complete and consistent.

Sha-2 series encryption algorithm (secure hash algorithm 2): is a cryptographic hash function algorithm standard, and can generate a hash value with a preset fixed bit number as a message digest for messages with any length.

Special number: when data is acquired or obtained, the data is ensured to be used in a definite task scene range in order to ensure legal compliance in a use task scene appointed by an authorized party, and the appointed use range cannot be exceeded.

In the present specification, a data processing method is provided, and the present specification relates to a data processing apparatus, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments one by one.

Currently, organizations such as groups and enterprises can generate a lot of task related data during the actual task processing. Each organization often entrusts delegates to process task related data; or sign-up partners, and cooperate with the partners to complete a task. For example, a group may delegate employee data to an insurance company, which evaluates whether the employee obtained a claim, and the e-commerce platform may share customer shopping information with the express company to cooperate to complete online sales of the merchandise.

In practical application, two independent groups and enterprises are arranged; different departments within the same enterprise; there is in principle an isolation requirement between sub-clusters under the same cluster flag when processing data related to a task scenario. For example, personnel and finance parts of a company, employee data, work information, task data generated under different task scenes, etc. stored in each part should not be visible. For another example, when an employee enters a company post, he needs to sign a security agreement and must not reveal the data information applied during the job to other companies and individuals.

However, the signing protocol only depends on the signing protocol, so that the safety and confidentiality of the data in the application process cannot be ensured, one party processing the task data can not actually apply the task data in what task scene, whether the task data is used in an out-of-range mode or not, and the signing protocol cannot have a good constraint effect.

In order to enable a subscription agreement to better exert a constraint effect, and more strictly manage the full life cycle of data in different task scenes, one embodiment of the present disclosure provides a data processing method applied to a data provider, and target task data is obtained according to a received task data request, where the task data request includes a data requester identifier corresponding to the data requester and task scene information; extracting a target scene label corresponding to the task scene information according to the task scene information; determining a scene identification code according to the data requester identification and the target scene label; encrypting the target task data according to the scene identification code to generate target encrypted data corresponding to the target task data; and marking the target encrypted data based on the target scene tag, obtaining marked encrypted data, and transmitting the marked encrypted data to the data requester.

Referring to fig. 1, fig. 1 shows a flowchart of a data processing method applied to a data provider according to an embodiment of the present disclosure, which specifically includes the following steps.

Step 102: and acquiring target task data according to the received task data request, wherein the task data request comprises a data request party identifier corresponding to the data request party and task scene information.

The data is applied in different task scenes, so that the task attributes can follow the blood-edge relationship of the data, and the task attributes exist in the full life cycle of the data. The data in different task scenes are required to be kept secret so as to ensure the safety of the data, thereby ensuring the legal rights of a collective or a person related to the data.

In practical application, the data provider is a party storing task data, has the right to hold and manage the task data, and can store and manage various data in a classified manner according to different task scenes and different security levels, and the data provider can store the data in storage media such as a database, a cloud and the like. In order to improve the data security, when the data is stored, the security of the data stored in the data provider can be ensured by encrypting the data acquisition interface corresponding to the storage medium or encrypting the data itself. The storage and encryption method of the data can be specifically selected according to actual conditions, and the description is not limited in any way.

The data requesting party is a party applying for using the data, the data requesting party only processes and uses the task data in a fixed task scene, any operation exceeding the subscription range can not be performed on the task data, and the data processed by the data requesting party needs to be applied for obtaining from the data provider.

In practical applications, the data provider may act as a delegation party, delegating the data requester to perform specific tasks on the data of the data provider. Illustratively, company M collects video material and entrusts company N to produce the video material as a movie for distribution through video processing techniques. The data provider can also be used as a partner initiator to process the data in a specified task scene together with a partner accepting recipient. Illustratively, the game company X needs to store and maintain a large amount of user information and account information, and thus cooperates with the company Y providing the cloud service to implement management and maintenance of the user information and the account information through cloud technology. The above examples can be applied not only between different companies but also between different departments and different sub-companies of the same company or group.

In particular, the data provider and the data requester serve as two subjects with different identities, and the identity types of the two subjects are not fixed and unchanged, but can be converted between the two types of the data provider and the data requester according to actual situations. For example, the group a is a data provider when other groups apply for the data a, and the group a is a data requester when the group a processes the data b held by other groups. Therefore, for the same main body, the data provider and the data requester can be used according to different actual situations, and the specification does not limit the type of the main body.

In practical application, the data requesting party processes the data and applies for the data related to the task scene to the data holding party, so that the data requesting party initiates a task data request to the data holding party, and the task data request carries the related information which can represent the identity of the data requesting party and the task scene to be processed, so that the data holding party can carry out security verification on the authority of the data requesting party according to the related information. Specifically, the data requester may carry the data requester identifier and the task scenario information in the task data request.

Accordingly, in one or more embodiments of the present disclosure, a data requester receives a task data request, and may obtain target task data according to the task data request, where the task data request includes a data requester identifier corresponding to the data requester and task scene information.

Specifically, the task data request is issued by the data requester for applying for the task data request from the data requester. The data requester identity may be understood as identification information capable of uniquely identifying the identity of the data requester. The task scenario information can be understood as a specific usage scenario of task data when task data is processed by a data requester. The task scene information can have various expression forms, and can be exemplified by codes pre-agreed with a data provider, expressed in the form of hash values or English characters, digital characters and the like, or can be expressed in the form of sentences or words by a section of natural description language edited by a data requester and describing the task scene. The expression form and the content of the task scene information can be determined according to actual conditions, and the description is not limited in any way.

Preferably, in order to facilitate the data request to apply for task data to the data provider, to improve the data application efficiency, the task scenario information may be a section of natural description language automatically generated by the data requester according to the task scenario, for example: the application applies for data to user information security verification and requests detection of network performance of the on-line server cluster.

Optionally, the data requester identifier may be encrypted according to the data requester and/or an encryption mode preset by the data requester, so as to further improve security and confidentiality in the data application process. Similarly, task scene information may be encrypted.

The target task data is data acquired by the data provider from a storage medium corresponding to the data provider according to the task data request, and specifically, the target task data can be acquired according to a data requester identifier and task scene information included in the task data request.

According to the received task data request, the target task data is acquired, so that the data provider can check the acquisition authority of the data requester according to the information in the request under the condition that the task data request is received, and further process the acquired target task data according to the information in the request under the condition that the check is passed, thereby improving the data safety and the constraint of the data use range.

Step 104: and extracting a target scene label corresponding to the task scene information according to the task scene information.

In practical application, a data provider receives a task data request and acquires a data requester identifier corresponding to the data requester and task scene information included in the task data request. The relevant information corresponding to the data requesting party in the task data request can be checked, so that how to respond to the task data request is judged.

In one or more embodiments provided herein, the data provider may not respond to the task data request in the event that the verification fails; the data provider can also respond to the task data request, but does not acquire the target task data and sends the target task data to the data requester, and sends permission reminding information to the data requester to inform the data requester that the permission of the target task data is not acquired currently, inquire whether the contract with the data provider is needed or inquire whether the contract with the data provider is needed, and detect errors of the contracted information.

In one or more embodiments provided herein, verification of data requestor-related information may be achieved in two ways:

the first way is to detect the data requester identifier first, determine whether the data provider signs a contract with the data requester corresponding to the data requester identifier, and directly determine the checking result as not passing when detecting that the data provider does not sign a contract with the data requester. Further detecting whether task scene information in the request is consistent with contracted task scene information or not under the condition that the data provider and the data requester are detected to contract, and determining that the verification result is not passed under the condition that the task scene information in the request is not consistent with contracted task scene information, wherein prompt information can be sent to the data requester at the moment to inform that the reason that no target task data acquisition permission exists is that the data use scene exceeds the data use range specified by contracted clauses; and under the condition that the data requester identifier and the task scene information are detected to pass through detection, determining that the verification result is passed.

The second mode is to detect the task scene information corresponding to the data requesting party and judge whether the data provider needs to entrust the data requesting party to process the data in the task scene or whether the data provider needs to cooperate with the data requesting party to process the data in the task scene. And under the condition that the detection result does not pass, a prompt message can be sent to the data requesting party to inform the data requesting party that the data processing under the task scene is not authorized by the data providing party. And under the condition that the detection result passes, the data request party identifier corresponding to the data request party can be detected, under the condition that the detection is not passed, the check result is determined to be not passed, and under the condition that the detection is detected that the task scene information and the data request party identifier pass, the check result is determined to be passed.

It should be noted that, the data requester identifier may be a data transmission interface identifier authorized by the data requester, or may be identifier information capable of uniquely identifying the identity of the data requester, such as a theme name of the data requester.

In order to improve the efficiency of a data provider in initiating a task data request, the specification does not limit the form of task scene information, so that in the process of detecting the task scene information, the method needs to adapt to various forms of task scene information, and improves the identification efficiency and accuracy of the task scene information, thereby improving the efficiency and accuracy of permission verification.

Thus, in one or more embodiments of the present disclosure, a data provider extracts a target scene tag corresponding to task scene information according to the task scene information.

The target scene labels are unified in form, task scene information corresponding to the data requesting party can be identified, and the data requesting party can conveniently identify and check the task scene information. Preferably, the target scene tag may be in the form of words in natural language, and the words are automatically translated according to the conventional language set by the user. By way of example, the target scenario label may be words specifying the data usage scenario such as "gateway security", "credit", "health insurance", and the like.

In practical application, according to the specific management requirement of the data provider on task data, the application scene range covered by the specific task can be finely divided with different granularities, and according to the division result, corresponding scene labels which can be matched with the division result are preset. Illustratively, the data provider subdivides the application scenario scope of the task data a into a scenario A1, a scenario A2, a scenario A3, a scenario A4, a scenario A5, the scenario A1, the scenario A2, the scenario A3, the scenario A4, the scenario A5 corresponding to the scenario tag A1, the scenario tag A2, the scenario tag A3, the scenario tag A4, the scenario tag A5, respectively. Only the data requester is allowed to use the task data a in the scenes A1, A2, and therefore, in the verification process, the target scene tag corresponding to the data requester must be at least one of the scene tag A1 and the scene tag A2, otherwise the verification cannot be passed.

Accordingly, in one or more embodiments of the present disclosure, extracting, according to task scene information, a target scene tag corresponding to the task scene information may be implemented at least in the following two ways:

the specific steps of the first mode may include:

analyzing task scene information to obtain target keywords included in the task scene information;

and determining the target keywords as target scene labels corresponding to the task scene information.

The target keywords meet the unified check standard of the data provider. The target keywords may be stored in the data provider's corresponding storage medium through an underlying data structure such as a keyword table.

In practical application, the task scene information can be segmented through a barking class segmentation tool, and words describing the task scene in the task scene information are extracted; the task scene information can be analyzed through the regular expression, and words describing the task scene in the task scene information are analyzed; the words which can describe the task scene and are included in the task scene information can be analyzed through vectorization of the task scene information, extraction of feature vectors and other modes.

The target keywords are determined to be the target scene labels corresponding to the task scene information, so that the target scene labels can be detected according to the subscription scene label table stored in advance by the data provider in the process of checking the target scene labels, and the accuracy and the efficiency of detection results are improved.

Correspondingly, analyzing the task scene information to obtain the target keywords included in the task scene information can be realized by the following steps:

analyzing the task scene information to obtain initial keywords included in the task scene information;

and determining the target keywords corresponding to the initial keywords according to a preset reference table.

Since the initial keywords extracted from the task scene information may be close-defined words or synonyms with respect to the keywords corresponding to the scene tags stored in the subscription scene tag table stored in advance by the data provider, if the initial keywords are directly detected, the detection result may be inaccurate.

Illustratively, the task scenario information is "apply data to user information security check", and the initial keywords extracted from the task scenario information are "information security", "check". And keywords corresponding to scene labels stored in a subscription scene label table stored in advance by the data provider comprise data security and verification. It will be understood that "information security" and "data security" are similar in meaning, though they are different words, and "verification" and "validation" are the same as those performed on data, though they are different words. At this time, although the data requester has the subscription authority, since the keywords corresponding to the scene tags stored in the subscription scene tag table stored in advance by the data provider are not matched, the authority verification cannot be passed.

In order to avoid inaccurate verification results caused by such a situation, in one or more embodiments provided in the present disclosure, normalization processing is performed on initial keywords included in task scenario information input by a data requester by setting a preset reference table.

The preset reference table is used for storing target keywords and initial keywords, and the target keywords and the initial keywords are correspondingly stored in the preset reference table in a one-to-many mode.

The normalization process is used to calibrate the initial keywords of various expressions to target keywords that meet the detection criteria. According to the specific implementation method, the initial keywords are replaced by target keywords which are correspondingly arranged in the preset reference table according to the preset reference table. For example, in the preset reference table, words such as "check", "verify", "check" and the like all correspond to the same target keyword "verify", so that when the initial keyword is "check", the keyword "verify" corresponding to "check" is found according to the preset reference table, and the "verify" is used as the target keyword to replace the initial keyword corresponding to the task scene information.

Along with the popularization of artificial intelligence in daily application, input task scene information can be automatically analyzed by training a model, and a corresponding target scene label is extracted.

Accordingly, specific steps of the second approach may include:

and inputting the task scene information into a scene tag model to obtain a target scene tag output by the scene tag model.

The scene tag model is a model trained in advance according to various corpus related to the task scene, receives input task scene information, and can directly output a target scene tag corresponding to the task scene information.

The task scene information is output as the target scene label through the scene label model, so that the analysis efficiency of the task scene information can be greatly improved, and the accuracy of task scene information identification is improved, thereby improving the detection efficiency and the detection result accuracy of detecting the scene label.

In the task data request, under the condition that the data requester identifier corresponding to the data requester and the task scene information pass verification, the data provider can send the acquired target task data to the data requester.

In practical applications, because the target task data may be obtained from a bottom storage entity such as a database, the target task data obtained by the data provider is usually plaintext data without any encryption processing. The plaintext data is directly transmitted to the data requesting party, so that the specific application scene of the data cannot be constrained, the specified application range of the data is easily damaged, and the problem of data leakage in the data transmission process is easily caused by the influence of a transmission mode. Therefore, in one or more embodiments provided in the present disclosure, before sending the target task data to the data requester, encryption processing may be further performed on the critical data in the target task data, so that the data sent to the data requester has higher security and task scenario isolation.

Accordingly, in order to make the target task data have stronger isolation according to different task scene attributes in practical application, the target task data can be encrypted according to the unique identifier corresponding to the data requester identifier and the target scene tag.

Step 106: and determining a scene identification code according to the data requester identification and the target scene label.

Specifically, the scene identification code is an identification code which is generated according to the identification of the data requesting party and the target scene label and can uniquely identify the authorized data requesting party and the authorized task scene. It is easy to understand that even the same authorized data requester, the corresponding scene identification codes are different according to the different scenes of the authorized tasks. For example, the data requester identifier corresponding to the signed authorized data requester is a, the authorized task scene tag for the task data a is a1, and then the scene identifier determined according to the data requester identifier a and the authorized task scene tag a1 is different from the scene identifiers determined according to the data requester identifier a and other unauthorized scene tags. Therefore, the scene identification codes determined according to the mode can strictly isolate the application scenes of the task data, so that the isolation of the data among different task scenes is ensured.

Accordingly, in one or more embodiments provided herein, determining a scene identification code based on a data requestor identification and a target scene tag is implemented by steps comprising:

s1062, acquiring a data record table, wherein the data record table stores the corresponding relation among the data requester identifier, the scene tag and the scene identifier code.

Specifically, the data record table is used for storing the corresponding relation among the data requester identifier, the scene tag and the scene identifier, and can be understood as a database, a data structure capable of storing the corresponding relation, a txt document, an Excel table, a hash table and the like, and the structure capable of storing the corresponding relation among the data requester identifier, the scene tag and the scene identifier.

The data provider acquires the data record table so that whether the data requester identification and the target scene tag are stored in advance can be retrieved in the data record table according to the data information recorded in the data record table.

S1064, searching in the data record table according to the data request party identification and the target scene label.

In practical application, according to the data request party identifier and the target scene tag, various implementation modes for searching in the data record table can be realized, and the specific implementation mode can be determined according to the storage structure of the data record table and the storage mode of the data. For example, the data requester identifier and the target scene tag may be directly input, and whether the corresponding data requester identifier and target scene tag can be matched or not is retrieved; the data request party identifier can be input first, and the target scene label can be input under the condition that the data request party identifier is found.

S1066, when the target data record corresponding to the data request party identifier and the target scene label is retrieved from the data record table, acquiring the scene identifier of the target data record.

In practical application, when a target data record corresponding to a data request party identifier and a target scene label is retrieved from a data record table, a scene identifier code generated according to the data request party identifier and the target scene label is prestored in the data record table. Thus, the scene identification code can be acquired from the retrieved target data record.

Specifically, the scene identification code is generated in the process of signing authorization of the data requester and the data provider for the specific application scene of the task data. Therefore, the scene identification codes are stored in the data record table in advance, and when a data requesting party initiates a task data request to acquire and process task data, the scene identification codes used for encrypting and isolating data information can be directly searched and acquired from the data record table stored in advance, so that the data acquisition efficiency is improved.

Accordingly, the scene identification code is pre-stored in the data record table, which can be achieved by the following steps S10602-S10608:

S10602, receive subscription information, where the subscription information includes a subscription data requester identifier and subscription task scene information corresponding to the subscription data requester.

Specifically, the subscription information may be understood as information generated by subscription authorization performed by the data requesting party and the data requesting party for a specific application scenario of at least one task data. The sign of the signing data request party is a unique sign corresponding to the signing data request party, and the signing task scene information is information describing specific application scenes of signing authorization.

S10604, extracting a subscription scene label corresponding to the subscription task scene information according to the subscription task scene information.

Specifically, for a detailed description of the implementation of S10604, reference may be made to step 104 above.

S10606, generating a subscription scene identification code according to the subscription data requester identification and the subscription scene label.

Specifically, the subscription scene identification code is a scene identification code generated according to the subscription data requester identification and the subscription scene tag. The subscription scene identification code can uniquely identify a subscription data requester identification and a subscription scene label of the subscription data requester.

In practical application, the generation modes of the scene identification code can be various, optionally, the data request party identification and the sign scene label can be transcoded into characters, such as English words or binary digits, and the like, then the characters corresponding to the data request party identification and the characters corresponding to the sign scene label can be spliced, and the character strings obtained through splicing are encoded through an encoder to obtain the scene identification code. Optionally, the data requester identifier and the sign-up scene tag can also be directly converted into the scene identifier code through other encoding modes such as a hash algorithm.

It should be noted that once the scene identification code is generated, the signed data requesting party and the task range allowed to be processed for specific task data can be uniquely limited, so that by generating the scene identification code according to the data requesting party identification and the sign scene label, different task scenes can be isolated according to the planning of the data provider for the specific task scene, the security and confidentiality of the task data are improved, the visual data management for the specific task scene is realized, and the constraint effect that the task data are used in a scene is more effective is achieved.

S10608, store the sign of the subscription data requester, the sign of the subscription scene, and the sign of the subscription scene in the data record table.

In practical application, the sign of the sign-up data request party, the sign-up scene label and the sign-up scene identification code are correspondingly stored in the data record table, when the target sign-up record is searched according to the sign of the sign-up data request party and the sign-up scene label, the unique sign-up scene identification code corresponding to the sign-up data request party and the sign-up scene label can be obtained from the target sign-up record, so that the searching efficiency of the sign-up scene identification code is improved, and the maintenance and management of the related information corresponding to the data request party are facilitated.

Step 108: and encrypting the target task data according to the scene identification code to generate target encrypted data corresponding to the target task data.

In practical application, the target task data is encrypted by a symmetric encryption algorithm, such as a Kaiser password, a square password and the like, and when an encryption key is revealed or an illegal molecule analyzes the encryption key by initiating data attack on a ciphertext by self-generated key and the like, the target task data can be obtained, and the safety of the target task data cannot be ensured.

Because the scene identification code can uniquely identify the data requester identification and the task scene information, the scene identification code is used as a salt value to encrypt the target task data in a salt adding mode, and even if the scene identification code is leaked carelessly or cracked, the encrypted target task data is difficult to acquire. Illustratively, the target task data may be encrypted by a hash method using the scene identification code as a salt value by an md5 encryption algorithm or a sha-2 series encryption algorithm (specifically, for example, sha 256). The target task data can be encrypted by other encryption modes such as a peer-to-peer cryptographic algorithm.

By taking the scene identification code as the salt value, the target task data is encrypted according to the scene identification code, so that the security of encrypted ciphertext can be improved, the ciphertext cracking difficulty can be greatly increased, the isolation of the use scene of the target task data can be realized, and the constraint effect of the application range of the target task data is improved.

It should be noted that, for a data transmission scenario with low requirements for data confidentiality restrictions, such as intra-domain data transmission, for example, data transmission in a group or a department, task data may be encrypted by an encryption method such as a symmetric encryption algorithm, where traceability cannot be guaranteed.

In one or more embodiments of the present disclosure, encrypting target task data according to a scene identifier, and generating target encrypted data corresponding to the target task data may be implemented by:

acquiring at least one piece of data to be encrypted in target task data;

and encrypting each piece of data to be encrypted according to the scene identification code, and generating target encrypted data corresponding to each piece of data to be encrypted.

Specifically, the at least one data to be encrypted may be a unique identifier corresponding to the target task data. Specific data information of the target task data can be obtained through the unique identification corresponding to the target task data. Optionally, the at least one data to be encrypted may also be data with a higher security level in the target task data, for example, data such as unique identification information of the user, a security key of the enterprise, and the like. The target encrypted data is encrypted data corresponding to the target task data after each piece of data to be encrypted is encrypted according to the scene identification code.

According to the scene identification code, at least one piece of data to be encrypted in the target task data is encrypted, so that the safety of the target task data and the task scene isolation can be ensured.

Step 110: and marking the target encrypted data based on the target scene tag, obtaining marked encrypted data, and transmitting the marked encrypted data to the data requester.

In practical applications, after encrypting the target encrypted data according to the scene identifier, the target encrypted data needs to be marked. The marking is the operation of adding the target scene label to the target encrypted data, so that the stuck point detection can be carried out on the task scene which is allowed to be applied by the target encrypted data according to the target scene label, and the strict constraint on the data use range is realized.

After the target scene tag is added to the target encrypted data to obtain the marked encrypted data, the marked encrypted data can be sent to a data requester, so that the data requester processes the target task data corresponding to the marked encrypted data.

It is easy to understand that in order to improve the confidentiality of the data, it is ensured that the data sent to the data requester will not be applied illicitly in the task scenario beyond the scope of use of the data, and that the data with higher confidentiality level should be displayed in an encrypted manner in the visual view received by the data requester. Thus, in one or more embodiments of the present description, sending the tagged encrypted data to the data requestor may be accomplished by:

Generating an encrypted view according to the target encrypted data;

and sending the encrypted view to the data requester.

Specifically, the target encrypted data may be output in the form of a view according to the logical relationship between the data, and the output encrypted view may be provided to the data requester. The plaintext data stored in the bottom layer entity table is invisible to the data requesting party, so that the target task data can be ensured not to be used in an out-of-range mode, and a better constraint effect on the range of the data application scene is achieved.

According to the data processing method applied to the data provider, which is provided by the embodiment of the specification, target task data is obtained according to the received task data request, wherein the task data request comprises a data requester identifier corresponding to the data requester and task scene information; extracting a target scene label corresponding to the task scene information according to the task scene information; determining a scene identification code according to the data requester identification and the target scene label; encrypting the target task data according to the scene identification code to generate target encrypted data corresponding to the target task data; and marking the target encrypted data based on the target scene tag, obtaining marked encrypted data, and transmitting the marked encrypted data to the data requester.

The method comprises the steps of extracting relevant information of a data requester carried in a task data request, checking a data requester identifier corresponding to the data requester and a task scene label, encrypting target task data applied by the data requester according to the data requester identifier and a unique scene code corresponding to the target scene label under the condition that the checking is passed, marking the encrypted target encrypted data according to the target scene label, and sending marked encrypted data to the data requester, so that the encrypted isolation of the task data according to actual task scenes is realized, the isolation among different data processing main bodies and different task scenes is enhanced, and the safety of data information is improved.

In addition, because the data sent to the data requesting party carries the tag, the card point verification can be carried out according to the application range and the use purpose of the tag on the data in the process of applying for and processing the data in the subsequent data requesting party, so that the strict management on the full life cycle of the data is realized, and the special effect of special numbers is achieved.

Referring to fig. 2, fig. 2 shows a flowchart of a data processing method applied to a data requester according to an embodiment of the present specification, which specifically includes the following steps.

Step 202: and sending a task data request to the data provider, wherein the task data request comprises a data requester identifier corresponding to the data requester and task scene information.

In practical application, when the data requester needs to process related data, a task data request is sent to the data provider according to a task scene corresponding to the data and the data requester identifier.

Step 204: the receiving data provider sends marked encryption data based on the task data request, wherein the marked encryption data comprises target encryption data and target scene tags.

In practical application, the data requester receives the marked encrypted data sent by the data provider based on the task data request. After receiving the marked encrypted data, the data requesting party needs to restrict the application scene in the subsequent use process of the marked encrypted data according to the specific use scene of the data so as to achieve the special effect of the private number.

Step 206: receiving a data processing request aiming at target encrypted data, wherein the data processing request carries scene information to be processed;

in particular, a data processing request for target encrypted data may be understood as a processing request for target encrypted data initiated internally by the body of the data requester. Each department corresponding within a group, or different machine devices corresponding within a department, may be understood as being within the principal of the data requestor. In practical application, the data requester can be understood as a party receiving the data sent by the data provider, and after receiving the data, the data requester carries out corresponding processing on the data according to a specified task scene. Thus, for different processing tasks, the data requestor internally initiates a data processing request for the target encrypted data. The scene information to be processed is a specific task scene for processing the target encrypted data.

When a data processing request for the target encrypted data is initiated in the main body of the data requester, the to-be-processed scene information carried in the data processing request may be detected in advance, and when the to-be-processed scene information passes the detection, the data processing request for the target encrypted data is sent out again. If the to-be-processed scene information is detected to be not in accordance with the application scene specified by the data provider, the data processing request can be refused to be initiated, so that strict management constraint is carried out on the data application scene in the data requester.

Step 208: and acquiring a to-be-processed scene tag corresponding to the to-be-processed scene information according to the to-be-processed scene information.

Specifically, according to the to-be-processed scene information, a to-be-processed scene tag corresponding to the to-be-processed scene information is obtained, and whether a to-be-processed task scene corresponding to a data processing request aiming at target encrypted data meets a rule can be detected. The specific manner of obtaining the to-be-processed scene tag may refer to the description of step 104, which is not described herein.

Step 210: under the condition that the to-be-processed scene tag is matched with the target scene tag, acquiring initial processing data corresponding to the data processing request according to the target encryption data, and marking the initial processing data based on the target scene tag to acquire target processing data.

In practical application, under the condition that the scene tag to be processed is matched with the target scene tag, initial processing data corresponding to the data processing request can be obtained according to the target encryption data. The main body of the data requesting party processes the initial processing data according to the task logic and generates a series of derivative data, and the whole life cycle of the data is strictly managed by the application scene, so that the management constraint on the data use range is realized, and the special effect is achieved.

One or more embodiments provided herein may enable delivery of a target scene tag to a subsequent new table generated based on the initial processing data, beginning with the initial processing data, according to a data blood-edge relationship. Specifically, the initial processing data may be marked based on the target scene tag to obtain target processing data.

By marking the initial processing data with the label, the corresponding scene label can be determined based on the scene label of the table on the blood edge upstream of the table and the derivative data, and the scene label is marked based on the scene label, so that the application scene verification (check) and the stuck point can be performed on the data generated by each task node according to the scene label in the data requester, the isolation of the data application scene is realized, and the special effect is achieved.

According to the data processing method applied to the data requesting party, which is provided by the embodiment of the specification, a task data request is sent to the data providing party, wherein the task data request comprises a data requesting party identifier corresponding to the data requesting party and task scene information; receiving marked encryption data sent by a data provider based on a task data request, wherein the marked encryption data comprises target encryption data and a target scene tag; receiving a data processing request aiming at target encrypted data, wherein the data processing request carries scene information to be processed; acquiring a to-be-processed scene tag corresponding to the to-be-processed scene information according to the to-be-processed scene information; under the condition that the to-be-processed scene tag is matched with the target scene tag, acquiring initial processing data corresponding to the data processing request according to the target encryption data, and marking the initial processing data based on the target scene tag to acquire target processing data.

By transmitting a task data request carrying information about a data requester to a data provider and receiving tag encrypted data transmitted by the data provider based on the task data request, task data that needs to be processed in a specified task scenario can be acquired. By receiving a data processing request aiming at target encrypted data, checking the to-be-processed scene information carried by the data processing request, ensuring that the use of the target encrypted data in a main body of a data requester is strictly constrained in a specified application range, marking initial processing data based on target scene labels, transmitting scene labels to a new table generated subsequently according to a data blood relationship, checking whether the use of the data is compliant or not in a technical stuck point mode, and ensuring that a special effect is achieved.

With reference to FIG. 3, FIG. 3 shows a system diagram of a data processing system provided in accordance with one embodiment of the present description, the data processing system specifically including a data provider 302 and a data requester 301.

The data requester 301 sends a task data request to the data provider, where the task data request includes a data requester identifier corresponding to the data requester and task scene information.

The data provider 302 obtains target task data according to a received task data request, wherein the task data request comprises a data request identifier corresponding to the data request and task scene information; extracting a target scene label corresponding to the task scene information according to the task scene information; determining a scene identification code according to the data requester identification and the target scene label; encrypting the target task data according to the scene identification code to generate target encrypted data corresponding to the target task data; and marking the target encrypted data based on the target scene tag, obtaining marked encrypted data, and transmitting the marked encrypted data to the data requester.

The data requesting party 301 further includes a receiving unit configured to receive tag encrypted data sent by the data providing party based on the task data request, wherein the tag encrypted data includes target encrypted data and a target scene tag; receiving a data processing request aiming at target encrypted data, wherein the data processing request carries scene information to be processed; acquiring a to-be-processed scene tag corresponding to the to-be-processed scene information according to the to-be-processed scene information; under the condition that the scene label to be processed is matched with the target scene label, acquiring initial processing data corresponding to the data processing request according to the target encryption data; the initial processing data is marked based on the target scene tag, and target processing data is obtained.

The application of the data processing method provided in the present specification to an online credit loan is taken as an example, and the data processing method will be further described with reference to fig. 4. Fig. 4 is a flowchart of a processing procedure of a data processing method according to an embodiment of the present disclosure, which specifically includes the following steps.

In practical application, in order to complete the processing of the data in a specific application scene on the premise of protecting the data security and ensuring that the personal information is not leaked, the ownership and the use right of the data can be managed separately. In a specific application scenario, the data provider can understand that a party with right to hold data can perform right verification on an external data request, and output data outwards under the condition that verification is passed; a data requestor may be understood as a party having access to data, may obtain data from a data provider, and apply the obtained data to a task scenario authorized by the data provider.

An embodiment of the present disclosure provides a data processing method, taking a group a that provides an online credit service as a data requester, and taking a bank B that stores and manages credit data of a user as a data provider as an example, and further describes the data processing method provided in one or more embodiments of the present disclosure.

Step 402: the group A sends a user credit data request to the bank B, wherein the user credit data request comprises an identifier A corresponding to the group A and a scene label < online credit >.

The group a is a party providing the online credit service, and only has the right to use the credit data of the user in specific task scenarios such as evaluating whether the user is qualified to open the credit service and evaluating the maximum credit limit of the user. The identifier a is a unique identifier corresponding to the group a, and may be, for example, information capable of uniquely determining the identity of the group a, such as an IP address of the group a. In order to further improve the security of the permission verification, the identifier A can be encrypted.

The group A can sign up with the bank B in advance to use the credit data of the user in the scene of < online credit > so that the authority verification set by the bank B can be successfully passed when the group A has processing requirements on the credit data of the user.

The processing requirement of group a for user credit data may be, for example, "apply for qualification determination of application of user credit data to online credit. The group a may send the demand information carried in the credit data request, so that the bank B can verify the specific demand information.

It should be noted that, in a stricter security check scene, the bank B may only verify the identifier a and the scene tag "online credit", and if the bank B verifies that the group corresponding to the identifier a does not sign up, it may directly determine that the check is not passed; or if the bank B detects that the related task with the label of < online credit > is not opened, the bank B can also directly judge that the verification is not passed.

Step 404: and (3) the bank B searches whether the scene label < online credit > exists in the data record table, and if so, searches whether the identifier A exists in the sub data record table corresponding to the scene label Jing Biaoqian < online credit >.

Step 406: and under the condition that the bank B retrieves the target data record corresponding to the scene label < online credit > and the identifier A, acquiring the unique scene identifier corresponding to the scene label < online credit > and the identifier A from the target data record.

It should be noted that, after signing a data usage protocol based on the < online credit > scenario with the group a, the bank B may automatically generate a unique scenario identification code according to the scenario label < online credit > and the identification a, and store the unique scenario identification code in the target data record.

Step 408: and the bank B acquires the user credit data according to the user credit data request, encrypts the unique identification information of the user credit data according to the unique scene identification code, and outputs the encrypted user credit data as an encrypted view.

The unique identification information of the user credit data may be user information or the like, and can uniquely identify the user credit data. In the encrypted view, data related to sensitive information may be encrypted by a unique scene identification code.

Step 410: bank B obtains a tagged encrypted view based on the scene tag < online credit > tagged encrypted view and sends the tagged encrypted view to group a.

Step 412: group a receives and stores the tagged encrypted view.

Step 414: and checking scene information of the internal data processing request to be initiated in the group of the group A.

Specifically, the verification of the scene information in the group a can only verify the scene label < online credit >, or can verify other information such as internal department identification on the basis of verifying the scene label < online credit >, so that the use of the data in the domain is ensured to be safe and compliant.

Through checking the scene labels, the data isolation between different task scenes can be effectively realized, so that the purpose of special number is achieved.

Step 416: and if the scene label corresponding to the scene information is matched with the scene label < online credit > corresponding to the marked encryption view, initiating an internal data processing request.

In practical application, under the condition that the scene label set in the group A is checked, the internal data processing request is allowed to be initiated, and the check (check) of the scene application to the data through the scene label can be realized, so that the constraint on the application range of the data is improved, and the special effect of the private number is achieved.

Step 418: the group A obtains initial processing data corresponding to the encrypted view according to the internal data processing request, and obtains target processing data based on the initial processing data marked by the scene tag < online credit >.

It should be noted that, since the target processing data carries a scene tag < online credit >, a newly generated table obtained by processing the target processing data in the group a can be tag-transferred based on the scene tag < online credit > -of the usage table upstream of the blood edge. Each newly generated table can be used for marking task scenes based on the scene tag < online credit > obtained through transmission, so that visual management of data application scenes and encryption and isolation of different task scenes are realized.

According to the data processing method, the relevant information of the data request party carried in the task data request is extracted, the data request party identifier corresponding to the data request party and the task scene label are verified, under the condition that verification is passed, the target task data applied by the data request party is encrypted according to the data request party identifier and the unique scene code corresponding to the target scene label, the encrypted target encrypted data is marked according to the target scene label, and the marked encrypted data is sent to the data request party, so that the encrypted isolation of the task data according to the actual task scene is realized, the isolation between different data processing main bodies and different task scenes can be enhanced, and the safety of the data information is improved.

Corresponding to the above method embodiments, the present disclosure further provides an embodiment of a data processing apparatus, and fig. 5 is a schematic structural diagram of a data processing apparatus configured in a data provider according to one embodiment of the present disclosure. As shown in fig. 5, the apparatus includes:

the first obtaining module 502 is configured to obtain target task data according to a received task data request, where the task data request includes a data requester identifier corresponding to a data requester and task scene information;

The extracting module 504 is configured to extract a target scene tag corresponding to the task scene information according to the task scene information;

a determining module 506 configured to determine a scene identification code based on the data requestor identification and the target scene tag;

the encryption module 508 is configured to encrypt the target task data according to the scene identification code, and generate target encrypted data corresponding to the target task data;

the transmitting module 510 is configured to tag the target encrypted data based on the target scene tag, obtain the tagged encrypted data, and transmit the tagged encrypted data to the data requester.

Optionally, the extraction module 504 is further configured to:

and determining target keywords corresponding to the initial keywords according to a preset reference table.

Optionally, the extraction module 504 may be further configured to:

and inputting the task scene information into the scene tag model to obtain a target scene tag output by the scene tag model.

Optionally, the determining module 506 is further configured to:

acquiring a data record table, wherein the data record table stores the corresponding relation among the data requester identifier, the scene tag and the scene identifier code;

searching in a data record table according to the data request party identifier and the target scene label;

and under the condition that the target data record corresponding to the data requester identifier and the target scene label is retrieved from the data record table, acquiring the scene identifier of the target data record.

Optionally, the encryption module 508 is further configured to:

acquiring at least one piece of data to be encrypted in target task data;

Optionally, the sending module 510 is further configured to:

generating an encrypted view according to the target encrypted data;

the encrypted view is sent to the data requestor.

Optionally, the data processing apparatus further comprises a signing module configured to:

receiving subscription information, wherein the subscription information comprises a subscription data request party identifier and subscription task scene information corresponding to a subscription data request party;

extracting a subscription scene label corresponding to the subscription task scene information according to the subscription task scene information;

Generating a subscription scene identification code according to the subscription data requesting party identification and the subscription scene label;

and correspondingly storing the sign of the signing data requester, the sign of the signing scene and the sign of the signing scene in a data record table.

Corresponding to the above method embodiments, the present disclosure further provides an embodiment of a data processing apparatus, and fig. 6 is a schematic structural diagram of a data processing apparatus configured at a data requester according to one embodiment of the present disclosure. As shown in fig. 6, the apparatus includes:

a request module 602, configured to send a task data request to a data provider, where the task data request includes a data requester identifier corresponding to the data requester and task scene information;

a first receiving module 604 configured to receive tag encrypted data sent by the data provider based on the task data request, wherein the tag encrypted data includes target encrypted data and a target scene tag;

a second receiving module 606, configured to receive a data processing request for the target encrypted data, where the data processing request carries scene information to be processed;

a second obtaining module 608, configured to obtain a to-be-processed scene tag corresponding to the to-be-processed scene information according to the to-be-processed scene information;

And a third obtaining module 610, configured to obtain initial processing data corresponding to the data processing request according to the target encrypted data when the to-be-processed scene tag matches the target scene tag, and mark the initial processing data based on the target scene tag to obtain target processing data.

In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the data processing apparatus, since it is substantially similar to the data processing method embodiment, the description is relatively simple, and the relevant points are referred to in the description of the data processing method embodiment.

Fig. 7 illustrates a block diagram of a computing device 700 provided in accordance with one embodiment of the present description. The components of computing device 700 include, but are not limited to, memory 710 and processor 720. Processor 720 is coupled to memory 710 via bus 730, and database 750 is used to store data.

Computing device 700 also includes access device 740, access device 740 enabling computing device 700 to communicate via one or more networks 760. Examples of such networks include public switched telephone networks (PSTN, public Switched Telephone Network), local area networks (LAN, local Area Network), wide area networks (WAN, wide Area Network), personal area networks (PAN, personal Area Network), or combinations of communication networks such as the internet. The access device 740 may include one or more of any type of network interface, wired or wireless, such as a network interface card (NIC, network interface controller), such as an IEEE802.11 wireless local area network (WLAN, wireless Local Area Network) wireless interface, a worldwide interoperability for microwave access (Wi-MAX, worldwide Interoperability for Microwave Access) interface, an ethernet interface, a universal serial bus (USB, universal Serial Bus) interface, a cellular network interface, a bluetooth interface, near field communication (NFC, near Field Communication).

In one embodiment of the present description, the above-described components of computing device 700, as well as other components not shown in FIG. 7, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device illustrated in FIG. 7 is for exemplary purposes only and is not intended to limit the scope of the present description. Those skilled in the art may add or replace other components as desired.

Computing device 700 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smart phone), wearable computing device (e.g., smart watch, smart glasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or personal computer (PC, personal Computer). Computing device 700 may also be a mobile or stationary server.

Wherein the processor 720 is configured to execute computer-executable instructions that, when executed by the processor, perform the steps of the data processing method described above.

In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for computing device embodiments, the description is relatively simple, as it is substantially similar to data processing method embodiments, with reference to the partial description of data processing method embodiments.

An embodiment of the present disclosure also provides a computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the steps of the data processing method described above.

In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for computer readable storage medium embodiments, since they are substantially similar to data processing method embodiments, the description is relatively simple, and reference is made to the description of data processing method embodiments in part.

An embodiment of the present specification also provides a computer program, wherein the computer program, when executed in a computer, causes the computer to perform the steps of the data processing method described above.

In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the computer program embodiments, the description is relatively simple, since it is substantially similar to the data processing method embodiments, and reference is made to the description of the data processing method embodiments in part.

The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

The computer instructions include computer program code that may be in source code form, object code form, executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of including the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.

It should be noted that the foregoing describes specific embodiments of the present invention. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily all required for the embodiments described in the specification.

It should be noted that, in the embodiments of the present application, the use of user data may be involved, and in practical applications, user specific personal data may be used in the schemes described herein within the scope allowed by applicable legal regulations in the country where the applicable legal regulations are met (for example, the user explicitly agrees to the user to actually notify the user, etc.).

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.

The preferred embodiments of the present specification disclosed above are merely used to help clarify the present specification. Alternative embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the teaching of the embodiments. The embodiments were chosen and described in order to best explain the principles of the embodiments and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. This specification is to be limited only by the claims and the full scope and equivalents thereof.

Claims

1. A data processing method applied to a data provider, comprising:

and marking the target encrypted data based on the target scene tag, obtaining marked encrypted data, and sending the marked encrypted data to the data requester.

2. The method of claim 1, wherein the extracting, according to the task scene information, a target scene tag corresponding to the task scene information includes:

analyzing the task scene information to obtain target keywords included in the task scene information;

and determining the target keyword as a target scene tag corresponding to the task scene information.

3. The method according to claim 2, wherein the parsing the task scenario information to obtain the target keywords included in the task scenario information includes:

4. The method of claim 1, wherein the extracting, according to the task scene information, a target scene tag corresponding to the task scene information includes:

5. The method of claim 1, the determining a scene identification code from the data requestor identification and the target scene tag, comprising:

acquiring a data record table, wherein the data record table stores the corresponding relation among a data request party identifier, a scene tag and a scene identifier code;

searching in the data record table according to the data request party identifier and the target scene tag;

and under the condition that the target data record corresponding to the data requester identifier and the target scene label is retrieved in the data record table, acquiring the scene identifier of the target data record.

6. The method of claim 1, wherein encrypting the target task data according to the scene identification code generates target encrypted data corresponding to the target task data, and includes:

acquiring at least one piece of data to be encrypted in the target task data;

7. The method of claim 1, the sending the tagged encrypted data to the data requestor comprising:

generating an encrypted view according to the target encrypted data;

and sending the encrypted view to the data requester.

8. The method of claim 1, the method further comprising:

generating a subscription scene identification code according to the subscription data requester identification and the subscription scene label;

9. A data processing method, applied to a data requester, comprising:

receiving marked encryption data sent by the data provider based on the task data request, wherein the marked encryption data comprises target encryption data and a target scene tag;

Receiving a data processing request aiming at the target encrypted data, wherein the data processing request carries scene information to be processed;

and under the condition that the to-be-processed scene tag is matched with the target scene tag, acquiring initial processing data corresponding to the data processing request according to the target encryption data, and marking the initial processing data based on the target scene tag to acquire target processing data.

10. A data processing system comprising a data provider and a data requester;

the data provider acquires target task data according to a received task data request, wherein the task data request comprises a data request identifier corresponding to the data request and task scene information; extracting a target scene label corresponding to the task scene information according to the task scene information; determining a scene identification code according to the data requester identification and the target scene label; encrypting the target task data according to the scene identification code to generate target encrypted data corresponding to the target task data; marking the target encrypted data based on the target scene tag, obtaining marked encrypted data, and transmitting the marked encrypted data to the data requester;

The data requester further comprises a step of receiving the marked encryption data sent by the data provider based on the task data request, wherein the marked encryption data comprises target encryption data and a target scene tag; receiving a data processing request aiming at the target encrypted data, wherein the data processing request carries scene information to be processed; acquiring a to-be-processed scene tag corresponding to the to-be-processed scene information according to the to-be-processed scene information; under the condition that the scene label to be processed is matched with the target scene label, acquiring initial processing data corresponding to the data processing request according to the target encryption data; and marking the initial processing data based on the target scene tag to obtain target processing data.

11. A data processing apparatus, configured to a data provider, comprising:

A determining module configured to determine a scene identification code based on the data requestor identification and the target scene tag;

and a transmitting module configured to tag the target encrypted data based on the target scene tag, obtain tagged encrypted data, and transmit the tagged encrypted data to the data requester.

12. The apparatus of claim 11, the extraction module further configured to:

13. The apparatus of claim 12, the extraction module further configured to:

14. The apparatus of claim 11, the extraction module further configured to:

15. The apparatus of claim 11, the determination module further configured to:

16. The apparatus of claim 11, the encryption module further configured to:

acquiring at least one piece of data to be encrypted in the target task data;

17. The apparatus of claim 11, the transmitting module further configured to:

generating an encrypted view according to the target encrypted data;

And sending the encrypted view to the data requester.

18. The apparatus of claim 11, further comprising a sign-up module configured to:

19. A data processing apparatus configured in a data requester, comprising:

a first receiving module configured to receive tag encryption data sent by the data provider based on the task data request, wherein the tag encryption data includes target encryption data and a target scene tag;

The second receiving module is configured to receive a data processing request aiming at the target encrypted data, wherein the data processing request carries scene information to be processed;

and the third acquisition module is configured to acquire initial processing data corresponding to the data processing request according to the target encryption data under the condition that the scene label to be processed is matched with the target scene label, and mark the initial processing data based on the target scene label to acquire target processing data.

20. A computing device, comprising:

a memory and a processor;

the memory is configured to store computer executable instructions, the processor being configured to execute the computer executable instructions, which when executed by the processor, implement the steps of the method of any one of claims 1 to 9.

21. A computer readable storage medium storing computer executable instructions which when executed by a processor implement the steps of the method of any one of claims 1 to 9.