WO2024002102A1

WO2024002102A1 - Active administration system for data assets, computing device, and storage medium

Info

Publication number: WO2024002102A1
Application number: PCT/CN2023/102903
Authority: WO
Inventors: 韦莎; 刘海阳; 李铮; 吕东阳; 高凡; 周子文; 刘默
Original assignee: 中国信息通信研究院
Priority date: 2022-06-27
Filing date: 2023-06-27
Publication date: 2024-01-04
Also published as: CN115081001A

Abstract

The present application relates to the technical field of data processing, and discloses an active administration system for data assets, comprising: a full lifecycle management component configured to perform full lifecycle management on various subject attributes of data assets; a control management component configured to manage the use process of the data assets; a log storage management component configured to manage various logs generated in the use process of the active administration system for data assets; and an interface management component configured to manage a communication interface of the active administration system for data assets. The present application further discloses a computing device and a storage medium.

Description

A data asset active management system, computing device and storage medium

This application is filed based on a Chinese patent application with application number 202210734076.1 and a filing date of June 27, 2022, and claims the priority of the Chinese patent application. The entire content of the Chinese patent application is hereby incorporated into this application as a reference.

Technical field

This application relates to the field of data processing technology, for example, to an active data asset management system, computing equipment and storage media.

Background technique

At present, with the further advancement of digital transformation in the manufacturing industry, data is bound to play a greater role as a new production factor. Ensuring the orderly flow of data, cultivating the data trading market, and strengthening the protection of important data are becoming the "last mile" of data valuing. "Necessary work. As an information resource, the two key characteristics of data as an asset are that it can bring economic benefits to enterprises and measurable costs and benefits. Compared with traditional tangible assets and intangible assets, data assets are non-entity and dependent. , diversity, processability, value variability, multiple derivations, shareability and zero-cost duplication.

In the process of implementing the embodiments of the present disclosure, it is found that there are at least the following problems in related technologies:

Due to the many characteristics of data assets, data assets have problems such as poor quality, difficulty in data interoperability, high acquisition costs, difficulty in ensuring security, and complex ownership confirmation and valuation transactions. There has not yet been a plan for data sharing, circulation, transactions and security. The technical system of protection puts the value of data at a bottleneck.

Contents of the invention

In order to provide a basic understanding of some aspects of the disclosed embodiments, a simplified summary is provided below. This summary is not intended to be a general review, nor is it intended to identify key/important elements or delineate the scope of the embodiments, but is intended to serve as a prelude to the detailed description that follows.

Embodiments of the present disclosure provide a data asset active management system, computing equipment and storage media to manage and control data assets, give full play to the strategic element resource role and innovation engine role of data, and promote the value of data assets.

In some embodiments, the data asset active management system includes:

The full life cycle management component is configured to perform full life cycle management of various subject attributes of data assets;

The control management component is configured to manage the use process of data assets;

The log storage and evidence management component is configured to manage various logs generated during the use of the active data asset management system;

The interface management component is configured to manage the communication interface of the data asset active management system.

Optionally, the full life cycle management component is specifically configured as:

Manage data sovereignty, data history and data quality of data assets.

Manage the data types, data levels and data standards of data assets.

Manage the data value, data sharing and smart contracts of data assets.

Optionally, the control management component is specifically configured as:

Manage usage rights, access control and contract settings of data assets.

Optionally, the control management component is specifically configured as:

Manage the use control, usage patterns, collaboration patterns, and usage environment security scans of data assets.

Optionally, the log certificate management component is specifically configured as:

Manage the internal logs of the active data asset management system, data operation logs, and collaborative logs with other data asset management systems.

Optionally, the interface management component is specifically configured as:

Manage communication interfaces between at least two data asset active management systems, and communication interfaces between the data asset active management systems and data assets.

In some embodiments, the computing device includes a processor and a memory storing program instructions, and the processor is configured to implement the active data asset management system as described in this application when running the program instructions.

In some embodiments, the storage medium stores program instructions, and when the program instructions are run, the data asset active management system as described in this application is implemented.

The data asset active management system, computing device and storage medium provided by the embodiments of the present disclosure can achieve the following technical effects:

This application realizes the full life cycle management of data assets and the effective governance of data assets by loading the full life cycle management component, control management component, log storage management component and interface management component of the identity tag and subject and its attribute functions. , which solves the problems of poor quality of data assets, difficulty in data interoperability, high acquisition costs, difficulty in ensuring security, complex ownership confirmation and valuation transactions, etc., and forms a technical system for data sharing, circulation, transaction and security protection.

The above general description and the following description are exemplary and explanatory only and are not intended to limit the application.

Description of drawings

One or more embodiments are exemplified by corresponding drawings. These exemplary descriptions and drawings do not constitute limitations to the embodiments. Elements with the same reference numerals in the drawings are shown as similar elements. The drawings are not limited to scale and in which:

Figure 1 is a schematic diagram of the functional architecture of AAS-DA provided by this application;

Figure 2 is a schematic flow chart of a data asset management method provided by this application;

Figure 3 is a schematic flow chart of another data asset management method provided by this application;

Figure 4 is a schematic flow chart of another data asset management method provided by this application;

Figure 5 is a schematic flow chart of another data asset management method provided by this application;

Figure 6 is a schematic flow chart of another data asset management method provided by this application;

Figure 7 is a schematic flow chart of another data asset management method provided by this application;

Figure 8 is a schematic flow chart of another data asset management method provided by this application;

Figure 9 is a schematic structural diagram of an AAS-DA system provided by this application;

Figure 10 is a schematic flow chart of a method for controlling the use of data assets provided by this application;

Figure 11 is a schematic flow chart of another data asset usage control method provided by this application;

Figure 12 is a schematic flow chart of another data asset usage control method provided by this application;

Figure 13 is a schematic flow chart of another data asset usage control method provided by this application;

Figure 14 is a schematic flow chart of another data asset usage control method provided by this application;

Figure 15 is a schematic flow chart of another data asset usage control method provided by this application;

Figure 16 is a schematic flow chart of another method for controlling the use of data assets provided by this application;

Figure 17 is a schematic diagram of a computing device provided by this application.

Detailed ways

In order to understand the characteristics and technical content of the embodiments of the present disclosure in more detail, the implementation of the embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings. The attached drawings are for reference only and are not intended to limit the embodiments of the present disclosure. In the following technical description, for convenience of explanation, multiple details are provided to provide a thorough understanding of the disclosed embodiments. However, one or more embodiments may be practiced without these details. In other instances, well-known structures and devices may be shown simplified to simplify the drawings.

The terms "first", "second", etc. in the description and claims of the embodiments of the present disclosure and the above-mentioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that data so used are interchangeable under appropriate circumstances for the purposes of the embodiments of the disclosure described herein. Furthermore, the terms "including" and "having" and any variations thereof are intended to cover not exclusive His included.

Unless otherwise stated, the term "plurality" means two or more.

In the embodiment of the present disclosure, the character "/" indicates that the preceding and following objects are in an "or" relationship. For example, A/B means: A or B.

The term "and/or" is an association relationship describing objects, indicating that three relationships can exist. For example, A and/or B means: A or B, or A and B.

The term "correspondence" can refer to an association relationship or a binding relationship. The correspondence between A and B refers to an association relationship or a binding relationship between A and B.

First, let’s explain the technical terms involved in this application:

AAS-DA (Active Administration System-Data Asset): It is a data asset active management system for full life cycle management and use control of data assets.

DA (Data-Asset): refers to data assets, used to identify a data asset.

API (Application Programming Interface) refers to the connection interface, which in this application refers to the interface in the data asset active management system AAS-DA.

In related technologies, data assets have many characteristics and face many challenges. According to the definition of PwC, compared with traditional tangible assets and intangible assets, data assets are non-entity, dependent, diverse, and processable. Sexuality and value mutability. On this basis, China Everbright Bank and Outlook Think Tank have added multiple derivatives, shareability and zero-cost replicability. Specifically:

Non-practical: It does not have a physical form and relies on physical carriers to exist; it will not be worn or consumed due to use; it can be used indefinitely during its existence.

Dependability: must be stored in a certain medium; can exist in multiple media in different forms at the same time.

Diversity: diverse expression forms; diverse fusion forms; uncertain usage methods.

Value volatility: Value is affected by many different factors; including technology, capacity, value density, application business model, etc.

Processability: It can be maintained, updated, supplemented, and added; it can be deleted, merged, aggregated, and redundant eliminated; it can be analyzed, refined, mined, etc.

Multiple derivation: refers to the fact that the same data subject can be processed in multiple levels and dimensions, thereby deriving different levels of data value, mining the potential value of multi-level and multi-dimensional data assets, and enriching data assets.

Shareability: refers to the fact that data assets can be exchanged, transferred and used indefinitely, and its shareability can be used to maximize the value of data assets;

Zero-cost replicability: refers to the fact that the cost of data assets mainly lies in the early data reading and research and development stages. Therefore, the cost of starting up data assets is extremely high, but the subsequent copying and sharing, the marginal cost tends to zero.

Therefore, many characteristics of data assets have largely led to the difficulty of ownership confirmation and valuation transactions. This application aims to manage and restrict the above characteristics of data assets.

At the same time, the two key characteristics of data becoming an asset are that it can bring economic benefits to enterprises and measurable costs and benefits. The reasons why the value of data faces bottlenecks mainly include insufficient quality, difficulty in data interoperability, high acquisition costs, and difficulty in security. Guarantee, etc., data assets need to be managed through the following dimensions, including:

Data standards management: normative constraints that ensure the consistency and accuracy of internal and external use and exchange of data.

Metadata management: extract abstract information of data, trace data, and explore relationships between data.

Data quality management: Improve data quality and improve the level of data applications and services.

Data security management: Divide data security levels and formulate data security management specifications to achieve "manageable beforehand, controllable during the matter, and investigation afterward."

Data value management: data cost management and data revenue management to optimize and maximize the release of data value.

Data sharing management: Through internal sharing of data, external circulation of data, and opening to the outside world, the internal and external value of data is released.

It can be seen that the problems and challenges faced in sharing data assets include transparency, accessibility, standardization, security and data integrity, specifically:

Transparency: refers to the openness of all parties involved in the sharing of data assets to provide all information needed to successfully deliver the data sharing partnership.

Accessibility: Refers to the ability of all parties to access the data they need when they need it.

Standardization: refers to the adoption of consistent legal, technical and other measures for all stakeholders in the data sharing process.

Security and data integrity: refers to the implementation of measures and mechanisms designed to securely protect information and data to achieve a secure environment for data sharing.

To this end, as shown in Figure 1, this application provides a data asset active management system AAS-DA to conduct full life cycle management of data assets, as well as execution supervision, control and management during use. Among them, each data asset has its twin matching AAS-DA, thereby upgrading the data asset from a passive asset to an active asset. AAS-DA can define, configure and update the attribute information of data assets, record the full life cycle information, and perform the highest priority operations on data assets, including but not limited to desensitization, encryption, termination and destruction. When data assets are processed, AAS-DA can record the processing process and terminate the use and/or destroy the data assets when they do not meet the data asset security requirements and other constraints. When the data asset is copied, a new AAS-DA will be generated accordingly, and the AAS-DA of the copied data asset will be associated with the AAS-DA of the original data asset.

Optionally, the AAS-DA of this application supports all types of data assets, including but not limited to streaming data, event data, engineering drawings, videos, algorithms, machine learning models or knowledge graphs, etc.

Optionally, in order to meet the transparency of data asset sharing, circulation and transactions and allow all stakeholders to know relevant information, AAS-DA can be divided into AAS-DA-supplier, AAS-DA-user and AAS-DA-public. The three AAS-DAs of the same data asset are related to each other and can be merged under necessary conditions. Among them, AAS-DA-supplier has the highest authority and can read all content in AAS-DA-user and AAS-DA-public. , the content specified by AAS-DA-user and AAS-DA-public must be a subset of AAS-DA-supplier.

As shown in Figure 1, the functional architecture of the data asset active management system AAS-DA of this application consists of "identity tag" and "subject". Among them, the identity tag is the globally unique identifier of the data asset and AAS-DA; the main body includes: the full life cycle management component of the data asset, the control management component, the log storage management component and the interface management component and their corresponding attributes, etc.

In the embodiment of this application, the full life cycle management component is configured to perform full life cycle management of various subject attributes of data assets. The various subject attributes include data sovereignty, data history, data quality, data type, data level, Attributes such as data standards, data value, data sharing and contracts are used to manage the data sovereignty, data history, data quality, data types, data levels, data standards, data value, data sharing and smart contracts of data assets. Each The details of the class attribute structure are shown in Table 1:

Table 1: Detailed list of attributes throughout the life cycle of data assets

In this way, the full life cycle management of data assets can be better achieved.

In the embodiment of this application, the control management component is configured to manage the use process of data assets, which specifically includes permission management, access control, contract settings, usage control, usage mode, collaboration mode, and usage environment security. Scan and other attributes to manage the permissions, access control, contract settings, usage control, usage mode, collaboration mode, and usage environment security scan of data assets.

Specifically, permission management implements the control of user access/use of data assets, and controls that users can access and only access the data assets they are authorized to according to security rules or security policies. Permission management includes two parts: user identity authentication and authorization, referred to as authentication and authorization. Users who need to access/use control data assets must first undergo identity authentication. After passing the authentication, the user can only access/use the resource after passing the authentication.

Access control includes setup, operation, monitoring, and interruption. Settings mainly include setting the access control mode, subject, behavior, resources, and environment. Access control modes generally have the following forms: discretionary access control, command access control, role access control, attribute access control or other types of access control; subjects include server administrators, data holders, data users who sign contracts, Data users and other role subjects who have not signed a contract; behaviors include reading, writing, copying, deleting, etc.; resources are mainly references to data asset attributes in the full life cycle management of data assets; environment refers to the time when data transactions occur, location and other environmental factors. Interrupts are mainly divided into active interruptions and passive interruptions.

Contract setting mainly involves setting Value (hash value, DNA/ID card of the data), Address (connecting different clients), State (input: target state, such as usage time) after reaching an agreement between the data provider and the data user. , times, etc.) and Function (output: executable strategy) and other contract terms.

Usage control mainly monitors the use process of data assets and identifies abnormal situations according to the relevant requirements in the contract settings, as well as suspends the call of data assets and realizes the destruction of data assets. The data usage process is monitored in real time through the monitor. When the user reaches a specific state (the number of times reached, the provider terminates, the user defaults), the executor calls the executable strategy in the contract settings-Function to realize the destruction, suspension, suspension, etc. of data assets.

Optionally, the usage modes generally include the following: regular usage, private computing mode, federated learning mode, encryption mode and others. Custom mode.

Collaboration modes include merge collaboration and association collaboration modes. Two/multiple AAS-DA-suppliers that turn on collaborative mode will achieve synchronous management of data assets during the use of data assets.

Security scanning of the usage environment is mainly performed by AAS-DA-user before the data assets reach the data user. According to the requirements of the smart contract, the software layer and system layer of the usage environment are security scanned, and the software that meets the requirements of the smart contract is safely marked. .

Among them, the details of the attribute structure of the data asset control management component are shown in Table 2:

Table 2: Detailed list of attributes for data asset management

In this way, data assets can be better used and controlled.

In the embodiment of this application, the log storage and evidence management component is configured to manage various types of logs generated during the use of the data asset active management system, where the various types of logs mainly include internal logs and data operation logs. , Collaborative logs with other data asset management systems. Specifically, it includes but is not limited to the operation of each functional component in AAS-DA-supplier, the operation of data assets by AAS-DA-supplier, the operation of data assets sent by AAS-DA-user to AAS-DA-supplier, Other related operations on replicated data or sub-data sent by AAS-DA to AAS-DA-supplier, as well as a time-ordered collection of the results of these operations. Each log file consists of log records, and each log record describes a separate system event.

Typically, the system log is the AAS-DA-supplier's local log that can be read directly by the data provider, which includes a timestamp and a message or other information unique to the subsystem. Usage log is the operation log of data assets sent by AAS-DA-user to AAS-DA-supplier and AAS-DA-public during the operation process of data assets. Generally, it needs to be stored through the blockchain. For subsequent use in liquidation, auditing, supervision, etc.

In the embodiment of this application, the interface management component is configured to manage the communication interface of the data asset active management system. Specifically, the interface management component mainly manages the communication between at least two data asset active management systems. Interface, as well as the communication interface between the data asset active management system and the data assets are managed.

Using the data asset active management system provided by the embodiments of the present disclosure, by loading the identity tag and the full life cycle management component of the subject, the control management component, the log storage management component and the interface management component and their attribute functions, the data assets are implemented. Full life cycle management and effective governance of data assets solve problems such as poor quality of data assets, difficulty in data interoperability, high acquisition costs, difficulty in ensuring security, and complex ownership confirmation and valuation transactions, forming a system for data sharing. , circulation, transaction and security protection technical system.

In practical applications, as shown in Figure 2, this application provides a data asset management method, which is applied to the data asset active management system AAS-DA. The data asset active management system AAS-DA is divided into AAS-DA- supplier, AAS-DA-user and AAS-DA-public, the methods include:

Step 201: After the data asset is formed, the data provider creates an AAS-DA-supplier corresponding to the data asset, and initializes the configuration of the data asset in the AAS-DA-supplier.

Step 202: The data provider saves the data asset information to be disclosed in AAS-DA-supplier as the corresponding AAS-DA-public and uploads it to the intermediary service party. The intermediary service party implements AAS-DA through AAS-DA-public. -supplier information release.

Step 203: The data user reads the data asset information disclosed in AAS-DA-public and develops a smart contract through AAS-DA-public and the data provider.

Step 204: The data provider saves AAS-DA-supplier as AAS-DA-user, and sends AAS-DA-user and the preprocessed data assets to the data user.

Step 205: AAS-DA-user monitors the data asset usage process of the data user according to the smart contract, and records all processing operation information for the data assets.

Step 206: When the changes in the data assets reach the boundary conditions of the smart contract or the constraints are violated, AAS-DA-user terminates and/or destroys the data assets of the data user.

Using the data asset management method provided by the embodiments of the present disclosure, AAS-DA is used to achieve full life cycle management of data assets among data providers, data users and intermediate service parties, and data sovereignty is maintained in the hands of the data provider. , realizing the availability of data assets that are invisible, controllable, measurable, access rights controlled and burned after use, solving the problems of poor quality of data assets, difficulty in data interoperability, high acquisition costs, difficulty in ensuring security, confirmation of ownership rights and Problems such as the complexity of valuation transactions have formed a technical system for data sharing, circulation, transaction and security protection.

In the embodiment of this application, as shown in Figure 3, the initial configuration of data assets in AAS-DA-supplier includes:

Step 301: Generate the initial sovereignty information of the data asset in AAS-DA-supplier, where the initial sovereignty information includes the ownership information, time information and location information of the data asset.

In the embodiment of the application, after the data asset is generated, the initial sovereignty information of the data asset is generated in the AAS-DA-supplier accordingly, including the ownership, time, location and other information of the data asset generation to facilitate the confirmation of data ownership.

Step 302: Define, set and update various subject attributes of the data assets through AAS-DA-supplier.

In the embodiment of the application, various attributes of data assets can be defined, set and updated through AAS-DA-supplier, including data types, standards, specifications and laws and regulations that data assets follow, quality levels, security level requirements, etc.

Step 303: When the data assets are copied or sub-data is generated, they are associated through their respective AAS-DA-suppliers.

In the embodiment of the application, when data assets are copied or sub-data is generated, they can be associated through their respective AAS-DAs to facilitate traceability.

Step 304: Use AAS-DA-supplier to desensitize or encrypt data assets.

In the embodiment of the application, before the data assets are used, AAS-DA-supplier can desensitize the data assets and encrypt the data according to the encryption algorithm requirements of the country and the enterprise.

In addition, during the use of data assets, AAS-DA-user records all processing operation information for data assets and feeds back to AAS-DA-supplier in real time or afterward. AAS-DA-supplier can, after learning the processing status of data assets, Actively issue termination/destruction instructions to AAS-DA-user, and AAS-DA-user calls the operation script to realize the termination/destruction of data assets; and, AAS-DA can manage the physical carrier and storage media of data assets.

In this way, data providers can better control and protect data assets.

In the embodiment of this application, as shown in Figure 4, the intermediary service party implements the information release of AAS-DA-supplier through AAS-DA-public, including:

Step 401: The intermediate service party generates a resource directory based on various subject attributes of AAS-DA-public to implement a centralized management model or a distributed management model of data assets.

In the embodiment of the application, the resource directory mainly includes the names of various types of resources and their metadata descriptions. The intermediate service platform supports the sharing and trading of the following three types of resources: First, data assets, including but not limited to streaming data, event data, CAD drawings, videos, algorithms, models, digital twins, knowledge maps, APPs, API calls, etc. The metadata of the data asset class is stored in the full life cycle management component of the corresponding AAS-DA-supplier data asset; the second is the IT infrastructure class, including but not limited to cloud computing, edge computing, computing resources, communication resources, etc. ; The third is the trusted environment solution category, including but not limited to trusted environment solutions at the hardware layer, system layer and software layer. Certified AAS-DA and resources will be included in the resource directory for management.

The data provider saves the information to be disclosed in AAS-DA-supplier as AAS-DA-public and uploads it to the intermediary service party through the data provider. AAS-DA-public that has been reviewed and approved by the intermediary service platform is included in in the resource directory.

Step 402: The data user queries the data assets that meet the requirements by accessing the resource directory of the intermediate service party.

Step 403: The intermediate service party pushes data assets to the data user based on the supply of data assets in the resource directory.

In the embodiment of the application, the data user can access the resource directory of the intermediate service party and query the data assets and other resources that meet its requirements. The data user can also subscribe to resource directory updates, or fill in the data assets and other resources of interest. According to demand, the intermediate service provider can perform accurate push based on the supply of data assets and other resources.

In this way, this application does not need to centralize the data assets themselves to the intermediate service provider, but only needs to manage AAS-DA-public, and generate a resource directory based on the attribute information in AAS-DA-public to realize the distribution of data assets. Management and centralized management of AAS-DA reduce the risk of data assets and increase the willingness of data providers to share data assets.

In the embodiment of this application, as shown in Figure 5, the data user reads the data asset information disclosed in AAS-DA-public, and develops a smart contract with the data provider through AAS-DA-public, including:

Step 501: The data usage direction initiates an invitation to one or more data providers that meet its needs.

Step 502: The data provider that accepts the invitation will negotiate with the data user on the cooperation intention of data assets, and write the negotiated content into AAS-DA-public.

Step 503: Configure the usage process of data assets in AAS-DA-public and perform log storage.

In the embodiment of this application, the data user initiates an invitation to one or more data providers that meet its needs. The data provider that accepts the invitation will negotiate with the data user on the cooperation intention of the data assets, and will The content is written into the contract management attribute of the full life cycle management component of the data asset of AAS-DA-public. At the same time, the control and management of data assets in AAS-DA-public In the management component, configure permission management, access control, contract settings, usage control, usage mode, collaboration mode attributes, etc. At the same time, the time when the smart contract was completed and the information of both parties to the transaction will be recorded in the log storage of AAS-DA-public.

In the embodiment of this application, as shown in Figure 6, the AAS-DA-user monitors the data asset usage process of the data user according to the smart contract, and records all processing operation information for the data assets, including:

Step 601: AAS-DA-user performs a security scan on the media and environment where the data assets will be stored and used based on the requirements for the usage environment in the smart contract.

In the embodiment of this application, this application can perform usage environment scanning by AAS-DA-user: According to the settings about the usage environment in the data asset control management component-usage control, AAS-DA-user will call the control of the data asset Management component - Use the environment security scanning function to perform security scans on the software layer, system layer and hardware layer of the usage environment, and perform security annotations on software that meets the requirements of smart contracts. Software marked by security will be included in the whitelist of access control or usage control in the control management component of data assets. AAS-DA-user feeds back the environment security scan results to AAS-DA-supplier through the data consumer's client. AAS-DA-supplier data asset control management component - after using control approval, data users will be allowed to access pre-processed data assets.

Optionally, according to the provisions of the AAS-DA-supplier data asset control management component-contract settings, AAS-DA-supplier will preprocess the data assets through the usage pattern of the data asset control management component, including but not limited to detachment. Sensitivity, encryption, generation of calculation factors, etc. If you select "General use" in the usage mode, the data assets will be sent to the data consumer in clear text. If the data usage process involves multi-party collaboration, such as multi-party privacy computing, federated learning, etc., the collaboration mode of the control management component of the data assets will also be set. Two or more AAS-DA-suppliers that turn on collaborative mode will achieve synchronous management of data assets during the use of data assets.

Step 602: Confirm the permissions of one or more processes that are about to call the data assets by reading the whitelist of access control or usage control in AAS-DA-user.

In the embodiment of this application, by passing the permissions of one or more processes that call data assets to the data user, initiating permission applications to AAS-DA-user, by reading the control management component of the AAS-DA-user data assets Confirm the permissions of the process or processes that are about to call the data asset using a whitelist in access control or usage control. If the process is in the whitelist, AAS-DA-user will allow the process to operate the data assets according to the Function attribute in the data asset control management component-contract settings; if the process is not in the whitelist, AAS-DA- user will not allow the process to call data assets.

Step 603: AAS-DA-user monitors in real time whether changes in data assets have reached boundary conditions or whether operations that violate constraint conditions occur, and writes the operation log into the log evidence component.

In the embodiment of this application, during the use of data assets, the data assets are monitored through AAS-DA-user. AAS-DA-user monitors the data assets in real time through the use-controlled monitor, which is the control management component of the data assets. Whether the change has reached the maximum value of the boundary condition, or an operation that violates the constraint condition has occurred. If one of the above situations occurs, AAS-DA-user sends an exception message to the data consumer, and the data consumer forcibly terminates the process through the process monitoring-executor, and AAS-DA-user passes the control management component of the data asset-usage control-execution. The server destroys data assets.

In this way, we can better control the use of data assets and keep data sovereignty in the hands of the data provider.

In the embodiment of this application, as shown in Figure 7, when the change of the data asset reaches the boundary condition of the smart contract or a violation of the constraint condition occurs, the AAS-DA-user uses the data asset of the data user. Termination and/or destruction, including:

Step 701: According to the constraints and boundary conditions of the smart contract, the AAS-DA-user generates an operation script to terminate or destroy the data assets.

Step 702: When the changes in the data assets reach the boundary conditions of the smart contract or the constraint conditions are violated, AAS-DA-user will feed back the recorded processing operation information to AAS-DA-supplier in real time or afterwards, so that AAS-DA- The supplier issues a termination instruction to the AAS-DA-user, and the AAS-DA-user calls the operation script to terminate the use of the data assets, or directly through Call the operation script through AAS-DA-user to terminate the use of data assets.

Step 703: Destroy the data assets after the use of the data assets is terminated or when the AAS-DA-user receives a destruction instruction from the AAS-DA-supplier.

In the embodiment of this application, this application uses AAS-DA-user to generate operation scripts for terminating and destroying data assets based on the constraints and boundary conditions of the smart contract; during the use of data assets, it records through AAS-DA-user For all processing operation information of data assets; and feedback to AAS-DA-supplier in real time or afterward, there are two possible situations: (1) AAS-DA-supplier can proactively report to AAS-DA-supplier after learning the processing status of data assets. DA-user issues a termination instruction, and AAS-DA-user calls the operation script to terminate the use of data assets; (2) When the constraints and boundary conditions of the smart contract are reached, AAS-DA-user calls the operation script , to achieve the termination of the use of data assets.

The data assets will be destroyed after the data is used or when AAS-DA-user receives a destruction instruction from AAS-DA-supplier. Even after the data asset is destroyed, you can still understand its full life cycle information and the status of the data assets associated with it through AAS-DA, which facilitates post-audit liquidation and arbitration, as well as the traceability of other data assets.

In this way, data assets can be better made invisible, controllable, measurable, access rights controlled, and destroyed after reading.

In the embodiment of the application, as shown in Figure 8, the data asset management method of the application also includes:

Step 801: When the data assets are destroyed, AS-DA-user terminates the smart contract and sends the data asset destruction and smart contract termination information to the data provider and intermediate service party.

Step 802: After receiving the data asset destruction and smart contract termination information, the data provider terminates the smart contract through AAS-DA-supplier, and sends the liquidation application information to the intermediate service party and data user through the data provider.

Step 803: After receiving the clearing application information, the intermediate service party terminates the smart contract through AAS-DA-public, and reads the log storage components of AAS-DA-supplier and AAS-DA-user through AAS-DA-public. , compared with the content of the smart contract, and liquidation and auditing are implemented based on the comparison results.

In the embodiment of this application, this application synchronizes the use process of data assets and stores evidence in multiple parties through the collaboration of AAS-DA-public, AAS-DA-user, and AAS-DA-supplier, and based on AAS-DA- Multi-party certificates of public, AAS-DA-user and AAS-DA-supplier are used to liquidate and audit the use of data assets, so that AAS-DA-public can be dynamically adjusted based on the data user's evaluation of data quality and value. Quality attributes and value attributes of data assets.

Specifically, from the conclusion of the smart contract until the data assets are destroyed, all operations on the data assets by the data provider, data user and intermediate service party will be synchronously retained in the data provider's client and data through logs. In the user's client and intermediate service platform. When necessary, all certificates can be managed and traced through the blockchain.

When the data asset is destroyed, the smart contract management of the data user's client and the control management component of the AAS-DA-user data asset - contract settings will terminate the smart contract. Then, the information that the data assets are destroyed and the contract is terminated is sent to the client of the intermediate service platform and the data provider through the client of the data user. After the intermediary service platform receives the information, AAS-DA-public will terminate the contract and start the liquidation process through the contract setting function of the data asset control management component.

In the embodiment of this application, as shown in Figure 9, the data asset active management system AAS-DA of this application is deployed on the client and the intermediate service platform. The main functions of the client include AAS-DA management, identity registration and management, intelligence Contract management, process usage control, usage environment scanning, process management, log storage, clearing docking, and communication functions. Specifically, clients can be deployed on-premises or on a private cloud. Clients can be placed in a hardware-, system-, and/or software-layer trusted and secure environment where:

(1) AAS-DA management: including creating, updating, and deleting AAS-DA and its components and attributes, configuring the AAS-DA interface, etc.

(2) Identity registration and management: including the registration of client users, organizations, AAS-DA, data assets, and identity certificate management.

(3) Smart contract management:

1. Create a new smart contract. Including user permissions, usage environment, operation of data assets, IT infrastructure requirements, transmission security requirements, etc.;

2. When the client is offline, smart contracts can still be executed through the client;

3. Boundary conditions: stipulates the maximum time, maximum number of operations on data assets, etc.;

4. Constraints: Specifies the types of operations that cannot be performed on data assets;

5. Contract termination: When the data assets are destroyed, the contract is terminated.

(4) Process usage control:

Monitor: Monitor in real time whether the process's operations on data assets have reached the maximum value of the boundary conditions, or whether there are operations that violate the constraints.

Executor: Abort the process.

(5) Usage environment scanning: According to the requirements of the smart contract on the hardware layer, system layer and software layer of the usage environment, the usage environment scan is performed; a usage environment scanning result report and a process whitelist are formed, in which the usage environment scanning results are determined by the data user. The client is sent to the client of the intermediate service platform and the data provider at the same time, and the process whitelist is sent to the process management component for management.

(6) Process management: Dynamically manage access control or use-controlled process whitelists, including maintenance of processes in the whitelist (adding, updating and removing), process permission review, etc. Among them, before the data assets reach the data consumer, the process whitelist output by the usage environment scanning function will be used as the initial whitelist. Processes in the whitelist will be removed from the whitelist if any violation of smart contract regulations is detected during the use of data assets. Processes that are not included in the initial whitelist will be included in the whitelist after the client's process permissions are reviewed.

(7) Log storage: For the client of the data provider, the log of the entire life cycle of the data asset is stored; for the client and intermediate service platform of the data user, after the smart contract takes effect and before the contract is terminated, the data All operation logs of assets.

(8) Liquidation docking: When the contract is terminated, by reading the logs of the data user's client, the data provider's client and the intermediate service platform, the number and time of use of the data assets, abnormal situation handling, etc. will be liquidated.

(9) Communication functions: including communication between clients, communication between clients and AAS-DA, and communication between clients and intermediate service platforms, etc.

In the embodiment of this application, the functions of the intermediate service platform mainly include: identity authentication, resource directory management, supply and demand docking, smart contract management, log storage, liquidation audit, service evaluation and other functions. Specifically, the intermediate service platform can be deployed on a public cloud or a private cloud. The intermediate service platform needs to be placed in a trustworthy and secure environment at the hardware layer, system layer and software layer. The functions of the intermediate service platform can be implemented and operated by one or more organizations or units. Each organization or unit needs to pass identity authentication before starting relevant work.

As shown in Figure 10, this application also provides a data asset usage control method, which is applied to the client as the data provider, the client as the data user, and the intermediate service platform as the intermediate service party. The method includes :

Step 1001: The data provider and the data user conduct user registration and identity authentication through their respective clients. The authenticated data provider conducts data asset active management system AAS- through the data provider's client to the intermediate service platform. DA registration and certification.

Step 1002: The data provider saves the data asset information to be disclosed in AAS-DA-supplier as AAS-DA-public and uploads it to the intermediate service platform through the data provider's client, so that the data user and data provider can reach an agreement Smart contracts.

Step 1003: The client of the data consumer performs a usage environment scan and generates a whitelist of processes that are allowed to access or use control data assets. After confirming the processes in the whitelist, the client of the data provider compares AAS-DA-user with The preprocessed data assets are sent to the client of the data consumer.

Step 1004: During the use of data assets, the client of the data user confirms that it is about to call based on the process in the whitelist. Whether one or more processes of the data asset have permissions, and use the data asset through AAS-DA-user and AAS-DA-public when the changes in the data asset reach the boundary conditions of the smart contract or a constraint violation occurs Termination and/or destruction.

Using the data asset usage control method provided by the embodiments of the present disclosure, AAS-DA is used to realize the control of data assets between the client as the data provider, the client as the data user, and the intermediate service platform as the intermediate service party. Loading and usage control keeps data sovereignty in the hands of the data provider, enabling data assets to be made invisible, controllable, measurable, access rights controlled and destroyed after use, which solves the problems of poor quality and difficult data of data assets. Problems such as interoperability, high acquisition costs, difficulty in ensuring security, and complex ownership confirmation and valuation transactions have formed a technical system for data sharing, circulation, transactions, and security protection.

In the embodiment of this application, as shown in Figure 11, the data provider and the data user perform user registration and identity authentication through their respective clients. The identity-authenticated data provider, through the data provider's client The end-to-intermediate service platform carries out registration and certification of the data asset active management system AAS-DA, including:

Step 1101: The data provider and the data user register users through their respective clients, where user types include enterprises, organizations and individuals.

In the embodiment of this application, all stakeholders participating in trusted industrial data space activities, including but not limited to data providers, data users, third parties providing log storage, clearing and auditing services, etc., need to pass their The client registers. User types include enterprises, organizations, individuals, etc.

Step 1102: The intermediate service platform reviews the user registration information sent by the client, authorizes unique identities to users who pass the review, and manages identities according to user types.

In the embodiment of this application, after receiving the user registration information from the client, the intermediary service platform will conduct an audit. Users who pass the audit will be authorized with a globally unique identity. The intermediary service platform will conduct an audit based on the different types of users. Identity management.

Step 1103: The identity-authenticated data provider initiates an identity tag authorization application to the intermediate service platform through the data provider's client.

Step 1104: After the identity tag authorization application is approved, the intermediate service platform sends the unique data asset code and AAS-DA code to the client of the data provider.

Step 1105: The data provider's client automatically writes the data asset code and AAS-DA code into the AAS-DA identity tag, completing the registration and authentication of the data asset active management system AAS-DA.

In the embodiment of this application, the identity-authenticated data provider initiates an identity tag authorization application to the intermediary service platform through the data provider's client. After the authorization application is passed, the intermediary service platform sends a unique "global data asset" Code" and "Global AAS-DA Code" to the data provider's client. The client of the data provider automatically writes the above two codes into the AAS-DA identity tag to complete the registration and authentication of AAS-DA.

In the embodiment of this application, as shown in Figure 12, the data provider saves the data asset information to be disclosed in AAS-DA-supplier as AAS-DA-public and uploads it to the intermediate through the client of the data provider. Service platform to enable data users and data providers to reach smart contracts, including:

Step 1201: The data provider saves the data asset information to be disclosed in AAS-DA-supplier as AAS-DA-public and uploads it to the intermediate service platform through the data provider's client. The AAS-DA that is approved by the intermediate service platform -public is included in the resource directory.

Step 1202: The client of the data user accesses the resource directory of the intermediate service platform and queries the data assets and other resources that meet the requirements. The client of the data user subscribes to the resource directory or fills in the requirements for data assets and other resources. The intermediate service platform then Supply status of data assets and other resources, and push data assets and other resources.

Step 1203: The data user initiates an invitation to one or more data providers that meet its needs. The data provider that accepts the invitation will negotiate with the data user on the cooperation intention of the data assets, and write the negotiated content into the middle Smart contract management of service platform In the management function, as well as in the smart contract management function of the client of the data user and the client of the data provider.

In this way, data providers and data users use the intermediate service platform as a medium to achieve efficient supply and demand docking and smart contract settings, improving the transaction value of data assets.

In the embodiment of this application, as shown in Figure 13, the client of the data user performs a usage environment scan and generates a whitelist of processes that are allowed to access or use control data assets. The client of the data provider confirms the whitelist. After the process in the list, AAS-DA-user and the pre-processed data assets are sent to the client of the data consumer, including:

Step 1301: According to the data user's client's requirements for the usage environment, the data user's client will call the usage environment scanning component to perform a security scan on the hardware layer, system layer and software layer of the usage environment, and perform a security scan on the usage environment that complies with the smart contract. The required processes are security labeled.

Step 1302: Add the process that has passed the security annotation into the whitelist of access control or usage control in the process management component, and the client of the data consumer sends it to the client of the intermediate service platform and the data provider at the same time.

Step 1303: After the data provider's client confirms the whitelist, it preprocesses the data assets according to AAS-DA-supplier and saves them as AAS-DA-user, and combines AAS-DA-user with the preprocessed data assets. Sent to the client of the data consumer.

In the embodiment of this application, according to the provisions of the AAS-DA-supplier data asset control management component-contract settings, AAS-DA-supplier will preprocess the data assets through the usage pattern of the data asset control management component, including but not Limited to desensitization, encryption, generating calculation factors, etc. If you select "General use" in the usage mode, the data assets will be sent to the data consumer in clear text. If the data usage process involves multi-party collaboration, such as multi-party privacy computing, federated learning, etc., the collaboration mode of the data asset control management component will also be set. Two or more AAS-DA-suppliers that turn on collaborative mode will achieve synchronous management of data assets during the use of data assets.

Optionally, the data provider's client can also send AAS-DA-supplier and preprocessed data assets (plaintext or ciphertext) to the data consumer's client. The client of the data user merges the received AAS-DA-supplier and AAS-DA-user and generates a new AAS-DA-user. According to the AAS-DA-user data asset life cycle management component - contract management Regarding storage environment requirements, data assets are stored in an environment that meets trusted requirements.

In this way, the security and reliability of the usage environment of data assets can be better ensured.

In the embodiment of this application, as shown in Figure 14, during the use of data assets, the client of the data user confirms whether one or more processes that are about to call the data assets have Permissions include:

Step 1401: One or more processes that call the data asset will initiate a permission application to the client of the data user.

Step 1402: Confirm the permissions of one or more processes that are about to call the data asset by reading the whitelist of the client of the data consumer.

Step 1403: If the process is in the whitelist, the client of the data user sends a confirmation instruction to AAS-DA-user, allowing the process to operate on the data assets according to the Function attribute in AAS-DA-user.

Step 1404: If the process is not in the whitelist, the client of the data consumer will not allow the process to call the data asset.

In the embodiment of this application, one or more processes of the data asset will be called to initiate a permission application to the client-process management of the data user. By reading the whitelist in the client-process management of the data user, Confirm the permissions of the process or processes that will call the data asset. If the process is in the whitelist, the client of the data user will send a confirmation instruction to AAS-DA-user, allowing the process to control the data assets according to the Function attribute in the AAS-DA-user data asset control management component-contract settings. If the process is not in the whitelist, the data consumer's client will not allow the process to call the data asset.

In this way, the use process of data assets can be better monitored according to the process permissions of data assets, ensuring the data sovereignty and data security of the data provider.

In the embodiment of this application, as shown in Figure 15, the change in the data asset reaches the boundary condition of the smart contract or occurs. In case of violation of constraints, the use of data assets will be terminated and/or destroyed through AAS-DA-user and AAS-DA-public, including:

Step 1501: According to the boundary conditions and constraints of the smart contract, the client of the data user monitors in real time whether the process's operation on the data assets has reached the maximum value of the boundary conditions, or whether there are operations that violate the constraints.

Step 1502: When the changes in the data assets reach the boundary conditions of the smart contract or a constraint violation occurs, the client of the data user forcibly terminates the process.

Step 1503: The client of the data user issues an instruction to AAS-DA-User, and AAS-DA-user destroys the data assets.

In the embodiment of this application, during the use of data assets, the process is monitored through the client of the data user, and the data assets are monitored through AAS-DA-user. Among them, according to the boundary conditions and constraints in smart contract management, the client of the data user monitors in real time through the process management-monitor whether the operation of the data assets by the process has reached the maximum value of the boundary conditions, or whether there are violations of the constraints. operation occurs, if one of the above situations occurs, the client of the data consumer forcefully terminates the process through the process monitoring-executor, and at the same time issues instructions to the AAS-DA-User, and the AAS-DA-user passes the data asset control management component-usage control -The executor destroys data assets. At the same time, AAS-DA-user uses the data asset control management component-use control-monitor to monitor in real time whether the changes in data assets have reached the maximum value of the boundary conditions, or there are operations that violate the constraints. If one of the above situations occurs , AAS-DA-user sends exception information to the client of the data consumer, and the client of the data consumer forcibly terminates the process through the process monitoring-executor. AAS-DA-user uses the control-executor to destroy data assets through the data asset control management component.

In this way, data sovereignty can be better firmly held in the hands of the data provider, ensuring the stability of the value of data assets.

In the embodiment of the present application, as shown in FIG. 16 , the usage control method provided by the embodiment of the present application also includes:

Step 1601: From the conclusion of the smart contract until the data assets are destroyed, all operations on the data assets by the data provider, data user and intermediate service platform will be synchronously retained in the data provider's client and data usage through logs. In the party’s client and intermediate service platform.

Step 1602: When the data assets are destroyed, the data user's client and AAS-DA-user will terminate the smart contract, and send the data asset destruction and smart contract termination information to the intermediate service platform through the data user's client. and data provider clients.

Step 1603: After the intermediate service platform receives the information that the data assets are destroyed and the smart contract is terminated, AAS-DA-public will terminate the contract through the contract setting function of the data asset control management component and start the liquidation process.

In the embodiment of this application, when the data assets are destroyed, the data user's client - smart contract management, and the AAS-DA-user data asset control management component - contract settings will terminate the smart contract. Then, the data asset destruction and contract termination information is sent to the client of the intermediate service platform and the data provider through the client of the data user. After receiving the information, the data provider's client-smart contract management, and AAS-DA-supplier will use the data asset control management component-contract settings to terminate the smart contract. After the intermediate service platform receives the information, AAS-DA- Public data asset control management component - contract termination of contract settings. AAS-DA-public reads the log storage component of AAS-DA-supplier and AAS-DA-user and compares it with the content of the data asset control management component-contract settings.

If the data user uses the data assets normally in accordance with the provisions of the smart contract and stops using the data assets when the boundary conditions are triggered, AAS-DA-public will form a settlement report based on the unit price of the data assets, the number of uses/time, etc. and send it to Data users and data providers. After settlement, data users can evaluate data asset attributes such as data quality, and AAS-DA-public will update attribute information such as the data asset full life cycle management component - data quality management based on the evaluation. Data providers can evaluate the creditworthiness of data users.

If the data user fails to use the data assets in accordance with the provisions of the smart contract, AAS-DA-public will form a settlement report and send it to the data user and data provider based on the unit price of the data asset, the number/time of use, and illegal operations and other information. Data users are at the end of After calculation, the data asset attributes cannot be evaluated. The intermediary service platform will lower the credit status of data users. The credit status of the data user will affect the permission management and other attributes of the data asset control management component of AAS-DA-user.

In addition, the intermediary service platform will retain AAS-DA-public until the retention period of AAS-DA-public expires or the data provider requests the destruction of AAS-DA-public.

Optionally, if the smart contract allows data users to copy data assets, AAS-DA-user-copy will be generated for the copied data assets and associated with AAS-DA-user.

In this way, when data assets are used abnormally, AAS-DA-user can better manage and control data assets and ensure the value of data assets.

Optionally, the use control method of data assets in this application also includes the storage and destruction of AAS-DA-supplier information, as well as the update of AAS-DA-supplier and AAS-DA-public. For details, please refer to the previous part of this specification. , this application will not go into details here.

As shown in FIG. 17 , an embodiment of the present disclosure provides a computing device, including a processor 170 and a memory 171 . Optionally, the device may also include a communication interface (Communication Interface) 172 and a bus 173. Among them, the processor 170, the communication interface 172, and the memory 171 can communicate with each other through the bus 173. Communication interface 172 may be used for information transmission. The processor 170 can call logical instructions in the memory 171 to implement the data asset active management system of the above embodiment, or to execute the data asset management method of the above embodiment, or to execute the data asset usage control method of the above embodiment. .

In addition, the above-mentioned logical instructions in the memory 171 can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product.

As a computer-readable storage medium, the memory 171 can be used to store software programs, computer-executable programs, such as program instructions/modules corresponding to the methods in the embodiments of the present disclosure. The processor 170 executes the program instructions/modules stored in the memory 171 to execute functional applications and data processing, that is, to implement the data asset active management system of the above embodiment, or to execute the data asset management method of the above embodiment, Or, execute the data asset usage control method of the above embodiment.

The memory 171 may include a stored program area and a stored data area, where the stored program area may store an operating system and an application program required for at least one function; the stored data area may store data created according to the use of the terminal device, etc. In addition, the memory 171 may include a high-speed random access memory, and may also include a non-volatile memory.

Embodiments of the present disclosure provide a storage medium that stores program instructions. When the program instructions are run, they can implement the data asset active management system of the above embodiment, or execute the data asset management method of the above embodiment, or , execute the data asset usage control method of the above embodiment.

The above-mentioned storage medium may be a transient computer-readable storage medium or a non-transitory computer-readable storage medium.

An embodiment of the present disclosure provides a computer program that, when executed by a computer, causes the computer to implement the data asset usage control method of the above embodiment.

Embodiments of the present disclosure provide a computer program product. The computer program product includes computer instructions stored on a computer-readable storage medium. When the program instructions are executed by a computer, they cause the computer to implement the data of the above embodiments. Methods of controlling the use of assets.

The technical solution of the embodiments of the present disclosure may be embodied in the form of a software product. The computer software product is stored in a storage medium and includes one or more instructions to enable a computer device (which may be a personal computer, a server, or a network equipment, etc.) to perform all or part of the steps of the method described in the embodiments of the present disclosure. The aforementioned storage media can be non-transitory storage media, including: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk, etc. A medium that can store program code or a temporary storage medium.

The foregoing description and drawings illustrate embodiments of the disclosure sufficiently to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. The examples represent only possible variations. Unless explicitly required requirements, otherwise individual components and features are optional and the order of operations may vary. Portions and features of some embodiments may be included in or substituted for those of other embodiments. Furthermore, the words used in this application are used only to describe the embodiments and not to limit the claims. As used in the description of the embodiments and the claims, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. . Similarly, the term "and/or" as used in this application is meant to include any and all possible combinations of one or more of the associated listed. In addition, when used in this application, the term "comprise" and its variations "comprises" and/or "comprising" and the like refer to stated features, integers, steps, operations, elements, and/or The presence of a component does not exclude the presence or addition of one or more other features, integers, steps, operations, elements, components and/or groupings of these. Without further limitation, an element defined by the statement "comprises a..." does not exclude the presence of additional identical elements in a process, method or apparatus including the stated element. In this article, each embodiment may focus on its differences from other embodiments, and the same and similar parts among various embodiments may be referred to each other. For the methods, products, etc. disclosed in the embodiments, if they correspond to the method part disclosed in the embodiment, then the relevant parts can be referred to the description of the method part.

Those skilled in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software may depend on the specific application and design constraints of the technical solution. The skilled person may use different methods to implement the described functionality for each specific application, but such implementations should not be considered to be beyond the scope of the disclosed embodiments. The skilled person can clearly understand that for the convenience and simplicity of description, the specific working processes of the systems, devices and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be described again here.

In the embodiments disclosed herein, the disclosed methods and products (including but not limited to devices, equipment, etc.) can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units may only be a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined. Either it can be integrated into another system, or some features can be ignored, or not implemented. In addition, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms. The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or they may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to implement this embodiment. In addition, each functional unit in the embodiment of the present disclosure may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.

The flowcharts and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code that includes one or more components for implementing the specified logical function(s). Executable instructions. In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two consecutive blocks may actually execute substantially in parallel, or they may sometimes execute in the reverse order, depending on the functionality involved. In the descriptions corresponding to the flowcharts and block diagrams in the accompanying drawings, operations or steps corresponding to different blocks may also occur in a sequence different from that disclosed in the description, and sometimes there is no specific distinction between different operations or steps. order. For example, two consecutive operations or steps may actually be performed substantially in parallel, or they may sometimes be performed in reverse order, depending on the functionality involved. Each block in the block diagram and/or flowchart illustration, and combinations of blocks in the block diagram and/or flowchart illustration, may be implemented by special purpose hardware-based systems that perform the specified functions or actions, or may be implemented using special purpose hardware implemented in combination with computer instructions.

Claims

A data asset active management system, which is characterized by including:

The full life cycle management component is configured to perform full life cycle management of various subject attributes of data assets;

The control management component is configured to manage the use process of data assets;

The log storage and evidence management component is configured to manage various logs generated during the use of the active data asset management system;

The interface management component is configured to manage the communication interface of the data asset active management system.
The data asset active management system according to claim 1, characterized in that the full life cycle management component is specifically configured as:

Manage data sovereignty, data history and data quality of data assets.
The data asset active management system according to claim 1 or 2, characterized in that the full life cycle management component is specifically configured as:

Manage the data types, data levels and data standards of data assets.
The data asset active management system according to any one of claims 1 to 3, characterized in that the full life cycle management component is specifically configured as:

Manage the data value, data sharing and smart contracts of data assets.
The data asset active management system according to any one of claims 1 to 4, characterized in that the control management component is specifically configured as:

Manage usage rights, access control and contract settings of data assets.
The data asset active management system according to any one of claims 1 to 5, characterized in that the control management component is specifically configured as:

Manage the use control, usage patterns, collaboration patterns, and usage environment security scans of data assets.
The data asset active management system according to any one of claims 1 to 6, characterized in that the log storage management component is specifically configured as:

Manage the internal logs of the active data asset management system, data operation logs, and collaborative logs with other data asset management systems.
The data asset active management system according to any one of claims 1 to 7, characterized in that the interface management component is specifically configured as:

Manage communication interfaces between at least two data asset active management systems, and communication interfaces between the data asset active management systems and data assets.
A computing device, including a processor and a memory storing program instructions, characterized in that the processor is configured to implement the data asset according to any one of claims 1 to 8 when running the program instructions. Active management system.
A storage medium storing program instructions, characterized in that when the program instructions are run, the data asset active management system as described in any one of claims 1 to 8 is implemented.
A computer program, when the computer program is executed by a computer, causes the computer to implement the data asset active management system according to any one of claims 1 to 8.
A computer program product. The computer program product includes computer instructions stored on a computer-readable storage medium. When the program instructions are executed by a computer, the computer implements the method described in any one of claims 1 to 8. Active data asset management system.