CN107911450B - Safe data circulation method and system - Google Patents
Safe data circulation method and system Download PDFInfo
- Publication number
- CN107911450B CN107911450B CN201711135505.9A CN201711135505A CN107911450B CN 107911450 B CN107911450 B CN 107911450B CN 201711135505 A CN201711135505 A CN 201711135505A CN 107911450 B CN107911450 B CN 107911450B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- circulation
- application program
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
Abstract
The invention provides a safe data circulation method and a system thereof, comprising a data system, a data circulation system and a data circulation method. A data storage module in the data system stores user data, the user data are not stored in an application program server any more, and data shaping is completed before data circulation, so that the safety and the privacy of the data are guaranteed. The data circulation system is responsible for the credible recording of the data circulation process. The data circulation method is characterized in that data barriers between different application programs are opened, so that the application programs of the same application type can identify data of the same type, data safety shaping is completed through a data system under the guidance of an intelligent contract, and data credible circulation is completed through a data circulation system. By the method and the device, the problems that the data of the user cannot be independently controlled, the data of the user cannot be shared among different applications and the data privacy is easy to leak during data sharing in the prior art are solved, and the traceability of the data sharing behavior can be ensured.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a secure data circulation method and system.
Background
With the rapid development of information technology, the internet has become an indispensable basic platform for human life, and various types of applications based on the internet are emerging continuously.
When the user uses the application program, the user data is controlled by the application program provider, and the application developer saves the data generated by the user in the application program using process to the server of the application program provider. In addition, data of the user cannot be shared between different applications. For example, the data of the user stored in the application a is only allowed to be read by the server corresponding to the application a and cannot be read by the server corresponding to the application B. Moreover, when the existing application programs share data, the data are directly shared integrally, and the data privacy is easily revealed. For example, when the data D stored by the application a of the user a is shared with the application a of the user B, the data D is completely acquired by the application a of the user B, and further, the data with privacy in the data D is also seen.
Disclosure of Invention
In view of this, the present invention provides a secure data circulation method and system, so as to solve the problems that data of a user cannot be controlled autonomously, data of the user cannot be shared among different applications, and privacy of the data is easily revealed during data sharing.
In order to solve the technical problems, the invention adopts the following technical scheme:
a data circulation method is applied to a data system and comprises the following steps:
when a preset application program running in an application sandbox module generates data circulation, an artificial intelligence module acquires an application type corresponding to the preset application program; the preset application program is any application program running in the application sandbox module;
the artificial intelligence module acquires stored data corresponding to the application type from a data storage module; the data storage module stores the data of each application program in the application sandbox module in operation according to category classification; the application program in the application sandbox module can access the stored data corresponding to the application type corresponding to the application program in the database storage module;
the artificial intelligence module carries out data safety shaping on the circulation data during data circulation according to the acquired stored data and a preset data circulation rule to generate a notification message;
the artificial intelligence module sends the notification message to a target application program so that the target application program sends the notification message to the electronic equipment corresponding to the target application program;
the target application program is the preset application program stored in the application sandbox module or an application program belonging to the same application category as the preset application program.
Preferably, the artificial intelligence module performs data security shaping on the circulation data during data circulation according to the acquired stored data and a preset data circulation rule, and generates a notification message, including:
searching the stored data to obtain effective data which accords with the data circulation rule;
and carrying out data security combination on the effective data and the circulation data to obtain the notification message.
Preferably, after the artificial intelligence module sends the notification message to a target application program, so that the target application program sends the notification message to an electronic device corresponding to the target application program, the method further includes:
and the block chain module records the circulation process of the data circulation.
Preferably, after the artificial intelligence module sends the notification message to a target application program, so that the target application program sends the notification message to an electronic device corresponding to the target application program, the method further includes:
the artificial intelligence module carries out data integration and deformation on the circulation data and the stored data according to the data circulation rule to generate at least one associated notification message corresponding to the notification message;
and the artificial intelligence module respectively sends the at least one associated notification message to the mobile terminals of the corresponding message receivers.
Preferably, the method further comprises the following steps:
the network switching module sends a data request message to a target data system;
when a target data system determines that the data request message can be received, the network switching module receives a data request result which is sent by the target data system and corresponds to the data request message;
when the network switching module determines that the data request result can be received, the network switching module sends the data request result to an artificial intelligence module;
when the artificial intelligence module determines that the data request result meets the safety requirement, the artificial intelligence module searches first data corresponding to the data type corresponding to the data request result from the data storage module;
the artificial intelligence module generates a reply message according to the first data, the data request result and the data circulation rule;
and the artificial intelligence module sends the reply message to the electronic equipment so as to enable the electronic equipment to display the reply message.
Preferably, the method further comprises the following steps:
the network switching module sends a data request message to a target data system;
when the target data system determines that the data request message can be received and the data system is allowed to directly access the target data system, the network switching module acquires a data request result corresponding to the data request message from the target data system;
and the network switching module sends the data request result to the electronic equipment so as to enable the electronic equipment to display the data request result.
Preferably, the method further comprises the following steps:
the artificial intelligence module acquires data to be pushed;
the artificial intelligence module determines the data type of the data to be pushed;
the artificial intelligence module searches for second data corresponding to the data type from the data storage module;
the artificial intelligence module carries out data integration on the second data and the data to be pushed according to the data circulation rule and the determined target data system to generate a push message;
when the artificial intelligence module determines that the pushed data meets the safety requirement, the pushed data is sent to the network exchange module;
and the network switching module sends the push data to a target data system.
A data system comprises an application sandbox module, a database storage module and an artificial intelligence module;
the application sandbox module is used for running a plurality of application programs;
the database storage module is used for storing the data of each application program in the application sandbox module in the operation process and the user data according to the classification; the application program in the application sandbox module can access the stored data corresponding to the application type corresponding to the application program in the database storage module;
the artificial intelligence module is used for acquiring an application type corresponding to a preset application program when the preset application program running in the application sandbox module generates data circulation, acquiring stored data corresponding to the application type from a data storage module, performing data safety shaping on the circulation data during the data circulation according to the acquired stored data and a preset data circulation rule, generating a notification message, and sending the notification message to a target application program so that the target application program sends the notification message to electronic equipment corresponding to the target application program;
the preset application program is any application program running in the application sandbox module, and the target application program is the preset application program stored in the application sandbox module or an application program belonging to the same application category as the preset application program.
Preferably, the artificial intelligence module is configured to perform data security shaping on the circulation data during data circulation according to the acquired stored data and a preset data circulation rule, and when generating the notification message, the artificial intelligence module is specifically configured to:
searching the stored data to obtain effective data which accords with the data circulation rule;
and carrying out data security combination on the effective data and the circulation data to obtain the notification message.
Preferably, the system further comprises a block chain module;
and the block chain module is used for recording the circulation process of the data circulation.
Preferably, the artificial intelligence module is configured to send the notification message to a target application program, so that after the target application program sends the notification message to the electronic device corresponding to the target application program, the artificial intelligence module is further configured to:
and according to the data circulation rule, performing data integration and transformation on the circulation data and the stored data to generate at least one associated notification message corresponding to the notification message, and respectively sending the at least one associated notification message to the mobile terminal of the corresponding message receiver.
Preferably, the system further comprises a network switching module;
the network switching module is used for sending a data request message to a target data system, receiving a data request result which is sent by the target data system and corresponds to the data request message when the target data system determines that the data request message can be received, and sending the data request result to the artificial intelligence module when the data request result can be received;
the artificial intelligence module is further configured to, when it is determined that the data request result meets the security requirement, search, from the data storage module, first data corresponding to the data type corresponding to the data request result, generate a reply message according to the first data, the data request result, and the data circulation rule, and send the reply message to the electronic device, so that the electronic device displays the reply message.
Preferably, the system further comprises a network switching module;
the network switching module is configured to send a data request message to a target data system, acquire a data request result corresponding to the data request message from the target data system when the target data system determines that the data request message can be received and allows the data system to directly access the target data system, and send the data request result to the electronic device, so that the electronic device displays the data request result.
Preferably, the system further comprises a network switching module;
the artificial intelligence module is further configured to obtain data to be pushed, determine a data type to which the data to be pushed belongs, search for second data corresponding to the data type from the data storage module, perform data integration on the second data and the data to be pushed according to the data circulation rule and a determined target data system, generate a push message, and send the push data to the network switching module when it is determined that the push data meets the security requirement;
and the network switching module is used for sending the push data to a target data system.
A data circulation system comprises a plurality of data systems, an intelligent contract server and an operation management server;
the intelligent contract server is used for determining the data circulation rule;
and the operation management server is used for operation and management of the data system.
Preferably, the data system further comprises a blockchain module;
the block chain module is used for recording the circulation process of the data circulation;
the data circulation system also comprises the block chain server;
and the blockchain server is used for maintaining the types and versions of the blockchain modules.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a safe data circulation method and a safe data circulation system. And the target application program is a preset application program stored in the application sandbox module or an application program belonging to the same application category as the preset application program. The application program belonging to the same application category as the preset application program and the preset application program can recognize the same notification message, and the application program in the application sandbox module can access the stored data corresponding to the application category corresponding to the application program in the database storage module, so that different application programs can access the same data, namely, the data of users among different applications can be shared. In addition, the generated notification message is used for performing data security shaping on the data which flows when the data flows through the data flow rule, so that the data can be further safely shared.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a method for data communication according to the present invention;
FIG. 2 is a flow chart of another method for data communication according to the present invention;
FIG. 3 is a schematic view of a data flow method according to the present invention;
FIG. 4 is a schematic view of a scenario of another data circulation method according to the present invention;
FIG. 5 is a schematic structural diagram of a data system according to the present invention;
fig. 6 is a schematic structural diagram of a data circulation system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a data circulation method which is applied to a data system, wherein the data system can also be called a personal data center PDC. The data system may include an application sandbox module, an artificial intelligence module, a blockchain module, and a network switching module.
Referring to fig. 1, the data circulation method may include:
s11, when data circulation occurs to any preset application program running in the application sandbox module, the artificial intelligence module obtains the application type corresponding to the preset application program;
the preset application program is any application program in the application sandbox module.
Specifically, the application sandbox module stores a plurality of application programs, and the application programs may be shopping application programs, social application programs, business application programs, and the like. The application programs are stored in the application sandbox module, and the application sandbox module has the advantage that the application sandbox module is a virtual environment, and if any application program in the application sandbox module has a virus, the security of other modules in the data system cannot be influenced.
The data circulation of any preset application program running in the application sandbox module can be that the user uses social software to chat, uses shopping software to shop and the like.
When a user chats with the social software, the artificial intelligence module acquires the application category corresponding to the preset application program, for example, the application category corresponding to the social software is a social category.
In addition, different application programs in the application sandbox module access the data stored in the data storage module according to a preset application authorization mechanism. For example, the social-class application can only access social data in the data storage module, the business-class application can only access business data, and the shopping-class application can only access shopping data.
Moreover, the data stored in the data storage module can only be accessed in advance, and when the application program accesses the data stored in the data storage module, the application program can only access the data temporarily, and the accessed data cannot be stored in the application program of the application program.
S12, the artificial intelligence module acquires the stored data corresponding to the application type from the data storage module;
and the data storage module stores the data of each application program in the application sandbox module during operation according to category classification. For example, the data may be stored in categories such as social categories, shopping categories, and the like. The artificial intelligence module will examine the security of the data in the data storage module, and only when the data is secure will the data stored in the data storage module be used.
And the application program in the application sandbox module can access the storage data corresponding to the application type corresponding to the application program in the database storage module.
Specifically, when a user chats with social software, the artificial intelligence module searches the data storage module to obtain stored data of the social class, wherein the stored data includes data of different applications belonging to the social class.
It should be noted that the application program in the application sandbox module is decoupled from the data, the data generated during the operation of the application program is stored in the data storage module and is not stored in the application program, and further, when the application program uses the data, the application program can only access the data in the data storage module to realize the function thereof. The data system limits the application types and behaviors of the accessible data storage modules through an application authorization mechanism, and achieves the autonomous control of the user data ownership. Applications authorized to access data need to run securely in the application sandbox module under the supervision of the artificial intelligence module within the data system.
S13, the artificial intelligence module carries out data safety shaping on the circulation data during data circulation according to the acquired stored data and a preset data circulation rule to generate a notification message;
optionally, on the basis of this embodiment, step S13 may specifically include:
and searching the stored data to obtain effective data which accords with the data circulation rule, and carrying out data safety combination on the effective data and the circulation data to obtain the notification message.
Specifically, the data circulation rule records a data combination mode, that is, what data is combined with what data, for example, data of clothes and eating houses can be combined together.
Taking the social software as an example, when the user a receives the message sent by the user B by using the social software, for example, the message may be a meal together at noon tomorrow, at this time, since the artificial intelligence module of the user a determines that the application type to which the social software belongs is the social class, at this time, the social data is obtained by searching from the data storage module. And then searching whether the clothing and eating residence at tomorrow noon has arrangement or not according to a data circulation rule, and if the tomorrow noon and the leader are scheduled to eat together, generating a notification message, wherein the content of the notification message invites the user B to eat together at tomorrow noon, but the user B and the leader are scheduled to eat together at tomorrow noon.
Or, the data stored in the data storage module shows that the colleagues need to visit at tomorrow noon, and at the moment, the generated notification message invites the user B to eat at tomorrow noon, but the colleagues visit at tomorrow noon.
S14, the artificial intelligence module sends the notification message to a target application program, so that the target application program sends the notification message to the electronic equipment corresponding to the target application program;
the target application program is the preset application program stored in the application sandbox module or an application program belonging to the same application category as the preset application program.
Specifically, the target application may be a preset application being used by the user, or may be an application belonging to the same application type as the preset application, specifically, for example, four types of social software A, B, C and D are stored in the application sandbox module, and the preset application being used by the user is the social software a, but the notification message may not be received by the social software a, or the notification message may be received by the social software B, that is, the notification message may be recognized by different social software.
In addition, it should be noted that the electronic device may be a PDC terminal, and the application program is installed in the application sandbox module and is not installed in the PDC terminal, and the PDC terminal only plays a role in displaying and inputting. The PDC terminal can be a mobile phone, a display screen, a computer and other equipment.
The application program is installed in the application sandbox module and is not installed in the PDC terminal, so that when the application program is installed in the application sandbox module, data of the application program during operation can be stored in the data storage module, a user logs in the same application program by using different PDC terminals, previous records and chat messages can also be stored in the data storage module and can be read, and the previous records and chat messages cannot disappear along with replacement of the PDC terminal by the user.
Optionally, on the basis of this embodiment, after step S14, the method further includes:
and the block chain module records the circulation process of the data circulation.
Specifically, the block chain module is responsible for running a block chain protocol to complete block chain behavior recording. In addition, the blockchain can also support the operations of making, updating and withdrawing the intelligent contracts in the intelligent contract server. Wherein the intelligent contract refers to a data circulation rule.
Optionally, on the basis of this embodiment, after step S14, the method further includes:
the artificial intelligence module carries out data integration and deformation on the circulation data and the stored data according to the data circulation rule to generate at least one associated notification message corresponding to the notification message;
and the artificial intelligence module respectively sends the at least one associated notification message to the mobile terminals of the corresponding message receivers.
Specifically, the data circulation rule is stored in the intelligent contract server, and the intelligent contract server formulates and maintains the data circulation rule in the data system, so as to guide the data circulation behavior of the personal data center system. The data circulation rules indicate the data circulation levels of different users, the data circulation relationship and the data circulation contents corresponding to different levels. If B is related to a, a sets B to the first level in the data circulation rule, and a is closer to the first level, all the contents of data circulation can be sent to a. The relation between C and A is a common friend relation, A sets C as a third level in the data circulation rule, and the relation is general, and partial content of data circulation can be sent to A.
When B and C respectively request the personal information of A from A, because the relationship between B and A is relatively close and the relationship between C and A is general, A may send the information of name identification number, mobile phone number, family address, etc. to B, and only send the information of mobile phone number and name to C.
In this step, in addition to generating the notification message, an association notification message may be generated, where the association notification message is generated based on the notification message. The associated notification message is obtained by combining the stored data to perform data integration and transformation on the basis of the notification message.
Taking the example that the user B invites the user B to eat together at tomorrow noon as an example, if the user B calls a colleague at tomorrow noon, at the same time, the notification message that the user B invites the user B to eat together at tomorrow noon and calls a street together with the colleague at tomorrow noon is sent to the user A, and meanwhile, the association notification message is also sent to the lovers and the boss of the user A, it is found out from the stored data that the shopping is possibly required to be consumed, at the moment, the association notification message sent to the lovers can be that the user B invites the user B to eat together at tomorrow noon and calls the colleague at tomorrow noon, money can be prepared in advance, so that the untimely association notification message is not prepared.
It is found from the stored data that shopping has been specified, which may not be able to catch up to the next morning hours in time, so that the associated notification message to the boss may be something tomorrow at noon, possibly late afternoon.
After the association notification message is determined, the association notification message is sent to the mobile terminal of the corresponding person. The mobile terminal can be a mobile phone, a tablet, a notebook and other terminals.
In this embodiment, the artificial intelligence module sends the notification message to a target application program, and the target application program sends the notification message to the electronic device corresponding to the target application program. And the target application program is a preset application program stored in the application sandbox module or an application program belonging to the same application category as the preset application program. The application program belonging to the same application category as the preset application program and the preset application program can recognize the same notification message, and the application program in the application sandbox module can access the stored data corresponding to the application category corresponding to the application program in the database storage module, so that different application programs can access the same data, namely, the data of users among different applications can be shared. In addition, the generated notification message is used for performing data security shaping on the data which flows when the data flows through the data flow rule, so that the data can be further safely shared.
Optionally, on the basis of any one of the above embodiments of the data circulation method, referring to table fig. 2, the method may further include:
s21, the network exchange module sends a data request message to the target data system;
the network switch module can be a network switch, the network switch is used for executing a PDC access rule formulated in the network controller, the PDC access rule formulated in the network controller can be sent to the network switch, and then the network switch controls an access flow according to the PDC access rule.
Wherein the PDC access rule may specify that B may receive a request sent by a, but may not send a request to a.
In this step, the network switch module sends a data request message to the target data system, indicating that the request may be allowed to be sent to the target data system.
It should be noted that data is divided into two types, namely, push type and pull type, and belongs to the pull type when a actively requests data from B, and belongs to the push type when a pushes data from B, in this embodiment, the data belongs to the pull type. When data is required to be requested to the outside, the PDC terminal is first required to connect to a corresponding data system, and then the data request message can be sent through the network switching module.
S22, when the target data system determines that the data request message can be received, the network switching module receives a data request result which is sent by the target data system and corresponds to the data request message;
when a target data system receives a data request message, a network exchange module in the target data system determines whether the data request message sent by the data system can be received or not according to a PDC access rule, and when the data request message can be received, a data request result which is sent by the target data system and corresponds to the data request message is received.
It should be noted that the data request result may be obtained by processing the original data according to a data circulation rule in the target data system, where the processing may be data integration, deformation, and data desensitization, where the data desensitization refers to performing data deformation on some sensitive information according to a desensitization rule, so as to implement reliable protection of sensitive private data.
For example, the data request message requests the identity information of the user, and the data storage module in the target data system stores the detailed home address of the user, such as the cell C unit number of the beijing city a, but the user does not want to be known to others as a detailed home, so that data desensitization data is performed on the home address, the cell and room number addresses are hidden, and only the beijing city is left.
When the target data system obtains the data request result, the artificial intelligence module in the target data system can detect the safety of the data request result, wherein the data request result can be temporarily placed in a public data server in the target data system during the safety detection. Furthermore, the common server may be disposed outside the target data system instead of inside the target data system, and all data systems share one common data server.
When the data request result has no security problem, the data request result is sent to the network switching module in the data system in the embodiment through the network switching module in the target data system. Wherein the PDC access rule in the network switching module should be to allow the target data system to send data to the data system.
S23, when the network switching module determines that the data request result can be received, the network switching module sends the data request result to an artificial intelligence module;
specifically, the network switching module may determine whether the data request result can be received according to an internal PDC access rule, and when the network switching module determines that the data request result can be received, the network switching module sends the data request result to the artificial intelligence module.
S24, when the artificial intelligence module determines that the data request result meets the safety requirement, the artificial intelligence module searches first data corresponding to the data type corresponding to the data request result from the data storage module;
specifically, after receiving the data request result, the artificial intelligence module detects the security of the data request result, and specifically can detect whether the data request result carries a virus or not. And when the artificial intelligence module determines that the data request result meets the safety requirement, searching first data corresponding to the data type corresponding to the data request result from the data storage module.
The data types corresponding to the data request result can also be classified into social, commercial, shopping and other types. The artificial intelligence module firstly determines the type of the data request result and then searches the first data corresponding to the type in the data storage module.
S25, the artificial intelligence module generates a reply message according to the first data, the data request result and the data circulation rule;
specifically, the process of generating the reply message is the same as the process of generating the notification message, please refer to the corresponding description in the above embodiments, and will not be described herein again.
S26, the artificial intelligence module sends the reply message to the electronic equipment, so that the electronic equipment displays the reply message.
Specifically, the electronic device is a PDC terminal, and the electronic device only plays a display role, where the electronic device displays the reply message.
In this embodiment, requesting data from the target data system is that the target data system feeds back a data request result to the target system in this embodiment, and in addition, on the basis of this embodiment, the data system may directly obtain data from the target data system. Specifically, the following may be mentioned:
1) the network switching module sends a data request message to a target data system;
2) when the target data system determines that the data request message can be received and the data system is allowed to directly access the target data system, the network switching module acquires a data request result corresponding to the data request message from the target data system;
3) and the network switching module sends the data request result to the electronic equipment so as to enable the electronic equipment to display the data request result.
Reference may be made in particular to fig. 3. In fig. 3, when the PDC terminal 101 of the user a sends a data request message to the network switching module 1032 of the target data system 103 through the network switching module 102 belonging to the data system, and the network switching module 1032 determines, according to the PDC access rule formulated by the network controller 1031, that the data system including the network switching module 102 in this embodiment directly accesses the target data system 103, the user a may directly read the data request result in the data storage module 1034 through the PDC terminal 101 and the network switching module 102, that is, all terminals of the user a are allowed to directly read the data request result in the data storage module 1034, and send the data request result to the PDC terminal 101 through the network switching module 1032 and the data system including the network switching module 102, and display the data request result in the PDC terminal 101. And further, the direct presentation of the data requested by the user A is realized.
It should be noted that the data system can directly access the target data system when the target data system allows the data system to directly obtain data from the target data system.
In addition, the target data system further includes an application sandbox module 1033, an artificial intelligence module 1035, and a block chain module 1036, and the functions of these modules refer to the corresponding descriptions in the above embodiments, which are not described herein again.
User B may also access the application sandbox module 1033 and the data storage module 1034 of the target data system through user B's PDC terminal 104 and network switching module 1032.
The blockchain module 105, intelligent contract server 106, and operation management server 107 will be described below.
In this embodiment, data can be requested from the external device, and thus the requirement of the user for requesting data can be satisfied.
Optionally, on the basis of any one of the above embodiments of the data circulation method, with reference to fig. 4, the method may further include:
s31, the artificial intelligence module acquires data to be pushed;
specifically, in this embodiment, the data belongs to a push type, that is, the data is actively pushed to the target data system.
The data to be pushed is the data determined by the user through the PDC terminal.
S32, the artificial intelligence module determines the data type of the data to be pushed;
the process of determining the data type is explained in the above embodiments, please refer to the corresponding descriptions in the above embodiments.
S33, the artificial intelligence module searches the data storage module to obtain second data corresponding to the data type;
s34, the artificial intelligence module carries out data integration on the second data and the data to be pushed according to the data circulation rule and the determined target data system to generate a push message;
the process of generating the push message in this step is the same as the process of generating the notification message in the above embodiment, please refer to the corresponding parts in the above embodiment.
S35, when the artificial intelligence module determines that the pushed data meets the safety requirement, the pushed data is sent to the network exchange module;
specifically, the artificial intelligence module may check whether the push message carries a virus, etc. The artificial intelligence module can temporarily place the pushed data in a public data server in the data system when determining whether the pushed data is safe or not.
S36, the network switching module sends the push data to a target data system.
The target data system may be another data system, or may be a public data cloud.
When the target data system receives the push data, a network exchange module in the target data system can determine whether the push message sent by the target data system can be received according to a PDC access rule sent by a network controller, when the push message can be received, the network exchange module can temporarily place the push message in a public data server of the target data system, when an artificial intelligence module of the target data system determines that the push message is safe, the push data is subjected to data integration, deformation and other operations according to data in a data storage module in the target data system, and finally generated data is sent to a PDC terminal corresponding to the target data system.
When the data pushing is completed, the data pushing process is recorded in a block chain module of the data system.
In this embodiment, a specific implementation manner of pushing a message by a data system is provided, and according to the implementation manner of pushing a message in this embodiment, outward pushing of a message can be implemented, so that other users can view the pushed message.
On the basis of the embodiment of the data circulation method, another embodiment of the present invention provides a data system, referring to fig. 5, including an application sandbox module 11, a database storage module 12 and an artificial intelligence module 13;
the application sandbox module 11 is configured to run a plurality of application programs;
the database storage module 12 is configured to store data of each application program in the application sandbox module during operation and user data according to category classification; the application program in the application sandbox module can access the stored data corresponding to the application type corresponding to the application program in the database storage module;
the artificial intelligence module 13 is configured to, when a preset application program running in the application sandbox module performs data circulation, acquire an application category corresponding to the preset application program, acquire stored data corresponding to the application category from the data storage module, perform data security shaping on circulation data during the data circulation according to the acquired stored data and a preset data circulation rule, generate a notification message, and send the notification message to a target application program, so that the target application program sends the notification message to an electronic device corresponding to the target application program;
the preset application program is any application program running in the application sandbox module, and the target application program is the preset application program stored in the application sandbox module or an application program belonging to the same application category as the preset application program.
Further, the artificial intelligence module 13 is configured to perform data security shaping on the circulation data during data circulation according to the acquired stored data and a preset data circulation rule, and when generating the notification message, is specifically configured to:
searching the stored data to obtain effective data which accords with the data circulation rule;
and carrying out data security combination on the effective data and the circulation data to obtain the notification message.
Further, the system also comprises a block chain module;
and the block chain module is used for recording the circulation process of the data circulation.
Further, the artificial intelligence module is configured to send the notification message to a target application program, so that after the target application program sends the notification message to the electronic device corresponding to the target application program, the artificial intelligence module is further configured to:
and according to the data circulation rule, performing data integration and transformation on the circulation data and the stored data to generate at least one associated notification message corresponding to the notification message, and respectively sending the at least one associated notification message to the mobile terminal of the corresponding message receiver.
In this embodiment, the artificial intelligence module sends the notification message to a target application program, and the target application program sends the notification message to the electronic device corresponding to the target application program. And the target application program is a preset application program stored in the application sandbox module or an application program belonging to the same application category as the preset application program. The application program belonging to the same application category as the preset application program and the preset application program can recognize the same notification message, and the application program in the application sandbox module can access the stored data corresponding to the application category corresponding to the application program in the database storage module, so that different application programs can access the same data, namely, the data of users among different applications can be shared. In addition, the generated notification message is used for performing data security shaping on the data which flows when the data flows through the data flow rule, so that the data can be further safely shared.
It should be noted that, for the working process of each module in this embodiment, please refer to the corresponding description in the above embodiments, which is not described herein again.
Optionally, on the basis of any one of the embodiments of the data system, the method further includes: the system also comprises a network switching module;
the network switching module is used for sending a data request message to a target data system, receiving a data request result which is sent by the target data system and corresponds to the data request message when the target data system determines that the data request message can be received, and sending the data request result to the artificial intelligence module when the data request result can be received;
the artificial intelligence module is further configured to, when it is determined that the data request result meets the security requirement, search, from the data storage module, first data corresponding to the data type corresponding to the data request result, generate a reply message according to the first data, the data request result, and the data circulation rule, and send the reply message to the electronic device, so that the electronic device displays the reply message.
In addition, the network switching module may be further configured to send a data request message to a target data system, and when the target data system determines that the data request message can be received and the data system is allowed to directly access the target data system, obtain a data request result corresponding to the data request message from the target data system, and send the data request result to the electronic device, so that the electronic device displays the data request result.
In this embodiment, data can be requested from the external device, and thus the requirement of the user for requesting data can be satisfied.
It should be noted that, for the working process of each module in this embodiment, please refer to the corresponding description in the above embodiments, which is not described herein again.
Optionally, on the basis of any of the embodiments of the data system described above, the data system further includes a network switching module;
the artificial intelligence module is further configured to obtain data to be pushed, determine a data type to which the data to be pushed belongs, search for second data corresponding to the data type from the data storage module, perform data integration on the second data and the data to be pushed according to the data circulation rule and a determined target data system, generate a push message, and send the push data to the network switching module when it is determined that the push data meets the security requirement;
and the network switching module is used for sending the push data to a target data system.
In this embodiment, a specific implementation manner of pushing a message by a data system is provided, and according to the implementation manner of pushing a message in this embodiment, outward pushing of a message can be implemented, so that other users can view the pushed message.
It should be noted that, for the working process of each module in this embodiment, please refer to the corresponding description in the above embodiments, which is not described herein again.
Optionally, on the basis of the embodiments of the data circulation method and the data system, another embodiment of the present invention provides a data circulation system, which includes, in addition to the data system, an intelligent contract server and an operation management server;
the intelligent contract server is used for determining the data circulation rule;
and the operation management server is used for operation and management of the data system.
Further, when the data system further comprises a blockchain module and the blockchain module is used for recording the circulation process of the data circulation, the data circulation system further comprises the blockchain server;
and the blockchain server is used for maintaining the types and versions of the blockchain modules.
In this embodiment, the artificial intelligence module sends the notification message to a target application program, and the target application program sends the notification message to the electronic device corresponding to the target application program. And the target application program is a preset application program stored in the application sandbox module or an application program belonging to the same application category as the preset application program. The application program belonging to the same application category as the preset application program and the preset application program can recognize the same notification message, and the application program in the application sandbox module can access the stored data corresponding to the application category corresponding to the application program in the database storage module, so that different application programs can access the same data, namely, the data of users among different applications can be shared. In addition, the generated notification message is used for performing data security shaping on the data which flows when the data flows through the data flow rule, so that the data can be further safely shared.
In order to make the structure of the data circulation system more clear to those skilled in the art, the description will be made with reference to fig. 6.
The overall structure of a data circulation system is shown in fig. 6, wherein the data circulation system comprises a plurality of data systems, each data system comprises a network controller, a network switching module, an application sandbox module, a data storage module, a block chain module, an artificial intelligence module and a common data server, and the functions of these modules or servers have been explained in the above embodiments.
It should be noted that, in this embodiment, each data system includes a public data server, the public data server may be responsible for caching data shared by the data system to the outside, and the data in the public data server receives security check of the artificial intelligence module, and data entering the data system from the outside also needs to enter the public data server first, and after the artificial intelligence module checks that the security is qualified, the data can be shared to a user using the data system. In addition, only one common data server may be provided, and all data systems may share one common data server.
The user A can access the data system on the left through the PDC terminal of the user A, and further can access the public data server of the data system on the left, the application in the application sandbox module and the data in the data storage module.
The user B can access the right data system through the PDC terminal of the user B, and further can access the public data server of the right data system, the application in the application sandbox module and the data in the data storage module.
In addition, each network controller in fig. 6 may formulate a PDC access rule in each network switching module, and issue the PDC access rule to the corresponding network switching module, so that the corresponding network switching module can execute the PDC access rule stored inside.
It should be noted that each data system includes a network controller, and each controller generates the PDC access rule of the corresponding data system and sends the PDC access rule to the network switching module belonging to the same data system.
The blockchain server in the data circulation system is used for maintaining the types and versions of blockchain modules. For example, the system can be responsible for maintaining rules such as building and updating of a block chain in the dimension data system, so that data circulation behaviors can be correctly recorded in the block chain, and full recording and non-repudiation of network behaviors are realized.
An operation management server in the data circulation system is used for operation and management of the data system. For example, the method can be responsible for detection and flexible scheduling of hardware resources and software resources of the data system, and normal operation of the data system is ensured.
And the intelligent contract server in the data circulation system is used for determining the data circulation rule. Specifically, updating of data circulation rules and the like can be maintained, and data sharing with privacy granularity distinguishing, flexibility and safety can be achieved for different data sharing objects under the condition that data among data systems are more reasonable in data circulation rules.
Through the data circulation system in fig. 6, trusted interconnection and secure data sharing among network users can be realized. And the data circulation process is recorded in the block chain module, so that the network behavior traceability is strong. And data and application are decoupled, so that the development of innovative application is facilitated. The application data is uniformly stored in the data storage module, which is beneficial to ensuring the data ownership of the network user.
In this embodiment, the data storage module in the data system stores the user data, the user data is no longer stored in the application server, and data shaping is completed before data circulation, so that the security and privacy of the data are guaranteed. The data circulation system is responsible for the credible recording of the data circulation process. The data circulation method is characterized in that data barriers between different application programs are opened, so that the application programs of the same application type can identify data of the same type, data safety shaping is completed through a data system under the guidance of an intelligent contract, and data credible circulation is completed through a data circulation system. Through the safe data circulation method and the safe data circulation system, the problems that data of users cannot be independently controlled, the data of the users cannot be shared among different applications and data privacy is easy to reveal in the prior art are solved, and the traceability of data sharing behaviors can be ensured.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (16)
1. A data circulation method is applied to a data system and comprises the following steps:
when a preset application program running in an application sandbox module generates data circulation, an artificial intelligence module acquires an application type corresponding to the preset application program; the preset application program is any application program running in the application sandbox module;
the artificial intelligence module acquires stored data corresponding to the application type from a data storage module; the data storage module stores the data of each application program in the application sandbox module in operation according to category classification; the application program in the application sandbox module can access the stored data corresponding to the application type corresponding to the application program in the database storage module;
the artificial intelligence module carries out data safety shaping on the circulation data during data circulation according to the acquired stored data and a preset data circulation rule to generate a notification message;
the artificial intelligence module sends the notification message to a target application program so that the target application program sends the notification message to the electronic equipment corresponding to the target application program;
the target application program is the preset application program stored in the application sandbox module or an application program belonging to the same application category as the preset application program.
2. The data circulation method of claim 1, wherein the artificial intelligence module performs data security shaping on circulation data during the data circulation according to the acquired stored data and a preset data circulation rule to generate a notification message, and the method comprises:
searching the stored data to obtain effective data which accords with the data circulation rule;
and carrying out data security combination on the effective data and the circulation data to obtain the notification message.
3. The data circulation method according to claim 1, wherein after the artificial intelligence module sends the notification message to the target application program, so that the target application program sends the notification message to the electronic device corresponding to the target application program, the method further comprises:
and the block chain module records the circulation process of the data circulation.
4. The data circulation method according to claim 1, wherein after the artificial intelligence module sends the notification message to the target application program, so that the target application program sends the notification message to the electronic device corresponding to the target application program, the method further comprises:
the artificial intelligence module carries out data integration and deformation on the circulation data and the stored data according to the data circulation rule to generate at least one associated notification message corresponding to the notification message;
and the artificial intelligence module respectively sends the at least one associated notification message to the mobile terminals of the corresponding message receivers.
5. A data flow method according to claim 1, further comprising:
the network switching module sends a data request message to a target data system;
when a target data system determines that the data request message can be received, the network switching module receives a data request result which is sent by the target data system and corresponds to the data request message;
when the network switching module determines that the data request result can be received, the network switching module sends the data request result to an artificial intelligence module;
when the artificial intelligence module determines that the data request result meets the safety requirement, the artificial intelligence module searches first data corresponding to the data type corresponding to the data request result from the data storage module;
the artificial intelligence module generates a reply message according to the first data, the data request result and the data circulation rule;
and the artificial intelligence module sends the reply message to the electronic equipment so as to enable the electronic equipment to display the reply message.
6. A data flow method according to claim 1, further comprising:
the network switching module sends a data request message to a target data system;
when the target data system determines that the data request message can be received and the data system is allowed to directly access the target data system, the network switching module acquires a data request result corresponding to the data request message from the target data system;
and the network switching module sends the data request result to the electronic equipment so as to enable the electronic equipment to display the data request result.
7. A data flow method according to claim 1, further comprising:
the artificial intelligence module acquires data to be pushed;
the artificial intelligence module determines the data type of the data to be pushed;
the artificial intelligence module searches for second data corresponding to the data type from the data storage module;
the artificial intelligence module carries out data integration on the second data and the data to be pushed according to the data circulation rule and the determined target data system to generate a push message;
when the artificial intelligence module determines that the pushed data meets the safety requirement, the pushed data is sent to a network exchange module;
and the network switching module sends the push data to a target data system.
8. A data system is characterized by comprising an application sandbox module, a database storage module and an artificial intelligence module;
the application sandbox module is used for running a plurality of application programs;
the database storage module is used for storing the data of each application program in the application sandbox module in the operation process and the user data according to the classification; the application program in the application sandbox module can access the stored data corresponding to the application type corresponding to the application program in the database storage module;
the artificial intelligence module is used for acquiring an application type corresponding to a preset application program when the preset application program running in the application sandbox module generates data circulation, acquiring stored data corresponding to the application type from a data storage module, performing data safety shaping on the circulation data during the data circulation according to the acquired stored data and a preset data circulation rule, generating a notification message, and sending the notification message to a target application program so that the target application program sends the notification message to electronic equipment corresponding to the target application program;
the preset application program is any application program running in the application sandbox module, and the target application program is the preset application program stored in the application sandbox module or an application program belonging to the same application category as the preset application program.
9. The data system of claim 8, wherein the artificial intelligence module is configured to, according to the obtained stored data and a preset data circulation rule, perform data security shaping on circulation data during data circulation, and when generating the notification message, specifically configured to:
searching the stored data to obtain effective data which accords with the data circulation rule;
and carrying out data security combination on the effective data and the circulation data to obtain the notification message.
10. The data system of claim 8, further comprising a blockchain module;
and the block chain module is used for recording the circulation process of the data circulation.
11. The data system of claim 8, wherein the artificial intelligence module is configured to send the notification message to a target application program, so that after the target application program sends the notification message to the electronic device corresponding to the target application program, the artificial intelligence module is further configured to:
and according to the data circulation rule, performing data integration and transformation on the circulation data and the stored data to generate at least one associated notification message corresponding to the notification message, and respectively sending the at least one associated notification message to the mobile terminal of the corresponding message receiver.
12. The data system of claim 8, further comprising a network switching module;
the network switching module is used for sending a data request message to a target data system, receiving a data request result which is sent by the target data system and corresponds to the data request message when the target data system determines that the data request message can be received, and sending the data request result to the artificial intelligence module when the data request result can be received;
the artificial intelligence module is further configured to, when it is determined that the data request result meets the security requirement, search, from the data storage module, first data corresponding to the data type corresponding to the data request result, generate a reply message according to the first data, the data request result, and the data circulation rule, and send the reply message to the electronic device, so that the electronic device displays the reply message.
13. The data system of claim 8, further comprising a network switching module;
the network switching module is configured to send a data request message to a target data system, acquire a data request result corresponding to the data request message from the target data system when the target data system determines that the data request message can be received and allows the data system to directly access the target data system, and send the data request result to the electronic device, so that the electronic device displays the data request result.
14. The data system of claim 8, further comprising a network switching module;
the artificial intelligence module is further configured to obtain data to be pushed, determine a data type to which the data to be pushed belongs, search for second data corresponding to the data type from the data storage module, perform data integration on the second data and the data to be pushed according to the data circulation rule and a determined target data system, generate a push message, and send the push data to the network switching module when it is determined that the push data meets the security requirement;
and the network switching module is used for sending the push data to a target data system.
15. A data circulation system comprising, in addition to a plurality of data systems according to claim 8, an intelligent contract server and an operation management server;
the intelligent contract server is used for determining the data circulation rule;
and the operation management server is used for operation and management of the data system.
16. A data flow system according to claim 15, wherein the data system further includes a blockchain module;
the block chain module is used for recording the circulation process of the data circulation;
the data circulation system also comprises a block chain server;
and the blockchain server is used for maintaining the types and versions of the blockchain modules.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711135505.9A CN107911450B (en) | 2017-11-16 | 2017-11-16 | Safe data circulation method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711135505.9A CN107911450B (en) | 2017-11-16 | 2017-11-16 | Safe data circulation method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107911450A CN107911450A (en) | 2018-04-13 |
| CN107911450B true CN107911450B (en) | 2020-08-28 |
Family
ID=61844316
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711135505.9A Active CN107911450B (en) | 2017-11-16 | 2017-11-16 | Safe data circulation method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107911450B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108830601B (en) * | 2018-06-25 | 2022-03-18 | 上海延华大数据科技有限公司 | Smart city information safe use method and system based on block chain |
| CN109241051A (en) * | 2018-07-19 | 2019-01-18 | 清华大学 | Data circulation method, computing engines, forwarding engine and the data system for the distribution of commodities |
| CN109547488B (en) * | 2018-12-29 | 2021-11-05 | 杭州趣链科技有限公司 | Credible data computing and exchanging system based on alliance block chain |
| CN109960946B (en) * | 2019-03-29 | 2021-03-30 | 百度在线网络技术(北京)有限公司 | Block chain-based data heat determination method, device, equipment and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694733A (en) * | 2012-06-06 | 2012-09-26 | 济南大学 | Method for acquiring network flow data set with accurate application type identification |
| CN104618503A (en) * | 2015-02-15 | 2015-05-13 | 西安酷派软件科技有限公司 | Inter-system data synchronization and sharing method and device as well as terminal |
| CN106469095A (en) * | 2016-10-08 | 2017-03-01 | 深圳市金立通信设备有限公司 | A kind of processing method of application data and terminal |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104660678B (en) * | 2015-01-16 | 2018-05-18 | 深信服科技股份有限公司 | Using data sharing method and device |
-
2017
- 2017-11-16 CN CN201711135505.9A patent/CN107911450B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694733A (en) * | 2012-06-06 | 2012-09-26 | 济南大学 | Method for acquiring network flow data set with accurate application type identification |
| CN104618503A (en) * | 2015-02-15 | 2015-05-13 | 西安酷派软件科技有限公司 | Inter-system data synchronization and sharing method and device as well as terminal |
| CN106469095A (en) * | 2016-10-08 | 2017-03-01 | 深圳市金立通信设备有限公司 | A kind of processing method of application data and terminal |
Non-Patent Citations (1)
| Title |
|---|
| 基于Android的ContentProvider实现数据共享的研究与探讨;瞿苏;《安徽电子信息职业技术学院学报》;20161231(第6期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107911450A (en) | 2018-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107911450B (en) | Safe data circulation method and system | |
| CN106134143B (en) | Method, apparatus and system for dynamic network access-in management | |
| JP2022000757A (en) | Model training system, method and storage medium | |
| US10165002B2 (en) | Identifying an imposter account in a social network | |
| CN109818937A (en) | For the control method of Android permission, device and storage medium, electronic device | |
| US20110023129A1 (en) | Dynamic enforcement of privacy settings by a social networking system on information shared with an external system | |
| US20140006507A1 (en) | Dynamic Security Question Compromise Checking Based on Incoming Social Network Postings | |
| CN109936571B (en) | Mass data sharing method, open sharing platform and electronic equipment | |
| US20190342753A1 (en) | Device configuration method, apparatus and system | |
| CN108718341B (en) | Method for sharing and searching data | |
| CN107896235B (en) | Information pushing method and device, network access equipment, terminal and social server | |
| WO2014059906A1 (en) | Method and system for accessing audio/video community virtual rooms | |
| CN109862025A (en) | Access control method, apparatus and system based on black and white lists | |
| WO2014139298A1 (en) | Permission management method, device and system for cloud platform service | |
| TWI706359B (en) | Data processing method and device, computing equipment and storage medium | |
| US11392707B2 (en) | Systems and methods for mediating permissions | |
| US20180014199A1 (en) | Network access method, apparatus, and system | |
| CN109088812A (en) | Information processing method, device, computer equipment and storage medium | |
| US20190362314A1 (en) | Event processing method and apparatus | |
| CN110278192A (en) | Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet | |
| US10977285B2 (en) | Using observations of a person to determine if data corresponds to the person | |
| US11080107B2 (en) | Event notification method, server device, event notification apparatus, and medium | |
| US20190286678A1 (en) | Resource distribution based upon search signals | |
| CN113064918B (en) | Enterprise data query method and device, electronic equipment and storage medium | |
| CN112615808B (en) | Method, device and medium for representing white list of process layer messages of intelligent substation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20190116 Address after: 410000 Yuelu Street, Yuelu District, Changsha City, Hunan Province, No. 1 Building, Fenghe Garden, No. 328 Luxiangzhong Road Applicant after: Hunan Yuelushan Research Institute of Data Science and Technology Co., Ltd. Address before: 100084 Tsinghua Yuan, Haidian District, Beijing, No. 1 Applicant before: Tsinghua University |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |