CN112182506A

CN112182506A - Data compliance detection method, device and equipment

Info

Publication number: CN112182506A
Application number: CN202010972730.3A
Authority: CN
Inventors: 苏仕东
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2020-09-16
Filing date: 2020-09-16
Publication date: 2021-01-05

Abstract

The embodiment of the specification discloses a method, a device and equipment for detecting data compliance, which can be applied to the field of supervision or compliance, and comprises the steps of receiving a data reporting request sent by a service access party, wherein the data reporting request comprises service-related statistical data of the service access party; performing compliance detection on the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the statistical data, wherein the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension; and processing the statistical data based on a compliance detection result corresponding to the statistical data to provide a data compliance detection or service supervision scheme.

Description

Data compliance detection method, device and equipment

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a method, an apparatus, and a device for compliance detection of data.

Background

With the continuous development of network technologies, networks provide convenience for people's work and life, based on this, in order to facilitate business development of merchants or users, some organizations or organizations construct corresponding business platforms in which merchants or users can operate corresponding businesses, and meanwhile, in order to better understand business operation conditions of merchants or users, the organizations or organizations will set corresponding business supervision platforms, and merchants or users can upload data related to their operated businesses to the business supervision platforms, and in order to make the data accessed to the business supervision platforms as uniform as possible, compliance detection can be performed on the accessed data.

Disclosure of Invention

The embodiment of the specification aims to provide a technical scheme for data compliance detection with better optimization and higher detection efficiency.

In order to implement the above technical solution, the embodiments of the present specification are implemented as follows:

an embodiment of the present specification provides a compliance detection method for data, including: receiving a data reporting request sent by a service access party, wherein the data reporting request comprises service-related statistical data of the service access party. And carrying out compliance detection on the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the statistical data, wherein the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension. And processing the statistical data based on a compliance detection result corresponding to the statistical data.

An embodiment of this specification provides a compliance detection device of data, the device includes: and the data reporting module is used for receiving a data reporting request sent by a service access party, wherein the data reporting request comprises the service-related statistical data of the service access party. And the compliance module is used for carrying out compliance detection on the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the statistical data, wherein the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension. And the data processing module is used for processing the statistical data based on the compliance detection result corresponding to the statistical data.

An embodiment of the present specification provides a compliance detection device for data, where the compliance detection device for data includes: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to: receiving a data reporting request sent by a service access party, wherein the data reporting request comprises service-related statistical data of the service access party. And carrying out compliance detection on the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the statistical data, wherein the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension. And processing the statistical data based on a compliance detection result corresponding to the statistical data.

Embodiments of the present specification also provide a storage medium, where the storage medium is used to store computer-executable instructions, and the executable instructions, when executed, implement the following processes: receiving a data reporting request sent by a service access party, wherein the data reporting request comprises service-related statistical data of the service access party. And carrying out compliance detection on the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the statistical data, wherein the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension. And processing the statistical data based on a compliance detection result corresponding to the statistical data.

Drawings

In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.

FIG. 1 is a diagram illustrating one embodiment of a method for compliance detection of data;

FIG. 2 is a schematic diagram of a compliance detection system for data according to the present disclosure;

FIG. 3 is a flowchart of another embodiment of a method for compliance detection of data according to the present disclosure;

FIG. 4 is a flowchart of another embodiment of a method for compliance detection of data according to the present disclosure;

FIG. 5 is a flowchart of another embodiment of a method for compliance detection of data according to the present disclosure;

FIG. 6 is a diagram of one embodiment of a compliance detection device for data according to the present disclosure;

FIG. 7 is an embodiment of a compliance detection device for data according to the present disclosure.

Detailed Description

The embodiment of the specification provides a method, a device and equipment for detecting compliance of data.

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.

Example one

As shown in fig. 1, an execution subject of the method may be a terminal device or a server, where the terminal device may be a mobile terminal device such as a mobile phone and a tablet computer, or may also be a device such as a personal computer, and the server may be an independent server, or a server cluster composed of multiple servers. The terminal device or the server may be a terminal device or a server of a data access compliance platform or a supervision platform of a certain service, one or more service access parties may reside in the data access compliance platform or the supervision platform of a certain service, and the service access parties may report related conditions of the service to the data access compliance platform or the supervision platform of a certain service at regular time or non-regular time. In the embodiments of the present specification, an execution subject is taken as an example to be described in detail, and for a case where the execution subject is a server, the following related content may be referred to for execution, and details are not described here. The method may specifically comprise the steps of:

in step S102, a data reporting request sent by a service access party is received, where the data reporting request includes statistical data related to a service of the service access party.

The service access party can register or apply for a certain service on the data access compliance platform or a supervision platform of a certain service, and the service access party can be responsible for marketing, operation, management and the like of the service and needs to report data related to service operation to the data access compliance platform or the supervision platform of a certain service regularly or irregularly so that the data access compliance platform or the supervision platform of a certain service can know the operation condition of the service access party in time. The service of the service access party can be any service, such as financial service, user credit collection service, etc.

In the implementation, with the continuous development of network technology, a network provides convenience for work and life of people, based on this, in order to facilitate a merchant or a user to develop a service, some organizations or organizations construct a corresponding service platform, the merchant or the user may operate a corresponding service in the corresponding service platform, and meanwhile, in order to better understand the service operation condition of the merchant or the user, the organizations or organizations may set a corresponding service supervision platform, the merchant or the user may upload data related to the operated service to the service supervision platform, and in order to make the data accessed to the service supervision platform as uniform as possible, compliance detection may be performed on the accessed data, and for this reason, a technical scheme for data compliance detection with better quality and higher detection efficiency needs to be provided. The embodiment of the present specification provides a technical solution for data compliance detection, which may specifically include the following contents:

as shown in fig. 2, in order to perform compliance detection on data uploaded by the service access side, a terminal device (which may be referred to as a first terminal device and a terminal device of the service access side may be referred to as a second terminal device for convenience of distinguishing from a terminal device of a subsequent service access side) for performing compliance detection on data uploaded by the service access side may be preset, and an application program for performing the compliance detection function may be installed in the first terminal device. Correspondingly, an application program for uploading data to the data access compliance platform or the service supervision platform may also be installed in the terminal device (i.e., the second terminal device) of the service access party, and through the application program, the service access party may upload data to the data access compliance platform or the service supervision platform. For this reason, the service access party may record, in advance, related data generated in the process of processing the service by the user, where, if the service of the service access party is a user credit service, the related data generated in the process of processing the service by the user may include the number of people requesting the service by the user in a preset time period (specifically, the number of people requesting the service by the user in the previous month or the number of people requesting the service by the user in the previous year), the number of new people requesting the service by the user in the preset time period compared to the previous time period, the number of information from different data sources (specifically, the number of information from a third-party payment mechanism, the number from a specified loan provider), the number of new information from different data sources in the preset time period compared to the previous time period, and the like. In practical applications, different services, the types or types of the relevant data generated in the process of processing the services by the user may be different, and the content of the data may also be different. When data related to the service needs to be reported to a data access compliance platform or a supervision platform of the service, the recorded data can be exported from the storage device, and statistical analysis can be performed based on the type of the data, the content of the data, and the like, so as to obtain statistical data required to be collected by a supervision platform of data access compliance platform or service, and the obtained statistical data can be processed according to a preset data format or a data processing mode to obtain statistical data related to the service of the service access party, for example, the statistical data can be arranged in a preset table in a table form, or, the statistical data may be set in a preset graph in the form of a statistical graph, or may be set in a preset report in the form of a table and a statistical graph (i.e., in the form of a report), and the like, and may be specifically set according to an actual situation.

In addition, a data uploading entry (specifically, a key or a hyperlink for data uploading) may be set in the application program. If the service access party needs to upload data to the data access compliance platform or the service supervision platform, the statistical data may be uploaded through the data upload entry (specifically, the service access party may click a key or a hyperlink for data upload, the second terminal device may display a data upload page, where the page may include a data input box and/or a data selection box, and a user may input the statistical data or select the statistical data for upload), and after the upload is completed, the second terminal device may obtain the statistical data and may generate a data report request, and send the data report request to the first terminal device, and the first terminal device may receive the data report request sent by the service access party.

It should be noted that the foregoing manner is implemented by directly sending a data reporting request to a first terminal device by a second terminal device, and in practical application, the foregoing manner may also include other manners, for example, the second terminal device may send the data reporting request to a data storage node, the data storage node may send a redirection message to the second terminal device, the redirection message may include an access address (such as an IP address, etc.) of the first terminal device, the second terminal device may send the data reporting request to the first terminal device based on the access address in the redirection message, and the first terminal device may receive the data reporting request sent by a service access party. For another example, the first terminal device and the second terminal device may be combined into a terminal device, at this time, the service access party may upload data directly on the terminal device through the data upload entry (for example, a user may click a key or a hyperlink for data upload, the terminal device may display a data upload page, the user may input the statistical data or select the statistical data for upload), after the upload is completed, the terminal device may obtain the statistical data and may generate a data report request, at this time, the terminal device may receive the data report request sent by the service access party.

In step S104, performing compliance detection on the statistical data based on a preset compliance rule, to obtain a compliance detection result corresponding to the statistical data, where the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension.

The compliance rule may be a rule capable of performing compliance detection on statistical data related to a service of a service access party, and the compliance rule may be set in various different manners, for example, the compliance rule may be set based on an identity of the service access party that uploads data to a data access compliance platform or a service supervision platform, a corresponding compliance rule may be set for a service class to which the service of the service access party belongs, and different compliance rules may be set for statistical data of different service classes, and may be specifically set according to actual conditions. Moreover, in order to ensure the safety of the compliance rule, the compliance rule may be a ciphertext, that is, the compliance rule may be a content of the compliance rule formulated by an authorized rule formulating party, and then the compliance rule may be encrypted or signed by an appointed encryption or signature manner to form a ciphertext of the compliance rule, and then the ciphertext of the compliance rule is transmitted to a terminal device of a data access compliance platform or a service supervision platform through an appointed secure data transmission channel, so that the safety of the compliance rule is ensured, and the compliance rule is prevented from being tampered. The data statistical dimension can be a dimension for sorting, analyzing and explaining data by a preset statistical method and making a certain conclusion on a problem reflected by the data statistical dimension. The service operation condition of the service access party may include various conditions, such as the quality of the service operation of the service access party, the service request and execution condition of the service access party, and the like.

In implementation, a data reporting request sent by a service access party may be received based on a preset corresponding security interface, and then, a terminal device (that is, the first terminal device) may perform compliance detection on the statistical data, where a specific compliance detection process may include multiple types, and the following provides a selectable processing manner, which may specifically include: a compliance rule for compliance detection of the statistical data may be preset, and the terminal device may analyze the statistical data, for example, may determine a service category corresponding to the statistical data, or determine information related to an organization or an organization corresponding to the statistical data, and then may obtain the corresponding compliance rule based on the determined service category or the determined information related to the organization or the organization. The statistical data may be subjected to compliance detection by using the obtained compliance rule, where the compliance detection on the statistical data may include multiple ways, for example, the percentage of the statistical data that satisfies the preset basic rule is 100%, and the data proportion of the association relationship between different data in the statistical data is greater than 60%. In practical applications, the compliance detection method for the statistical data may not only include the above method, but also include other various realizable methods, which are not described herein again.

The above processing for performing compliance detection on the statistical data is only one processing method that can be implemented, and in practical applications, the statistical data may also be performed compliance detection through other multiple processing methods, where different processing methods may be used to perform compliance detection on the statistical data according to different compliance rules, and different compliance rules may be different in a specific processing procedure for performing compliance detection on the statistical data, and may be specifically set according to actual situations, which is not limited in the embodiments of this specification.

In step S106, the statistical data is processed based on the compliance detection result corresponding to the statistical data.

In implementation, by performing compliance detection on the statistical data, a corresponding compliance detection result may be obtained, where the compliance detection result may include that the statistical data conforms to the data uploading rule, that the statistical data does not conform to the data uploading rule, and the like. If the compliance detection result obtained by the processing indicates that the statistical data does not conform to the data uploading rule, a notification message of data reporting request failure can be sent to the service access side of the data reporting request. In order to enable the service access party of the data reporting request to know the reason of the failure of the data reporting request, so that the service access party can continue to upload the statistical data subsequently, the related information or code of the failure of the data reporting request can be set in the notification message, and after the user checks the related information or code, the user can search and solve the related problem, so that the statistical data can be continuously uploaded to the data access compliance platform or the service supervision platform. If the compliance detection result obtained through the processing is that the statistical data meet the data uploading rule, the statistical data after compliance detection is obtained, and the statistical data after compliance detection can be uploaded to a supervision platform with data access to a compliance platform or a service.

The embodiment of the present specification provides a method for detecting compliance of data, which performs compliance detection on statistical data related to a service of a service access party in a data reporting request of the service access party based on a compliance rule required for analyzing a service operation condition of the service access party based on a data statistics dimension to obtain a corresponding compliance detection result, and processes the statistical data based on the compliance detection result corresponding to the statistical data, so that the compliance detection is performed on the statistical data related to the service of the service access party based on the compliance rule of the data statistics dimension, so that data accessed to a data access compliance platform or a supervision platform of the service is unified as much as possible, the accessed data conforms to the corresponding rule, and the detection efficiency of the data compliance detection is improved.

Example two

As shown in fig. 3, an execution subject of the method may be a terminal device or a server, where the terminal device may be a mobile terminal device such as a mobile phone and a tablet computer, or may also be a device such as a personal computer, and the server may be an independent server, or a server cluster composed of multiple servers. The terminal device or the server may be a terminal device or a server of a data access compliance platform or a supervision platform of a certain service, one or more service access parties may reside in the data access compliance platform or the supervision platform of a certain service, and the service access parties may report related conditions of the service to the data access compliance platform or the supervision platform of a certain service at regular time or non-regular time. In the embodiments of the present specification, an execution subject is taken as an example to be described in detail, and for a case where the execution subject is a server, the following related content may be referred to for execution, and details are not described here. The method may specifically comprise the steps of:

in step S302, a data reporting request sent by a service access party is received, where the data reporting request includes statistical data related to a service of the service access party, and the statistical data is set in a preset report for the service of the service access party.

The preset report may be a preset report for a service of the service access party, where the report may include a table and/or a graph, and the table or the graph may have different item names and contents corresponding to each item, for example, an account book or a financial report, and specifically, if the service of the service access party is a service of a credit collection of a user, the preset report may be as shown in table 1.

TABLE 1

In practical application, the report can be presented in a tabular manner, a graphical manner, or a combined graphical and tabular manner, and can be set according to practical situations.

In step S304, a report compliance rule is generated based on a preset compliance rule, and the report compliance rule is used for compliance detection of a preset report.

The report compliance rule may be a rule generated based on a preset compliance rule, and the report compliance rule may include the preset compliance rule, and may further include a rule applicable to the report and determined based on the preset compliance rule. The report compliance rules may be constructed based on one or more of the following parameters: the number of cells, the number of first verification rules, the number of early warning type verification rules, the coverage rate of basic rule cells, the coverage rate of check-up rule cells, the number of historical report content instances, the number of early warning unresolved cases corresponding to the first verification rules within a first preset time period, and the number of early warning unresolved cases corresponding to the early warning type verification rules within a second preset time period are contained in the preset report. The first verification rule may be set according to actual conditions, for example, the first verification rule may be a rule for determining that data fails to meet the first verification rule, and in practical applications, the first verification rule may also be referred to as a strong verification rule. The early warning type verification rule can be a rule for giving an alarm or prompting when certain data is determined not to conform to the early warning type verification rule. The basic rule may be a preset basic data compliance rule, for example, a basic rule about prohibited words, and may be specifically set according to actual situations. The coverage rate of the basic rule cells can be determined by the number of the cells conforming to the basic rule and the total number of the cells, in the report, each cell can include corresponding data, the data needs to conform to the basic rule and the like, and the cells where the data conforming to the rule are located can be used as the cells covered by the basic rule (namely, the cells conforming to the basic rule). The check rule can be a rule which exists between related numbers in the report and can be checked and verified mutually, for example, the sum of the balance of a certain total account and the balance of each subaccount to which the certain total account belongs, namely, a rule which is consistent and can be verified exists, and for example, the sales income, the sales tax, the sales factory cost, the sales expense, the technical transfer fee, the total number of sales profits and the amount of money of the same item in a certain commodity sales detail report also exist a rule which is verified mutually. The first predetermined time period and the second predetermined time period may be set according to actual conditions, and may be the same or different, specifically, for example, the first predetermined time period may be 1 day or 1 month, and the second predetermined time period may be 1 day or 3 months.

The report compliance rules may include one or more of the following: the coverage rate of the basic rule cells is not less than a first threshold, the coverage rate of the audit rule cells is greater than a second threshold, the coverage rate of the rules contained in the preset report is greater than a third threshold, and the effective rate of the parameters contained in the preset report is greater than a fourth threshold. The first threshold, the second threshold, the third threshold and the fourth threshold may be set according to actual situations, and specifically, for example, the first threshold may be 100%, the second threshold may be 60%, the third threshold may be 60% and the fourth threshold may be 80%.

In step S306, performing compliance detection on the preset report with the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the preset report, and taking the compliance detection result corresponding to the preset report as the compliance detection result corresponding to the statistical data, where the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension.

For a specific processing procedure of the step S306, reference may be made to relevant contents of the step S104 in the first embodiment, which is not described herein again.

In step S308, the statistical data is processed based on the compliance detection result corresponding to the statistical data.

In addition, based on the compliance detection result corresponding to the statistical data, the service operation condition of the service access party, such as whether the service operation of the service access party is healthy or stable, can be known and determined.

In addition, statistical data related to the service of the service access party is presented in a report form mode, and the report form is subjected to compliance detection based on report form compliance rules to obtain a corresponding result, so that the report form accessed to the data access compliance platform or the service supervision platform is unified as much as possible, and the accessed table accords with the corresponding rules.

EXAMPLE III

As shown in fig. 4, an execution subject of the method may be a terminal device or a server, where the terminal device may be a mobile terminal device such as a mobile phone and a tablet computer, or may also be a device such as a personal computer, and the server may be an independent server, or a server cluster composed of multiple servers. The terminal device or the server may be a terminal device or a server of a data access compliance platform or a supervision platform of a certain service, one or more service access parties may reside in the data access compliance platform or the supervision platform of a certain service, and the service access parties may report related conditions of the service to the data access compliance platform or the supervision platform of a certain service at regular time or non-regular time. In the embodiments of the present specification, an execution subject is taken as an example to be described in detail, and for a case where the execution subject is a server, the following related content may be referred to for execution, and details are not described here. The method may specifically comprise the steps of:

in step S402, a data reporting request sent by a service access party is received, where the data reporting request includes statistical data related to a service of the service access party.

In step S404, the statistical data related to the service of the service access party in the data reporting request is transferred to the trusted execution environment through the first trusted application for performing the data reporting process; and a compliance rule for compliance detection of the statistical data of the first trusted application is set in the trusted execution environment, and the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension.

The first trusted application may be a pre-specified trusted application that can be used to perform data reporting processing, such as a certain financial payment application, a certain instant messaging application, or a pre-developed application program, and the first trusted application may be an application program that needs to be installed in the terminal device, a code program that is pre-embedded in a certain hardware device of the terminal device, a program that is set in the form of a plug-in to the background of an operating system of the terminal device and runs, and may be specifically set according to an actual situation. The trusted execution environment may be TEE or the like, may be implemented by a program written in a predetermined programming language (i.e., may be implemented in the form of software), and may also be implemented in a software and hardware-based manner, and may be a data processing environment that is secure and isolated from other environments, i.e., processes executed in the trusted execution environment, and data and the like generated during the data processing cannot be accessed by other execution environments or application programs outside the executable environment. The terminal device may include an REE (rich execution environment) and a TEE, an operating system installed in the terminal device may be run under the REE, such as an Android operating system, an iOS operating system, a Windows operating system, a Linux operating system, and the like, and the REE may have characteristics of strong function, good openness and extensibility, and may provide all functions of the terminal device, such as a camera function, a touch function, and the like, for an upper application program. The TEE has its own execution space, that is, there is an operating system under the TEE, the TEE has a higher security level than the REE, software and hardware resources in the terminal equipment which can be accessed by the TEE are separated from the REE, but the TEE can directly acquire the information of the REE, and the REE cannot acquire the information of the TEE. The TEE can perform authentication and other processing through the provided interface, so that user information (such as payment information, user privacy information and the like) cannot be tampered, passwords cannot be hijacked, and information such as fingerprints or faces cannot be stolen. The compliance rule is preset in a trusted execution environment of the terminal device, in order to ensure the safety of the compliance rule, the compliance rule can be a ciphertext, namely the compliance rule can be used for formulating the content of the compliance rule by an authorized rule maker, then the compliance rule can be encrypted or signed in a specified encryption or signature mode to form the ciphertext of the compliance rule, and then the ciphertext of the compliance rule is transmitted to the TEE of the terminal device through a specified safety data transmission channel, so that the safety of the compliance rule is ensured, and the compliance rule is prevented from being tampered. In a feasible execution environment, the ciphertext of the compliance rule may be decrypted or signed, and after it is determined that the compliance rule is not tampered (for example, the signature passes or the compliance rule after decryption and decryption meets a preset condition, etc.), the compliance rule may be stored in the TEE.

In implementation, in order to ensure security during the process of accessing the statistical data to the compliance platform or the service monitoring platform, the statistical data related to the service of the service access party in the data reporting request is prevented from being acquired by any application program in the REE, a trusted application (i.e., a first trusted application) for performing data reporting processing may be set, and the statistical data is temporarily protected by the first trusted application, for example, unauthorized other application programs may be prevented from accessing the statistical data to perform data protection, or the statistical data may be subjected to predetermined processing to obtain processed statistical data, so as to perform data protection, for example, the statistical data is encrypted or signed to obtain encrypted or signed statistical data. After acquiring the data reporting request of the user, the terminal device may start a trusted application (i.e., a first trusted application) for performing data reporting processing. The first trusted application may be preset with a secure interface, and correspondingly, the trusted execution environment of the terminal device may also be provided with a corresponding secure interface, and a secure data transmission channel may be established between the first trusted application and the trusted execution environment through the secure interface between the first trusted application and the trusted execution environment. The first trusted application may extract the statistical data from the data reporting request, and may transmit the statistical data to a trusted execution environment of the terminal device through the secure interface and the data transmission channel, and the security of the data in the transmission process may be ensured by setting the first trusted application, the secure interface, the data transmission channel, and the like.

It should be noted that the first trusted application may also include multiple types, and the corresponding first trusted application may be set according to a service type or a service identifier corresponding to the statistical data, or may be set according to a data content or a data type of the statistical data, or may be set according to a difference between users corresponding to the statistical data. In practical applications, how to set the first trusted application may be set according to practical situations, which is not limited in the embodiments of the present specification.

The processing of step S404 may be various, and an optional processing manner is provided as follows, which may specifically include the following: and transmitting the statistics data related to the service of the service access party in the data reporting request to a trusted execution environment in a ciphertext mode through a first trusted application for executing data reporting processing.

The ciphertext of the statistical data may be determined using a plurality of different encryption algorithms, where the encryption algorithm may include a plurality of algorithms, such as a symmetric encryption algorithm or an asymmetric encryption algorithm.

In step S406, a trusted execution environment is used to determine whether the statistical data meets the compliance rule, so as to obtain a compliance detection result corresponding to the statistical data.

In implementation, in order to ensure that the statistical data is not leaked in the processing process, compliance detection may be performed on the statistical data in a trusted execution environment, and a specific compliance detection process may include multiple types, and the following provides an optional processing manner, and specifically may include: a compliance rule for compliance detection of the statistical data may be preset, and the statistical data may be placed in a trusted execution environment after being transferred to the trusted execution environment of the terminal device. In the trusted execution environment, the terminal device may analyze the statistical data, for example, may determine a service class corresponding to the statistical data, or determine related information of an organization or an organization corresponding to the statistical data, and then may obtain a corresponding compliance rule based on the determined service class or the determined related information of the organization or the organization. The statistical data may be subjected to compliance detection using the obtained compliance rules in the trusted execution environment.

The processing of step S406 may be various, and an alternative processing manner is provided below, which may specifically include the following: the data reporting request comprises a verifiable statement of the statistical data, and the validity of the verifiable statement is verified in a trusted execution environment; and if the verification result is valid, determining whether the statistical data conforms to the compliance rule by using a trusted execution environment.

The verifiable declaration can be information for describing normalization of some attributes of an entity such as a person, an organization and the like, the verifiable declaration can realize trust based on evidence, and the information of some attributes of the current entity can be proved to other entities through the verifiable declaration to be credible. Multiple different fields and corresponding field values may be included in the verifiable assertion.

In implementation, the first trusted application may transmit the verifiable statement in the data reporting request to the trusted execution environment of the terminal device, in addition to transmitting the statistical data in the data reporting request to the trusted execution environment of the terminal device. After the trusted execution environment of the terminal device includes the statistical data and the verifiable statement, the verifiable statement may be verified first to determine whether the verifiable statement is valid, and corresponding processing is performed based on the verifiable statement under the condition that the verifiable statement is determined to be valid, thereby further ensuring the security of data processing. Specifically, verifying the verifiable declaration may include various ways, for example, calculating a field value included in the verifiable declaration by a predetermined algorithm (for example, calculating a hash value of the field value included in the verifiable declaration by a hash algorithm, etc.) may be obtained, and a corresponding calculation result is obtained. The verifiable statement also comprises a reference value of the calculation result, the obtained calculation result can be compared with the reference value in the verifiable statement, if the calculation result and the reference value are the same, the verification is passed, namely, the verification statement is valid, and if the calculation result and the verification result are different, the verification is failed, namely, the verification statement is invalid.

In addition, the process of determining whether the statistical data meets the compliance rule using the trusted execution environment if the verification result is valid may be various, and an alternative processing manner is provided below, and specifically, the process may include the following step a2 and step a 4.

In step A2, if the verification result is valid, a compliance rule corresponding to the holder of the verifiable assertion is obtained in the trusted execution environment.

In an implementation, if the verification result is that the verifiable declaration is valid, it indicates that the data to be linked is the data issued or provided by the holder of the verifiable declaration. In order to further perform compliance detection on the data and ensure the security of the data, compliance rules can be set for the holders of different verifiable claims to prevent other organizations or users from stealing the verifiable claims of the holder of the verifiable claims to upload false data. Upon determining that the verifiable claim is valid, compliance rules corresponding to the holder of the verifiable claim can be obtained in the trusted execution environment.

In step A4, the trusted execution environment is used to determine whether the statistical data complies with the compliance rules corresponding to the holding party.

In addition, the data reporting request includes digital identity information of the service access party, the processing of step S404 may be various, and an optional processing manner is provided below, which may specifically include the following step B2 and step B4.

In step B2, in the trusted execution environment, it is searched whether there is digital identity information of the service access party in the digital identity information pre-stored in the trusted execution environment.

The digital identity information may be information that a user can be identifiably depicted through digital information, that is, the digital identity information is represented in a form of concentrating real identity information into digital codes, so as to bind, query and verify the personal real-time behavior information of the user. The digital identity information may not only include the birth information, individual description, biological characteristics and other identity encoding information of the user, but also relate to personal behavior information (such as transaction information or entertainment information) with various attributes and the like. The digital Identity information can be presented in various ways, such as DID (Decentralized Identity) and the like.

In step B4, if so, a trusted execution environment is used to determine whether the statistical data complies with the compliance rules.

In step S408, the statistical data is processed based on the compliance detection result corresponding to the statistical data.

In step S410, an update request for the compliance rule is received, where the update request includes rule data to be updated, and the rule data to be updated is a ciphertext.

In implementation, in order to avoid that an irrelevant user updates the compliance rule, information about a user with an update authority may be set for the compliance rule, that is, only a user with an update authority may update the compliance rule. When a compliance rule in the TEE needs to be updated, an identifier of the compliance rule needing to be modified and rule data to be updated can be input through a first trusted application in terminal equipment of the TEE, after the input is completed, the terminal equipment can acquire the input identifier of the compliance rule needing to be updated and the input rule data to be updated, and can generate an update request, so that the terminal equipment can acquire the update request of the data compliance rule.

In step S412, the rule data to be updated is decrypted, and the compliance rule is updated based on the decrypted rule data to be updated.

In addition, the compliance rules are stored through the trusted execution environment, and data processing is performed through the first trusted application and the like, so that the safety and the credibility of the statistical data are guaranteed.

The report mode presents statistical data related to the business of the business access party, and carries out compliance detection on the report based on the report compliance rule to obtain a corresponding result, so that the report accessed to the data access compliance platform or the business supervision platform is unified as much as possible, and the accessed table conforms to the corresponding rule.

Example four

As shown in fig. 5, an execution subject of the method may be a terminal device or a server, where the terminal device may be a mobile terminal device such as a mobile phone and a tablet computer, or may also be a device such as a personal computer, and the server may be an independent server, or a server cluster composed of multiple servers. The terminal device or the server may be a terminal device or a server of a data access compliance platform or a supervision platform of a certain service, one or more service access parties may reside in the data access compliance platform or the supervision platform of a certain service, and the service access parties may report related conditions of the service to the data access compliance platform or the supervision platform of a certain service at regular time or non-regular time. In the embodiments of the present specification, an execution subject is taken as an example to be described in detail, and for a case where the execution subject is a server, the following related content may be referred to for execution, and details are not described here. The method may specifically comprise the steps of:

in step S502, a data reporting request sent by the service access party is received, where the data reporting request includes statistical data related to the service of the service access party, and the statistical data is set in a preset report for the service of the service access party.

Wherein the report compliance rule may be constructed based on one or more of the following parameters: the number of cells, the number of first verification rules, the number of early warning type verification rules, the coverage rate of basic rule cells, the coverage rate of check-up rule cells, the number of historical report content instances, the number of early warning unresolved cases corresponding to the first verification rules within a first preset time period, and the number of early warning unresolved cases corresponding to the early warning type verification rules within a second preset time period are contained in the preset report. The report compliance rules may include one or more of the following: the coverage rate of the basic rule cells is not less than a first threshold, the coverage rate of the audit rule cells is greater than a second threshold, the coverage rate of the rules contained in the preset report is greater than a third threshold, and the effective rate of the parameters contained in the preset report is greater than a fourth threshold.

In step S504, a preset report, in which the service-related statistical data of the service access party is set in the data reporting request, is transferred to a trusted execution environment through a first trusted application for performing data reporting processing; the trusted execution environment is provided with a compliance rule for compliance detection of statistical data of the first trusted application, and the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension.

The processing of step S504 may be various, and an optional processing manner is provided as follows, which may specifically include the following: and transmitting a preset report form of the statistical data related to the service of the service access party in the data reporting request to a trusted execution environment in a ciphertext mode through a first trusted application for executing data reporting processing.

In step S506, a report compliance rule is generated in the trusted execution environment based on a preset compliance rule, where the report compliance rule is used for compliance detection of a preset report.

In step S508, a trusted execution environment is used to determine whether the preset report with the statistical data meets the report compliance rule, so as to obtain a compliance detection result corresponding to the preset report, and the compliance detection result corresponding to the preset report is used as the compliance detection result corresponding to the statistical data.

The processing of step S508 may be various, and an optional processing manner is provided as follows, which may specifically include the following: the data reporting request may include a verifiable statement of the statistical data, and the validity of the verifiable statement is verified in a trusted execution environment; and if the verification result is valid, determining whether the preset report provided with the statistical data meets the report compliance rule or not by using the trusted execution environment.

Wherein, if the verification result is valid, the trusted execution environment is used to determine whether the preset report provided with the statistical data meets the report compliance rule, and the processing may be diversified, and an optional processing manner is provided below, which may specifically include the following: if the verification result is valid, acquiring a report compliance rule corresponding to the holder of the verifiable statement in the trusted execution environment; and determining whether the preset report provided with the statistical data meets the report compliance rule corresponding to the holder or not by using the trusted execution environment.

The processing of step S508 may be various, and an alternative processing manner is provided below, which may specifically include the following: the data uplink request can include digital identity information of a service access party, and whether the digital identity information of the service access party exists in the digital identity information prestored in the trusted execution environment is searched in the trusted execution environment; and if so, determining whether the preset report provided with the statistical data meets the report compliance rule or not by using the trusted execution environment.

In step S510, the statistical data is processed based on the compliance detection result corresponding to the statistical data.

In step S512, an update request for the compliance rule is received, where the update request includes rule data to be updated, and the rule data to be updated is a ciphertext.

In step S514, the rule data to be updated is decrypted, and the compliance rule is updated based on the decrypted rule data to be updated.

In addition, the compliance rule is stored through the trusted execution environment, data processing is carried out through the first trusted application and the like, so that the safety and the credibility of statistical data are guaranteed, the statistical data related to the service of the service access party are presented in a report form mode, the report form is subjected to compliance detection based on the report form compliance rule, a corresponding result is obtained, the report form accessed to the data access compliance platform or the service supervision platform is unified as much as possible, and the accessed table accords with the corresponding rule.

EXAMPLE five

Based on the same idea, the compliance detection method of data provided in the embodiments of the present specification further provides a compliance detection device of data, as shown in fig. 6.

The compliance detection device of the data includes: a data reporting module 601, a compliance module 602, and a data processing module 603, wherein:

a data reporting module 601, configured to receive a data reporting request sent by a service access party, where the data reporting request includes statistical data related to a service of the service access party;

a compliance block 602, configured to perform compliance detection on the statistical data based on a preset compliance rule, to obtain a compliance detection result corresponding to the statistical data, where the compliance rule is a rule required for analyzing a service operation condition of the service access party based on a data statistics dimension;

and the data processing module 603 is configured to process the statistical data based on a compliance detection result corresponding to the statistical data.

In an embodiment of this specification, the statistical data is set in a preset report for the service of the service access party, and the scaling block 602 includes:

the report compliance unit generates a report compliance rule based on the compliance rule, and the report compliance rule is used for carrying out compliance detection on the preset report;

the first compliance unit is used for carrying out compliance detection on a preset report provided with the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the preset report, and the compliance detection result corresponding to the preset report is used as the compliance detection result corresponding to the statistical data.

In an embodiment of the present specification, the report compliance rule is constructed based on one or more of the following parameters: the number of the cells, the number of the first verification rules, the number of the early warning type verification rules, the coverage rate of the cells of the basic rules, the coverage rate of the cells of the check-up rules, the number of the historical report contents, the number of the early warnings which are not solved and correspond to the first verification rules in the first preset time and the number of the early warnings which are not solved and correspond to the early warning type verification rules in the second preset time are included in the preset report.

In an embodiment of the present specification, the report compliance rule includes one or more of the following rules: the coverage rate of the basic rule cells is not less than a first threshold, the coverage rate of the audit rule cells is greater than a second threshold, the coverage rate of the rules contained in the preset report is greater than a third threshold, and the effective rate of the parameters contained in the preset report is greater than a fourth threshold.

In this embodiment, the scaling block 602 includes:

the data transmission unit is used for transmitting the statistical data related to the service of the service access party in the data reporting request to a trusted execution environment through a first trusted application for executing data reporting processing; wherein the trusted execution environment is provided with the compliance rule for compliance detection of the statistical data of the first trusted application;

and the second compliance unit is used for determining whether the statistical data accord with the compliance rule or not by using the trusted execution environment to obtain a compliance detection result corresponding to the statistical data.

In this embodiment of the present specification, the data transfer unit transfers statistics data related to the service of the service access party in the data reporting request to the trusted execution environment in a ciphertext manner through a first trusted application configured to perform data reporting processing.

In an embodiment of this specification, the data reporting request includes a verifiable statement of the statistical data, and the second compliance unit verifies validity of the verifiable statement in the trusted execution environment; if the verification result is valid, determining whether the statistical data conforms to the compliance rule using the trusted execution environment.

In an embodiment of this specification, if a verification result is valid, the second compliance unit obtains, in the trusted execution environment, a compliance rule corresponding to a holder of the verifiable statement; determining, using the trusted execution environment, whether the statistics conform to compliance rules corresponding to the holding party.

In an embodiment of this specification, the data uplink request includes digital identity information of the service access party, and the second compliance unit searches, in the trusted execution environment, whether digital identity information of the service access party exists in digital identity information prestored in the trusted execution environment; if so, determining, using the trusted execution environment, whether the statistical data complies with the compliance rule.

In an embodiment of this specification, the apparatus further includes:

the updating request module is used for receiving an updating request for the compliance rule, wherein the updating request comprises rule data to be updated, and the rule data to be updated is a ciphertext;

and the updating module is used for decrypting the rule data to be updated and updating the compliance rule based on the decrypted rule data to be updated.

An embodiment of the present specification provides a data compliance detection apparatus, which performs compliance detection on statistical data related to a service of a service access party in a data reporting request of the service access party based on a compliance rule required for analyzing a service operation condition of the service access party based on a data statistics dimension to obtain a corresponding compliance detection result, and processes the statistical data based on the compliance detection result corresponding to the statistical data, so that the compliance detection is performed on the statistical data related to the service of the service access party based on the compliance rule of the data statistics dimension, so that data accessed to a data access compliance platform or a service supervision platform is unified as much as possible, the accessed data conforms to the corresponding rule, and the detection efficiency of the data compliance detection is improved.

EXAMPLE six

Based on the same idea, the compliance detection device for data provided in the embodiments of the present specification further provides a compliance detection device for data, as shown in fig. 7.

The compliance detection device of the data may be the terminal device or the server provided in the above embodiments.

The compliance detection device for data may vary greatly due to different configurations or capabilities, and may include one or more processors 701 and a memory 702, where one or more stored applications or data may be stored in the memory 702. Memory 702 may be, among other things, transient storage or persistent storage. The application program stored in memory 702 may include one or more modules (not shown), each of which may include a series of computer-executable instructions in a compliance detection device for data. Still further, the processor 701 may be configured to communicate with the memory 702 to execute a series of computer-executable instructions in the memory 702 on a compliance detection device for data. The compliance detection apparatus for data may also include one or more power supplies 703, one or more wired or wireless network interfaces 704, one or more input-output interfaces 705, and one or more keyboards 706.

In particular, in this embodiment, the compliance detection device for data includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the compliance detection device for data, and the one or more programs configured to be executed by the one or more processors include computer-executable instructions for:

receiving a data reporting request sent by a service access party, wherein the data reporting request comprises service-related statistical data of the service access party;

performing compliance detection on the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the statistical data, wherein the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension;

and processing the statistical data based on a compliance detection result corresponding to the statistical data.

In an embodiment of this specification, the setting of the statistical data in a preset report for a service of the service access party, and performing compliance detection on the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the statistical data includes:

generating a report compliance rule based on the compliance rule, wherein the report compliance rule is used for carrying out compliance detection on the preset report;

and carrying out compliance detection on a preset report provided with the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the preset report, and taking the compliance detection result corresponding to the preset report as the compliance detection result corresponding to the statistical data.

An embodiment of the present specification provides a data compliance detection device, which performs compliance detection on statistical data related to a service of a service access party in a data reporting request of the service access party based on a compliance rule required for analyzing a service operation condition of the service access party based on a data statistics dimension to obtain a corresponding compliance detection result, and processes the statistical data based on the compliance detection result corresponding to the statistical data, so that the compliance detection is performed on the statistical data related to the service of the service access party based on the compliance rule of the data statistics dimension, so that data accessed to a data access compliance platform or a service supervision platform is unified as much as possible, the accessed data conforms to the corresponding rule, and the detection efficiency of the data compliance detection is improved.

EXAMPLE seven

Further, based on the methods shown in fig. 1 to fig. 5, one or more embodiments of the present specification further provide a storage medium for storing computer-executable instruction information, in a specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, or the like, and when the storage medium stores the computer-executable instruction information, the storage medium implements the following processes:

The embodiment of the present specification provides a storage medium, which performs compliance detection on statistical data related to a service of a service access party in a data reporting request of the service access party based on a compliance rule required for analyzing a service operation condition of the service access party based on a data statistics dimension to obtain a corresponding compliance detection result, and processes the statistical data based on the compliance detection result corresponding to the statistical data, so that the compliance detection is performed on the statistical data related to the service of the service access party based on the compliance rule of the data statistics dimension, so that data accessed to a data access compliance platform or a service supervision platform is unified as much as possible, the accessed data conforms to the corresponding rule, and the detection efficiency of the data compliance detection is improved.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.

As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Embodiments of the present description are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data compliance detection device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data compliance detection device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data compliance detection device to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data compliance detection device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer implemented process such that the instructions which execute on the computer or other programmable device provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims

1. A method of compliance detection of data, the method comprising:

2. The method according to claim 1, wherein the statistical data is set in a preset report for the service of the service access party, and the performing compliance detection on the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the statistical data comprises:

3. The method of claim 2, wherein the report compliance rule is constructed based on one or more of the following parameters: the number of the cells, the number of the first verification rules, the number of the early warning type verification rules, the coverage rate of the cells of the basic rules, the coverage rate of the cells of the check-up rules, the number of the historical report contents, the number of the early warnings which are not solved and correspond to the first verification rules in the first preset time and the number of the early warnings which are not solved and correspond to the early warning type verification rules in the second preset time are included in the preset report.

4. The method of claim 3, the report compliance rules comprising one or more of the following: the coverage rate of the basic rule cells is not less than a first threshold, the coverage rate of the audit rule cells is greater than a second threshold, the coverage rate of the rules contained in the preset report is greater than a third threshold, and the effective rate of the parameters contained in the preset report is greater than a fourth threshold.

5. The method according to any one of claims 1 to 4, wherein performing compliance detection on the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the statistical data includes:

transmitting the statistical data related to the service of the service access party in the data reporting request to a trusted execution environment through a first trusted application for executing data reporting processing; wherein the trusted execution environment is provided with the compliance rule for compliance detection of the statistical data of the first trusted application;

and determining whether the statistical data accord with the compliance rule or not by using the trusted execution environment to obtain a compliance detection result corresponding to the statistical data.

6. The method of claim 5, wherein the passing the service-related statistics of the service access party in the data reporting request to a trusted execution environment through a first trusted application for performing a data reporting process comprises:

and transmitting the service-related statistical data of the service access party in the data reporting request to the trusted execution environment in a ciphertext manner through a first trusted application for executing data reporting processing.

7. The method of claim 5, wherein the data reporting request includes a verifiable statement of the statistical data, and wherein the determining, using the trusted execution environment, whether the statistical data complies with the compliance rule comprises:

verifying, in the trusted execution environment, the validity of the verifiable assertion;

if the verification result is valid, determining whether the statistical data conforms to the compliance rule using the trusted execution environment.

8. The method of claim 7, the determining, using the trusted execution environment, whether the statistical data complies with the compliance rule if the validation result is valid, comprising:

if the verification result is valid, acquiring a compliance rule corresponding to the holder of the verifiable statement in the trusted execution environment;

determining, using the trusted execution environment, whether the statistics conform to compliance rules corresponding to the holding party.

9. The method of claim 5, wherein the request for uplink data includes digital identity information of the service access party, and wherein said determining, using the trusted execution environment, whether the statistical data complies with the compliance rules comprises:

in the trusted execution environment, searching whether digital identity information of the service access party exists in digital identity information prestored in the trusted execution environment;

if so, determining, using the trusted execution environment, whether the statistical data complies with the compliance rule.

10. The method of claim 1, further comprising:

receiving an update request for the compliance rule, wherein the update request comprises rule data to be updated, and the rule data to be updated is a ciphertext;

and decrypting the rule data to be updated, and updating the compliance rule based on the decrypted rule data to be updated.

11. An apparatus for compliance detection of data, the apparatus comprising:

the data reporting module is used for receiving a data reporting request sent by a service access party, wherein the data reporting request comprises service-related statistical data of the service access party;

the compliance module is used for carrying out compliance detection on the statistical data based on a preset compliance rule to obtain a compliance detection result corresponding to the statistical data, wherein the compliance rule is a rule required for analyzing the service operation condition of the service access party based on the data statistics dimension;

and the data processing module is used for processing the statistical data based on the compliance detection result corresponding to the statistical data.

12. The apparatus of claim 11, wherein the statistical data is set in a preset report for the service of the service access party, and the scaling block comprises:

13. The apparatus of claim 12, wherein the report compliance rule is constructed based on one or more of the following parameters: the number of the cells, the number of the first verification rules, the number of the early warning type verification rules, the coverage rate of the cells of the basic rules, the coverage rate of the cells of the check-up rules, the number of the historical report contents, the number of the early warnings which are not solved and correspond to the first verification rules in the first preset time and the number of the early warnings which are not solved and correspond to the early warning type verification rules in the second preset time are included in the preset report.

14. The apparatus of claim 13, the report compliance rules comprising one or more of the following: the coverage rate of the basic rule cells is not less than a first threshold, the coverage rate of the audit rule cells is greater than a second threshold, the coverage rate of the rules contained in the preset report is greater than a third threshold, and the effective rate of the parameters contained in the preset report is greater than a fourth threshold.

15. The apparatus of any of claims 11-14, the co-scale block, comprising:

16. A compliance detection device for data, the compliance detection device for data comprising:

a processor; and

a memory arranged to store computer executable instructions that, when executed, cause the processor to:

17. A storage medium for storing computer-executable instructions, which when executed implement the following: