CN112329007A - Sensitive data controllable sharing system and method - Google Patents
Sensitive data controllable sharing system and method Download PDFInfo
- Publication number
- CN112329007A CN112329007A CN202110010440.5A CN202110010440A CN112329007A CN 112329007 A CN112329007 A CN 112329007A CN 202110010440 A CN202110010440 A CN 202110010440A CN 112329007 A CN112329007 A CN 112329007A
- Authority
- CN
- China
- Prior art keywords
- data
- sensitive data
- intelligent contract
- sensitive
- sandbox
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 244000035744 Hura crepitans Species 0.000 claims abstract description 68
- 239000000470 constituent Substances 0.000 claims description 11
- 239000000284 extract Substances 0.000 claims description 2
- 238000012795 verification Methods 0.000 abstract description 3
- 230000006378 damage Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000013523 data management Methods 0.000 description 4
- 230000018109 developmental process Effects 0.000 description 3
- 230000032683 aging Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013501 data transformation Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application relates to the technical field of big data processing, in particular to a sensitive data controllable sharing system and method, wherein the sensitive data controllable sharing method comprises the following steps: verifying the sensitive data application request; after the verification is qualified, generating an intelligent contract according to the sensitive data application request; in response to generating an intelligent contract, building a data sandbox specific to the intelligent contract and saving the intelligent contract into the data sandbox; establishing a secure channel between the data sandbox and the big data center, and transmitting the sensitive data of the big data center into the data sandbox through the secure channel; carrying out data processing on the sensitive data in the data sandbox according to the intelligent contract; and providing the sensitive data subjected to the data processing to a user. The method and the device can guarantee the safety of the sensitive data and avoid the leakage of the sensitive data.
Description
Technical Field
The application relates to the technical field of big data processing, in particular to a sensitive data controllable sharing system and method.
Background
With the development of the information technology industry, especially the innovative application of the big data technology, the data technology is deeply and widely influencing and changing the society. The data security situation presents three major trends at present, firstly, with the rapid development of the big data industry, data, especially high-value data, are collected to big data nodes, meanwhile, serious potential safety hazards are brought, and the leakage event of massive sensitive data often occurs. Secondly, the harm after data leakage is larger and wider, and the range is wider and wider. Thirdly, with the continuous development of big data technology means, the ways and ways of data leakage are more diverse and unpredictable.
Therefore, how to ensure the security of the sensitive data and avoid the leakage of the sensitive data is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
The application provides a sensitive data controllable sharing method, so that the safety of sensitive data is guaranteed, and sensitive data leakage is avoided.
In order to solve the technical problem, the application provides the following technical scheme:
a controllable sharing method for sensitive data comprises the following steps: step S110, verifying the sensitive data application request, if the sensitive data application request is qualified, performing step S120, and if the sensitive data application request is unqualified, ending the process; step S120, generating an intelligent contract according to the sensitive data application request; step S130, responding to the generation of the intelligent contract, constructing a data sandbox special for the intelligent contract, and saving the intelligent contract into the data sandbox; step S140, a safety channel is established between the data sandbox and the big data center, and sensitive data of the big data center are transmitted to the data sandbox through the safety channel; s150, performing data processing on the sensitive data in the data sandbox according to the intelligent contract; and step S160, providing the sensitive data after data processing to a user.
The method for controllable sharing of sensitive data as described above, wherein, preferably, before step S110, the following steps are further included: s106, inquiring the sensitive data catalogues according to the browsing command to obtain the relevant information of the sensitive data; and S108, generating a sensitive data application request according to the obtained relevant information of the sensitive data.
The method for controllable sharing of sensitive data as described above, wherein, preferably, the following steps are further included before step S106: step S102, receiving a registration request and verifying the registration request; and step S104, pre-storing the user identity information after the registration request is verified to be qualified.
The method for controllable sharing of sensitive data as described above, wherein preferably, the intelligent contract is generated according to the request of the sensitive data application, includes the following sub-steps: extracting each element in the sensitive data application request to form a contract constituent element set; respectively calculating the similarity between each element in the contract element set and the representative keyword of each preset category, and classifying each element into the preset category corresponding to the maximum similarity; taking the weight of the preset category corresponding to each element as the weight of the element to form an element weight set; selecting an expression model of an intelligent contract from a pre-established intelligent contract expression model library according to a contract constituent element set and an element weight set; and adding each element extracted from the sensitive data application request into an intelligent contract expression model to form an intelligent contract.
The method for controllable sharing of sensitive data as described above, wherein preferably, the intelligent contract includes a data deformation algorithm, and the sensitive data is deformed according to the data deformation algorithm to obtain deformed data.
A sensitive data controlled sharing system, comprising: the system comprises a data application layer, a sensitive data processing layer and a big data center; the data application layer comprises: a data acquisition module; the sensitive data processing layer comprises: the system comprises a security guarantee module, an intelligent contract generation module, a data sandbox module and a data deformation module; verifying the sensitive data application request of the security guarantee module; after the sensitive data application request is verified to be qualified, the intelligent contract generating module generates an intelligent contract according to the sensitive data application request; in response to generating an intelligent contract, a data sandbox module constructs a data sandbox specific to the intelligent contract and saves the intelligent contract into the data sandbox; the data deformation module carries out data processing on the sensitive data moved from the big data center to the data sandbox in the data sandbox according to the intelligent contract; and the data acquisition module provides the sensitive data after data processing for a user.
The sensitive data controllable sharing system as described above, wherein preferably, the data application layer includes: the data application module, the sensitive data processing layer includes: a sensitive data cataloging module; the sensitive data cataloging module queries the sensitive data cataloging according to the browsing command to obtain the relevant information of the sensitive data; and the data application module generates a sensitive data application request according to the obtained relevant information of the sensitive data.
The sensitive data controllable sharing system as described above, wherein preferably, the data application layer further includes: register the module, the safety guarantee module includes: a platform registration submodule and an identity information storage submodule; the registration module generates a registration request according to the identity information of the applicant; and the platform registration submodule receives the registration request, verifies the registration request, and prestores the registration request to the identity information storage submodule after verifying that the registration request is qualified.
The controllable share system of the sensitive data as described above, wherein preferably, the intelligent contract generating module extracts each element in the request for applying for the sensitive data to form a contract constituent element set; respectively calculating the similarity between each element in the contract element set and the representative keyword of each preset category, and classifying each element into the preset category corresponding to the maximum similarity; taking the weight of the preset category corresponding to each element as the weight of the element to form an element weight set; selecting an expression model of an intelligent contract from a pre-established intelligent contract expression model library according to a contract constituent element set and an element weight set; and adding each element extracted from the sensitive data application request into an intelligent contract expression model to form an intelligent contract.
The above-mentioned sensitive data controllable sharing system, wherein preferably, the intelligent contract includes a data deformation algorithm, and the sensitive data is deformed according to the data deformation algorithm to obtain deformed data.
Compared with the background art, the sensitive data controllable sharing method and the sensitive data controllable sharing system can generate an intelligent contract according to a sensitive data application request, generate a data sandbox according to the intelligent contract, and store the sensitive data of the intelligent contract and the big data center in the data sandbox, so that the sensitive data in the data sandbox can be shared in a certain range, and the security of the sensitive data can be effectively ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a flowchart of a method for controllable sharing of sensitive data according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a sensitive data controllable sharing system provided in an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
Example one
As shown in fig. 1, fig. 1 is a flowchart of a method for controllable sharing of sensitive data according to an embodiment of the present application.
The application provides a sensitive data controllable sharing method, which comprises the following steps:
step S110, verifying the sensitive data application request, if the sensitive data application request is qualified, performing step S120, and if the sensitive data application request is unqualified, ending the process;
the sensitive data application request includes the related information of the sensitive data and the identity information of the applicant, for example: the relevant information of the sensitive data comprises data use application program information, data use range, data use aging and the like; the identity information of the applicant is an identity token of the applicant.
And comparing the identity information of the applicant contained in the sensitive data application request with the prestored identity information. And if the comparison is inconsistent, the sensitive data application request is unqualified, and the process is ended. If the comparison is consistent, judging whether the sensitive data application request conforms to a preset sensitive data management rule, if not, determining that the sensitive data application request is unqualified, and ending the process; if yes, the sensitive data application request is qualified, and step S120 is performed.
Before step S110, the method for controllable sharing of sensitive data provided by the present application further includes the following steps:
s106, inquiring the sensitive data catalogues according to the browsing command to obtain the relevant information of the sensitive data;
the sensitive data catalogs are based on a data catalog of a large data center, the sensitive data catalogs are inquired according to the received browsing command, and the relevant information of the sensitive data which the user wants is inquired in the sensitive data catalogs.
Step S108, generating a sensitive data application request according to the obtained relevant information of the sensitive data;
the sensitive data application request comprises the related information of the sensitive data obtained by query and the identity information of the applicant. For example: the relevant information of the sensitive data is application fields, application ranges and the like; the identity information of the applicant is an identity token of the applicant.
On the basis, before step S106, the method for controllable sharing of sensitive data provided by the present application further includes the following steps:
step S102, receiving a registration request and verifying the registration request;
the user provides identity information and a registration request is generated for the identity information. The registration request includes identity information of the user, and the identity information includes: the name of the user, a license number/identification number, a telephone number, a verification mailbox, and the like.
Step S104, after the registration request is verified to be qualified, the user identity information is prestored;
after the registration request of the user is verified to be qualified, the user identity information is prestored, for example: and the identity token is stored, so that the validity of the sensitive data application request is verified when the user applies for the sensitive data later.
Step S120, generating an intelligent contract according to the sensitive data application request;
specifically, each element in the sensitive data application request is extracted to form a contract constituent element set:
wherein,n is the number of elements in the set for the elements in the sensitive data application request. For example:using application information for the data,The data use range,The time for using the data,An identity token for the applicant, etc.
And respectively calculating the similarity between each element in the contract element set and the representative keyword of each preset category, and classifying each element into the preset category corresponding to the maximum similarity.
Taking the weight of the preset category corresponding to each element as the weight of the element, and forming an element weight set:
wherein,and n is the number of elements in the set. For example:is composed ofThe weight of,Is composed ofThe weight of,Is composed ofThe weight of,Is composed ofThe weight of (c).
Set of constituents according to a contractAnd element weight setAnd selecting an expression model of the intelligent contract from a pre-created intelligent contract expression model library. Specifically, the model selection index is calculated according to the following formula:
wherein, W is a model selection index,for an element in a request for sensitive data,is composed ofThe weight of (a) is determined,is the number of elements in the set.
Selecting an index according to a modelAnd selecting an expression model of the intelligent contract from a pre-created intelligent contract expression model library.
And adding each element extracted from the sensitive data application request to the intelligent contract expression model so as to form the intelligent contract. Specifically, the formed intelligent contract describes a data user, a permitted data use scene, a data deformation method, a data encryption method, a data destruction method and the like. The generated intelligent contract is stored in each node of the block chain, and the generated intelligent contract is guaranteed not to be tampered in the using and transmitting process by means of the anti-tampering capability of the block chain, so that the safety and compliance of data are guaranteed.
Step S130, responding to the generated intelligent contract, constructing a data sandbox special for the intelligent contract, and saving the intelligent contract into the data sandbox;
a data sandbox is a system for storing data, each of which is an independent operating environment that allows for the manipulation and computation of data within the data sandbox. In the present application, in response to generating an intelligent contract, meaning that sensitive data needs to be provided to a user pursuant to the intelligent contract, a data sandbox needs to be downloaded and assigned and only to the intelligent contract so that the data sandbox is specific to the intelligent contract, which is then saved in the data sandbox.
Step S140, a safety channel is established between the data sandbox and the big data center, and sensitive data of the big data center are transmitted to the data sandbox through the safety channel;
specifically, a multilayer security guarantee data transmission channel is established between the data sandbox and the sensitive data management platform by means of an asymmetric encryption protocol and a security transmission protocol. And transmitting the sensitive data of the big data center from the big data center to the data sandbox through the established safe channel.
S150, performing data processing on the sensitive data in the data sandbox according to the intelligent contract;
specifically, the intelligent contract comprises a data deformation algorithm, and sensitive data are deformed according to the data deformation algorithm to obtain deformed data. For example: the deformation data is calculated according to the following formula:
wherein,for the purpose of identity information in the sensitive data,as identity informationThe number of the characters of (a) is,is not more thanThe largest integer part of (a) is,to be driven fromX characters from the leftmost character of the characters of (a),to be driven fromThe rightmost character of the characters is selectedThe number of the characters is one,in order to generate the random number(s),is a tunable factor, 0<k<1, k is gradually changed from 1 to 0 to realize smooth splicing of the overlapped areaCharacter of andis a character andcharacter of andlet k = d1/(d1+ d2), where d1 denotes the character in the overlap region toD2 represents the average left distance of the leftmost character of the characters toThe average of the rightmost of the characters of (a) has a distance.
In addition, the deformed data or the sensitive data are encrypted according to an encryption mode specified by the intelligent contract. Specifically, the obtained deformed data or sensitive data may be encrypted by a private key recorded in the smart contract. Furthermore, authentication identifiers can be added to the deformed data or the sensitive data, such as: adding a watermark to the picture data.
On the basis, when the use of the sensitive data reaches a preset destroying rule, the sensitive data stored in the data sandbox is destroyed according to the destroying rule. Wherein the destruction rules include: timeliness, number of visits or frequency of visits, and combinations of timeliness, number of visits, frequency of visits. Such as: the shared sensitive data stored in the data sandbox is allowed to be used for only one week, and the data of the data sandbox is destroyed immediately after exceeding one week, so that the sensitive data is prevented from being used indefinitely in an uncontrolled state, and data leakage is prevented.
And step S160, providing the sensitive data after data processing to a user.
And after the sensitive data are processed in the data sandbox, sending the processed sensitive data to a user.
Example two
As shown in fig. 2, fig. 2 is a schematic diagram of a sensitive data controllable sharing system provided in an embodiment of the present application.
The application provides a controllable shared system of sensitive data, includes: the data processing system comprises a data application layer 210, a sensitive data processing layer 220 and a big data center 230, wherein the big data layer 230 depends on a data center platform of the national grid big data center, and the big data layer 230 divides data in the data center platform into a light summary layer and a detail layer on each theme, for example: personnel topics, material topics, financial topics, project topics, asset topics, customer topics, grid topics, etc., and certainly also other data assets, such as: and (4) service themes.
The data application layer 210 includes: a data application module 211 and a data acquisition module 212.
The sensitive data processing layer 220 includes: the system comprises a sensitive data cataloging module 221, a security guarantee module 222, an intelligent contract generating module 223, a data sandbox module 224 and a data deformation module 225.
The sensitive data cataloging module 221 queries the sensitive data cataloging according to the browsing command to obtain the relevant information of the sensitive data. Specifically, the sensitive data cataloging module 221 receives the browsing command, and the sensitive data cataloging module 221 queries the sensitive data cataloging according to the browsing command, where the sensitive data cataloging depends on the data catalog of the big data center 230, and the relevant information of the sensitive data that the user wants is queried in the sensitive data cataloging.
The data application module 211 generates a sensitive data application request according to the obtained relevant information of the sensitive data. The sensitive data application request comprises the related information of the sensitive data obtained by query and the identity information of the applicant. For example: the relevant information of the sensitive data is application fields, application ranges and the like; the identity information of the applicant is an identity token of the applicant.
The security assurance module 222 verifies the sensitive data application request. The sensitive data application request includes the related information of the sensitive data and the identity information of the applicant, for example: the relevant information of the sensitive data comprises data use application program information, data use range, data use aging and the like; the identity information of the applicant is an identity token of the applicant.
Specifically, the security module 222 includes: a validity check submodule 2221 and an identity information storage submodule 2222. The validity check submodule 2221 compares the identity information of the applicant included in the sensitive data application request with the identity information prestored in the identity information storage submodule 2222, if the comparison is inconsistent, the sensitive data application request is not qualified, the process is ended, if the comparison is consistent, whether the sensitive data application request meets the preset sensitive data management rule is judged, if not, the sensitive data application request is not qualified, and the process is ended; and if so, the sensitive data application request is qualified.
On the basis of the above, the data application layer 210 further includes: the registration module 213 and the security module 222 further include: platform registration submodule 2223. Registration module 213 generates a registration request based on the identity information of the applicant. The user provides identity information, and the registration module 213 generates a registration request for the identity information, where the registration request includes identity information of the user, and the identity information includes: the name of the user, a license number/identification number, a telephone number, a verification mailbox, and the like. The platform registration submodule 2223 receives the registration request, verifies the registration request, and prestores the user identity information to the identity information storage submodule 2222 after the registration request is verified to be qualified. After the registration request of the user is verified to be qualified, for the user identity information, for example: and storing the identity token in the identity information storage submodule 2222, so that the validity of the sensitive data application request is verified when the user applies for the sensitive data later.
After the sensitive data application request is verified to be qualified, the intelligent contract generating module 223 generates an intelligent contract according to the sensitive data application request.
Specifically, each element in the sensitive data application request is extracted to form a contract component element setWhereinfor the elements in the sensitive data application request, n is the number of elements. For example:using application information for the data,The data use range,The time for using the data,An identity token for the applicant, etc.
And respectively calculating the similarity between each element in the contract element set and the representative keyword of each preset category, and classifying each element into the preset category corresponding to the maximum similarity.
Taking the weight of the preset category corresponding to each element as the weight of the element to form an element weight setWhereinthe weight corresponding to the element, and n is the number of weights. For example:is composed ofThe weight of,Is composed ofThe weight of,Is composed ofThe weight of,Is composed ofThe weight of (c).
Set of constituents according to a contractAnd element weight setAnd selecting an expression model of the intelligent contract from a pre-created intelligent contract expression model library. Specifically, the model selection index is calculated according to the following formula:
wherein, W is a model selection index,for an element in a request for sensitive data,is composed ofThe weight of (a) is determined,is the number of elements in the set. Selecting an index according to a modelAnd selecting an expression model of the intelligent contract from a pre-created intelligent contract expression model library.
And adding each element extracted from the sensitive data application request to the intelligent contract expression model so as to form the intelligent contract. Specifically, the formed intelligent contract describes a data user, a permitted data use scene, a data deformation method, a data encryption method, a data destruction method and the like.
In response to generating the intelligent contract, data sandbox module 224 constructs a data sandbox specific to the intelligent contract and saves the intelligent contract into the data sandbox.
A data sandbox is a system for storing data, each of which is an independent operating environment that allows for the manipulation and computation of data within the data sandbox. In the present application, in response to generating an intelligent contract, meaning that sensitive data needs to be provided to a user pursuant to the intelligent contract, a data sandbox needs to be downloaded and assigned and only to the intelligent contract so that the data sandbox is specific to the intelligent contract, which is then saved in the data sandbox.
A secure channel is established between the data sandbox and the big data center, and sensitive data of the big data center is transmitted to the data sandbox through the secure channel. Specifically, a multilayer security guarantee data transmission channel is established between the data sandbox and the sensitive data management platform by means of an asymmetric encryption protocol and a security transmission protocol. And transmitting the sensitive data of the big data center from the big data center to the data sandbox through the established safe channel.
The data transformation module 225 performs data processing on sensitive data moved from the big data center to the data sandbox in the data sandbox according to the intelligent contract.
Specifically, the intelligent contract comprises a data deformation algorithm, and sensitive data are deformed according to the data deformation algorithm to obtain deformed data. For example: the deformation data is calculated according to the following formula:
wherein,for the purpose of identity information in the sensitive data,as identity informationThe number of the characters of (a) is,is not more thanThe largest integer part of (a) is,to be driven fromX characters from the leftmost character of the characters of (a),to be driven fromThe rightmost character of the characters is selectedThe number of the characters is one,in order to generate the random number(s),is a tunable factor, 0<k<1, k is gradually changed from 1 to 0 to realize smooth splicing of the overlapped areaCharacter of andis a character andcharacter of andlet k = d1/(d1+ d2), where d1 denotes the character in the overlap region toD2 represents the average left distance of the leftmost character of the characters toThe average of the rightmost of the characters of (a) has a distance.
In addition, the deformed data or the sensitive data are encrypted according to an encryption mode specified by the intelligent contract. Specifically, the obtained deformed data or sensitive data may be encrypted by a private key recorded in the smart contract. Furthermore, authentication identifiers can be added to the deformed data or the sensitive data, such as: adding a watermark to the picture data.
The data acquisition module 212 provides the data-processed sensitive data to the user. After the sensitive data is processed in the data sandbox, the processed sensitive data is sent to the user through the data acquisition module 212.
On the basis, when the use of the sensitive data reaches a preset destroying rule, the sensitive data stored in the data sandbox is destroyed according to the destroying rule. Wherein the destruction rules include: timeliness, number of visits or frequency of visits, and combinations of timeliness, number of visits, frequency of visits. Such as: the shared sensitive data stored in the data sandbox is allowed to be used for only one week, and the data of the data sandbox is destroyed immediately after exceeding one week, so that the sensitive data is prevented from being used indefinitely in an uncontrolled state, and data leakage is prevented.
According to the method and the device, the intelligent contract is generated according to the sensitive data application request, the data sandbox is generated according to the intelligent contract, and the sensitive data of the intelligent contract and the sensitive data of the big data center are stored in the data sandbox, so that the sensitive data in the data sandbox can be shared in a certain range, and the security of the sensitive data can be effectively guaranteed.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (10)
1. A controllable sharing method for sensitive data is characterized by comprising the following steps:
step S110, verifying the sensitive data application request, if the sensitive data application request is qualified, performing step S120, and if the sensitive data application request is unqualified, ending the process;
step S120, generating an intelligent contract according to the sensitive data application request;
step S130, responding to the generation of the intelligent contract, constructing a data sandbox special for the intelligent contract, and saving the intelligent contract into the data sandbox;
step S140, a safety channel is established between the data sandbox and the big data center, and sensitive data of the big data center are transmitted to the data sandbox through the safety channel;
s150, performing data processing on the sensitive data in the data sandbox according to the intelligent contract;
and step S160, providing the sensitive data after data processing to a user.
2. The method for controllable sharing of sensitive data according to claim 1, further comprising the following steps before step S110:
s106, inquiring the sensitive data catalogues according to the browsing command to obtain the relevant information of the sensitive data;
and S108, generating a sensitive data application request according to the obtained relevant information of the sensitive data.
3. The method for controllable sharing of sensitive data according to claim 2, further comprising the following steps before step S106:
step S102, receiving a registration request and verifying the registration request;
and step S104, pre-storing the user identity information after the registration request is verified to be qualified.
4. A method for controllable sharing of sensitive data according to any of claims 1-3, characterized in that upon request for sensitive data, an intelligent contract is generated, comprising the following sub-steps:
extracting each element in the sensitive data application request to form a contract constituent element set;
respectively calculating the similarity between each element in the contract element set and the representative keyword of each preset category, and classifying each element into the preset category corresponding to the maximum similarity;
taking the weight of the preset category corresponding to each element as the weight of the element to form an element weight set;
selecting an expression model of an intelligent contract from a pre-established intelligent contract expression model library according to a contract constituent element set and an element weight set;
and adding each element extracted from the sensitive data application request into an intelligent contract expression model to form an intelligent contract.
5. The controllable sharing method of sensitive data according to any one of claims 1 to 3, wherein the intelligent contract comprises a data deformation algorithm, and the sensitive data is deformed according to the data deformation algorithm to obtain deformed data.
6. A sensitive data controlled sharing system, comprising: the system comprises a data application layer, a sensitive data processing layer and a big data center;
the data application layer comprises: a data acquisition module;
the sensitive data processing layer comprises: the system comprises a security guarantee module, an intelligent contract generation module, a data sandbox module and a data deformation module;
verifying the sensitive data application request of the security guarantee module;
after the sensitive data application request is verified to be qualified, the intelligent contract generating module generates an intelligent contract according to the sensitive data application request;
in response to generating an intelligent contract, a data sandbox module constructs a data sandbox specific to the intelligent contract and saves the intelligent contract into the data sandbox;
the data deformation module carries out data processing on the sensitive data moved from the big data center to the data sandbox in the data sandbox according to the intelligent contract;
and the data acquisition module provides the sensitive data after data processing for a user.
7. The sensitive data controllable sharing system according to claim 6, wherein the data application layer comprises: the data application module, the sensitive data processing layer includes: a sensitive data cataloging module;
the sensitive data cataloging module queries the sensitive data cataloging according to the browsing command to obtain the relevant information of the sensitive data;
and the data application module generates a sensitive data application request according to the obtained relevant information of the sensitive data.
8. The sensitive data controllable sharing system according to claim 7, wherein the data application layer further comprises: register the module, the safety guarantee module includes: a platform registration submodule and an identity information storage submodule;
the registration module generates a registration request according to the identity information of the applicant;
and the platform registration submodule receives the registration request, verifies the registration request, and prestores the registration request to the identity information storage submodule after verifying that the registration request is qualified.
9. The sensitive data controllable sharing system according to any one of claims 6 to 8, wherein the intelligent contract generating module extracts each element in the sensitive data application request to form a contract constituent element set; respectively calculating the similarity between each element in the contract element set and the representative keyword of each preset category, and classifying each element into the preset category corresponding to the maximum similarity; taking the weight of the preset category corresponding to each element as the weight of the element to form an element weight set; selecting an expression model of an intelligent contract from a pre-established intelligent contract expression model library according to a contract constituent element set and an element weight set; and adding each element extracted from the sensitive data application request into an intelligent contract expression model to form an intelligent contract.
10. The sensitive data controllable sharing system according to any one of claims 6 to 8, wherein the intelligent contract comprises a data deformation algorithm, and the sensitive data is deformed according to the data deformation algorithm to obtain deformed data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110010440.5A CN112329007B (en) | 2021-01-06 | 2021-01-06 | Sensitive data controllable sharing system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110010440.5A CN112329007B (en) | 2021-01-06 | 2021-01-06 | Sensitive data controllable sharing system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112329007A true CN112329007A (en) | 2021-02-05 |
CN112329007B CN112329007B (en) | 2021-04-13 |
Family
ID=74302494
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110010440.5A Active CN112329007B (en) | 2021-01-06 | 2021-01-06 | Sensitive data controllable sharing system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112329007B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112800473A (en) * | 2021-03-17 | 2021-05-14 | 好人生(上海)健康科技有限公司 | Data processing method based on big data safety house |
CN113177790A (en) * | 2021-04-27 | 2021-07-27 | 北京海泰方圆科技股份有限公司 | Block chain-based car booking method, device, equipment and medium for Internet of vehicles |
CN115659383A (en) * | 2022-12-29 | 2023-01-31 | 中信天津金融科技服务有限公司 | Electronic file secure sharing method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111797415A (en) * | 2020-06-30 | 2020-10-20 | 远光软件股份有限公司 | Block chain based data sharing method, electronic device and storage medium |
CN111901432A (en) * | 2020-07-31 | 2020-11-06 | 广东尚恒智汇科技发展有限公司 | Block chain-based safety data exchange method |
CN112000679A (en) * | 2020-08-22 | 2020-11-27 | 杭州烽顺科技信息服务有限公司 | Block chain data processing method and device with separated business operation and data operation |
CN112003886A (en) * | 2020-07-03 | 2020-11-27 | 北京工业大学 | Block chain-based Internet of things data sharing system and method |
CN112148280A (en) * | 2020-09-21 | 2020-12-29 | 中国电子科技网络信息安全有限公司 | Block chain-based data evidence storage service templated development method |
-
2021
- 2021-01-06 CN CN202110010440.5A patent/CN112329007B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111797415A (en) * | 2020-06-30 | 2020-10-20 | 远光软件股份有限公司 | Block chain based data sharing method, electronic device and storage medium |
CN112003886A (en) * | 2020-07-03 | 2020-11-27 | 北京工业大学 | Block chain-based Internet of things data sharing system and method |
CN111901432A (en) * | 2020-07-31 | 2020-11-06 | 广东尚恒智汇科技发展有限公司 | Block chain-based safety data exchange method |
CN112000679A (en) * | 2020-08-22 | 2020-11-27 | 杭州烽顺科技信息服务有限公司 | Block chain data processing method and device with separated business operation and data operation |
CN112148280A (en) * | 2020-09-21 | 2020-12-29 | 中国电子科技网络信息安全有限公司 | Block chain-based data evidence storage service templated development method |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112800473A (en) * | 2021-03-17 | 2021-05-14 | 好人生(上海)健康科技有限公司 | Data processing method based on big data safety house |
CN113177790A (en) * | 2021-04-27 | 2021-07-27 | 北京海泰方圆科技股份有限公司 | Block chain-based car booking method, device, equipment and medium for Internet of vehicles |
CN115659383A (en) * | 2022-12-29 | 2023-01-31 | 中信天津金融科技服务有限公司 | Electronic file secure sharing method and system |
Also Published As
Publication number | Publication date |
---|---|
CN112329007B (en) | 2021-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112329007B (en) | Sensitive data controllable sharing system and method | |
CN110060162B (en) | Data authorization and query method and device based on block chain | |
CN107689869B (en) | User password management method and server | |
US10574693B2 (en) | Password breach registry | |
JP6626095B2 (en) | Confidential information processing method, apparatus, server, and security determination system | |
EP1701283B1 (en) | Method and System for Asymmetric Key Security | |
Jajodia et al. | Provisional authorizations | |
US8977857B1 (en) | System and method for granting access to protected information on a remote server | |
JPH10308733A (en) | Method for providing secure communication, and device for providing secure directory service | |
CN110611563A (en) | Equipment identification code distribution method and device and Internet of things equipment | |
US8055898B2 (en) | Tag authentication system | |
Park et al. | Combined authentication-based multilevel access control in mobile application for DailyLifeService | |
CN113742764B (en) | Trusted data secure storage method, retrieval method and equipment based on block chain | |
US9223949B1 (en) | Secure transformable password generation | |
CN107040520B (en) | Cloud computing data sharing system and method | |
KR20200115019A (en) | Method, apparatus and storage medium for processing ethereum-based falsified transaction | |
CN111414647A (en) | Tamper-proof data sharing system and method based on block chain technology | |
CN111368196A (en) | Model parameter updating method, device, equipment and readable storage medium | |
WO2022242572A1 (en) | Personal digital identity management system and method | |
US20060200667A1 (en) | Method and system for consistent recognition of ongoing digital relationships | |
CN114398623A (en) | Method for determining security policy | |
CN1303778C (en) | Method and apparatus for secure distribution of authentication credentials to roaming users | |
US8904508B2 (en) | System and method for real time secure image based key generation using partial polygons assembled into a master composite image | |
CN108920971A (en) | The method of data encryption, the method for verification, the device of encryption and verification device | |
NL2025496B1 (en) | System for processing digital asset that is to be authenticated |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |