CN112347470A - Power grid data protection method and system based on block chain and data security sandbox - Google Patents
Power grid data protection method and system based on block chain and data security sandbox Download PDFInfo
- Publication number
- CN112347470A CN112347470A CN202011360530.9A CN202011360530A CN112347470A CN 112347470 A CN112347470 A CN 112347470A CN 202011360530 A CN202011360530 A CN 202011360530A CN 112347470 A CN112347470 A CN 112347470A
- Authority
- CN
- China
- Prior art keywords
- data
- calculation
- block chain
- security sandbox
- sandbox
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 244000035744 Hura crepitans Species 0.000 title claims abstract description 125
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000004364 calculation method Methods 0.000 claims abstract description 221
- 238000012795 verification Methods 0.000 claims description 15
- 238000004422 calculation algorithm Methods 0.000 claims description 9
- 230000007246 mechanism Effects 0.000 claims description 6
- 230000011273 social behavior Effects 0.000 claims description 6
- 238000011156 evaluation Methods 0.000 claims description 4
- 230000003993 interaction Effects 0.000 abstract description 4
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 238000007726 management method Methods 0.000 description 5
- 230000008520 organization Effects 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 238000013441 quality evaluation Methods 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 239000003245 coal Substances 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- -1 heat Substances 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000000586 desensitisation Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000007935 neutral effect Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 238000010248 power generation Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a power grid data protection method and system based on a block chain and a data security sandbox. The method comprises the following steps: acquiring a data calculation request sent by a data demand party through a block chain, and acquiring identity information and service request information in the data calculation request; inquiring a data center station according to the identity information and the service request information, and performing permission examination and approval based on an inquiry result; when the authority passes the approval, sending the encrypted data corresponding to the data calculation request to a data security sandbox, and carrying out safe calculation on the encrypted data in the sandbox through the data security sandbox according to an agreed data calculation model to obtain a calculation result; and acquiring a calculation result sent by the data security sandbox, and issuing the calculation result to the block chain so that a data demand party can acquire the calculation result through the block chain. By providing the calculation result to the data demand party, the direct provision of the service source data to the data demand party is avoided, and the credible power grid data sharing service with multi-party interaction is realized.
Description
Technical Field
The embodiment of the invention relates to a data processing technology, in particular to a power grid data protection method and system based on a block chain and a data security sandbox.
Background
Although power grid enterprises have established special organizations and big data centers to manage data and develop planning designs in aspects of data quality evaluation models and governance systems, data resource management systems, data asset management operation modes and the like, the power grid enterprises are still in the initial stage in terms of data management and application, effective coordination and cooperation are lacked among business departments, and cross-department, cross-hierarchy and cross-field data sharing is difficult.
The traditional measures such as data desensitization based on encryption and isolation, watermark tracing, compliance management and control are relatively weak, and the requirements of security and privacy protection when the data is required to be shared externally cannot be met. After data sharing, rights and properties are difficult to define, rights and interests are difficult to allocate, safety and privacy are difficult to protect, and the price value of the power grid data cannot be effectively mined, so that interconnection and intercommunication of information are influenced, effective improvement of production efficiency is restricted, and asset value mining of the power grid data is prevented. Therefore, how to provide a secure and trusted data external sharing scheme for the data provider and the data demander becomes a problem to be solved urgently.
Disclosure of Invention
The invention provides a power grid data protection method and system based on a block chain and a data security sandbox, which can provide a safe and credible data sharing solution for a data provider and a data demander.
In a first aspect, an embodiment of the present invention provides a power grid data protection method based on a blockchain and a data security sandbox, including:
acquiring a data calculation request sent by a data demand party through a block chain, and acquiring identity information and service request information in the data calculation request;
inquiring a data center station according to the identity information and the service request information, and performing permission examination and approval based on an inquiry result;
when the authority passes the approval, sending the encrypted data corresponding to the data calculation request to a data security sandbox, and carrying out intra-sandbox security calculation on the encrypted data through the data security sandbox according to an agreed data calculation model to obtain a calculation result;
and acquiring the calculation result sent by the data security sandbox, and issuing the calculation result to the block chain so that the data demand party can acquire the calculation result through the block chain.
Optionally, the method further comprises:
before a data calculation request sent by a data demand party is acquired through a block chain, a data resource directory corresponding to target service data is determined through a data center station, and a data summary formed by the data resource directory is issued to the block chain, wherein the target service data is service data with an external sharing attribute in service source data acquired by the data center station.
Optionally, the querying the data middlebox according to the identity information and the service request information, and performing permission approval based on a query result includes:
inquiring the data middling station according to the identity information to obtain the identity level corresponding to the data demander and the acquirable data level;
inquiring the data middlebox according to the service request information to obtain the data grade of the data to be calculated, which is requested by the data demander;
and if the available data level comprises the data level of the data to be calculated, determining that the permission examination and approval is passed, and issuing the permission examination and approval record to the block chain.
Optionally, the method further comprises:
if the identity level corresponding to the data demand party and the acquirable data level do not exist in the data center station after the data center station is inquired according to the identity information, predicting the identity level of the data demand party through social behavior information of the data demand party in a third-party mechanism;
an acquirable data level in the data corresponding to the predicted identity level is acquired.
Optionally, when the authority is approved, sending the encrypted data corresponding to the data calculation request to a data security sandbox, so as to perform intra-sandbox security calculation on the encrypted data according to an agreed data calculation model through the data security sandbox, thereby obtaining a calculation result, where the method includes:
when the authority passes the approval, encrypting the data corresponding to the service request information through the data center to obtain encrypted data;
acquiring a data calculation model corresponding to the data demand party, wherein the data calculation model is an appointed data calculation model customized according to the demand of the data demand party;
and generating an access request according to the encrypted data, the data calculation model and the data provider identity information, sending the access request to the data security sandbox, verifying the identity of a calculation requester based on the data provider identity information in the access request through the data security sandbox, and calculating the encrypted data by adopting the data calculation model when the identity verification is passed to obtain a calculation result.
Optionally, the method further comprises:
and after the access request is sent to the data security sandbox and a calculation result is obtained, issuing a calculation execution record to the block chain through the data security sandbox, and deleting the encrypted data.
Optionally, the verifying, by the data security sandbox, the computing requester identity based on the data provider identity information in the access request includes:
calculating the identity information of the data provider through a public key in the data security sandbox to obtain reference identity information;
and when the reference identity information is consistent with the identity information, determining that the identity authentication is passed.
Optionally, the data security sandbox is configured based on a trusted execution environment, or the data security sandbox is configured based on a homomorphic encryption algorithm and a secure multiparty computation encryption algorithm.
In a second aspect, an embodiment of the present invention further provides a power grid data protection system based on a blockchain and a data security sandbox, where the system includes: data provider, data security sandbox and data demand side, wherein:
the data demand side is used for issuing a data calculation request to a block chain, acquiring a calculation result issued by the data supply side through the block chain, and issuing evaluation information aiming at the calculation result to the block chain;
the data provider is used for acquiring a data calculation request sent by a data demander through a block chain, and acquiring identity information and service request information in the data calculation request; inquiring a data center station according to the identity information and the service request information, and performing permission examination and approval based on an inquiry result; when the authority passes the examination and approval, sending the encrypted data corresponding to the data calculation request to a data security sandbox; acquiring the calculation result sent by the data security sandbox, and issuing the calculation result to the block chain;
and the data security sandbox is used for carrying out security calculation in the sandbox on the encrypted data according to an agreed data calculation model to obtain a calculation result.
Optionally, the data security sandbox includes an interface, a client access module, a driver module, and a trusted execution environment, wherein:
the interface is used for receiving an access request sent by a data provider and outputting a calculation result to the data provider;
the client access module is used for analyzing an access request sent by a data provider to obtain encrypted data, a data calculation model and data provider identity information, performing identity verification based on the data provider identity information, and sending the encrypted data and the data calculation model to the trusted execution environment;
the driving module is used for driving the trusted execution environment to perform safe calculation in the sandbox on the encrypted data based on the data calculation model;
and the trusted execution environment is used for carrying out safe calculation in the sandbox on the encrypted data based on the data calculation model to obtain a calculation result.
The embodiment of the invention provides a power grid data protection method and system based on a block chain and a data security sandbox, wherein a data calculation request sent by a data demand party is acquired through the block chain, and identity information and service request information in the data calculation request are acquired; inquiring a data center station according to the identity information and the service request information, and performing permission examination and approval based on an inquiry result; when the authority passes the approval, sending the encrypted data corresponding to the data calculation request to a data security sandbox; and acquiring a calculation result sent by the data security sandbox, and issuing the calculation result to the block chain so that a data demand party can acquire the calculation result through the block chain. According to the method, the safe calculation in the sandbox is carried out on the encrypted data through the data safe sandbox according to the agreed data calculation model to obtain the calculation result, the calculation result is provided for the data demand party, the situation that the service source data are directly provided for the data demand party is avoided, and the power grid data credible sharing service of multi-party interaction is achieved. In addition, related personnel and process information in the whole data sharing process are recorded through the blockchain, a tamper-proof and traceable consensus record is formed, and a safe and reliable data external sharing solution is provided for a data provider and a data demander.
Drawings
Fig. 1 is a flowchart of a power grid data protection method based on a blockchain and a data security sandbox according to an embodiment of the present invention;
fig. 2 is a signaling diagram of another power grid data protection method based on a blockchain and a data security sandbox according to an embodiment of the present invention;
fig. 3 is a block diagram of a block chain according to an embodiment of the present invention;
fig. 4 is a block diagram of a power grid data protection system based on a blockchain and a data security sandbox according to an embodiment of the present invention;
fig. 5 is a block diagram of a data security sandbox according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Fig. 1 is a flowchart of a power grid data protection method based on a blockchain and a data security sandbox according to an embodiment of the present invention. As shown in fig. 1, the method comprises the steps of:
The blockchain is a distributed system for performing consensus confirmation on data update by multiple parties, and each party has a data update record. The block chain used in the present invention is a federation chain.
The data consumers, which may also be referred to as data consumers, are internal departments or external organizations that request shared service source data from the large data center. For internal departments to call access data or data sharing exchange requests of external mechanisms, the data is chained textualized and programmed by using a sharing rule by adopting an intelligent contract, so that the actively-executed, sustainable, safe and controllable data sharing exchange is realized.
The big data center, which can also be called a national grid big data center, serves as a data provider, and not only aggregates service data from the big data center, but also can save data and provide data service for other external data providers. According to the invention, the data resource catalogue, the sharing rule and the operation behavior are linked up through the block chain, and the data resource catalogue link up can ensure that information such as data ownership, position and content can not be tampered, so that a more open and transparent data chain is provided for credibility of data, and meanwhile, an effective management means is provided for safety control of the data.
Alternatively, the data resource catalog may be constructed by: and on the basis of automatically extracting technical metadata, combing the service metadata of the corresponding relation to construct an enterprise data resource directory.
The data calculation request is a data request generated by a data demand party according to data abstract inquiry self-required data on the block chain and self-required data and self-identity. And after the data demand side generates the data calculation request, the data demand side issues the data calculation request to the block chain. For example, the data calculation request includes identity information, service request information, and the like. The identity information can be used for authenticating the identity authority of the data demand party. The service request information is used for identifying attributes such as types of data requested by the data demand party, and the corresponding data to be calculated can be determined by the data center station through the service request information.
It should be noted that, before acquiring the data calculation request sent by the data demander through the blockchain, the method further includes: and determining a data resource directory corresponding to the target service data through the data center station, and issuing a data abstract formed by the data resource directory to the block chain, wherein the target service data is the service data with an external sharing attribute in the service source data acquired by the data center station. For example, after the service source data of each service system is aggregated by the data center, the big data center issues a data summary formed by a data resource directory corresponding to the target service data in the service source data to the block chain. For example, a big data center publishes a data summary formed by department catalogs and system information in a data center station to a blockchain.
Illustratively, the data demander determines the required data according to a data summary on the blockchain, initiates a data calculation request based on the required data and the identity information of the data demander, and issues the data calculation request to the blockchain. The big data center obtains a data calculation request sent by a data demand party from the block chain, and analyzes the data calculation request to obtain identity information and service request information.
And 120, inquiring the data center station according to the identity information and the service request information, and performing permission examination and approval based on an inquiry result.
The query result is result information obtained by the big data center querying the data center based on the identity information and the service request information. For example, the query result includes an identity level corresponding to the identity information, an acquirable data level, a data level of the data to be calculated, and the like.
Specifically, the permission approval is a business process for auditing whether the data demander has permission to obtain a calculation result of the power grid data corresponding to the business request information based on the identity information and the business request information of the data demander. For example, a class a user has the right to obtain the calculation result of class B data. And the class a user has the right to acquire the calculation result of the class C data, and the like. The identity level of the data demand party and the acquirable data level corresponding to the identity level are specified in the data center station in advance, so that after the big data center acquires the data sharing request, the identity level and the acquirable data level of the data demand party can be determined by inquiring the data center station based on the identity information in the data sharing request.
Exemplarily, querying a data middlebox according to the identity information to obtain an identity level corresponding to a data demander and an acquirable data level; inquiring a data center according to the service request information to obtain the data level of the data to be calculated requested by the data demand party; and if the available data level comprises the data level of the data to be calculated, determining that the permission examination and approval is passed. For example, the big data center determines that the identity level of the data demander a is a level a and the acquirable data levels are a level B and a level C according to the identity information such as the name or organization code of the data demander a. And the big data center queries the data middling station according to the service request information, and the data level of the data to be calculated, which is requested by the data demander A, is A. The data grade of the data to be calculated requested by the data demander A does not belong to the range of the data grade of the data demander A, namely the data grade of the data to be calculated corresponding to the data demander A does not comprise the data grade of the data to be calculated, the permission approval is determined not to pass, the quitting operation is executed, and the execution result is issued to the block chain. And if the big data center queries the data middling station according to the service request information and the data level of the data to be calculated requested by the data demander A is B level, namely the data grade which can be obtained and corresponds to the data demander A comprises the data level of the data to be calculated, determining that the permission examination and approval is passed.
Optionally, after querying the data console according to the identity information, the method further includes: if the identity level corresponding to the data demander and the data grade which can be obtained do not exist in the data middling stage, predicting the identity level of the data demander through social behavior information of the data demander in a third-party mechanism; an acquirable data level in the data corresponding to the predicted identity level is acquired. The third-party organization can be a public security bureau, a tax affair, a court and other authority organizations with social behavior information of the data demand party. The social behavior information comprises information such as integrity information of a data demander, social activity participation condition, business condition, manager condition and the like. The identity level of the data demand party is predicted through social behavior information of the data demand party in the third-party mechanism, and whether the data demand party is a credible partner or not and whether the data is shared to the data demand party or not is determined according to information such as the trust condition, the business condition, the social activity participation condition and the manager condition of the data demand party. If the data demander is determined to be a credible partner and the data sharing to the data demander is safe, the identity level of the data demander is determined as level C, and the calculation result of the data which is not important or does not relate to sensitive or private information in the power grid data can be obtained by the data demander.
And step 130, when the authority is approved, sending the encrypted data corresponding to the data calculation request to a data security sandbox, and performing intra-sandbox security calculation on the encrypted data through the data security sandbox according to an agreed data calculation model to obtain a calculation result.
The encrypted data is the encrypted data which is sent to the data security sandbox by the data provider and corresponds to the data calculation request. The encrypted data is used to calculate the calculation result requested by the data consumer. It should be noted that the embodiment of the present invention does not limit what encryption algorithm is specifically used by the data provider to encrypt the service data. No matter which algorithm is adopted by the data provider to encrypt the service data, the data security sandbox can decrypt the encrypted data.
The data security sandbox is a security sandbox which calculates business data requested by a data demand party by adopting a data calculation model agreed by the data provider and the data demand party in advance. Illustratively, the data security sandbox is constructed based on a trusted execution environment, or alternatively, the data security sandbox is constructed based on a homomorphic encryption algorithm and a secure multi-party computational encryption algorithm. The data security sandbox can ensure that the data is available and unavailable, and the problem of data leakage caused by the fact that the data of the service source is reserved by a data demand party after being directly sent out is avoided.
The data calculation model is a calculation model which is designed by negotiation between a data provider and a data demander according to a specific service scene, or the calculation model is customized by the data provider according to the requirement of the data demander.
The calculation result is obtained by calculating the encrypted data transmitted by the data processing party by the data security sandbox based on the data calculation model.
Illustratively, when the right is approved, the data provider encrypts data corresponding to the service request information through the data center station to obtain encrypted data; acquiring a data calculation model corresponding to a data demand side; and generating an access request according to the encrypted data, the data calculation model and the data provider identity information, sending the access request to the data security sandbox, verifying and calculating the identity of the requester through the data security sandbox based on the data provider identity information in the access request, and calculating the encrypted data by adopting the data calculation model when the identity verification is passed to obtain a calculation result.
For example, after the right approval is passed, the data provider does not directly send the data corresponding to the service request information to the data demander, but encrypts the data corresponding to the service request information by the data middling station to obtain encrypted data. And acquiring a data calculation model which is designed in cooperation with the data demander and is used as the data calculation model corresponding to the data demander. Or acquiring a customized calculation model obtained by modifying the basic data calculation model according to the data demander as the data calculation model corresponding to the data demander. And acquiring identity information such as a signature of the data provider as the identity information of the data provider, wherein the signature can be data encrypted by a private key.
Then, an access request including the encrypted data, the data computation model, and the data provider identity information is generated and sent to the data security sandbox via an interface provided by the data security sandbox. The data security sandbox obtains an external access request through the interface. For example, the data security sandbox obtains an access request sent by a data provider through the interface, and analyzes the access request to obtain encrypted data, a data calculation model and data provider identity information.
Calculating the identity information of the data provider through a public key in a data security sandbox to obtain reference identity information; and when the reference identity information is consistent with the identity information, determining that the identity verification is passed. For example, the requester identity authentication is performed based on the data provider identity information using an asymmetric encryption scheme. And if the A user sends an access request to the data security sandbox, but the B user is obtained by decrypting the identity information of the data provider by using the public key, namely the A user pretends to be the B user to send the access request, the authentication is determined to be failed. And if the user A sends an access request to the data security sandbox and the user A is obtained by decrypting the identity information of the data provider by using the public key, the identity authentication is determined to be passed. And after the identity authentication is passed, decrypting the acquired encrypted data, starting a trusted execution environment according to the decrypted data and the data calculation model, performing encryption safety calculation to obtain a calculation result, and returning the calculation result to the data provider through an interface.
Optionally, after obtaining the calculation result, the calculation execution record is issued to the blockchain through the data security sandbox, and the original data is deleted. For example, after obtaining the calculation result, the data security sandbox issues the calculation execution record to the blockchain, and the data security sandbox destroys the original data (e.g., the calculation execution record, the encrypted data, the data calculation model, and the data provider identity information included in the access request).
Optionally, when the identity verification fails, prompting alarm information, returning an identity verification result to the data provider, and the data provider issuing the identity verification result to the blockchain.
Optionally, when the identity authentication fails, the identity authentication result may be ignored, the trusted execution environment is started according to the encrypted data and the data calculation model, the encryption security calculation is performed, the calculation result is obtained, and the calculation result is returned to the data provider through the interface. And the data provider issues the calculation result to the block chain so that the nodes on the chain can find and report error information.
And 140, acquiring the calculation result sent by the data security sandbox, and issuing the calculation result to the block chain so that the data demand party can acquire the calculation result through the block chain.
Illustratively, the data security sandbox submits the results of the computation encrypted to the data provider. And the data provider obtains the calculation result sent by the data security sandbox, and issues the calculation result to the block chain so that the data demander can obtain the calculation result from the block chain.
In addition, the data provider also records information related to the data calculation request of the data demander on a chain for verification of each node on the chain, so that fair and transparent data sharing and traceable audit are guaranteed.
According to the technical scheme of the embodiment, a data calculation request sent by a data demand party is acquired through a block chain, and identity information and service request information in the data calculation request are acquired; inquiring a data center station according to the identity information and the service request information, and performing permission examination and approval based on an inquiry result; when the authority passes the approval, sending the encrypted data corresponding to the data calculation request to a data security sandbox; and acquiring a calculation result sent by the data security sandbox, and issuing the calculation result to the block chain so that a data demand party can acquire the calculation result through the block chain. According to the method, the safe calculation in the sandbox is carried out on the encrypted data through the data safe sandbox according to the agreed data calculation model to obtain the calculation result, the calculation result is provided for the data demand party, the situation that the service source data are directly provided for the data demand party is avoided, and the power grid data credible sharing service of multi-party interaction is achieved. In addition, related personnel and process information in the whole data sharing process are recorded through the blockchain, a tamper-proof and traceable consensus record is formed, and a safe and reliable data sharing solution is provided for a data provider and a data demander.
Fig. 2 is a signaling diagram of another power grid data protection method based on a blockchain and a data security sandbox according to an embodiment of the present invention. As shown in fig. 2, the method includes:
step 210, the data provider issues data and uplink data certification.
Illustratively, the data provider issues data summary information formed by target service data which can be shared externally to the blockchain, and other blockchain nodes on the blockchain can synchronously obtain related information.
It should be noted that a block chain is formed by a data provider, a data demander, a data relation, and a data supervisor. Fig. 3 is a block diagram of a block chain according to an embodiment of the present invention. As shown in fig. 3, the data provider 310, the data demander 320, the data relationship party 330 and the data supervisor 340 are blockchain nodes, and a plurality of enterprise organization entities form a blockchain network (or called a blockchain system, or simply called a blockchain) in a peer-to-peer networking manner. The data relation party 330 is generally an external enterprise that is not both parties of the current transaction, and may be an original data provider or other data demanding users. The data supervisor 340 is generally a notarization, authentication, and evaluation organization, and is a third-party neutral organization, and can evaluate and authenticate data, and also can supervise the data sharing process.
In a block chain consisting of a data provider 310, a data demander 320, a data relation party 330 and a data supervisor 340, 3 types of data are stored on a data demand node (block chain link point B), a data supervisor node (block chain node C) and a data relation node (block chain node D), wherein the data demand node, the data supervisor node (block chain link node C) and the data relation node (block chain node D) are respectively a public and private key pair, a data resource directory and an intelligent contract. Wherein, the public and private key pair can be used for encrypting transmission data and verifying the identity of a data transmission party. The data resource directory is public information, and all nodes can check all data summary information through the data resource directory and acquire relevant key information of data required by the nodes so as to request data sharing (or be called as data transaction). The intelligent contract is a program script confirmed by all the participants together and used for controlling the automatic execution after the triggering of the business process, and further, the intelligent contract can also agree with more exchange rules, perform system management and control and the like.
In addition, the data providing node (block chain node A) stores 5 types of data, namely a public and private key pair, a data resource catalogue, an intelligent contract, service source data and a sandbox access program. Wherein, the first 3 kinds of data are consistent with the nodes; the service source data are gathered by each service source system, and the sandbox access program is used for realizing an access request for starting the data sandbox.
Step 220, the data demander selects the target data, applies for data analysis of the target data, and submits an analysis requirement or a script.
For example, after the data demander finds data needing transaction on the blockchain, the data demander can initiate a data calculation request to the data provider through the blockchain. Wherein the data computation request may be an analysis requirement or an analysis script.
Step 230, the data provider approves the data calculation request and links the approval record.
Illustratively, the data provider performs internal identity verification and service request analysis on the data demander based on the data calculation request, records an internal service control flow related to the approval process on a block chain, and provides credible verification for data traceability audit.
And step 240, submitting the encrypted data to the data security sandbox by the data provider based on the data computing request, and starting the trusted computing sandbox container.
Illustratively, according to a specific service scenario, both the data provider and the data demander negotiate to design a data computation model, or use a data computation model customized by the data demander, and the data computation model is used for performing security computation in the data security sandbox to obtain a computation result.
And step 250, the data security sandbox performs security calculation in the sandbox according to the data calculation model agreed by both parties to obtain a calculation result.
And step 260, storing and executing the record to the block chain by the data security sandbox, and destroying the original data.
Exemplarily, after the data security sandbox puts the data into the trusted execution environment, the encrypted data is calculated according to a data calculation model agreed by both parties, and the original data is destroyed after a calculation result is obtained.
And 270, encrypting the calculation result by the data security sandbox and submitting the calculation result to the data provider.
Step 280, the data provider issues the calculation result to the blockchain, so that the data demander can obtain the calculation result from the blockchain.
Illustratively, the data provider provides the calculation result to the data set demander through the blockchain, and records the related information on the chain for verification by each node of the blockchain, so as to ensure that the calculation result is not tampered.
And step 290, the data demand side acquires the calculation result from the block chain, and performs chain recording on information such as data quality evaluation of the calculation result.
Illustratively, the data demander ultimately obtains the computation results rather than the traffic source data. The data demand party can decrypt the calculation result to obtain the decrypted calculation result. Optionally, the data demander performs on-chain recording on information such as data quality evaluation of the calculation result, so as to verify each node on the block chain.
The power grid data protection method based on the block chain and the data security sandbox can be used for various scenes of providing data services for power grid enterprises, such as data services of supply chain finance and construction of energy big data centers.
Taking the energy big data center as an example, the power grid big data center can jointly construct an energy big data block chain system with external organizations such as government-related organizations, water supply groups, oil groups, coal groups, power generation groups and other energy enterprises, and all the parties are used as block chain nodes and need to share data with each other to provide more comprehensive energy services. The block chain and the data security sandbox can provide credible, transparent, safe and private technical guarantees for shared data, each participant can share respective data with confidence without worrying about data leakage, multi-party energy data 'federal integration' of coal, heat, water, electricity, gas and the like is effectively realized, credible energy big data sharing and transaction services are provided, and butt joint and fusion of energy data and social data are promoted.
The above description is only a general implementation manner of the trusted secure sharing of the power grid data, and the description thereof is more detailed and specific, but it should not be understood as a limitation to the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention.
Fig. 4 is a block diagram of a power grid data protection system based on a blockchain and a data security sandbox according to an embodiment of the present invention. The system relates to a data provider and a data demand party in a power grid data transaction circulation scene, and the two parties carry out safe and private data sharing transaction through a block chain and a data safety sandbox. As shown in fig. 4, the system includes a data provider 410, a data security sandbox 420, and a data demander 430, wherein:
the data demander 430 is used for issuing a data calculation request to the blockchain, acquiring a calculation result issued by the data provider through the blockchain 440, and issuing evaluation information aiming at the calculation result to the blockchain 440;
the data provider 410 is configured to obtain a data calculation request sent by a data demander through a blockchain 440, and obtain identity information and service request information in the data calculation request; inquiring a data center station according to the identity information and the service request information, and performing permission examination and approval based on an inquiry result; when the permission is approved, sending the encrypted data corresponding to the data calculation request to the data security sandbox 420; acquiring a calculation result sent by the data security sandbox 420, and issuing the calculation result to the block chain 440;
and the data security sandbox 420 is used for performing intra-sandbox security calculation on the encrypted data according to an agreed data calculation model to obtain a calculation result.
Specifically, the data provider 410 is generally a large data center, and includes a public and private key pair 411 of a data demander and service source data 412, and is mainly responsible for managing and maintaining full volume data and interfacing external data requirements. Furthermore, the data provider may further include an original data owner upstream, in this scenario, the original data owner is generally a service source system, the service source system is a starting point of data acquisition, and in a simplified scenario, the data provider already includes the service source system.
Specifically, the data demander 430 generally includes an external data requirement unit and an internal requirement department. Data consumer 430 has a public and private key pair 431 of the data provider, and data consumer 430 also has a data encryption symmetric key 432. The invention aims at a scene that data sharing and circulation are mainly carried out outside, so that the problem of data leakage caused by the fact that data are reserved by a data demand party after being sent outside needs to be considered, and therefore, a data security sandbox is needed to ensure that the data are unavailable.
In particular, blockchain 440 is a distributed system of consensus validation of data updates with multiple parties, each party having a record of the data update. The blockchain includes a data access control approval intelligence contract 441.
In particular, data security sandbox 420 includes an interface (not shown), a client access module 421, a driver module 422, and a trusted execution environment 423, wherein:
the interface is used for receiving an access request sent by a data provider and outputting a calculation result to the data provider;
the client access module 421 is configured to parse an access request sent by a data provider to obtain encrypted data, a data computation model, and data provider identity information, perform identity verification based on the data provider identity information, and send the encrypted data and the data computation model to the trusted execution environment 423;
a driving module 422, configured to drive the trusted execution environment 423 to perform intra-sandbox security calculation on the encrypted data based on the data calculation model;
and the trusted execution environment 423 is used for performing safe calculation in the sandbox on the encrypted data based on the data calculation model to obtain a calculation result.
Fig. 5 is a block diagram of a data security sandbox according to an embodiment of the present invention. The data security sandbox provided in this embodiment is composed of a trusted execution environment. Optionally, the data security sandbox foundation module may also be formed by using an encryption algorithm such as homomorphic encryption and secure multiparty computation.
As shown in fig. 5, the data security sandbox includes a client access module 510, a driver module 520, and a trusted execution environment 530. In addition, the data security sandbox includes an interface for external interaction (not shown). The client access module 510 includes a first public key 511, a first calculation sdk512, and a first blockchain sdk513, where the first public key 511, the first calculation sdk512, and the first blockchain sdk513 belong to program code of a software layer. The trusted execution environment 530 includes a second public key 531, a second computation sdk532, and a second blockchain sdk533, the second public key 531, the second computation sdk532, and the second blockchain sdk533 being program code at a hardware level. When the data security sandbox works, an external access request is firstly obtained through an interface, and then the identity of a requester is verified by using an asymmetric encryption system. After the verification is passed, the relevant data and the data calculation model are received, the trusted execution environment is started to perform safe encryption calculation, the obtained calculation result is returned to the data provider through the interface, and finally the original data is destroyed, so that the data cannot be leaked outwards, and meanwhile, the calculation result which is safer and more trusted is guaranteed in the whole process of supervision calculation.
For example, the data provider and the data demander both need to perform identity registration authentication in the blockchain and acquire corresponding rights. And the data provider issues the data resource catalog to the block chain, and the data demander inquires the required data resource catalog on the block chain. And when the data requiring party finds the data needing transaction, initiating a data calculation request according to the corresponding authority. And the data provider receives the data calculation request and carries out permission examination and approval. And after the authority is approved, the data provider sends the encrypted data to a data security sandbox for processing and calculation, and provides the calculation result to the data demand party through the block chain. And after the calculation result is calculated, the data security sandbox destroys the original data, and all personnel and operation processes in the whole process are recorded on the block chain to form a tamper-proof and traceable consensus record.
The embodiment of the invention provides a power grid data protection system based on a block chain and a data security sandbox. The block chain network ensures that data is only accessed in a limited way at an application layer, ensures that the data of joint calculation in a trusted execution environment can only be accessed by a program and can not be exported, and can store the inquiry call record on the block chain, thereby preventing data from being forged, ensuring data quality and realizing 'available and unavailable'. Meanwhile, a multi-party public transparent verifiable data full-flow inspection mechanism is provided based on a block chain, an actively-executed, sustainable, controllable and credible data sharing and exchanging system is realized, a multi-party interactive big data credible sharing service is supported, the data application range and the data application range are further expanded, and the value of data assets is fully exerted.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A power grid data protection method based on a block chain and a data security sandbox is characterized by comprising the following steps:
acquiring a data calculation request sent by a data demand party through a block chain, and acquiring identity information and service request information in the data calculation request;
inquiring a data center station according to the identity information and the service request information, and performing permission examination and approval based on an inquiry result;
when the authority passes the approval, sending the encrypted data corresponding to the data calculation request to a data security sandbox, and carrying out intra-sandbox security calculation on the encrypted data through the data security sandbox according to an agreed data calculation model to obtain a calculation result;
and acquiring the calculation result sent by the data security sandbox, and issuing the calculation result to the block chain so that the data demand party can acquire the calculation result through the block chain.
2. The method of claim 1, prior to obtaining the data computation request sent by the data demander through the blockchain, further comprising:
determining a data resource directory corresponding to target service data through a data center station, and publishing a data summary formed by the data resource directory to the block chain, wherein the target service data is service data with an external sharing attribute in service source data acquired by the data center station.
3. The method of claim 1, wherein the querying the data middlebox according to the identity information and the service request information and performing permission approval based on a query result comprises:
inquiring the data middling station according to the identity information to obtain the identity level corresponding to the data demander and the acquirable data level;
inquiring the data middlebox according to the service request information to obtain the data grade of the data to be calculated, which is requested by the data demander;
and if the available data level comprises the data level of the data to be calculated, determining that the permission examination and approval is passed, and issuing the permission examination and approval record to the block chain.
4. The method of claim 3, further comprising, after querying the data middlebox based on the identity information:
if the identity level corresponding to the data demand party and the obtainable data level do not exist in the data center, predicting the identity level of the data demand party through social behavior information of the data demand party in a third-party mechanism;
an acquirable data level in the data corresponding to the predicted identity level is acquired.
5. The method of claim 1, wherein when the permission approval is passed, sending encrypted data corresponding to the data calculation request to a data security sandbox, so as to perform intra-sandbox security calculation on the encrypted data according to an agreed data calculation model by the data security sandbox, thereby obtaining a calculation result, comprises:
when the authority passes the approval, encrypting the data corresponding to the service request information through the data center to obtain encrypted data;
acquiring a data calculation model corresponding to the data demander, wherein the data calculation model is a calculation model customized according to the requirement of the data demander;
and generating an access request according to the encrypted data, the data calculation model and the data provider identity information, sending the access request to the data security sandbox, verifying the identity of a calculation requester based on the data provider identity information in the access request through the data security sandbox, and calculating the encrypted data by adopting the data calculation model when the identity verification is passed to obtain a calculation result.
6. The method of claim 5, further comprising, after sending the access request to the data security sandbox:
and after a calculation result is obtained, issuing a calculation execution record to the block chain through the data security sandbox, and deleting the encrypted data.
7. The method of claim 5, wherein computing, by the data security sandbox, a requestor identity based on data provider identity information in the access request comprises:
calculating the identity information of the data provider through a public key in the data security sandbox to obtain reference identity information;
and when the reference identity information is consistent with the identity information, determining that the identity authentication is passed.
8. The method of claim 1, wherein the data security sandbox is constructed based on a trusted execution environment or is constructed based on a homomorphic cryptographic algorithm and a secure multiparty computing cryptographic algorithm.
9. A power grid data protection system based on a blockchain and a data security sandbox is characterized by comprising the following components: data provider, data security sandbox and data demand side, wherein:
the data demand side is used for issuing a data calculation request to a block chain, acquiring a calculation result issued by the data supply side through the block chain, and issuing evaluation information aiming at the calculation result to the block chain;
the data provider is used for acquiring a data calculation request sent by a data demander through a block chain, and acquiring identity information and service request information in the data calculation request; inquiring a data center station according to the identity information and the service request information, and performing permission examination and approval based on an inquiry result; when the authority passes the examination and approval, sending the encrypted data corresponding to the data calculation request to a data security sandbox; acquiring the calculation result sent by the data security sandbox, and issuing the calculation result to the block chain;
and the data security sandbox is used for carrying out security calculation in the sandbox on the encrypted data according to an agreed data calculation model to obtain the calculation result.
10. The system of claim 9, wherein the data security sandbox comprises an interface, a client access module, a driver module, and a trusted execution environment, wherein:
the interface is used for receiving an access request sent by a data provider and outputting a calculation result to the data provider;
the client access module is used for analyzing an access request sent by a data provider to obtain encrypted data, a data calculation model and data provider identity information, performing identity verification based on the data provider identity information, and sending the encrypted data and the data calculation model to the trusted execution environment;
the driving module is used for driving the trusted execution environment to perform safe calculation in the sandbox on the encrypted data based on the data calculation model;
and the trusted execution environment is used for carrying out safe calculation in the sandbox on the encrypted data based on the data calculation model to obtain a calculation result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011360530.9A CN112347470A (en) | 2020-11-27 | 2020-11-27 | Power grid data protection method and system based on block chain and data security sandbox |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011360530.9A CN112347470A (en) | 2020-11-27 | 2020-11-27 | Power grid data protection method and system based on block chain and data security sandbox |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112347470A true CN112347470A (en) | 2021-02-09 |
Family
ID=74366072
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011360530.9A Pending CN112347470A (en) | 2020-11-27 | 2020-11-27 | Power grid data protection method and system based on block chain and data security sandbox |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112347470A (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108830601A (en) * | 2018-06-25 | 2018-11-16 | 上海延华大数据科技有限公司 | Smart city information security application method and system based on block chain |
| CN112580107A (en) * | 2021-02-23 | 2021-03-30 | 布比(北京)网络技术有限公司 | Data opening method based on block chain, data acquisition method and corresponding devices |
| CN112837043A (en) * | 2021-03-04 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and electronic equipment |
| CN113177790A (en) * | 2021-04-27 | 2021-07-27 | 北京海泰方圆科技股份有限公司 | Block chain-based car booking method, device, equipment and medium for Internet of vehicles |
| CN113268760A (en) * | 2021-07-19 | 2021-08-17 | 浙江数秦科技有限公司 | Distributed data fusion platform based on block chain |
| CN113343284A (en) * | 2021-08-02 | 2021-09-03 | 浙江数秦科技有限公司 | Private data sharing method based on block chain |
| CN113407969A (en) * | 2021-07-01 | 2021-09-17 | 北京深演智能科技股份有限公司 | Safety data processing method, safety data processing device and electronic equipment |
| CN113407990A (en) * | 2021-05-26 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Data circulation processing method, device, system, electronic device and storage medium |
| CN113538149A (en) * | 2021-07-28 | 2021-10-22 | 浙江数秦科技有限公司 | Multisource data fusion platform based on block chain |
| CN113691508A (en) * | 2021-08-06 | 2021-11-23 | 上海浦东发展银行股份有限公司 | Data transmission method, system, device, computer equipment and storage medium |
| CN114417323A (en) * | 2022-01-21 | 2022-04-29 | 北京飞书科技有限公司 | Data reference method, device, equipment and medium |
| CN114640520A (en) * | 2022-03-18 | 2022-06-17 | 哈尔滨工业大学 | User privacy protection method and system based on space-time information in zero-contact network |
| CN114826667A (en) * | 2022-03-22 | 2022-07-29 | 浪潮卓数大数据产业发展有限公司 | Data sharing method, device, equipment and medium based on block chain |
| CN115242554A (en) * | 2022-09-21 | 2022-10-25 | 航天宏图信息技术股份有限公司 | Data use right transaction method and system based on security sandbox |
| CN115567254A (en) * | 2022-09-06 | 2023-01-03 | 浪潮软件股份有限公司 | Method and system for realizing public data open to outside based on calculation model |
| CN115694778A (en) * | 2022-09-14 | 2023-02-03 | 广州芳禾数据有限公司 | Tobacco data cross-domain secure circulation method and system |
| WO2023029655A1 (en) * | 2021-09-06 | 2023-03-09 | 中兴通讯股份有限公司 | Data sharing method, network side device, system, electronic device, and storage medium |
| CN116260823A (en) * | 2023-05-15 | 2023-06-13 | 南方电网数字电网研究院有限公司 | Controlled data sharing method, device, computer equipment and storage medium |
| WO2023185862A1 (en) * | 2022-03-30 | 2023-10-05 | 中国联合网络通信集团有限公司 | Multi-party computation method and system based on blockchain system |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241360A (en) * | 2017-08-04 | 2017-10-10 | 北京明朝万达科技股份有限公司 | A kind of data safety shares exchange method and data safety shares switching plane system |
| CN108830601A (en) * | 2018-06-25 | 2018-11-16 | 上海延华大数据科技有限公司 | Smart city information security application method and system based on block chain |
| CN109660358A (en) * | 2019-01-08 | 2019-04-19 | 余炀 | A kind of data circulation method based on block chain and secure execution environments |
| CN109670340A (en) * | 2018-12-29 | 2019-04-23 | 湖南网数科技有限公司 | A kind of secure and trusted exchange sharing method and system of medical data |
| US20190158275A1 (en) * | 2017-11-22 | 2019-05-23 | Michael Beck | Digital containers for smart contracts |
| CN110109930A (en) * | 2019-05-15 | 2019-08-09 | 山东省计算中心(国家超级计算济南中心) | Government data storage, querying method and system based on block chain duplex structure |
| US20190370081A1 (en) * | 2018-05-31 | 2019-12-05 | Microsoft Technology Licensing, Llc | Dynamic Compute Resource Assignment And Scalable Computing Environment Generation For Live Environments |
| CN110826053A (en) * | 2019-10-11 | 2020-02-21 | 北京市天元网络技术股份有限公司 | Container-based data sandbox operation result safe output method and device |
| CN111159180A (en) * | 2019-12-18 | 2020-05-15 | 国家电网有限公司大数据中心 | Data processing method and system based on data resource directory construction |
| CN111221903A (en) * | 2019-12-18 | 2020-06-02 | 中思博安科技(北京)有限公司 | Data tracing method, system and computer storage medium |
| CN111416704A (en) * | 2020-03-17 | 2020-07-14 | 中国建设银行股份有限公司 | Data processing method, device and system based on block chain |
| CN111581292A (en) * | 2020-05-18 | 2020-08-25 | 中国工业互联网研究院 | Industrial Internet data asset right confirming and trading method and platform |
| CN111597583A (en) * | 2020-05-19 | 2020-08-28 | 北京链道科技有限公司 | Data sharing and exchanging method based on block chain |
| US20200293514A1 (en) * | 2019-03-12 | 2020-09-17 | International Business Machines Corporation | Managing access by third parties to data in a network |
| CN111698322A (en) * | 2020-06-11 | 2020-09-22 | 福州数据技术研究院有限公司 | Medical data safety sharing method based on block chain and federal learning |
| CN111783160A (en) * | 2020-09-07 | 2020-10-16 | 南京金宁汇科技有限公司 | Government affair data sharing method |
| CN111901432A (en) * | 2020-07-31 | 2020-11-06 | 广东尚恒智汇科技发展有限公司 | Block chain-based safety data exchange method |
| US20210160068A1 (en) * | 2018-12-14 | 2021-05-27 | Advanced New Technologies Co., Ltd. | Data sharing method, apparatus, and system, and electronic device |
-
2020
- 2020-11-27 CN CN202011360530.9A patent/CN112347470A/en active Pending
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241360A (en) * | 2017-08-04 | 2017-10-10 | 北京明朝万达科技股份有限公司 | A kind of data safety shares exchange method and data safety shares switching plane system |
| US20190158275A1 (en) * | 2017-11-22 | 2019-05-23 | Michael Beck | Digital containers for smart contracts |
| US20190370081A1 (en) * | 2018-05-31 | 2019-12-05 | Microsoft Technology Licensing, Llc | Dynamic Compute Resource Assignment And Scalable Computing Environment Generation For Live Environments |
| CN108830601A (en) * | 2018-06-25 | 2018-11-16 | 上海延华大数据科技有限公司 | Smart city information security application method and system based on block chain |
| US20210160068A1 (en) * | 2018-12-14 | 2021-05-27 | Advanced New Technologies Co., Ltd. | Data sharing method, apparatus, and system, and electronic device |
| CN109670340A (en) * | 2018-12-29 | 2019-04-23 | 湖南网数科技有限公司 | A kind of secure and trusted exchange sharing method and system of medical data |
| CN109660358A (en) * | 2019-01-08 | 2019-04-19 | 余炀 | A kind of data circulation method based on block chain and secure execution environments |
| US20200293514A1 (en) * | 2019-03-12 | 2020-09-17 | International Business Machines Corporation | Managing access by third parties to data in a network |
| CN110109930A (en) * | 2019-05-15 | 2019-08-09 | 山东省计算中心(国家超级计算济南中心) | Government data storage, querying method and system based on block chain duplex structure |
| CN110826053A (en) * | 2019-10-11 | 2020-02-21 | 北京市天元网络技术股份有限公司 | Container-based data sandbox operation result safe output method and device |
| CN111159180A (en) * | 2019-12-18 | 2020-05-15 | 国家电网有限公司大数据中心 | Data processing method and system based on data resource directory construction |
| CN111221903A (en) * | 2019-12-18 | 2020-06-02 | 中思博安科技(北京)有限公司 | Data tracing method, system and computer storage medium |
| CN111416704A (en) * | 2020-03-17 | 2020-07-14 | 中国建设银行股份有限公司 | Data processing method, device and system based on block chain |
| CN111581292A (en) * | 2020-05-18 | 2020-08-25 | 中国工业互联网研究院 | Industrial Internet data asset right confirming and trading method and platform |
| CN111597583A (en) * | 2020-05-19 | 2020-08-28 | 北京链道科技有限公司 | Data sharing and exchanging method based on block chain |
| CN111698322A (en) * | 2020-06-11 | 2020-09-22 | 福州数据技术研究院有限公司 | Medical data safety sharing method based on block chain and federal learning |
| CN111901432A (en) * | 2020-07-31 | 2020-11-06 | 广东尚恒智汇科技发展有限公司 | Block chain-based safety data exchange method |
| CN111783160A (en) * | 2020-09-07 | 2020-10-16 | 南京金宁汇科技有限公司 | Government affair data sharing method |
Non-Patent Citations (5)
| Title |
|---|
| 刘佳等: "区块链在政务系统中的应用研究", 《区块链在政务系统中的应用研究》, vol. 10, no. 11, pages 177 - 104 * |
| 李赫: "《区块链技术金融应用实践》", 30 September 2017, 北京航空航天大学出版社, pages: 132 * |
| 梁伟等: "基于区块链的可信数据交换技术与应用", 《基于区块链的可信数据交换技术与应用》, pages 91 - 96 * |
| 谷宁静;: "基于区块链的电子政务数据共享设计研究", 信息安全与通信保密, no. 04, pages 93 - 99 * |
| 魏生;戴科冕;: "区块链金融场景应用分析及企业级架构探讨", 广东工业大学学报, no. 02, pages 5 - 14 * |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108830601A (en) * | 2018-06-25 | 2018-11-16 | 上海延华大数据科技有限公司 | Smart city information security application method and system based on block chain |
| CN112580107A (en) * | 2021-02-23 | 2021-03-30 | 布比(北京)网络技术有限公司 | Data opening method based on block chain, data acquisition method and corresponding devices |
| CN112837043A (en) * | 2021-03-04 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and electronic equipment |
| CN112837043B (en) * | 2021-03-04 | 2023-07-18 | 腾讯科技(深圳)有限公司 | Block chain-based data processing method and device and electronic equipment |
| CN113177790A (en) * | 2021-04-27 | 2021-07-27 | 北京海泰方圆科技股份有限公司 | Block chain-based car booking method, device, equipment and medium for Internet of vehicles |
| CN113407990A (en) * | 2021-05-26 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Data circulation processing method, device, system, electronic device and storage medium |
| CN113407969A (en) * | 2021-07-01 | 2021-09-17 | 北京深演智能科技股份有限公司 | Safety data processing method, safety data processing device and electronic equipment |
| CN113268760B (en) * | 2021-07-19 | 2021-11-02 | 浙江数秦科技有限公司 | Distributed data fusion platform based on block chain |
| CN113268760A (en) * | 2021-07-19 | 2021-08-17 | 浙江数秦科技有限公司 | Distributed data fusion platform based on block chain |
| CN113538149A (en) * | 2021-07-28 | 2021-10-22 | 浙江数秦科技有限公司 | Multisource data fusion platform based on block chain |
| CN113538149B (en) * | 2021-07-28 | 2024-02-27 | 浙江数秦科技有限公司 | Multi-source data fusion platform based on block chain |
| CN113343284B (en) * | 2021-08-02 | 2021-11-02 | 浙江数秦科技有限公司 | Private data sharing method based on block chain |
| CN113343284A (en) * | 2021-08-02 | 2021-09-03 | 浙江数秦科技有限公司 | Private data sharing method based on block chain |
| CN113691508A (en) * | 2021-08-06 | 2021-11-23 | 上海浦东发展银行股份有限公司 | Data transmission method, system, device, computer equipment and storage medium |
| WO2023029655A1 (en) * | 2021-09-06 | 2023-03-09 | 中兴通讯股份有限公司 | Data sharing method, network side device, system, electronic device, and storage medium |
| CN114417323A (en) * | 2022-01-21 | 2022-04-29 | 北京飞书科技有限公司 | Data reference method, device, equipment and medium |
| CN114417323B (en) * | 2022-01-21 | 2023-02-28 | 北京飞书科技有限公司 | Data reference method, device, equipment and medium |
| CN114640520A (en) * | 2022-03-18 | 2022-06-17 | 哈尔滨工业大学 | User privacy protection method and system based on space-time information in zero-contact network |
| CN114826667A (en) * | 2022-03-22 | 2022-07-29 | 浪潮卓数大数据产业发展有限公司 | Data sharing method, device, equipment and medium based on block chain |
| WO2023185862A1 (en) * | 2022-03-30 | 2023-10-05 | 中国联合网络通信集团有限公司 | Multi-party computation method and system based on blockchain system |
| CN115567254A (en) * | 2022-09-06 | 2023-01-03 | 浪潮软件股份有限公司 | Method and system for realizing public data open to outside based on calculation model |
| CN115694778A (en) * | 2022-09-14 | 2023-02-03 | 广州芳禾数据有限公司 | Tobacco data cross-domain secure circulation method and system |
| CN115242554A (en) * | 2022-09-21 | 2022-10-25 | 航天宏图信息技术股份有限公司 | Data use right transaction method and system based on security sandbox |
| CN116260823A (en) * | 2023-05-15 | 2023-06-13 | 南方电网数字电网研究院有限公司 | Controlled data sharing method, device, computer equipment and storage medium |
| CN116260823B (en) * | 2023-05-15 | 2023-09-15 | 南方电网数字电网研究院有限公司 | Controlled data sharing method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112347470A (en) | Power grid data protection method and system based on block chain and data security sandbox | |
| US11025435B2 (en) | System and method for blockchain-based cross-entity authentication | |
| Ali et al. | Applications of blockchains in the Internet of Things: A comprehensive survey | |
| US11038670B2 (en) | System and method for blockchain-based cross-entity authentication | |
| CN109450910B (en) | Data sharing method based on block chain, data sharing network and electronic equipment | |
| US20230087557A1 (en) | System for privacy protection during iot secure data sharing and method thereof | |
| WO2020098336A1 (en) | Data sharing method and apparatus, and digital gateway and computer-readable storage medium | |
| US11422981B2 (en) | Information management and access control in a database | |
| CN109525671B (en) | Block chain-based data storage method, electronic device and storage medium | |
| CN111600908B (en) | Data processing method, system, computer device and readable storage medium | |
| TW201947446A (en) | Blockchain-based information supervision method and device | |
| CN114172735A (en) | Double-chain mixed block chain data sharing method and system based on intelligent contract | |
| CN113901505B (en) | Data sharing method and device, electronic equipment and storage medium | |
| WO2021074742A1 (en) | Chaincode recommendation based on existing chaincode | |
| KR20220160100A (en) | Cross-Network Identity Provisioning | |
| Miorandi et al. | Sticky policies: A survey | |
| Wu et al. | A blockchain based access control scheme with hidden policy and attribute | |
| CN114357490A (en) | Data sharing method, device and system based on block chain | |
| CN113271366B (en) | Data sharing system based on block chain and safety calculation | |
| Zhai et al. | TVS: a trusted verification scheme for office documents based on blockchain | |
| Thilagavathy et al. | A novel framework paradigm for EMR management cloud system authentication using blockchain security network | |
| US20210174292A1 (en) | Anonymization of partners | |
| CN113239376B (en) | Data sharing method, request method and device based on block chain | |
| CN114329512A (en) | Encrypted data asset right confirming, managing and using method and device based on block chain | |
| CN114239043A (en) | Shared encryption storage system constructed based on block chain technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |