CN113126996B - Code auditing method, device and system - Google Patents

Code auditing method, device and system Download PDF

Info

Publication number
CN113126996B
CN113126996B CN201911414568.7A CN201911414568A CN113126996B CN 113126996 B CN113126996 B CN 113126996B CN 201911414568 A CN201911414568 A CN 201911414568A CN 113126996 B CN113126996 B CN 113126996B
Authority
CN
China
Prior art keywords
data
code
auditing
source code
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911414568.7A
Other languages
Chinese (zh)
Other versions
CN113126996A (en
Inventor
王蜀洪
唐璐莹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huakong Tsingjiao Information Technology Beijing Co Ltd
Original Assignee
Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huakong Tsingjiao Information Technology Beijing Co Ltd filed Critical Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority to CN201911414568.7A priority Critical patent/CN113126996B/en
Publication of CN113126996A publication Critical patent/CN113126996A/en
Application granted granted Critical
Publication of CN113126996B publication Critical patent/CN113126996B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/43Checking; Contextual analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a method, a device and a system for auditing codes, which are applied to auditing source codes of calculation logic of a target data set of a data consumer in a data transaction process, wherein the code auditing method comprises the steps of receiving the source codes of the data consumer; transmitting a source code or an auditing result of the source code to a data provider, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule; receiving a verification result from a data provider, wherein the verification result is obtained by verifying an audit result of a source code; based on the verification result, it is determined whether to execute the computing logic of the source code. The code auditing method can ensure effective control and reasonable authorization of the data use right.

Description

Code auditing method, device and system
Technical Field
The present application relates to the field of data applications, and in particular, to a method, apparatus, and system for code auditing.
Background
In the existing data transaction process, the data of the transaction is directly provided to a data demander. For safety, some sensitive data are encrypted for transmission to prevent information leakage in the transmission process, but the data in the plaintext are obtained by the final demander. This means that no matter what the contract between the supplier of the data and the demander is, the end demander can get the data in full plain text, i.e. get ownership of the data.
Since the existing data transaction method can cause the diffusion of ownership of data, plaintext data is leaked to a demander, the rights of a data provider are damaged, and the transaction intention of the data provider is adversely affected. Thus, a transaction of the usage rights of the data set may be completed between the data provider and the demander, instead of a transaction of the ownership rights of the data set. The demander can use the data set to carry out multiparty safe calculation based on the transaction platform and obtain the calculation result, but the data set is in an encrypted state in the calculation process, and other subjects except the data provider do not obtain the target data set in the plaintext.
Since the transaction of the right to use the data set is completed between the data provider and the demander, the right to use the data set needs to be further managed.
Disclosure of Invention
The application provides a method, a device and a system for code auditing, which can realize effective control and reasonable authorization of data use rights.
In order to solve the technical problems, the application provides a code auditing method, which is applied to auditing source codes of calculation logic of a target data set of a data consumer in a data transaction process, and comprises the following steps: receiving the source code of the data consumer; transmitting the source code or an auditing result of the source code to a data provider, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule; receiving a verification result from the data provider, wherein the verification result is obtained by verifying the auditing result of the source code; and determining whether to execute the computing logic of the source code based on the verification result.
Optionally, before receiving the verification result from the data provider, the method further includes: receiving a calculation request containing the source code of the data user; responding to the calculation request, and sending an authorization request to the data provider; the step of determining whether to execute the computing logic of the source code based on the verification result includes: the computing logic of the source code is executed when the verification result includes an authorization token.
Optionally, the step after receiving the verification result from the data provider includes: and sending the verification result to the data user.
Optionally, before receiving the verification result from the data provider, the method further includes: receiving an authorization request of the data user; responding to the authorization request, and sending the authorization request to the data provider; the receiving of the verification result from the data provider further comprises: and sending the verification result to the data user.
Optionally, the verification result includes an authorization token, and the step of determining whether to execute the computing logic of the source code based on the verification result includes: receiving the authorization token of the data consumer and a calculation request containing the source code; and executing the calculation logic of the source code under the condition that the authorization token is verified to be legal.
Optionally, the computing request includes first description information of the source code, the authorization request includes the first description information, and the authorization token is obtained by verifying consistency of non-repudiatable information of the auditing result and verifying consistency of the first description information and second description information of the auditing result; wherein the first description information includes: target data set information and calculation logic; the second description information includes: and auditing the target data set information and the calculation logic description information obtained by the source code.
Optionally, before the step of sending the audit result of the source code to the data provider, the method includes: transmitting the source code to a code auditor; and receiving an auditing result from the code auditing party.
Optionally, before the step of sending the audit result of the source code to the data provider, the method includes: and auditing the source code and obtaining an auditing result.
Optionally, before the step of receiving the source code of the data consumer, the method includes: receiving a data release request of the data provider; and sending a code strategy request to the data provider, wherein the code strategy request is used for indicating the data provider to return a code auditing strategy and a code auditing rule.
Optionally, the step after receiving the source code of the data consumer includes: transmitting the source code to a code manager; the computing logic that determines whether to execute the source code based on the verification result further comprises: and acquiring the source code from the code management party.
Optionally, the method further comprises: and carrying out log certification on at least part of operations of the code auditing method.
In order to solve the technical problems, the application provides a code auditing method, which is applied to auditing source codes of calculation logic of a target data set of a data consumer in a data transaction process, and comprises the following steps: receiving a source code or an auditing result of the source code sent by a data transaction platform, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule; obtaining an audit result of the source code by utilizing the source code, and verifying the audit result of the source code to obtain a verification result, or directly verifying the audit result of the source code to obtain a verification result; and sending the verification result to the data transaction platform to serve as a basis of calculation logic of whether the data transaction platform executes the source code.
Optionally, before sending the verification result to the data transaction platform, the method further includes: receiving an authorization request sent by the data transaction platform, wherein the authorization request comprises first description information of the source code, and the first description information comes from a data user; the verifying the auditing result of the source code to obtain a verification result comprises the following steps: verifying whether the first descriptive information is consistent with the second descriptive information in the auditing result, and if so, generating an authorization token as the verifying result; wherein the first description information includes: target data set information and calculation logic; the second description information includes: and auditing the target data set information and the calculation logic description information obtained by the source code.
Optionally, the obtaining the audit result of the source code by using the source code includes: transmitting the source code to a code auditor; and receiving the auditing result from the code auditing party.
Optionally, the obtaining the audit result of the source code by using the source code includes: and auditing the source code to obtain the auditing result.
Optionally, the method further comprises: and carrying out log certification on at least part of operations of the code auditing method.
In order to solve the technical problems, the application provides a code auditing method, which is applied to auditing source codes of calculation logic of a target data set of a data consumer in a data transaction process, and comprises the following steps: the data use transmits the source code to a data transaction platform; auditing the source code according to a code auditing rule to obtain an auditing result of the source code; the data provider verifies the auditing result of the source code to obtain a verification result; the data providing module sends the verification result to the data transaction platform; the data transaction platform determines whether to execute the computing logic of the source code based on the verification result.
Optionally, before verifying the audit result of the source code by the data provider to obtain a verification result, the method further includes: the data use transmits a calculation request containing the source code to the data transaction platform; responding to the calculation request, and sending an authorization request to the data provider by the data transaction platform; the step of determining whether to execute the computing logic of the source code by the data transaction platform based on the verification result comprises the following steps: the data transaction platform executes the computing logic of the source code when the verification result includes an authorization token.
Optionally, the step after the data providing sends the verification result to the data transaction platform includes: and the data transaction platform sends the verification result to the data user.
Optionally, before verifying the audit result of the source code by the data provider to obtain a verification result, the method further includes: the data use transmits an authorization request to the data transaction platform; responding to the authorization request, and sending the authorization request to the data provider by the data transaction platform; the data providing step further comprises the steps of after sending the verification result to the data transaction platform: and the data transaction platform sends the verification result to the data provider.
Optionally, the verification result includes an authorization token, and the computing logic that determines whether to execute the source code based on the verification result further includes: the data use transmits the authorization token and a calculation request containing the source code to the data transaction platform; and when the data transaction platform verifies that the authorization token is legal, executing the calculation logic of the source code.
Optionally, the computing request includes first description information of the source code, the authorization request includes the first description information, the authorization token is obtained by verifying consistency of non-repudiation information of the auditing result, and verifying consistency of the first description information and second description information of the auditing result, wherein the first description information includes: target data set information and calculation logic; the second description information includes: and auditing the target data set information and the calculation logic description information obtained by the source code.
Optionally, the step of auditing the source code according to the code auditing rule to obtain an auditing result of the source code further includes: and the data transaction platform carries out auditing on the source code to obtain an auditing result of the source code.
Optionally, the step of auditing the source code according to the code auditing rule to obtain an auditing result of the source code further includes: the data transaction platform sends the source code to a code auditor; the code auditor audits the source code to obtain an audit result of the source code; and the code auditing direction sends the auditing result of the source code to the data transaction platform.
Optionally, the step of auditing the source code according to the code auditing rule to obtain an auditing result of the source code further includes: and the data provider carries out auditing on the source code to obtain an auditing result of the source code.
Optionally, the step of auditing the source code according to the code auditing rule to obtain an auditing result of the source code further includes: the data provider transmits the source code to a code auditor; the code auditor audits the source code to obtain an audit result of the source code; and the code auditing party sends the auditing result of the source code to the data provider.
Optionally, after the step of sending the source code to the data transaction platform, the data use includes: the data transaction platform sends the source code to a code management party; the data provider verifies the source code or the auditing result of the source code, and the data provider further comprises the following steps before obtaining the verification result: the data transaction platform obtains the source code from the code manager.
Optionally, the method further comprises: and carrying out log certification on at least part of operations of the code auditing method.
In order to solve the technical problems, the application provides a code auditing system, which comprises a data user, a code auditing party, a data provider and a data transaction platform; the data consumer is used for storing and managing the authorization token of the data provider; the code auditor is used for auditing source codes, returning description information and storing and managing code auditing rules; the data provider is used for verifying an authorization request, verifying the consistency of the descriptive information, issuing the authorization token for the data user and verifying the authorization token; the data transaction platform is used for auditing the source code and verifying the authorization token.
Optionally, the code auditor is independent of the data transaction platform and the data provider, and comprises a code audit module, an audit rule management module and a log security audit module; the data provider comprises an authentication and authorization module and a log security audit module; the data transaction platform comprises a code auditing strategy module, an authentication and authorization module and a log security auditing module; the code auditing module is used for auditing the source code and returning the description information, and the auditing rule management module is used for storing and managing the code auditing rule.
Optionally, the data provider comprises an authentication and authorization module and a log security audit module; the code auditor is integrated in the data transaction platform as a code audit module, and the data transaction platform further comprises an audit rule management module, a code audit strategy module, an authentication authorization module and a log security audit module; the code auditing module is used for auditing the source code and returning the description information, and the auditing rule management module is used for storing and managing the code auditing rule.
Optionally, the data transaction platform comprises a code auditing policy module, an authentication and authorization module and a log security auditing module; the code auditor is integrated in the data provider as a code audit module, and the data provider further comprises an audit rule management module, an authentication and authorization module and a log security audit module; the code auditing module is used for auditing the source code and returning the description information, and the auditing rule management module is used for storing and managing the code auditing rule.
Optionally, the data user includes an authorization information storage module and a log security audit module, the authorization information storage module is used for storing and managing the authorization token of the data provider, and the log security audit module is used for recording and storing the certificate so as to support supervision and examination.
Optionally, the system further comprises a code manager for storing and managing the source code of the data consumer; the code manager comprises a source code storage module and a log security audit module, wherein the source code storage module is used for storing and managing the source code of the data user.
In order to solve the technical problems, the application provides a code auditing device, which comprises a memory and a processor, wherein the memory is connected with the processor, a computer program is stored in the memory, and the method is realized when the computer program is executed by the processor.
To solve the above technical problem, the present application proposes a computer readable storage medium having stored therein a computer program which when executed implements the method described above.
The application discloses a method, a device and a system for code auditing, wherein the method for code auditing comprises the steps of receiving a source code of a data user; transmitting a source code or an auditing result of the source code to a data provider, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule; receiving a verification result from a data provider, wherein the verification result is obtained by verifying an audit result of a source code; based on the verification result, it is determined whether to execute the computing logic of the source code. The code auditing method can ensure effective control and reasonable authorization of the data use right.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a first embodiment of the code audit method of the present application;
FIG. 2 is a schematic diagram of a second embodiment of the code audit method of the present application;
FIG. 3 is a flow chart illustrating the strategy configuration steps of FIG. 2 according to the present application;
FIG. 4 is a schematic diagram of a first process of a second embodiment of the code audit method of the present application;
FIG. 5 is a second flow chart of a second embodiment of the code audit method of the present application;
FIG. 6 is a schematic diagram of a third embodiment of a code audit method of the present application;
FIG. 7 is a first flow chart of a third embodiment of the code audit method of the present application;
FIG. 8 is a second flow chart of a third embodiment of the code audit method of the present application;
FIG. 9 is a third flow chart of a third embodiment of the code audit method of the present application;
FIG. 10 is a flow chart of a fourth embodiment of the code audit method of the present application;
FIG. 11 is a flow chart of a fifth embodiment of the code audit method of the present application;
FIG. 12 is a flowchart of a sixth embodiment of a code audit method of the present application;
FIG. 13 is a flow chart of a seventh embodiment of a code audit method of the present application;
FIG. 14 is a flow chart of an eighth embodiment of the code audit method of the present application;
FIG. 15 is a schematic diagram illustrating the construction of one embodiment of a code audit system of the present application;
FIG. 16 is a schematic diagram of another embodiment of a code audit system of the present application;
FIG. 17 is a schematic diagram of another embodiment of a code audit system of the present application;
FIG. 18 is a schematic diagram illustrating the construction of an embodiment of a code audit device according to the present application;
fig. 19 is a schematic diagram illustrating the structure of an embodiment of a computer-readable storage medium of the present application.
Detailed Description
In order to enable those skilled in the art to better understand the technical solutions of the present application, a method and a system for code auditing provided by the present application are described in further detail below with reference to the accompanying drawings and detailed description.
The participating entities of the code auditing method in the present application, such as a data transaction platform, a data user, a data provider, a code auditor, a code manager, a computing node, etc., may be independent devices (such as mobile phones, computers, servers, etc.), independent programs running on the devices, processes or threads of a certain program running on the devices, etc., which are not limited herein. Different participating subjects may run on the same device or may run independently. The code auditor and the code manager may be the same participating entity.
The code auditing method can be applied to the process of data transaction: the data transaction platform is responsible for interacting with the data user and the data provider, and provides opportunities and ways for data transaction for both parties. The data provider, i.e., the seller in the data transaction, may also be referred to as a data provider. The data consumer, i.e., the buyer in the data transaction, may also be referred to as the data consumer.
The data provider may upload information of the data set for sale to the data transaction platform. The data transaction platform provides a data set information acquisition interface for the data provider, which the data provider can use to upload data set information.
The data consumer can browse and select the data set to purchase the right on the data transaction platform. After the target data set is selected, the data use party sends a transaction request to the transaction platform, and the transaction platform assists the data use party to conduct use right transaction with the data provider. The target data set may be used by the data consumer to calculate after the transaction is completed.
How the data consumer performs the computation of the target data set, or how the target data set is used, is now in the source code submitted by the data consumer, i.e. the computing logic of the data consumer for the target data set is embodied in the source code. To ensure the rationality and validity of data transactions, the data provider may audit the source code provided by the data consumer to ensure that the use of the data set does not exceed the scope of the transaction limit. The code auditing method can be applied to the execution of the data provider and the data consumer when submitting the calculation task after the transaction is completed; and/or before the data provider and the data transaction party conduct transactions, the data provider verifies the codes and then decides whether to agree to conduct the data transactions.
Referring to fig. 1, fig. 1 is a flowchart of a code auditing method according to a first embodiment of the present application. The method and the device are applied to the data transaction process, and the source codes of the calculation logic of the target data set of the data using party are audited. It should be noted that, if there are substantially the same results, the present embodiment is not limited to the flow sequence shown in fig. 1.
The embodiment comprises the following steps:
s11: the data usage sends source code to the data transaction platform.
The data usage sends a task request including source code to the data trafficking platform, the task request may include an authorization request and a calculation request. The task request may include first descriptive information, where the first descriptive information may be target data set information, computational logic, or a manner of acquisition of the computational logic. Computational logic refers to how to use a target dataset for computation, such as queries, statistics, training models, etc.
The first descriptive information is from a data consumer, which is a provider of the source code.
S12: and auditing the source code according to the code auditing rule to obtain an auditing result of the source code.
The data transaction platform receives the source code and responds to the task request of the source code, and the data transaction platform can send the source code to the code management side for storage and backup; the data transaction platform may send a source code and a task request to the data provider.
The source code is audited according to the code audit rule to obtain the audit result of the source code, and in the application, the source code can be audited by a data transaction platform, a data provider or a code auditor. The code audit rules may be determined by the data provider and include data usage, related data, data usage, and commitment information, where commitment information refers to related information such as the data not remaining in an unauthorized environment during use.
In this embodiment, the data provider obtains the source code, and obtains the audit result of the source code using the source code. Specifically, the data provider may complete the auditing work of the source code to obtain the auditing result of the source code, or the data provider may send the source code to the code auditor, and the code auditor may return the auditing result of the source code to the data provider after completing the auditing work of the source code.
In other embodiments, the data transaction platform may complete the auditing work of the source code to obtain the auditing result of the source code, and directly send the auditing result of the source code to the data provider, or the data transaction platform sends the source code to the code auditing party, and the data transaction platform returns the auditing result of the source code to the data transaction platform after the auditing work of the source code is completed by the code auditing party, and then sends the auditing result of the source code to the data provider.
The audit result of the source code may include second descriptive information and non-repudiation information of the audit result of the source code; the second descriptive information may include target data set information obtained by auditing the source code, computational logic descriptive information, and the like; the non-repudiation information may include a hash value, a data signature, or commitment information.
S13: and the data provider verifies the auditing result of the source code to obtain a verification result.
The data provider obtains the auditing result of the source code. Further, the data provider verifies the auditing result of the source code to obtain a verification result.
The auditing work of the source code at least comprises the following contents of whether the auditing code execution logic is consistent with the data use purpose of the auditing rule, whether the data read by the auditing code is consistent with the data of the auditing rule, whether the data read by the auditing code is in the range of the auditing rule, whether the auditing data is safely used, whether the code is safely audited and the like.
And verifying the audit result of the source code may include verifying consistency of non-repudiation information of the audit result of the source code and verifying consistency of the first description information of the authorization request and the second description information of the audit result. And generating an authorization token when the data provider verifies the consistency of non-repudiation information of the auditing result of the source code and verifies the consistency of the first descriptive information of the authorization request and the second descriptive information of the auditing result, namely, the verification result comprises the authorization token. The authorization token comprises information such as a calculation task scope, a use purpose, an owner, a validity period, a signature and the like.
S14: the data provider sends the verification result to the data transaction platform.
The data provider transmits the verification result to the data transaction platform, and when the verification result comprises the authorization token, the data provider transmits the authorization token to the data transaction platform.
S15: the data transaction platform determines whether to execute the computing logic of the source code based on the verification result.
The data transaction platform determines whether to execute the computing logic of the source code based on the verification result. Specifically, when the data transaction platform receives the authorization token and verifies that the authorization token is legitimate, computing logic of the source code is executed. At this time, the data transaction platform issues relevant data to an MPC (Multi-Party Computation, multi-party computing) computing network, which may include a source code and an authorization token; the data provider sends calculation data to the MPC calculation network, wherein the calculation data can comprise information of a target data set, calculation logic or an acquisition mode of the calculation logic; the MPC computing network completes the computation according to the source code, the authorization token and the computing data, and returns the computation result to the data user.
The embodiment discloses a code auditing method which can be applied to a data transaction process, wherein a data use transmits a source code to a data transaction platform, the data transaction platform transmits the source code to a data provider, the source code is audited according to a code auditing rule to obtain an auditing result of the source code, and the data provider verifies the auditing result of the source code to obtain a verification result. The data transaction platform determines whether to implement computing logic of the source code based on the verification result. In this embodiment, two acknowledgements are required for the source code sent by the data consumer: the auditing source code and the auditing result of the verification source code are audited, when verification passes, calculation is executed, and at the moment, the data user can obtain the use right of the data, so that the calculation can be completed, the data provider protects the privacy of the data, the data safety of the data provider in the data transaction process is effectively improved, and the popularization and implementation of the data transaction are promoted; effective control and reasonable authorization of the data use right are ensured.
Specifically, the code auditing method in the present embodiment can be divided into two types: referring to fig. 2, fig. 2 is a schematic diagram of a second embodiment of the code auditing method of the present application. The code auditing method of the embodiment comprises a code auditing synchronous mode, wherein the code auditing synchronous mode comprises a data access stage, a calculation execution stage and a calculation completion stage, and the authentication authorization stage does not complete the code auditing related work. The data access stage completes the policy configuration work, the task computing stage completes the code auditing and authorization token checking work, the computing completion stage completes the log verification work, as shown in fig. 3, and fig. 3 is a flow diagram of the policy configuration steps in fig. 2 of the present application.
And a data access stage: when the data provider 13 makes a data release request, the data transaction platform 11 and the code auditor 14 complete the determination of the code audit policy, and the code auditor 14 complete the distribution of the code audit rule, and the method specifically comprises the following steps:
s01: the data provider 13 transmits a data distribution request to the data transaction platform 11.
S02: the data transaction platform 11 sends a code audit policy request to the data provider 13.
S03: the data provider 13 determines a code auditing policy and sends the code auditing policy to the data transaction platform 11; the data provider 13 provides code auditing rules to the code auditor 14.
In this embodiment, the code audit policy request at least includes information such as a code audit subject, a code audit frequency, and a policy validity period. The code auditing body means that the code entrusts the data transaction platform 11/the code auditing party 14 to complete auditing work or the data provider 13 completes the code auditing work by itself; the code audit frequency refers to one-time audit frequency or multiple-time audit frequency of the code; the policy validity period is a code audit policy validity period that indicates whether the data is valid for, for example, one week, one month, or one year.
Referring to fig. 4-5, fig. 4 is a first flow chart of a second embodiment of the code auditing method according to the present application, and fig. 5 is a second flow chart of the second embodiment of the code auditing method according to the present application. It should be noted that, if there are substantially the same results, the embodiment is not limited to the flow sequence shown in fig. 4. The same parts of this embodiment as those of the above embodiment are not described here again. The embodiment comprises the following steps:
S21: the data usage sends a computing request containing source code to the data transaction platform.
The data consumer 12 sends a calculation request containing source code, i.e. a calculation request of the target data set, to the data transaction platform 11.
S211: the data transaction platform provides source code to the code manager and sends a computational description to the data provider.
In this embodiment, as shown in fig. 5, the data transaction platform 11 transmits a calculation description to the data provider 13 in response to a calculation request, wherein the calculation description includes a source code and an authorization request, and the authorization request includes first description information.
S22: and auditing the source code according to the code auditing rule to obtain an auditing result of the source code.
The auditing of the source code can be completed by the code auditing party 14, namely, the data provider 13 receives the source code and sends the source code to the code auditing party 14, and the code auditing party 14 completes the auditing work of the source code according to the code auditing rule and returns the auditing result of the source code to the data provider.
S23: and the data provider verifies the auditing result of the source code to obtain a verification result.
S24: the data provider sends the verification result to the data transaction platform.
The data provider 13 sends the verification result to the data transaction platform 11, and the data transaction platform 11 returns the verification result to the data consumer 12.
S25: when the verification result includes an authorization token, the data transaction platform executes computing logic of the source code.
When the authentication result includes an authorization token, the data transaction platform 11 and the data provider 13 may provide the data required in the computing logic to participate in completing the computing task when the authorization token is verified as legitimate.
S26: and the data transaction platform returns a verification result to the data user.
In the code auditing and synchronizing scheme of the embodiment, the work of code auditing, authorization, verification and the like is synchronously completed in the task computing stage. Specifically, the data consumer 13 is responsible for submitting the computing request and source code of the data and receiving the results of the computing task. The code manager 15 is responsible for storing the source code provided by the managing data consumer, which is provided to participate in the calculation task during the calculation process. The data provider 13 is responsible for verifying the consistency of the authorization request and the code description information provided by the code auditor, generating the authorization token, verifying the legitimacy of the authorization token, and providing the data required in the computing task to participate in completing the computing task. The data transaction platform 11 is responsible for verifying the legitimacy of the authorization token and also for all data and request circulation work.
It should be noted that after the data consumer 12 receives the authorization token, the later calculation request data is changed into a calculation request and an authorization token, and after the validity and compliance of the authorization token are verified by the data transaction platform 11, the calculation data and the source code can be directly submitted to a calculation network such as MPC to complete the calculation process.
Referring to fig. 6-9, fig. 6 is a schematic diagram of a third embodiment of the code auditing method according to the present application, fig. 7 is a first flow diagram of the third embodiment of the code auditing method according to the present application, fig. 8 is a second flow diagram of the third embodiment of the code auditing method according to the present application, and fig. 9 is a third flow diagram of the third embodiment of the code auditing method according to the present application.
The code auditing method of the embodiment is a code auditing asynchronous mode, and the code auditing asynchronous mode comprises a data access stage, an authentication and authorization stage, a task calculation stage and a calculation completion stage, wherein the data access stage completes policy configuration work, the authentication and authorization stage completes code auditing work, the calculation execution stage completes authorization token checking work, and the calculation completion stage completes log certification work, as shown in fig. 6. It should be noted that, if there are substantially the same results, the present embodiment is not limited to the flow sequence shown in fig. 7. The embodiment comprises the following steps:
S31: the data usage sends a source code and an authorization request to the data transaction platform.
As shown in fig. 7 and 8, steps S31 to S35 are steps of code audit, and the code audit flow is combined in the authentication and authorization phase. The data consumer 12 sends a source code and an authorization request to the data transaction platform 11. The authorization request includes first descriptive information.
S32: and auditing the source code according to the code auditing rule to obtain an auditing result of the source code.
In this embodiment, as shown in fig. 8, the data transaction platform 11 responds to the authorization request, and sends the source code to the code auditor 14 to complete the audit work, so as to obtain the audit result of the source code.
S321: the data transaction platform provides source code to the code manager and sends a computational description to the data provider.
The data transaction platform 11 sends a calculation description to the data provider 13, wherein the calculation description includes the authorization request and the audit result of the source code.
S33: and the data provider verifies the auditing result of the source code to obtain a verification result.
S34: the data provider sends the verification result to the data transaction platform.
S35: and the data transaction platform sends the verification result to the data user.
S36: the data usage sends an authorization token and a computing request containing source code to the data transaction platform.
After completing the code audit process, the data consumer 12 obtains an authorization token. The data consumer 12 continues to send the authorization token and the task request to the data transaction platform 11, the data transaction platform 11 obtains the source code from the code manager 15 and verifies the legitimacy of the authorization token, and when verifying that the authorization token is legitimate, the data transaction platform 11 determines the task and returns to the data consumer 12, and the data consumer 12 submits the calculation request to the data transaction platform 11.
To complete the step of token checking. The authorization token checking flow is incorporated in the task calculation stage, and as shown in fig. 9, steps S36 to S37 are token checking steps.
S37: and when the data transaction platform verifies that the authorization token is legal, executing the calculation logic of the source code.
The data transaction platform 11 receives the authorization token and verifies the legitimacy of the authorization token, and when the data transaction platform 11 verifies that the authorization token is legitimate, the computing logic of the source code is executed.
In the code auditing asynchronous scheme of the embodiment, the code auditing method is divided into two flows, namely code auditing and token checking, wherein the code auditing flows are combined in an authentication and authorization stage, and the token checking is combined in a task computing stage. Unlike the code audit synchronization scheme, the data consumer does not send the calculation request and the authorization request at one time, but sends the calculation request and the authorization token after the authorization request is sent to obtain the authorization token.
Specifically, during the code auditing process, the data consumer 12 is responsible for submitting the data use authorization request and the source code, and receives the authorization token provided by the data provider 13; the code auditing party 14 completes auditing work of the source code according to the code auditing rule and provides second description information and non-repudiation information of the source code, wherein the source code auditing work at least comprises the contents that code execution logic is consistent with the data use purpose of the auditing rule, the data read by the code is consistent with the data of the auditing rule, the data read by the code is used in the auditing rule range, the data is safely used, the code is safely audited and the like; the code manager 15 is responsible for storing the source code provided by the management data consumer 12; the data provider 13 is responsible for verifying the consistency of the first description information of the authorization request and the second description information of the source code auditing result, and generating an authorization token; the data transaction platform 11 is mainly responsible for completing all data and request circulation work.
In the process of token verification, the data consumer 12 is responsible for submitting a calculation request and a task request of data and receiving a result of a calculation task; the code management part 15 is responsible for storing the source code provided by the data user 12, and providing the source code to participate in completing the calculation task in the calculation process; the data provider 13 is responsible for verifying the legitimacy of the authorization token and providing the data needed in the calculation task to participate in completing the calculation task; the data transaction platform 11 is responsible for verifying the legitimacy of the authorization token and also for all data and request circulation work.
In addition, in at least part of the steps of the process, log security audit can be further included to complete log recording and certification in the code audit process, and meanwhile, functions of post-supervision audit and the like are supported.
Referring to fig. 10, fig. 10 is a flowchart illustrating a code auditing method according to a fourth embodiment of the present application. The execution body in this embodiment is a data transaction platform. The same parts as those of the above embodiment in this embodiment are not described here again.
S41: source code provided by a party receiving the data.
S42: and transmitting the source code or the auditing result of the source code to a data provider, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule.
The data transaction platform 11 may transmit the source code to the data provider 13, or the data transaction platform 11 may transmit the audit result of the source code to the data provider 13. Specifically, the data transaction platform 11 may audit the source code to obtain an audit result of the source code, or the data transaction platform 11 may send the source code to the code auditor 14, and then receive the audit result of the source code returned by the code auditor 14, that is, the code auditor completes the code audit work.
In addition, the data transaction platform 11 may also send source code to the code manager 15 for saving, which may be obtained from the code manager 15 when execution of the computing logic is required.
S43: and receiving a verification result from the data provider, wherein the verification result is obtained by verifying the auditing result of the source code.
The computing request comprises first description information of a source code, the authorization request comprises the first description information, and the authorization token is obtained by verifying the consistency of non-repudiation information of the auditing result and verifying the consistency of the first description information and second description information of the auditing result; wherein, the first description information may include: target data set information and calculation logic; the second description information may include: and auditing the target data set information and the calculation logic description information obtained by the source code.
S44: based on the verification result, it is determined whether to execute the computing logic of the source code.
When the verification result includes an authorization token, computing logic of the source code is executed.
Referring to fig. 11, fig. 11 is a flowchart of a code auditing method according to a fifth embodiment of the present application. The execution body in this embodiment is a data transaction platform, and the code auditing method in this embodiment is a code auditing synchronization mode, and the same parts as those in the foregoing embodiment in this embodiment are not described herein again.
S51: a computing request including source code provided by a data consumer is received.
S52: and responding to the calculation request, sending an authorization request and the source code or the auditing result of the source code to a data provider, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule.
S53: and receiving a verification result from the data provider, wherein the verification result is obtained by verifying the auditing result of the source code.
The data transaction platform 11 may also send the verification result to the data consumer.
S54: when the verification result includes an authorization token, computing logic of the source code is executed.
In this embodiment, the data transaction platform 11 adopts a code audit synchronization mode, and completes two steps of code audit and token verification in the task calculation stage.
Referring to fig. 12, fig. 12 is a flowchart of a code auditing method according to a sixth embodiment of the present application. The execution body in this embodiment is a data transaction platform, and the code auditing method in this embodiment is a code auditing asynchronous mode, and the same parts as those in the foregoing embodiment in this embodiment are not described herein again.
S61: a source code and an authorization request provided by a data consumer are received.
S62: and responding to the authorization request, and sending the authorization request and the source code or the auditing result of the source code to the data provider.
S63: and receiving a verification result from the data provider, wherein the verification result is obtained by verifying the auditing result of the source code.
S64: and sending the verification result to the data user.
S65: an authorization token provided by a data consumer and a computing request including source code are received.
S66: and executing the computing logic of the source code under the condition that the authorization token is verified to be legal.
In this embodiment, the data transaction platform 11 adopts a code audit asynchronous mode, and the data transaction platform 11 receives requests provided by the data consumer 12 twice. The data transaction platform 11 completes code auditing in the authentication and authorization stage and completes token checking in the task computing stage.
In addition, the data transaction platform 11 may log at least part of the operations of the code auditing method described above.
Referring to fig. 13, fig. 13 is a flowchart of a seventh embodiment of a code auditing method according to the present application. The execution body in this embodiment is a data provider, and the same parts as those in the above embodiment in this embodiment are not described here again.
S71: and receiving the source code sent by the data transaction platform.
S72: and verifying the auditing result of the source code to obtain a verification result after the auditing result of the source code is obtained by utilizing the source code, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule.
The data provider 13 may also receive an authorization request sent by the data transaction platform 11, where the authorization request includes first description information of a source code, where the first description information is from the data consumer 12, and the first description information may include target data set information and calculation logic, where the data consumer 12 is a provider of the source code.
The data provider 13 verifies whether the first descriptive information is consistent with the second descriptive information in the auditing result, and if so, generates an authorization token as a verification result; the second descriptive information comprises target data set information obtained by auditing the source code and calculation logic descriptive information.
S73: and sending the verification result to the data transaction platform to be used as the basis of the calculation logic of whether the data transaction platform executes the source code.
In this embodiment, the data provider 13 obtains the source code sent by the data transaction platform 11, and the data provider 13 may audit the source code to obtain an audit result of the source code; alternatively, the data provider may send the source code to the code auditor 14, and obtain the audit result of the source code returned by the code auditor 14. The data provider 13 verifies the result of the audit of the source code.
Referring to fig. 14, fig. 14 is a flowchart of an eighth embodiment of the code audit method according to the present application. The execution body in this embodiment is a data provider, and the same parts as those in the above embodiment in this embodiment are not described here again.
S81: and receiving an auditing result of the source code sent by the data transaction platform, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule.
S82: and verifying the auditing result of the source code to obtain a verification result.
S83: and sending the verification result to the data transaction platform to be used as the basis of the calculation logic of whether the data transaction platform executes the source code.
In this embodiment, the data provider 13 performs the code auditing method, and the data provider 13 receives the auditing result of the source code sent by the data transaction platform 11 and directly verifies the auditing result of the source code.
In addition, the data provider 13 may log at least part of the operations of the code audit method described above.
Based on the code auditing method, the application further provides a code auditing system. Referring to FIG. 15, FIG. 15 is a schematic diagram illustrating an embodiment of a code audit system according to the present application. The system may include a data consumer 12, a code auditor 14, a data provider 13, and a data transaction platform 11. In the present embodiment, the code auditor 14 is independent of the data transaction platform 11 and the data provider 13, and the data transaction platform 11 is connected to the data consumer 12, the code auditor 14, and the data provider 13, respectively.
The data consumer 12 is arranged to store and manage authorization tokens for the data provider 13; the code auditor 14 is used for auditing source codes, returning description information and storing and managing code auditing rules; the data provider 13 is used for verifying authorization requests, verifying consistency of descriptive information, issuing authorization tokens for the data consumer 12, and verifying authorization tokens; the data transaction platform 11 is used to audit the source code and verify the authorization token.
Specifically, the code auditor 14 includes a code auditing module, an auditing rule management module; the code auditing module of the code auditor 14 is used for auditing the source code and returning the description information, and the auditing rule management module is used for storing and managing the code auditing rules.
The data provider 13 includes an authentication authorization module; the authentication and authorization module of the data provider 13 is mainly responsible for verifying the consistency of the authorization request and the description information provided by the code auditor 14.
The data transaction platform 11 comprises a code auditing strategy module and an authentication and authorization module; the code audit policy module of the data transaction platform 11 is responsible for completing the functions of negotiating the code audit policy with the data provider 13, and the authentication authorization module is responsible for verifying the authorization token.
The data consumer 12 includes an authorization information storage module; the authorization information store of the data consumer 12 is used to store and manage authorization tokens for the data provider 13.
The code auditing system further comprises a code manager 15, wherein the code manager 15 is used for storing and managing source codes provided by the data user 12; the code manager 15 comprises a source code storage module for storing and managing the source code provided by the data consumer 12.
In addition, there is a log security audit module in all participants of the system. The log security audit module is used for recording and storing certificates to support supervision and inspection, namely, the log security audit module can be responsible for recording and storing the logs in the process of completing code audit and simultaneously support functions such as post supervision and inspection.
Referring to FIG. 16, FIG. 16 is a schematic diagram illustrating an embodiment of a code audit system according to the present application. In this embodiment, the code auditor 14 is integrated inside the data transaction platform 11 as a code audit module, i.e. the code auditor 14 is combined with the data transaction platform 11. The data transaction platform 11 is connected to a data consumer 12 and a data provider 13, respectively. The same parts as those of the above embodiment are not repeated here.
The data provider 13 includes an authentication and authorization module and a log security audit module; the data transaction platform 11 further comprises a code auditing module, an auditing rule management module, a code auditing strategy module, an authentication and authorization module and a log security auditing module; the data consumer 12 includes an authorization information store module and a log security audit module.
Referring to FIG. 17, FIG. 17 is a schematic diagram of another embodiment of a code audit system according to the present application. In this embodiment, the code auditor 14 is integrated inside the data provider 13 as a code audit module, i.e. the code auditor 14 is integrated with the data provider 13. The data transaction platform 11 is connected to a data consumer 12 and a data provider 13, respectively. The same parts as those of the above embodiment are not repeated here.
The data transaction platform 11 comprises a code auditing strategy module, an authentication and authorization module and a log security auditing module; the data provider 13 further includes a code auditing module, an auditing rule management module, an authentication authorization module, and a log security auditing module; the data consumer 12 includes an authorization information store module and a log security audit module.
Based on the code auditing method, the application further provides a code auditing system. Referring to fig. 18, fig. 18 is a schematic structural diagram of an embodiment of a code auditing apparatus according to the present application. The code auditing device 200 comprises a memory 21 and a processor 22, the memory 21 is connected with the processor 22, and a computer program is stored in the memory 21, and the computer program realizes the method when being executed by the processor 22.
In the present embodiment, the processor 22 may also be referred to as a CPU (central processing unit ). The processor 22 may be an integrated circuit chip having signal processing capabilities. Processor 22 may also be a general purpose processor, a Data Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Based on the code auditing method, the application also provides a computer readable storage medium. Referring to fig. 19, fig. 19 is a schematic diagram of a computer readable storage medium according to an embodiment of the application. The computer-readable storage medium 300 stores therein a computer program 31, which when executed implements the above-described method.
Further, the computer readable storage medium 300 may be a usb disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic tape, or a compact disc, etc. which may store the program code.
It is to be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. Further, for convenience of description, only some, but not all, of the structures related to the present application are shown in the drawings. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terms "first," "second," and the like in this disclosure are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
The foregoing description is only of embodiments of the present application, and is not intended to limit the scope of the application, and all equivalent structures or equivalent processes using the descriptions and the drawings of the present application or directly or indirectly applied to other related technical fields are included in the scope of the present application.

Claims (60)

1. The code auditing method is characterized by being applied to a data transaction platform, wherein in the data transaction process, a data provider is used as a seller, information of a data set for sale is uploaded to the data transaction platform, a data user is used as a buyer, the data set selected by the data user on the data transaction platform is used as a target data set, and the auditing is carried out on the source code of the calculation logic of the target data set selected by the data user, and the method comprises the following steps:
receiving the source code of the data user and first description information of the source code; the first description information includes: target data set information and calculation logic;
transmitting an auditing result of the source code to the data provider, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule; the auditing result corresponds to second descriptive information, and the second descriptive information comprises: auditing the target data set information and the calculation logic description information obtained by the source code;
the first description information and the auditing result are sent to the data provider, and a verification result from the data provider is received, wherein the verification result is obtained by verifying the auditing result of the source code; the step of verifying the auditing result of the source code comprises the following steps: verifying consistency of the first descriptive information and the second descriptive information;
And determining whether to execute the computing logic of the source code based on the verification result.
2. The code auditing method of claim 1, wherein the receiving a verification result from the data provider is preceded by:
receiving a calculation request containing the source code of the data user;
responding to the calculation request, and sending an authorization request to the data provider;
the step of determining whether to execute the computing logic of the source code based on the verification result includes:
the computing logic of the source code is executed when the verification result includes an authorization token.
3. The code auditing method of claim 2, wherein the computing request includes first descriptive information of the source code, the authorization request includes the first descriptive information, the authorization token is derived for verifying non-repudiation information consistency of the audit result, and verifying that the first descriptive information and second descriptive information of the audit result are consistent.
4. The code auditing method of claim 2, wherein the step after receiving the verification result from the data provider comprises:
And sending the verification result to the data user.
5. The code auditing method of claim 1, wherein the receiving a verification result from the data provider is preceded by:
receiving an authorization request of the data user;
responding to the authorization request, and sending the authorization request to the data provider;
the receiving of the verification result from the data provider further comprises:
and sending the verification result to the data user.
6. The code auditing method of claim 5, wherein the validation result includes an authorization token, and the step of determining whether to execute the computing logic of the source code based on the validation result comprises:
receiving the authorization token of the data consumer and a calculation request containing the source code;
and executing the calculation logic of the source code under the condition that the authorization token is verified to be legal.
7. The code auditing method of claim 6, wherein the computing request includes first descriptive information of the source code, the authorization request includes the first descriptive information, the authorization token is derived for verifying non-repudiation information consistency of the audit result, and verifying that the first descriptive information and second descriptive information of the audit result are consistent.
8. The code auditing method of claim 1, wherein before the step of sending the auditing result of the source code to the data provider, comprising:
transmitting the source code to a code auditor;
and receiving an auditing result from the code auditing party.
9. The code auditing method of claim 1, wherein before the step of sending the auditing result of the source code to the data provider, comprising:
and auditing the source code and obtaining an auditing result.
10. The code auditing method of claim 1, wherein prior to the step of receiving the source code of the data consumer and the first descriptive information of the source code, the method comprises:
receiving a data release request of the data provider;
and sending a code strategy request to the data provider, wherein the code strategy request is used for indicating the data provider to return a code auditing strategy and a code auditing rule.
11. The code auditing method of claim 1, wherein the step of receiving the source code of the data consumer and the first descriptive information of the source code is followed by:
Transmitting the source code to a code manager;
the computing logic that determines whether to execute the source code based on the verification result further comprises:
and acquiring the source code from the code management party.
12. The code auditing method of any of claims 1-11, further comprising: and carrying out log certification on at least part of operations of the code auditing method.
13. The code auditing method is characterized by being applied to a data transaction platform, wherein in the data transaction process, a data provider is used as a seller, information of a data set for sale is uploaded to the data transaction platform, a data user is used as a buyer, the data set selected by the data user on the data transaction platform is used as a target data set, and the auditing is carried out on the source code of the calculation logic of the target data set selected by the data user, and the method comprises the following steps:
receiving the source code of the data user and first description information of the source code; the first description information includes: target data set information and calculation logic;
transmitting the source code and first description information of the source code to the data provider;
Receiving a verification result from the data provider, wherein the verification result is obtained by verifying the source code to obtain a verification result and verifying the verification result, and the verification result of the source code is obtained by verifying the source code according to a code verification rule; the auditing result corresponds to second descriptive information, and the second descriptive information comprises: auditing the target data set information and the calculation logic description information obtained by the source code; the step of verifying the auditing result comprises the following steps: verifying consistency of the first descriptive information and the second descriptive information;
and determining whether to execute the computing logic of the source code based on the verification result.
14. The code auditing method of claim 13, wherein the receiving a verification result from the data provider is preceded by:
receiving a calculation request containing the source code of the data user;
responding to the calculation request, and sending an authorization request to the data provider;
the step of determining whether to execute the computing logic of the source code based on the verification result includes:
The computing logic of the source code is executed when the verification result includes an authorization token.
15. The code auditing method of claim 14, wherein the computing request includes first descriptive information of the source code, the authorization request includes the first descriptive information, the authorization token is derived for verifying non-repudiation information consistency of the audit result, and verifying that the first descriptive information and second descriptive information of the audit result are consistent.
16. The code auditing method of claim 14, wherein the step after receiving the verification result from the data provider comprises:
and sending the verification result to the data user.
17. The code auditing method of claim 13, wherein the receiving a verification result from the data provider is preceded by:
receiving an authorization request of the data user;
responding to the authorization request, and sending the authorization request to the data provider;
the receiving of the verification result from the data provider further comprises:
and sending the verification result to the data provider.
18. The code auditing method of claim 17, wherein the validation result includes an authorization token, and the step of determining whether to execute the computing logic of the source code based on the validation result comprises:
receiving the authorization token of the data consumer and a calculation request containing the source code;
and executing the calculation logic of the source code under the condition that the authorization token is verified to be legal.
19. The code auditing method of claim 18, wherein the computing request includes first descriptive information of the source code, the authorization request includes the first descriptive information, the authorization token is derived for verifying non-repudiation information consistency of the audit result, and verifying that the first descriptive information and second descriptive information of the audit result are consistent.
20. The code auditing method of claim 13, wherein prior to the step of receiving the source code of the data consumer and the first descriptive information of the source code, the method comprises:
receiving a data release request of the data provider;
and sending a code strategy request to the data provider, wherein the code strategy request is used for indicating the data provider to return a code auditing strategy and a code auditing rule.
21. The code auditing method of claim 13, wherein the step of receiving the source code of the data consumer and the first descriptive information of the source code is followed by:
transmitting the source code to a code manager;
the computing logic that determines whether to execute the source code based on the verification result further comprises:
and acquiring the source code from the code management party.
22. A code auditing method according to any of claims 13-21, further comprising: and carrying out log certification on at least part of operations of the code auditing method.
23. The code auditing method is characterized by being applied to a data provider, wherein the data provider is used as a seller in the data transaction process, the data provider uploads information of a data set for sale to a data transaction platform, a data user is used as a buyer, the data set selected by the data user on the data transaction platform is used as a target data set, and the auditing is performed on the source code of the calculation logic of the target data set selected by the data user, and the method comprises the following steps:
receiving a source code of the data user and first description information of the source code forwarded by the data transaction platform; the first description information includes: target data set information and calculation logic;
Obtaining an auditing result of the source code by utilizing the source code, and verifying the auditing result of the source code to obtain a verification result, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule; the auditing result corresponds to second descriptive information, and the second descriptive information comprises: auditing the target data set information and the calculation logic description information obtained by the source code; the step of verifying the auditing result comprises the following steps: verifying consistency of the first descriptive information and the second descriptive information;
and sending the verification result to the data transaction platform to serve as a basis of calculation logic of whether the data transaction platform executes the source code.
24. The code auditing method of claim 23, wherein before the sending the verification result to the data transaction platform further comprises:
receiving an authorization request sent by the data transaction platform, wherein the authorization request comprises first description information of the source code, and the first description information comes from a data user;
the verifying the auditing result of the source code to obtain a verification result comprises the following steps:
Verifying whether the first descriptive information is consistent with the second descriptive information in the auditing result, and if so, generating an authorization token as the verifying result.
25. The code auditing method of claim 23, wherein said utilizing the source code to obtain the audit result of the source code comprises:
transmitting the source code to a code auditor;
and receiving the auditing result from the code auditing party.
26. The code auditing method of claim 23, wherein said utilizing the source code to obtain the audit result of the source code comprises:
and auditing the source code to obtain the auditing result.
27. A code auditing method according to any of claims 23-26, further comprising: and carrying out log certification on at least part of operations of the code auditing method.
28. The code auditing method is characterized by being applied to a data provider, wherein the data provider is used as a seller in the data transaction process, the data provider uploads information of a data set for sale to a data transaction platform, a data user is used as a buyer, the data set selected by the data user on the data transaction platform is used as a target data set, and the auditing is performed on the source code of the calculation logic of the target data set selected by the data user, and the method comprises the following steps:
Receiving an auditing result of a source code of the data user and first description information of the source code, which are sent by the data transaction platform, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule; the auditing result corresponds to second descriptive information, and the second descriptive information comprises: auditing the target data set information and the calculation logic description information obtained by the source code; the first description information includes: target data set information and calculation logic;
verifying the auditing result of the source code to obtain a verification result; the step of verifying the auditing result of the source code comprises the following steps: verifying consistency of the first descriptive information and the second descriptive information;
and sending the verification result to the data transaction platform to serve as a basis of calculation logic of whether the data transaction platform executes the source code.
29. The code auditing method of claim 28, wherein before the sending the verification result to the data transaction platform further comprises:
receiving an authorization request sent by the data transaction platform, wherein the authorization request comprises first description information of the source code, the first description information comes from a data user, and the data user is a provider of the source code;
The verifying the auditing result of the source code to obtain a verification result comprises the following steps:
verifying whether the first descriptive information is consistent with the second descriptive information in the auditing result, and if so, generating an authorization token as the verifying result.
30. A code auditing method according to any of claims 28-29, further comprising: and carrying out log certification on at least part of operations of the code auditing method.
31. The code auditing method is characterized by being applied to a code auditing system, wherein the code auditing system comprises a data user, a data provider and a data transaction platform, the data provider is used as a seller in the data transaction process to upload information of a data set to be sold to the data transaction platform, the data user is used as a buyer, the data set selected by the data user on the data transaction platform is used as a target data set, and the auditing is performed on the source code of the calculation logic of the target data set selected by the data user, and the method comprises the following steps:
the data use transmits the source code and first description information corresponding to the source code to the data transaction platform; the first description information includes: target data set information and calculation logic;
The data transaction platform sends an auditing result of the source code and the first description information to the data provider, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule; the auditing result corresponds to second descriptive information, and the second descriptive information comprises: auditing the target data set information and the calculation logic description information obtained by the source code;
the data provider verifies the auditing result of the source code to obtain a verification result; the step of verifying the auditing result of the source code comprises the following steps: verifying consistency of the first descriptive information and the second descriptive information;
the data providing module sends the verification result to the data transaction platform;
the data transaction platform determines whether to execute the computing logic of the source code based on the verification result.
32. A code auditing method according to claim 31, wherein the data provider before verifying the audit result of the source code to obtain a verification result further comprises:
the data use transmits a calculation request containing the source code to the data transaction platform;
Responding to the calculation request, and sending an authorization request to the data provider by the data transaction platform;
the step of determining whether to execute the computing logic of the source code by the data transaction platform based on the verification result comprises the following steps:
the data transaction platform executes the computing logic of the source code when the verification result includes an authorization token.
33. A code auditing method according to claim 32, wherein the computation request includes first descriptive information of the source code, the authorization request includes the first descriptive information, the authorization token is derived for verifying non-repudiation information consistency of the audit result, and verifying that the first descriptive information and second descriptive information of the audit result are consistent.
34. The code auditing method of claim 32, wherein the step after the data provider sends the verification result to the data transaction platform comprises:
and the data transaction platform sends the verification result to the data user.
35. A code auditing method according to claim 31, wherein the data provider before verifying the audit result of the source code to obtain a verification result further comprises:
The data use transmits an authorization request to the data transaction platform;
responding to the authorization request, and sending the authorization request to the data provider by the data transaction platform;
the data providing step further comprises the steps of after sending the verification result to the data transaction platform:
and the data transaction platform sends the verification result to the data provider.
36. The code auditing method of claim 35, wherein the validation result comprises an authorization token, and the computing logic that determines whether to execute the source code based on the validation result further comprises:
the data use transmits the authorization token and a calculation request containing the source code to the data transaction platform;
and when the data transaction platform verifies that the authorization token is legal, executing the calculation logic of the source code.
37. A code auditing method according to claim 36, wherein the computation request includes first descriptive information of the source code, the authorization request includes the first descriptive information, the authorization token is derived for verifying non-repudiation information consistency of the audit result, and verifying that the first descriptive information and second descriptive information of the audit result are consistent.
38. The code auditing method of claim 31, wherein before the step of the data transaction platform sending the auditing results of the source code and the first descriptive information to the data provider, the method further comprises:
and the data transaction platform carries out auditing on the source code to obtain an auditing result of the source code.
39. The code auditing method of claim 31, wherein before the step of the data transaction platform sending the auditing results of the source code and the first descriptive information to the data provider, the method further comprises:
the data transaction platform sends the source code to a code auditor;
the code auditor audits the source code to obtain an audit result of the source code;
and the code auditing direction sends the auditing result of the source code to the data transaction platform.
40. The code auditing method of claim 31, wherein after the step of the data usage transmitting the source code and the first descriptive information corresponding to the source code to the data transaction platform, comprising:
the data transaction platform sends the source code to a code management party;
The data provider verifies the source code or the auditing result of the source code, and the data provider further comprises the following steps before obtaining the verification result:
the data transaction platform obtains the source code from the code manager.
41. A code auditing method according to any of claims 31-40, further comprising: and carrying out log certification on at least part of operations of the code auditing method.
42. The code auditing method is characterized by being applied to a code auditing system, wherein the code auditing system comprises a data user, a data provider and a data transaction platform, the data provider is used as a seller in the data transaction process to upload information of a data set to be sold to the data transaction platform, the data user is used as a buyer, the data set selected by the data user on the data transaction platform is used as a target data set, and the auditing is performed on the source code of the calculation logic of the target data set selected by the data user, and the method comprises the following steps:
the data use transmits a source code and first description information corresponding to the source code to the data transaction platform; the first description information includes: target data set information and calculation logic;
The data transaction platform sends the source code and first description information of the source code to the data provider;
the data provider verifies the auditing result of the source code to obtain a verification result after the auditing result of the source code is obtained by utilizing the source code, wherein the auditing result of the source code is obtained by auditing the source code according to a code auditing rule; the auditing result corresponds to second descriptive information, and the second descriptive information comprises: auditing the target data set information and the calculation logic description information obtained by the source code; the step of verifying the auditing result of the source code comprises the following steps: verifying consistency of the first descriptive information and the second descriptive information;
the data providing module sends the verification result to the data transaction platform;
the data transaction platform determines whether to execute the computing logic of the source code based on the verification result.
43. A code auditing method as defined in claim 42, wherein the data provider further comprises, before verifying the audit result of the source code to obtain a verification result:
The data use transmits a calculation request comprising the source code to the data transaction platform;
the data transaction platform responds to the calculation request and sends an authorization request to the data provider;
the step of determining whether to execute the computing logic of the source code by the data transaction platform based on the verification result comprises the following steps:
the data transaction platform executes the computing logic of the source code when the verification result includes an authorization token.
44. A code auditing method as described in claim 43, wherein said computing request includes first descriptive information for said source code, said authorization request includes said first descriptive information, and said authorization token is derived to verify that said first descriptive information is consistent with second descriptive information in said auditing result.
45. The code auditing method of claim 43, wherein the step after the data provider sends the verification result to the data transaction platform comprises:
and the data transaction platform sends the verification result to the data user.
46. A code auditing method as defined in claim 42, wherein the data provider further comprises, before verifying the audit result of the source code to obtain a verification result:
The data use transmits an authorization request to the data transaction platform;
responding to the authorization request, and sending the authorization request to the data provider by the data transaction platform;
the data providing step further comprises the steps of after sending the verification result to the data transaction platform:
and the data transaction platform sends the verification result to the data user.
47. A code auditing method as defined in claim 46, wherein the validation result comprises an authorization token, and wherein the computing logic that determines whether to execute the source code based on the validation result further comprises:
the data use transmits the authorization token and a calculation request comprising the source code to the data transaction platform;
and when the data transaction platform verifies that the authorization token is legal, executing the calculation logic of the source code.
48. A code auditing method as described in claim 47, wherein said computing request includes first descriptive information of said source code, said authorization request includes said first descriptive information, said authorization token is derived for verifying non-repudiation information consistency of said audit result, and verifying consistency of said first descriptive information and second descriptive information of said audit result.
49. A code auditing method according to claim 42, the step of the data provider utilizing the source code to obtain an audit result of the source code, comprising:
and the data provider carries out auditing on the source code to obtain an auditing result of the source code.
50. A code auditing method according to claim 42, the step of the data provider utilizing the source code to obtain an audit result of the source code, comprising:
the data provider transmits the source code to a code auditor;
the code auditor audits the source code to obtain an audit result of the source code;
and the code auditing party sends the auditing result of the source code to the data provider.
51. A code auditing method according to claim 42, wherein after the step of the data usage transmitting source code and first descriptive information corresponding to the source code to the data transaction platform, it comprises:
the data transaction platform sends the source code to a code management party;
the data provider verifies the source code or the auditing result of the source code, and the data provider further comprises the following steps before obtaining the verification result:
The data transaction platform obtains the source code from the code manager.
52. A code auditing method according to any of claims 42-51, further comprising: and carrying out log certification on at least part of operations of the code auditing method.
53. The system is characterized by comprising a data user, a code auditor, a data provider and a data transaction platform, wherein the data provider is used as a seller, information of a data set to be sold is uploaded to the data transaction platform, the data user is used as a buyer, and the data set selected by the data user on the data transaction platform is used as a target data set;
the data consumer is used for storing and managing an authorization token of the data provider, sending a source code of calculation logic of a target data set to the data transaction platform, and sending an authorization request to the data provider through the data transaction platform, wherein the authorization request comprises first description information; the first description information includes: target data set information and calculation logic;
the code auditing party is used for auditing the source code received by the data transaction platform according to a code auditing rule, returning second description information of an auditing result corresponding to the source code to the data provider, and storing and managing the code auditing rule; the second description information includes: auditing the target data set information and the calculation logic description information obtained by the source code;
The data provider is used for verifying the authorization request, verifying the consistency of the first descriptive information and the second descriptive information to obtain a verification result, sending the verification result to a data transaction platform, issuing the authorization token for the data user and verifying the authorization token;
the data transaction platform is used for auditing the source code and verifying the authorization token, and determining whether to execute the calculation logic of the source code based on the verification result.
54. A system for code auditing as defined in claim 53, wherein the code auditor is independent of the data transaction platform and the data provider, and the code auditor includes a code auditing module, an auditing rules management module, and a log security auditing module; the data provider comprises an authentication and authorization module and a log security audit module; the data transaction platform comprises a code auditing strategy module, an authentication and authorization module and a log security auditing module;
the code auditing module is used for auditing the source code and returning the second description information, and the auditing rule management module is used for storing and managing the code auditing rule.
55. A system for code auditing as defined in claim 53, wherein the data provider includes an authentication authorization module and a log security audit module; the code auditor is integrated in the data transaction platform as a code audit module, and the data transaction platform further comprises an audit rule management module, a code audit strategy module, an authentication authorization module and a log security audit module;
the code auditing module is used for auditing the source code and returning the second description information, and the auditing rule management module is used for storing and managing the code auditing rule.
56. A system for code auditing as defined in claim 53, wherein the data transaction platform includes a code auditing policy module, an authentication authorization module, and a log security audit module; the code auditor is integrated in the data provider as a code audit module, and the data provider further comprises an audit rule management module, an authentication and authorization module and a log security audit module;
the code auditing module is used for auditing the source code and returning the second description information, and the auditing rule management module is used for storing and managing the code auditing rule.
57. A code auditing system according to any of claims 54-56, in which the data consumer includes an authorization information storage module for storing and managing authorization tokens for the data provider and a log security audit module for logging and forensics to support regulatory inspection.
58. A system for code auditing as defined in any one of claims 54-56, further comprising a code manager for storing and managing the source code of the data consumer;
the code manager comprises a source code storage module and a log security audit module, wherein the source code storage module is used for storing and managing the source code of the data user.
59. A code auditing apparatus, characterized in that it comprises a memory and a processor, said memory being connected to said processor, said memory having stored therein a computer program which, when executed by said processor, implements the method of any of the preceding claims 1-30.
60. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when executed, implements the method of any of the preceding claims 1-52.
CN201911414568.7A 2019-12-31 2019-12-31 Code auditing method, device and system Active CN113126996B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911414568.7A CN113126996B (en) 2019-12-31 2019-12-31 Code auditing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911414568.7A CN113126996B (en) 2019-12-31 2019-12-31 Code auditing method, device and system

Publications (2)

Publication Number Publication Date
CN113126996A CN113126996A (en) 2021-07-16
CN113126996B true CN113126996B (en) 2023-10-20

Family

ID=76770587

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911414568.7A Active CN113126996B (en) 2019-12-31 2019-12-31 Code auditing method, device and system

Country Status (1)

Country Link
CN (1) CN113126996B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230139759A1 (en) * 2021-11-04 2023-05-04 International Business Machines Corporation Data swap prevention in distributed computing environments
CN114285616A (en) * 2021-12-16 2022-04-05 上海商汤科技开发有限公司 Data transmission method and device, electronic equipment and storage medium
CN117196616A (en) * 2022-05-30 2023-12-08 华为云计算技术有限公司 Data transaction method and device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5809145A (en) * 1996-06-28 1998-09-15 Paradata Systems Inc. System for distributing digital information
CN101551836A (en) * 2008-04-03 2009-10-07 西门子(中国)有限公司 Code audit method and device
CN101771993A (en) * 2008-12-31 2010-07-07 中国移动通信集团公司 System and method thereof for realizing polymerization application based on mobile network
CN106296362A (en) * 2016-08-15 2017-01-04 鼎天智(北京)大数据科技有限公司 A kind of big data transaction of servitude System and method for
CN107679087A (en) * 2017-09-04 2018-02-09 浙江聚邦科技有限公司 A kind of growth information gathering mobile terminal microfluidic platform towards medium-sized and small enterprises
CN108665332A (en) * 2017-03-31 2018-10-16 横琴国际知识产权交易中心有限公司 A kind of intellectual property electric business plateform system and its commodity restocking verification method
CN108921510A (en) * 2018-06-27 2018-11-30 中国建设银行股份有限公司 Banking remote auto checking method and system
CN109313762A (en) * 2016-03-08 2019-02-05 加拿大皇家银行 For characterizing the system for securely generating and handling, the method and apparatus of the data set of stored value payment
CN110134605A (en) * 2019-05-16 2019-08-16 北京达佳互联信息技术有限公司 Method, apparatus, computer equipment and the storage medium of Validation Code
CN110598418A (en) * 2019-09-10 2019-12-20 深圳开源互联网安全技术有限公司 Method and system for dynamically detecting vertical override based on IAST test tool

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0426624D0 (en) * 2004-12-03 2005-01-05 Firstondemand Ltd Prescription generation,validation and tracking
JP4727278B2 (en) * 2005-04-05 2011-07-20 株式会社エヌ・ティ・ティ・ドコモ Application program verification system, application program verification method, and computer program
US20140089197A1 (en) * 2007-07-12 2014-03-27 Bill Me Later, Inc. Computer-implemented method, system and apparatus for the dynamic verification of a consumer engaged in a transaction with a merchant and authorization of the transaction
US9946474B2 (en) * 2013-03-27 2018-04-17 Irdeto B.V. Storing and accessing data
CN105095970B (en) * 2014-04-25 2018-09-21 阿里巴巴集团控股有限公司 The execution method and system of third-party application
CN109685511B (en) * 2018-05-30 2023-06-09 上海分壳信息技术股份有限公司 Block chain-based data use right transaction method

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5809145A (en) * 1996-06-28 1998-09-15 Paradata Systems Inc. System for distributing digital information
CN101551836A (en) * 2008-04-03 2009-10-07 西门子(中国)有限公司 Code audit method and device
CN101771993A (en) * 2008-12-31 2010-07-07 中国移动通信集团公司 System and method thereof for realizing polymerization application based on mobile network
CN109313762A (en) * 2016-03-08 2019-02-05 加拿大皇家银行 For characterizing the system for securely generating and handling, the method and apparatus of the data set of stored value payment
CN106296362A (en) * 2016-08-15 2017-01-04 鼎天智(北京)大数据科技有限公司 A kind of big data transaction of servitude System and method for
CN108665332A (en) * 2017-03-31 2018-10-16 横琴国际知识产权交易中心有限公司 A kind of intellectual property electric business plateform system and its commodity restocking verification method
CN107679087A (en) * 2017-09-04 2018-02-09 浙江聚邦科技有限公司 A kind of growth information gathering mobile terminal microfluidic platform towards medium-sized and small enterprises
CN108921510A (en) * 2018-06-27 2018-11-30 中国建设银行股份有限公司 Banking remote auto checking method and system
CN110134605A (en) * 2019-05-16 2019-08-16 北京达佳互联信息技术有限公司 Method, apparatus, computer equipment and the storage medium of Validation Code
CN110598418A (en) * 2019-09-10 2019-12-20 深圳开源互联网安全技术有限公司 Method and system for dynamically detecting vertical override based on IAST test tool

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
向灵孜 ; .源代码审计综述.保密科学技术.2015,(第12期),全文. *
大量历史数据在生化项目自动审核测试验证中的应用;何;余霆;罗通行;;中国数字医学(第02期);全文 *
源代码审计综述;向灵孜;;保密科学技术(第12期);全文 *

Also Published As

Publication number Publication date
CN113126996A (en) 2021-07-16

Similar Documents

Publication Publication Date Title
JP7203828B2 (en) Constraints on the Output of Unlock Transactions in Blockchain
US10997125B2 (en) Proof of lottery (PoL) blockchain
KR101929482B1 (en) Method for sharing business information based on mutual confirmation blockchain
CN109815657B (en) Identity authentication method and device based on alliance chain, computer readable storage medium and terminal equipment
US11405395B2 (en) Accessing an internet of things device using blockchain metadata
CN108573381B (en) Data processing method and device
KR101987692B1 (en) Registry and Automation Management Methods for Smart Contracts in Blockchain Enforcement
WO2018158936A1 (en) Block chain management device, block chain management method and program
CN113126996B (en) Code auditing method, device and system
US20170134161A1 (en) Blockchaining for media distribution
CN105164633B (en) The configuration and verifying carried out by trusted provider
US20160085955A1 (en) Secure Storing and Offline Transferring of Digitally Transferable Assets
CN115396114A (en) Authorization method, device, equipment and system based on verifiable statement
CN110401539B (en) Identity authentication data processing method, server, terminal and system
CN110447033A (en) The certification of limitation is accessed based on client
CN116235460A (en) Authentication system and method
CN115147224A (en) Transaction data sharing method and device based on alliance chain
CN111585946A (en) Cryptographic master profile control and transaction arbitration
CN112785463A (en) Processing method, device and system for intelligent house property contract
CN114900334B (en) NFT authority control method, system, computer readable storage medium and terminal equipment
KR102450412B1 (en) SLA-Based Sharing Economy Service with Smart Contract for Resource Integrity in the Internet of Things
Lisi et al. Automated responsible disclosure of security vulnerabilities
JP2023524492A (en) A Decentralized Payments Network That Protects Your Privacy
CN112598411A (en) Retrievable privacy authorization transfer method, apparatus and storage medium
Stampernas Blockchain technologies and smart contracts in the context of the Internet of Things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant