CN115062324A

CN115062324A - Data asset use control method, client and intermediate service platform

Info

Publication number: CN115062324A
Application number: CN202210733769.9A
Authority: CN
Inventors: 韦莎; 刘海阳; 李铮; 吕东阳; 高凡; 周子文; 刘默
Original assignee: China Academy of Information and Communications Technology CAICT
Current assignee: China Academy of Information and Communications Technology CAICT
Priority date: 2022-06-27
Filing date: 2022-06-27
Publication date: 2022-09-16
Also published as: WO2024002105A1

Abstract

The application relates to the technical field of data processing, and discloses a method for controlling the use of data assets, which comprises the following steps: the data provider and the data user carry out user registration and identity authentication through respective client sides; the data user and the data provider reach an intelligent contract; the client of the data user scans the using environment to generate a white list allowing to access or use the process of controlling the data asset, and after confirming the process in the white list, the client of the data provider sends the AAS-DA-user and the preprocessed data asset to the client of the data user; in the using process of the data assets, the client of the data user confirms whether one or more processes which are about to call the data assets have authority or not according to the processes in the white list, and the data assets are used and terminated and/or destroyed through the AAS-DA-user and the AAS-DA-public under the condition that the change of the data assets reaches the boundary condition of the intelligent contract or the condition that the constraint condition is violated occurs.

Description

Data asset use control method, client and intermediate service platform

Technical Field

The present application relates to the field of data processing technologies, and for example, to a method for controlling use of a data asset, a client, and an intermediate service platform.

Background

At present, with the deep advance of digital transformation in manufacturing industry, data is used as a new production element to play a greater role, and as described in "data security law", ensuring the orderly flow of data, cultivating the data trading market, and strengthening the protection of important data is becoming the necessary work for data value "last kilometer". The data is used as an information resource, two key characteristics of the data, which become assets, are that economic benefits can be brought to enterprises, measurable cost and income can be achieved, and compared with traditional tangible assets and intangible assets, the data assets have non-materiality, dependence, diversity, processability, value changeability, multi-derivation, shareability and zero-cost reproducibility.

In the process of implementing the embodiments of the present disclosure, it is found that at least the following problems exist in the related art:

due to various characteristics of the data assets, the problems of the data assets such as poor quality, difficult data intercommunication, high acquisition cost, difficult security guarantee, complicated ownership confirmation and valuation transaction and the like exist, a technical system aiming at data sharing, circulation, transaction and security protection is not formed, and the data value is made to face a bottleneck.

Disclosure of Invention

The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview nor is intended to identify key/critical elements or to delineate the scope of such embodiments but rather as a prelude to the more detailed description that is presented later.

The embodiment of the disclosure provides a use control method of data assets, a client, an intermediate service platform and a storage medium, so as to manage and constrain the data assets, fully exert the strategic element resource effect and the innovation engine effect of data, and promote the data elements to exert value.

In some embodiments, the method for controlling the use of the data assets is applied to a client as a data provider, a client as a data consumer, and an intermediate service platform as an intermediate service, and the method comprises the following steps:

the data provider and the data user carry out user registration and identity authentication through respective clients, and the data provider after identity authentication carries out registration and authentication of an active data asset management system (AAS-DA) to the intermediate service platform through the client of the data provider;

the data provider stores the data asset information to be disclosed in the AAS-DA-client as AAS-DA-public and uploads the data asset information to the intermediate service platform through a client of the data provider so that the data user and the data provider can achieve an intelligent contract;

the client of the data user scans the using environment to generate a white list allowing to access or use the process of controlling the data asset, and after confirming the process in the white list, the client of the data provider sends the AAS-DA-user and the preprocessed data asset to the client of the data user;

during the use process of the data assets, the client of the data user confirms whether one or more processes which are about to call the data assets have authority or not according to the processes in the white list, and the data assets are used and terminated and/or destroyed through the AAS-DA-user and the AAS-DA-public under the condition that the change of the data assets reaches the boundary condition of the intelligent contract or the condition that the constraint condition is violated occurs.

In some embodiments, the client comprises a processor and a memory storing program instructions, the processor configured to execute the method for controlling the use of data assets as described herein when executing the program instructions;

wherein the client is configured to:

executing the functions of data asset active management system AAS-DA management, identity registration and management, intelligent contract management, process use control, log storage, clearing and docking and communication;

deployed on a local or private cloud and placed in an environment that is trusted and secure at the hardware, system, and/or software layers.

In some embodiments, an intermediary service platform, comprising a processor and a memory storing program instructions, wherein the processor is configured to execute a method of controlling the use of a data asset as described herein upon execution of the program instructions;

wherein the intermediate service platform is configured to:

executing the functions of identity authentication, resource directory management, supply and demand docking, intelligent contract management, log certificate storage, clearing audit and service evaluation;

the system is deployed on a public cloud or a private cloud and is placed in an environment where a hardware layer, a system layer and a software layer are all trusted and safe.

In some embodiments, the storage medium stores program instructions that, when executed, perform a method of controlling the use of a data asset as described herein.

The use control method, the client, the intermediate service platform and the storage medium of the data assets provided by the embodiment of the disclosure can realize the following technical effects:

the application realizes the loading and use control of the data assets among the client serving as a data provider, the client serving as a data user and the intermediate service platform serving as an intermediate service party through the AAS-DA, keeps the data ownership in the data provider, realizes the invisibility, the controllable metering, the access authority control and the burning after use, solves the problems of no quality passing, difficult data intercommunication, high acquisition cost, difficult security guarantee, complicated ownership confirmation and valuation transaction and the like of the data assets, and forms a technical system aiming at data sharing, circulation, transaction and safety protection.

The foregoing general description and the following description are exemplary and explanatory only and are not restrictive of the application.

Drawings

One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the accompanying drawings and not in limitation thereof, in which elements having the same reference numeral designations are shown as like elements and not in limitation thereof, and wherein:

FIG. 1 is a schematic diagram of the functional architecture of an AAS-DA as provided herein;

FIG. 2 is a schematic flow chart diagram of a method for managing data assets provided herein;

FIG. 3 is a schematic flow chart diagram of another method for managing data assets provided herein;

FIG. 4 is a schematic flow chart diagram of another method for managing data assets provided herein;

FIG. 5 is a schematic flow chart diagram of another method for managing data assets provided herein;

FIG. 6 is a schematic flow chart diagram of another method for managing data assets provided herein;

FIG. 7 is a schematic flow chart diagram of another method for managing data assets provided herein;

FIG. 8 is a schematic flow chart diagram of another method for managing data assets provided herein;

FIG. 9 is a schematic diagram of the system architecture of an AAS-DA provided herein;

FIG. 10 is a schematic flow chart diagram of a method for controlling the use of data assets provided herein;

FIG. 11 is a schematic flow chart diagram of another method for controlling the use of data assets provided herein;

FIG. 12 is a schematic flow chart diagram of another method for controlling the use of data assets provided herein;

FIG. 13 is a schematic flow chart diagram of another method for controlling the use of data assets provided herein;

FIG. 14 is a schematic flow chart diagram of another method for controlling the use of data assets provided herein;

FIG. 15 is a schematic flow chart diagram of another method for controlling the use of data assets provided herein;

FIG. 16 is a schematic flow chart diagram of another method for controlling the use of data assets provided herein;

FIG. 17 is a schematic diagram of a computing device provided herein.

Detailed Description

So that the manner in which the features and advantages of the embodiments of the present disclosure can be understood in detail, a more particular description of the embodiments of the disclosure, briefly summarized above, may be had by reference to the appended drawings, which are included to illustrate, but are not intended to limit the embodiments of the disclosure. In the following description of the technology, for purposes of explanation, numerous details are set forth in order to provide a thorough understanding of the disclosed embodiments. However, one or more embodiments may be practiced without these details. In other instances, well-known structures and devices may be shown in simplified form in order to simplify the drawing.

The terms "first," "second," and the like in the description and in the claims, and the above-described drawings of embodiments of the present disclosure, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the present disclosure described herein may be made. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions.

The term "plurality" means two or more unless otherwise specified.

In the embodiment of the present disclosure, the character "/" indicates that the preceding and following objects are in an or relationship. For example, A/B represents: a or B.

The term "and/or" is an associative relationship that describes objects, meaning that three relationships may exist. For example, a and/or B, represents: a or B, or A and B.

The term "correspond" may refer to an association or binding relationship, and a corresponds to B refers to an association or binding relationship between a and B.

First, terms related to the present application are explained:

AAS-DA (Active Administration System-Data Asset): the data asset active management system is used for carrying out full-life-cycle management and use control on data assets.

DA (Data-Asset): data assets are referenced to identify a data asset.

Api (application Programming interface) refers to a connection interface, which in this application refers to an interface in the AAS-DA of the active management system for data assets.

In the related art, many challenges are faced with the many features of data assets, which have non-solidity, reliance, diversity, workability, and value variability, as defined by promo-mon-dawn, as compared to traditional tangible and intangible assets. On the basis, the large bank and the lookout intelligence library are additionally provided with multi-derivation, shareability and zero-cost replication, specifically:

non-practicability: the compound has no physical form and exists depending on a physical carrier; the abrasion and the consumption are not caused by the use; the duration may be used indefinitely.

Dependence: must be stored in a certain medium; may be present in different forms on multiple media simultaneously.

Diversity: the expression forms are various; the fusion forms are various; the mode of use is uncertain.

Value variability: the value is affected by a number of different factors; including technology, capacity, value density, business model of application, etc.

Workability: can be maintained, updated, supplemented, added; can be deleted, merged, collected and eliminated redundancies; may be analyzed, refined, mined, etc.

Multiple derivatizability: the same data main body can be processed in multiple levels and multiple dimensions, so that data values in different degrees are derived, potential values of data assets in multiple levels and multiple dimensions are mined, and the data assets are enriched.

Shareability: data assets can be exchanged, transferred and used infinitely, and the data asset value can be mined to the maximum extent by utilizing the sharing performance of the data assets;

zero cost replicatability: the cost of the data assets is mainly in the early data reading and research and development stages, so that the cost of initially creating the data assets is extremely high, but the marginal cost of the subsequent copying and sharing tends to zero.

Thus, the numerous characteristics of data assets contribute to a large degree of difficulty in ownership validation and valuation transactions, and the present application is intended to manage and constrain upon the aforementioned characteristics of data assets.

Meanwhile, two key characteristics that data becomes assets are that economic benefits can be brought to enterprises, cost and income can be measured, the reasons that bottleneck is faced by data value exertion mainly include that quality is not over, data is difficult to intercommunicate, acquisition cost is high, safety and security are difficult to guarantee, and data assets need to be managed through the following dimensions, including:

data standard management: and the normative constraint for ensuring the consistency and the accuracy of internal and external use and exchange of data.

Metadata management: and (4) abstract information of the data is lifted, the data is traced back, and an association relation between the data is explored.

And (3) data quality management: and the data quality is improved, and the level of data application and service is improved.

Data security management: and dividing the data security level, and formulating the data security management standard to achieve the aims of 'management in advance, control in the process and investigation after the fact'.

And (3) data value management: data cost management and data revenue management, optimized, maximized release data value.

Data sharing management: the internal and external values of the data are released through internal sharing of the data, external circulation of the data and external opening of the data.

It follows that the problems and challenges faced by data assets in sharing include transparency, accessibility, standardization and security, and data integrity, among others, and in particular:

transparency: refers to the openness of all parties involved in the sharing of data assets to provide all the information needed to successfully deliver the data sharing partnership.

Accessibility: refers to the ability of parties to access desired data when needed.

And (3) standardization: means that the relevant parties of interest should adopt consistent laws, technologies and other measures in the data sharing process.

Security and data integrity: refers to a secure environment that implements measures and mechanisms directed to securing information and data to enable data sharing.

Therefore, with reference to fig. 1, the present application provides an active management system AAS-DA for data assets, so as to perform full-life-cycle management and execution supervision, control and management during use of the data assets. Wherein each data asset has an AAS-DA twinned therewith to promote the data asset from a passive asset to an active asset. The AAS-DA may define, configure, and update attribute information for the data asset, record full lifecycle information, while the highest priority operations may be performed on the data asset, including but not limited to desensitization, encryption, termination, and destruction. The AAS-DA can record the process as the data asset is being processed and terminate and/or destroy the data asset if it does not meet the data asset safety requirements and other constraint requirements. When a data asset is copied, a new AAS-DA is generated accordingly, and the AAS-DA of the copied data asset is associated with the AAS-DA of the original data asset.

Alternatively, the AAS-DA of the present application supports all types of data assets, including but not limited to streaming data, event data, engineering drawings, videos, algorithms, machine learning models or knowledge maps, and the like.

Optionally, in order to satisfy transparency of data asset sharing, circulation and transaction, all stakeholders are made aware of the related information, and the AAS-DA may be further divided into AAS-DA-supper, AAS-DA-user and AAS-DA-public according to the ownership of different stakeholders. Three AAS-DA of the same data asset are correlated and can be merged under the necessary condition, wherein AAS-DA-supper has the highest authority, all contents in AAS-DA-user and AAS-DA-public can be read, and the contents specified by AAS-DA-user and AAS-DA-public must be a subset of AAS-DA-supper.

Referring to fig. 1, the functional architecture of the data asset active management system AAS-DA of the present application is composed of an "identity tag" and a "principal". Wherein, the identity label is a globally unique identifier of the data asset and the AAS-DA; the main body includes: the system comprises a full life cycle management component, a control management component, a log evidence storage management component, an interface management component, corresponding attributes and the like of the data assets.

In an embodiment of the present application, the full lifecycle management component is configured to perform full lifecycle management on various types of subject attributes of the data asset, where the various types of subject attributes include attributes such as data ownership, data history, data quality, data type, data level, data standard, data value, data sharing, and contract, so as to implement management on the data ownership, the data history, the data quality, the data type, the data level, the data standard, the data value, the data sharing, and the intelligent contract of the data asset, and details of a structure of each type of attribute are shown in table 1:

table 1: data asset full lifecycle attribute detail table

Thus, the full-life management of the data assets can be better realized.

In an embodiment of the application, the control management component is configured to manage a usage process of the data asset, where the usage process specifically includes attributes such as authority management, access control, contract setting, usage control, usage mode, collaboration mode, usage environment security scan, and so on, so as to manage the authority, access control, contract setting, usage control, usage mode, collaboration mode, usage environment security scan of the data asset.

In particular, rights management enables control of user access/use of data assets, controlling the data assets that a user can access and only has access to his own authorized data assets according to security rules or policies. The authority management comprises two parts of user identity authentication and authorization, which are called authentication and authorization for short. The user who needs to access/use the control data assets is firstly authenticated, and the user can access/use the resources by the access/use authority after the authentication is passed.

Access control includes setup, operation, monitoring, and interrupts. The setting is mainly to set an access control mode, a main body, a behavior, a resource and an environment. The access control mode generally has the following forms: autonomous access control, command access control, role access control, attribute access control, or other types of access control; the main bodies comprise server managers, data holders, contract signing data users, contract non-signing data users and other role main bodies; the behaviors comprise reading, writing, copying, deleting and other behaviors; resources are mainly references to data asset attributes in data asset full lifecycle management; context refers to the time, location, and other environmental factors at which the data transaction occurs. Interrupts are largely divided into active interrupts and passive interrupts.

Contract setting sets contract terms such as Value (hash Value, DNA/id of data), Address (connecting different clients), State (input: target status, such as time of use, number of times, etc.), and Function (output: executable policy) after agreement is achieved between a data provider and a data consumer.

The use control is mainly used for monitoring the use process of the data assets and identifying abnormal conditions according to related requirements in contract setting, and stopping calling of the data assets and realizing destruction of the data assets. The data use process is monitored in real time through a monitor. When a user reaches a specific State (reaching times, termination of a provider and default of the user), an executable policy in contract setting-Function is called through an actuator, and destruction, suspension, pause and the like of the data assets are realized.

Alternatively, the usage patterns are generally as follows: regular use, private computing mode, federal learning mode, encryption mode, and other custom modes.

The collaborative mode includes a merged collaborative and associated collaborative mode. And the two/more AAS-DA-suppers in the collaborative mode are opened to realize synchronous management of the data assets in the use process of the data assets.

And the security scanning of the use environment mainly comprises the steps that before the data assets reach a data user, the AAS-DA-user performs security scanning on a software layer and a system layer of the use environment according to the requirements of an intelligent contract, and performs security labeling on software meeting the requirements of the intelligent contract.

The detailed contents of the attribute structure of the data asset control management component are shown in table 2:

table 2: attribute inventory for data asset management

In this way, better access and control of the data assets can be achieved.

In an embodiment of the present application, the log evidence management component is configured to manage various logs generated by the data asset active management system in a use process, where the various logs mainly include internal logs, data operation logs, and cooperative logs of other data asset management systems. Specifically, the operations of the functional components in the AAS-DA-helper, the operations of the AAS-DA-helper on the data assets, the operations of the AAS-DA-user on the data assets, the operations of the other associated AAS-DA-helper on the copied data or subdata, and the like are included, and the operation results are collected in a time sequence. Each log file is made up of log records, each describing a separate system event.

Typically, the system log is a local log of the AAS-DA-client that the data provider can directly read, including a timestamp and an information or other information specific to the subsystem. The usage log is an operation log of the data asset, which is sent by the AAS-DA-user to the AAS-DA-supperer and the AAS-DA-public during the operation of the data user, and generally needs to be stored through a block chain for use in subsequent clearing, auditing, supervising and the like.

In an embodiment of the present application, the interface management component is configured to manage a communication interface of a data asset active management system, and specifically, the interface management component mainly manages a communication interface between at least two data asset active management systems and a communication interface between a data asset active management system and a data asset.

By adopting the active management system for the data assets, which is provided by the embodiment of the disclosure, the full-life-cycle management component, the control management component, the log evidence storage management component, the interface management component and the attribute functions of the full-life-cycle management component, the control management component, the log evidence storage management component and the interface management component of the identity tag and the main body are loaded, so that the full-life-cycle management of the data assets and the effective management of the data assets are realized, the problems of no quality passing, difficult data intercommunication, high acquisition cost, difficult safety guarantee, complicated attribution right confirmation and valuation transaction and the like of the data assets are solved, and a technical system for data sharing, circulation, transaction and safety protection is formed.

In practical application, as shown in fig. 2, the present application provides a management method for data assets, which is applied to an active management system for data assets AAS-DA, wherein the active management system for data assets AAS-DA is divided into AAS-DA-supplier, AAS-DA-user and AAS-DA-public, and the method comprises:

step 201: after the data assets are formed, the data provider creates an AAS-DA-client corresponding to the data assets, and performs initialization configuration on the data assets in the AAS-DA-client.

Step 202: and the data provider additionally stores the data asset information to be disclosed in the AAS-DA-super as corresponding AAS-DA-public and uploads the data asset information to the intermediate server, and the intermediate server realizes information release of the AAS-DA-super through the AAS-DA-public.

Step 203: the data user develops an intelligent contract with the data provision through the AAS-DA-public by reading the data asset information disclosed in the AAS-DA-public.

Step 204: and the data provider stores the AAS-DA-super as the AAS-DA-user, and sends the AAS-DA-user and the preprocessed data assets to the data user.

Step 205: and the AAS-DA-user monitors the data asset using process of a data user according to an intelligent contract and records all processing operation information of the data asset.

Step 206: and in the case that the change of the data assets reaches the boundary condition of the intelligent contract or the violation of the constraint condition occurs, the AAS-DA-user terminates and/or destroys the use of the data assets of the data user.

By adopting the management method of the data assets provided by the embodiment of the disclosure, the AAS-DA realizes the full life cycle management of the data assets among the data provider, the data user and the intermediate server, the data owner right is kept in the data provider, the data assets can be used, invisible, controllable and measurable, the access right is controlled and incinerated after being used, the problems of the data assets, such as no quality passing, difficult data intercommunication, high acquisition cost, difficult security guarantee, complicated ownership confirmation and valuation transaction and the like, are solved, and a technical system aiming at data sharing, circulation, transaction and safety protection is formed.

In an embodiment of the present application, as shown in fig. 3, the initially configuring the data asset in the AAS-DA-client includes:

step 301: generating initial ownership information of the data asset in the AAS-DA-client, wherein the initial ownership information comprises ownership information, time information and location information of the data asset.

In the embodiment of the application, after the data asset is generated, the initial information of the ownership of the data asset, including the ownership, time, location and the like of the data asset generation, is generated in the AAS-DA-client correspondingly, so as to facilitate the data right confirmation.

Step 302: various subject attributes of the data asset are defined, set, and updated by the AAS-DA-supper.

In an embodiment of the application, various attributes of the data asset may be defined, set, and updated by the AAS-DA-client, including data type, standards, specifications, and laws and regulations under which the data asset is to be compliant, quality levels, security level requirements, and the like.

Step 303: when a data asset is replicated or child data is generated, association is performed by the respective AAS-DA-supper.

In an embodiment of the application, when data assets are copied or subdata is generated, association can be performed through respective AAS-DA to facilitate traceability.

Step 304: data de-sensitization or data encryption is performed on the data assets through the AAS-DA-supper.

In an embodiment of the application, the AAS-DA-suppler may desensitize the data assets to encrypt the data according to national and enterprise encryption algorithm requirements before the data assets are used.

In addition, in the using process of the data assets, the AAS-DA-user records all processing operation information of the data assets and feeds back the AAS-DA-super in real time or afterwards, the AAS-DA-super can actively send a termination/destruction instruction to the AAS-DA-user after learning the processing condition of the data assets, and the AAS-DA-user calls an operation script to realize termination/destruction of the data assets; and the AAS-DA can manage the physical carrier and the storage medium of the data assets.

Therefore, the control and protection of the data provider on the data assets can be better realized.

In the embodiment of the present application, as shown in fig. 4, the AAS-DA-public through which the intermediate server implements information publishing by AAS-DA-client, including:

step 401: and the intermediate server generates a resource directory according to various main body attributes of the AAS-DA-public, and realizes a centralized management mode or a distributed management mode of the data assets.

In the embodiment of the application, the resource directory mainly includes names of various resources and metadata description thereof. The intermediate service platform supports the sharing and transaction of the following three types of resources: one is the class of data assets including, but not limited to, streaming data, event data, CAD drawings, video, algorithms, models, digital twins, knowledge maps, APP, API calls, etc. The metadata of the data asset class is stored in the full life cycle management component of the data asset of the corresponding AAS-DA-client; the IT infrastructure class comprises but is not limited to cloud computing, edge computing, computing resources, communication resources and the like; third, a class of trusted context solutions, including but not limited to trusted context solutions at the hardware, system, and software layers. The authenticated AAS-DA and resources are included in a resource catalog for management.

And the data provider stores the information to be disclosed in the AAS-DA-client as AAS-DA-public, uploads the information to the intermediate server through the data provider, and the AAS-DA-public approved by the intermediate service platform is included in the resource directory.

Step 402: and the data user inquires the data assets meeting the requirements by accessing the resource directory of the intermediate service party.

Step 403: and the intermediate server side pushes the data assets to the data user side according to the supply condition of the data assets in the resource directory.

In the embodiment of the application, the data user can access the resource catalog of the intermediate service party and inquire the data assets and other resources meeting the requirements of the data user, the data user can also subscribe the resource catalog for updating or fill in interested data assets and other resource requirements, and the intermediate service party can carry out accurate pushing according to the supply conditions of the data assets and other resources.

Therefore, the data assets do not need to be centralized to the middle server side, only AAS-DA-public is needed to be managed, and the resource catalog is generated according to each item of attribute information in the AAS-DA-public, so that distributed management of the data assets and centralized management of the AAS-DA are achieved, the risk of the data assets is reduced, and the willingness of data providers to share the data assets is improved.

In an embodiment of the present application, shown in conjunction with fig. 5, the data consumer develops an intelligent contract with data provision through AAS-DA-public by reading data asset information disclosed in AAS-DA-public, including:

step 501: the data consumer initiates an offer to one or more data providers whose needs are met.

Step 502: and the data provider receiving the invitation negotiates the intention of cooperation of the data assets with the data user, and writes the negotiated contents into the AAS-DA-public.

Step 503: and configuring the use process of the data assets in the AAS-DA-public and performing log storage.

In the embodiment of the application, one or more data providers whose data using directions meet the requirements initiate an offer, the data provider which accepts the offer negotiates about the intention of cooperation of the data asset with the data using direction, and the negotiated contents are written into the contract management attribute of the full life cycle management component of the data asset of the AAS-DA-public. Meanwhile, in the control management component of the data asset of the AAS-DA-public, authority management, access control, contract setting, usage control, usage pattern, collaborative pattern attribute, and the like are configured. Meanwhile, the time of intelligent contract achievement and information of both transaction parties are recorded in the log storage certificate of AAS-DA-public.

In the embodiment of the present application, as shown in fig. 6, the AAS-DA-user monitors the data asset usage process of the data user according to the intelligent contract, and records all processing operation information for the data asset, including:

step 601: and the AAS-DA-user performs security scanning on media and environments to be stored and used by the data assets according to the requirements of the intelligent contract on the use environment.

In the embodiment of the present application, the present application may perform the usage environment scanning by the AAS-DA-user: according to the setting of the control management component of the data asset, which is about the use environment in the use control, the AAS-DA-user calls the control management component of the data asset, which is the use environment security scanning function, so as to perform security scanning on a software layer, a system layer and a hardware layer of the use environment and perform security labeling on software meeting the requirements of an intelligent contract. The whitelist of access controls or usage controls in the control management component of the data asset is listed by the software of the security label. And the AAS-DA-user feeds back the environmental security scanning result to the AAS-DA-helper through the client of the data user. The control management component of the AAS-DA-supper data assets, upon approval of the usage control, will allow the data user access to the pre-processed data assets.

Optionally, the AAS-DA-client will pre-process the data asset by its usage pattern of its control management component, including but not limited to desensitization, encryption, generation of computational factors, etc., as dictated by the AAS-DA-client's control management component-contract settings. If "regular use" in the use mode is selected, the data asset will be sent in the clear to the data user. If multi-party collaboration is involved in the data use process, such as multi-party privacy calculation, federal learning and the like, a collaboration mode of a control management component of the data assets is also set. Two or more AAS-DA-suppers in the collaborative mode are opened, so that synchronous management of the data assets is realized in the using process of the data assets.

Step 602: the authority of one or more processes that are to invoke the data asset is confirmed by reading a whitelist of access controls or usage controls in the AAS-DA-user.

In an embodiment of the application, an authority application is initiated to the AAS-DA-user by passing the authority to invoke one or more processes of the data asset through the data consumer, and the authority to invoke the one or more processes of the data asset is confirmed by reading a white list of access control or usage control in a control management component of the AAS-DA-user data asset. If the process is in the white list, the AAS-DA-user will allow the process to operate on the data asset according to the Function attribute in the control management component-contract setting of the data asset; if the process is not on the white list, the AAS-DA-user will not allow the process to invoke the data asset.

Step 603: and the AAS-DA-user monitors whether the change of the data assets reaches the boundary condition or whether an operation violating the constraint condition occurs in real time, and writes the operation log into the log evidence storage component.

In the embodiment of the application, during the use process of the data assets, the data assets are monitored by the AAS-DA-user, and the AAS-DA-user monitors whether the change of the data assets reaches the maximum value of the boundary condition or the operation violating the constraint condition in real time by a control management component of the data assets, namely a monitor of the use control. If one of the situations occurs, the AAS-DA-user sends abnormal information to the data user, the data user forcibly suspends the process through the process monitoring-actuator, and the AAS-DA-user destroys the data assets through the control management assembly-use control-actuator of the data assets.

Therefore, the use control of the data assets can be better realized, and the data ownership is always kept in the hands of the data provider.

In the embodiment of the present application, as shown in fig. 7, in the case that the change of the data asset reaches the boundary condition of the intelligent contract or a violation of the constraint condition occurs, the terminating and/or destroying of the use of the data asset by the AAS-DA-user on the data asset of the data user by the AAS-DA-user includes:

step 701: and generating an operation script for terminating or destroying the data assets by the AAS-DA-user according to the constraint conditions and the boundary conditions of the intelligent contract.

Step 702: and under the condition that the change of the data asset reaches the boundary condition of the intelligent contract or the violation constraint condition occurs, feeding back the recorded processing operation information to the AAS-DA-user in real time or afterwards by the AAS-DA-user so that the AAS-DA-user sends a use termination instruction to the AAS-DA-user, calling the operation script by the AAS-DA-user to realize the use termination of the data asset, or directly calling the operation script by the AAS-DA-user to realize the use termination of the data asset.

Step 703: and destroying the data assets after the use of the data assets is terminated or under the condition that the AAS-DA-user receives a destroying instruction from the AAS-DA-supplier.

In the embodiment of the application, according to the constraint conditions and boundary conditions of the intelligent contracts, the AAS-DA-user generates operation scripts for terminating and destroying data assets; recording all processing operation information of the data assets through the AAS-DA-user in the using process of the data assets; and feeds back the AAS-DA-client in real time or afterwards, where there are two possible scenarios: (1) the AAS-DA-client can actively send out a use termination instruction to the AAS-DA-client after learning the processing condition of the data asset, and the AAS-DA-client calls an operation script to realize the use termination of the data asset; (2) and when the constraint condition and the boundary condition of the intelligent contract are reached, the AAS-DA-user calls the operation script to terminate the use of the data assets.

And destroying the data assets after the data use is finished or under the condition that the AAS-DA-user receives a destroying instruction from the AAS-DA-supplier. Even if the data assets are destroyed, the information of the whole life cycle of the data assets and the data asset condition related to the data assets can be known through the AAS-DA, so that the post-audit clearing and arbitration and the tracing of other data assets are facilitated.

Therefore, the method can better realize the functions of invisible availability, controllable metering, access authority control and burning after reading of the data assets.

In an embodiment of the application, with reference to fig. 8, the method for managing data assets of the present application further includes:

step 801: and after the data assets are destroyed, the AS-DA-user terminates the intelligent contract and sends the information of the destroyed data assets and the termination of the intelligent contract to the data provider and the intermediate server.

Step 802: and after receiving the information that the data assets are destroyed and the intelligent contract is aborted by the data provider, the data provider aborts the intelligent contract through the AAS-DA-supplyer, and sends clearing application information to the intermediate server and the data user through the data provider.

Step 803: after receiving the clearing application information, the intermediate service side suspends the intelligent contract through the AAS-DA-public, reads the log evidence storage components of the AAS-DA-super and the AAS-DA-user through the AAS-DA-public, compares the log evidence storage components with the content of the intelligent contract, and achieves clearing and auditing according to the comparison result.

In the embodiment of the application, the application synchronizes the use process of the data asset and stores evidence in multiple ways through the cooperation of AAS-DA-public, AAS-DA-user and AAS-DA-super, and clears and audits the use condition of the data asset based on the multiple evidence of AAS-DA-public, AAS-DA-user and AAS-DA-super, so that the quality attribute and the value attribute of the data asset in the AAS-DA-public can be dynamically adjusted according to the evaluation of the data user on the data quality and value.

Specifically, after the intelligent contract is achieved, all operations on the data assets by the data provider, the data user and the intermediate service party are synchronously kept in a client of the data provider, a client of the data user and the intermediate service platform in a log mode until the data assets are destroyed. All certificates can be managed and traced through the block chain when necessary.

When the data assets are destroyed, the client-intelligent contract management of the data user and the control management component-contract setting of the AAS-DA-user data assets both terminate the intelligent contract. Then, the information that the data assets are destroyed and the contracts are aborted is sent to the intermediate service platform and the client of the data provider through the client of the data user. After the intermediate service platform receives the information, the AAS-DA-public sets the contract through the contract setting function of the control management component of the data asset, stops the contract and starts a clearing process.

In the embodiment of the present application, as shown in fig. 9, the data asset active management system AAS-DA of the present application is deployed in the client and the intermediate service platform, and the main functions of the client include AAS-DA management, identity registration and management, intelligent contract management, process usage control, usage environment scanning, process management, log storage, clearing docking, and communication functions. In particular, the client may be deployed on a local or private cloud. The client may be placed in a hardware-level, system-level, and/or software-level trusted and secured environment, wherein:

management of AAS-DA: the method comprises the steps of creating, updating and deleting the AAS-DA and the components and attributes set below the AAS-DA, configuring an AAS-DA interface and the like.

(II) identity registration and management: including client user, organization, AAS-DA, registration of data assets, and identity certificate management.

(III) intelligent contract management:

1. and newly building an intelligent contract. Including user rights, use environment, operation on data assets, IT infrastructure requirements, transmission security requirements, etc.;

2. when the client is in an off-line state, the intelligent contract can still be executed through the client;

3. boundary conditions: specifying a maximum time, maximum number of operations on the data asset, etc.;

4. constraint conditions are as follows: specifying a type of operation that cannot be performed on the data asset;

5. and (3) contract termination: when the data asset is destroyed, the contract is aborted.

(IV) process use control:

a monitor: the real-time monitoring process operates on the data assets whether the maximum value of the boundary condition is reached or the operation violating the constraint condition occurs.

An actuator: the process is aborted.

(V) using environment scanning: according to the requirements of the intelligent contract on a hardware layer, a system layer and a software layer in the use environment, scanning the use environment; and forming a use environment scanning result report and a process white list, wherein the use environment scanning result is simultaneously sent to the intermediate service platform and the data provider by the data user client, and the process white list is sent to the process management component for management.

(VI) process management: and dynamically managing the access control or use control process white list, including the maintenance (addition, update and removal) of the processes in the white list, process authority verification and the like. Wherein, before the data assets arrive at the data user, the process white list output by the using environment scanning function can be used as an initial white list. Processes in the white list are removed from the white list if they are monitored during use of the data asset for behavior that violates the intelligent contract rules. The processes which are not included in the initial white list are included in the white list after being checked by the process permission of the client.

Seventhly, log storage: for a client of a data provider, storing a log for certifying the full life cycle of a data asset; for the client and the intermediate service platform of the data user, after the intelligent contract for deposit and verification takes effect, and before the contract is terminated, all the operation logs of the data asset are processed.

(eighth) clearing and docking: and after the contract is terminated, clearing the use times, time, abnormal condition processing and the like of the data assets by reading the logs of the client of the data user, the client of the data provider and the intermediate service platform.

(nine) communication function: including communication between clients, communication between a client and the AAS-DA, communication between a client and an intermediate service platform, etc.

In the embodiment of the present application, the functions of the intermediate service platform mainly include: identity authentication, resource directory management, supply and demand docking, intelligent contract management, log storage, clearing audit, service evaluation and the like. In particular, the intermediate service platform may be deployed on a public cloud or a private cloud. The intermediate service platform needs to be placed in an environment where the hardware layer, the system layer and the software layer are trusted and secure. The functionality of the intermediate service platform may be implemented and operated by one or more organizations or entities. Each organization or unit needs to pass identity authentication before the related work can be started.

As shown in fig. 10, the present application further provides a method for controlling the use of a data asset, which is applied to a client as a data provider, a client as a data consumer, and an intermediate service platform as an intermediate service, and the method includes:

step 1001: the data provider and the data user perform user registration and identity authentication through respective clients, and the data provider after identity authentication performs registration and authentication of the data asset active management system AAS-DA to the intermediate service platform through the client of the data provider.

Step 1002: and the data provider stores the data asset information to be disclosed in the AAS-DA-client as AAS-DA-public and uploads the data asset information to the intermediate service platform through the client of the data provider so that the data user and the data provider can achieve an intelligent contract.

Step 1003: and the client of the data user scans the using environment to generate a white list allowing to access or use the process of controlling the data asset, and the client of the data provider sends the AAS-DA-user and the preprocessed data asset to the client of the data user after confirming the process in the white list.

Step 1004: during the use process of the data assets, the client of the data user confirms whether one or more processes which are about to call the data assets have authority or not according to the processes in the white list, and the data assets are used and terminated and/or destroyed through the AAS-DA-user and the AAS-DA-public under the condition that the change of the data assets reaches the boundary condition of the intelligent contract or the condition that the constraint condition is violated occurs.

By adopting the use control method of the data assets provided by the embodiment of the disclosure, the loading and use control of the data assets are realized among the client terminal serving as the data provider, the client terminal serving as the data user and the intermediate service platform serving as the intermediate service party through the AAS-DA, the data owner is kept in the hands of the data provider, the invisible use, controllable metering, access authority control and burning after use of the data assets are realized, the problems of the data assets, such as no quality passing, difficult data intercommunication, high acquisition cost, difficult security guarantee, complicated ownership confirmation and valuation transaction and the like, are solved, and a technical system for data sharing, circulation, transaction and safety protection is formed.

In an embodiment of the present application, referring to fig. 11, the data provider and the data consumer perform user registration and identity authentication through respective clients, and the data provider having undergone identity authentication performs registration and authentication of the active data asset management system AAS-DA to the intermediate service platform through the client of the data provider, including:

step 1101: the data provider and the data consumer register users through respective clients, wherein the user types comprise enterprises, organizations and individuals.

In embodiments of the present application, all stakeholders participating in trusted industrial data space activities, including but not limited to data providers, data consumers, third parties providing log documentation, clearing audit services, etc., need to register with their clients. The user types include business, organization, individual, and the like.

Step 1102: the intermediate service platform verifies the user registration information sent by the client, authorizes the unique identity mark for the user passing the verification, and manages the identity mark according to the user type.

In the embodiment of the application, the intermediate service platform can be used for auditing after receiving the user registration information sent by the client, the approved user can authorize a globally unique identity, and the intermediate service platform manages the identity according to different types of users.

Step 1103: and the data provider after identity authentication initiates an identity label authorization application to the intermediate service platform through the client of the data provider.

Step 1104: and after the identity tag authorization application is passed, the intermediate service platform sends the unique data asset code and the AAS-DA code to the client of the data provider.

Step 1105: and the client of the data provider automatically writes the data asset code and the AAS-DA code into the AAS-DA identity tag to complete the registration and authentication of the AAS-DA of the active data asset management system.

In the embodiment of the application, the data provider after identity authentication initiates an identity tag authorization application to the intermediate service platform through the client of the data provider, and after the authorization application passes, the intermediate service platform sends a unique global data asset code and a unique global AAS-DA code to the client of the data provider. And the client of the data provider automatically writes the two codes into the AAS-DA identity label to complete the registration and authentication of the AAS-DA.

In an embodiment of the present application, as shown in fig. 12, the data provider additionally stores data asset information to be disclosed in the AAS-DA-suppler as AAS-DA-public and uploads the data asset information to the intermediate service platform through a client of the data provider, so that the data consumer and the data provider achieve an intelligent contract, including:

step 1201: and the data provider stores the data asset information to be disclosed in the AAS-DA-client as AAS-DA-public information, uploads the AAS-DA-public information to the intermediate service platform through a client of the data provider, and the AAS-DA-public information passing the audit of the intermediate service platform is incorporated into the resource directory.

Step 1202: the client side of the data user accesses the resource catalog of the intermediate service platform to inquire the data assets and other resources meeting the requirements, the client side of the data user subscribes the resource catalog or fills in the requirements of the data assets and other resources, and the intermediate service platform pushes the data assets and other resources according to the supply conditions of the data assets and other resources.

Step 1203: one or more data providers whose data users meet the requirements initiate an invitation, the data providers which accept the invitation negotiate the intention of cooperation of data assets with the data users, and write the negotiated contents into the intelligent contract management function of the intermediate service platform and the intelligent contract management functions of the client of the data users and the client of the data providers.

Therefore, the data provider and the data user use the intermediate service platform as a medium, so that efficient supply and demand docking and intelligent contract setting are realized, and the transaction value of the data assets is improved.

In an embodiment of the present application, referring to fig. 13, the step of performing a usage environment scan by the client of the data consumer to generate a white list allowing access to or usage of a process controlling a data asset, and after confirming the process in the white list, the client of the data provider sends the AAS-DA-user and the preprocessed data asset to the client of the data consumer includes:

step 1301: according to the requirement of the client of the data user on the use environment, the client of the data user calls the use environment scanning component to perform security scanning on a hardware layer, a system layer and a software layer of the use environment and perform security marking on the process meeting the requirement of the intelligent contract.

Step 1302: and the process passing the security annotation is listed in a white list of access control or use control in a process management component, and the client of the data user is simultaneously sent to the intermediate service platform and the client of the data provider.

Step 1303: after the client side of the data provider confirms the white list, the data assets are preprocessed according to the AAS-DA-super and stored as the AAS-DA-user, and the AAS-DA-user and the preprocessed data assets are sent to the client side of the data user.

In an embodiment of the subject application, the AAS-DA-client will preprocess the data asset through a pattern of usage by the data asset control management component, including but not limited to desensitization, encryption, generation of computational factors, etc., as dictated by the AAS-DA-client data asset control management component-contract settings. If "regular use" in the use mode is selected, the data asset will be sent in the clear to the data user. If multi-party collaboration is involved in the data use process, such as multi-party privacy calculation, federal learning and the like, a collaboration mode of the data asset control management component is also set. Two or more AAS-DA-suppers in the collaborative mode are opened, so that synchronous management of the data assets is realized in the using process of the data assets.

Optionally, the client of the data provider may also send the AAS-DA-client and the preprocessed data assets (plaintext or ciphertext) to the client of the data consumer. And combining the received AAS-DA-super and AAS-DA-user by the client of the data user to generate a new AAS-DA-user, and storing the data assets in an environment meeting the credible requirement according to the requirement of the AAS-DA-user on the storage environment in the data asset full life cycle management component-contract management.

Therefore, the safety and the reliability of the use environment of the data assets can be better ensured.

In an embodiment of the present application, as shown in fig. 14, in the process of using the data asset, the determining, by the client of the data consumer, whether one or more processes that are to invoke the data asset have rights according to the processes in the white list includes:

step 1401: one or more processes of the data assets are invoked to initiate a permission application to a client of the data consumer.

Step 1402: the permissions of one or more processes that are to invoke the data asset are confirmed by reading a whitelist of the client of the data consumer.

Step 1403: if the process is in the white list, the client of the data user sends a confirmation instruction to the AAS-DA-user, and the process is allowed to operate on the data assets according to the Function attribute in the AAS-DA-user.

Step 1404: if the process is not on the white list, the client of the data consumer will not allow the process to invoke the data asset.

In an embodiment of the application, one or more processes of the data asset are called, a permission application is initiated to the client-process management of the data user, and the permission of the one or more processes of the data asset to be called is confirmed by reading a white list in the client-process management of the data user. If the process is in the white list, the client of the data user sends a confirmation instruction to the AAS-DA-user, the process is allowed to operate on the data assets according to the Function attribute in the AAS-DA-user data asset control management component-contract setting, and if the process is not in the white list, the client of the data user does not allow the process to call the data assets.

Therefore, the use process of the data asset can be better monitored according to the process authority of the data asset, and the data ownership and data safety of a data provider are ensured.

In the embodiment of the present application, as shown in fig. 15, in the case that the change of the data asset reaches the boundary condition of the intelligent contract or a violation of the constraint condition occurs, the terminating and/or destroying the use of the data asset by the AAS-DA-user and the AAS-DA-public includes:

step 1501: according to the boundary conditions and the constraint conditions of the intelligent contract, the client of the data user monitors whether the operation of the process on the data assets reaches the maximum value of the boundary conditions or not in real time or the operation violating the constraint conditions occurs.

Step 1502: in the case that the change of the data assets reaches the boundary condition of the intelligent contract or the violation of the constraint condition occurs, the client of the data user forcibly terminates the process.

Step 1503: and the client of the data User sends an instruction to the AAS-DA-User, and the AAS-DA-User destroys the data assets.

In the embodiment of the application, in the using process of the data assets, the client of the data user side is used for process monitoring, and meanwhile, the AAS-DA-user is used for data asset monitoring. According to boundary conditions and constraint conditions in intelligent contract management, a client of a data User monitors whether the operation of a process on data assets reaches the maximum value of the boundary conditions or operation violating the constraint conditions occurs in real time through a process management-monitor, if one of the conditions occurs, the client of the data User forcibly suspends the process through a process monitoring-actuator, and sends an instruction to an AAS-DA-User, and the AAS-DA-User destroys the data assets through a data asset control management component-use control-actuator. Meanwhile, the AAS-DA-user monitors whether the change of the data assets reaches the maximum value of the boundary condition or not in real time through the data asset control management component, the use control monitor, or the operation violating the constraint condition occurs, if one of the conditions occurs, the AAS-DA-user sends abnormal information to the client of the data user, and the client of the data user forcibly stops the process through the process monitoring actuator. And the AAS-DA-user destroys the data assets through a data asset control management component, a control actuator and an actuator.

Therefore, the data ownership can be firmly held in the hand of the data provider, and the value stability of the data assets is ensured.

In an embodiment of the present application, with reference to fig. 16, a usage control method provided in the embodiment of the present application further includes:

step 1601: after the intelligent contract is achieved, all operations of the data provider, the data user and the intermediate service platform on the data asset are synchronously stored in the client of the data provider, the client of the data user and the intermediate service platform in a log mode until the data asset is destroyed.

Step 1602: after the data assets are destroyed, the client of the data user and the AAS-DA-user can stop the intelligent contract, and the information that the data assets are destroyed and the intelligent contract is stopped is sent to the intermediate service platform and the client of the data provider through the client of the data user.

Step 1603: after the intermediate service platform receives the information that the data assets are destroyed and the intelligent contract is stopped, the AAS-DA-public stops the contract through the contract setting function of the control management assembly of the data assets and starts a clearing process.

In embodiments of the present application, client-intelligent contract management by the data consumer, and AAS-DA-user data asset control management component-contract settings, both abort intelligent contracts when data assets are destroyed. And then, sending the information that the data assets are destroyed and the contracts are aborted to the intermediate service platform and the client of the data provider through the client of the data user. After receiving the information, the client-intelligent contract management of the data provider and the AAS-DA-client stop the intelligent contract through the contract setting of the data asset control management component, and after receiving the information, the intermediate service platform stops the contract setting of the AAS-DA-public contract data asset control management component. And the AAS-DA-public reads the log evidence storage components of the AAS-DA-super and the AAS-DA-user and compares the log evidence storage components with the content set by the data asset control management component-contract.

If the data user uses the data assets normally according to the intelligent contract, and stops using the data assets when the boundary condition is triggered, the AAS-DA-public forms a settlement report according to the unit price of the data assets, the using times/time and the like, and sends the settlement report to the data user and the data provider. After settlement, the data user can evaluate the data asset attributes such as data quality, and the AAS-DA-public updates the data asset full life cycle management component-data quality management attribute information according to the evaluation. The data provider may rate the credit of the data consumer.

If the data user does not use the data assets according to the intelligent contract, the AAS-DA-public forms a settlement report according to the information of the unit price, the using times/time, the violation operation and the like of the data assets and sends the settlement report to the data user and the data provider. The data user may not evaluate the data asset attributes after settlement. The intermediate service platform will adjust the credit status of the data user down. The credit status of the data user will affect the rights management, etc. attributes of the data asset control management component of the AAS-DA-user.

In addition, the intermediate service platform will either reserve AAS-DA-public until the expiration of AAS-DA-public's shelf life, or the data provider will make an application for destruction of AAS-DA-public.

Alternatively, if a data consumer is allowed to copy the data asset in the smart contract, an AAS-DA-user-copy will be generated for the copied data asset and associated with the AAS-DA-user.

Therefore, under the condition that the data assets are abnormal in use, the data assets can be managed and controlled through the AAS-DA-user, and the value benefits of the data assets are guaranteed.

Optionally, the method for controlling the use of the data asset in the present application further includes storing and destroying AAS-DA-supperer information, and updating AAS-DA-supperer and AAS-DA-public, which may be referred to in the foregoing part of this specification specifically, and is not described herein again.

As shown in connection with fig. 17, an embodiment of the present disclosure provides a computing device including a processor (processor)170 and a memory (memory) 171. Optionally, the apparatus may also include a Communication Interface 172 and a bus 173. The processor 170, the communication interface 172 and the memory 171 may communicate with each other via a bus 173. Communication interface 172 may be used for information transfer. The processor 170 may call the logic instructions in the memory 171 to implement the data asset active management system of the above-described embodiment, or perform the management method of the data asset of the above-described embodiment, or perform the usage control method of the data asset of the above-described embodiment.

In addition, the logic instructions in the memory 171 may be implemented in the form of software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products.

The memory 171, which is a computer-readable storage medium, may be used for storing software programs, computer-executable programs, such as program instructions/modules corresponding to the methods in the embodiments of the present disclosure. The processor 170 executes functional applications and data processing by executing program instructions/modules stored in the memory 171, that is, to implement the data asset active management system of the above-described embodiment, or to execute the management method of the data asset of the above-described embodiment, or to execute the usage control method of the data asset of the above-described embodiment.

The memory 171 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal device, and the like. In addition, the memory 171 may include a high-speed random access memory and may also include a nonvolatile memory.

The embodiment of the present disclosure provides a storage medium, which stores program instructions, and when the program instructions are executed, the active management system of the data asset of the foregoing embodiment may be implemented, or the management method of the data asset of the foregoing embodiment may be executed, or the usage control method of the data asset of the foregoing embodiment may be executed.

The storage medium described above may be a transitory computer-readable storage medium or a non-transitory computer-readable storage medium.

The technical solution of the embodiments of the present disclosure may be embodied in the form of a software product, where the computer software product is stored in a storage medium and includes one or more instructions to enable a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method of the embodiments of the present disclosure. And the aforementioned storage medium may be a non-transitory storage medium comprising: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes, and may also be a transient storage medium.

The above description and drawings sufficiently illustrate embodiments of the disclosure to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. The examples merely typify possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and features of some embodiments may be included in or substituted for those of others. Furthermore, the words used in the specification are words of description only and are not intended to limit the claims. As used in the description of the embodiments and the claims, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Similarly, the term "and/or" as used in this application is meant to include any and all possible combinations of one or more of the associated listed. Furthermore, the terms "comprises" and/or "comprising," when used in this application, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Without further limitation, an element defined by the phrase "comprising an …" does not exclude the presence of other like elements in a process, method or apparatus that comprises the element. In this document, each embodiment may be described with emphasis on differences from other embodiments, and the same and similar parts between the respective embodiments may be referred to each other. For methods, products, etc. of the embodiment disclosures, reference may be made to the description of the method section for relevance if it corresponds to the method section of the embodiment disclosure.

Those of skill in the art would appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software may depend upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments. It can be clearly understood by the skilled person that, for convenience and brevity of description, the specific working processes of the system, the apparatus and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the embodiments disclosed herein, the disclosed methods, products (including but not limited to devices, apparatuses, etc.) may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units may be only one type of logical functional division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form. The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to implement the present embodiment. In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. In the description corresponding to the flowcharts and block diagrams in the figures, operations or steps corresponding to different blocks may also occur in different orders than disclosed in the description, and sometimes there is no specific order between the different operations or steps. For example, two sequential operations or steps may in fact be executed substantially concurrently, or they may sometimes be executed in the reverse order, depending upon the functionality involved. Each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Claims

1. A method for controlling use of a data asset, which is applied to a client as a data provider, a client as a data consumer, and an intermediate service platform as an intermediate service, the method comprising:

in the using process of the data assets, the client of the data user confirms whether one or more processes which are about to call the data assets have authority or not according to the processes in the white list, and the data assets are used and terminated and/or destroyed through the AAS-DA-user and the AAS-DA-public under the condition that the change of the data assets reaches the boundary condition of the intelligent contract or the condition that the constraint condition is violated occurs.

2. The usage control method according to claim 1, wherein the data provider and the data consumer perform user registration and identity authentication through respective clients, and the authenticated data provider performs registration and authentication of the data asset active management system AAS-DA through the client of the data provider to the intermediate service platform, including:

the method comprises the following steps that a data provider and a data user register through respective clients, wherein the user types comprise enterprises, organizations and individuals;

the intermediate service platform verifies the user registration information sent by the client, authorizes a unique identity for the user passing the verification, and manages the identity according to the user type;

the data provider after identity authentication initiates an identity label authorization application to the intermediate service platform through a client of the data provider;

after the identity tag authorization application passes, the intermediate service platform sends a unique data asset code and an AAS-DA code to a client of a data provider;

and the client of the data provider automatically writes the data asset code and the AAS-DA code into the AAS-DA identity tag to complete the registration and authentication of the AAS-DA of the data asset active management system.

3. The usage control method of claim 1, wherein the data provider saves the data asset information to be published in the AAS-DA-client as AAS-DA-public and uploads the data asset information to the intermediate service platform through a client of the data provider, so that the data user and the data provider can achieve an intelligent contract, comprising:

the data provider additionally stores data asset information to be disclosed in the AAS-DA-client as AAS-DA-public, uploads the AAS-DA-public information to the intermediate service platform through a client of the data provider, and the AAS-DA-public which passes the audit of the intermediate service platform is incorporated into the resource directory;

the client of the data user accesses the resource catalog of the intermediate service platform and inquires data assets and other resources meeting the requirements, the client of the data user subscribes the resource catalog or fills in the requirements of the data assets and other resources, and the intermediate service platform pushes the data assets and other resources according to the supply conditions of the data assets and other resources;

one or more data providers whose data users meet the requirements initiate an invitation, the data providers which accept the invitation negotiate with the data users about the intention of cooperation of the data assets, and write the negotiated contents into the intelligent contract management function of the intermediate service platform and the intelligent contract management functions of the client of the data users and the client of the data providers.

4. The usage control method of claim 1, wherein the client of the data consumer scans the usage environment to generate a white list of processes allowed to access or use the control data asset, and after confirming the processes in the white list, the client of the data provider sends AAS-DA-user and the preprocessed data asset to the client of the data consumer, comprising:

according to the requirement of a client of a data user on a use environment, the client of the data user calls a use environment scanning component to perform security scanning on a hardware layer, a system layer and a software layer of the use environment and perform security marking on a process meeting the requirement of an intelligent contract;

the process passing the security label is listed in a white list of access control or use control in a process management component, and a client of a data user is simultaneously sent to an intermediate service platform and a client of a data provider;

after the client side of the data provider confirms the white list, the data assets are preprocessed according to the AAS-DA-super and stored as the AAS-DA-user, and the AAS-DA-user and the preprocessed data assets are sent to the client side of the data user.

5. The method according to claim 1, wherein during the usage of the data asset, the client of the data consumer confirms whether one or more processes about to invoke the data asset have authority according to the processes in the white list, and the method comprises:

one or more processes for calling the data assets are called, and authority application is initiated to a client of a data user;

confirming the authority of one or more processes about to call the data assets by reading a white list of a client of a data user;

if the process is in the white list, the client of the data user sends a confirmation instruction to the AAS-DA-user, and the process is allowed to operate on the data assets according to the Function attribute in the AAS-DA-user;

if the process is not on the white list, the data consumer client will not allow the process to invoke the data asset.

6. The usage control method according to claim 1, wherein the terminating and/or destroying of the usage of the data asset by the AAS-DA-user and the AAS-DA-public in the case that the change of the data asset reaches the boundary condition of the intelligent contract or the violation of the constraint condition occurs, includes:

according to the boundary conditions and the constraint conditions of the intelligent contract, the client of the data user monitors whether the operation of the process on the data assets reaches the maximum value of the boundary conditions or not in real time, or the operation violating the constraint conditions occurs;

when the change of the data assets reaches the boundary condition of the intelligent contract or the constraint condition is violated, the client of the data user forcibly terminates the process;

and the client of the data User sends an instruction to the AAS-DA-User, and the AAS-DA-User destroys the data assets.

7. The usage control method according to claim 1, further comprising:

after the intelligent contract is achieved, all operations of the data provider, the data user and the intermediate service platform on the data asset are synchronously stored in the client of the data provider, the client of the data user and the intermediate service platform in a log mode until the data asset is destroyed;

after the data assets are destroyed, the client side of the data user and the AAS-DA-user can stop the intelligent contract, and the information that the data assets are destroyed and the intelligent contract is stopped is sent to the intermediate service platform and the client side of the data provider through the client side of the data user;

after the intermediate service platform receives the information that the data assets are destroyed and the intelligent contract is stopped, the AAS-DA-public stops the contract through the contract setting function of the control management assembly of the data assets and starts a clearing process.

8. A client comprising a processor and a memory storing program instructions, wherein the processor is configured to execute the method of use control of a data asset of any of claims 1 to 7 when executing the program instructions;

wherein the client is configured to:

9. An intermediary service platform, comprising a processor and a memory storing program instructions, wherein the processor is configured to execute the method of use control of a data asset of any one of claims 1 to 7 when executing the program instructions;

wherein the intermediate service platform is configured to:

10. A storage medium storing program instructions which, when executed, perform a method of controlling the use of a data asset as claimed in any one of claims 1 to 7.