CN117332395B - Data management method and system for data sharing - Google Patents

Data management method and system for data sharing Download PDF

Info

Publication number
CN117332395B
CN117332395B CN202311574949.8A CN202311574949A CN117332395B CN 117332395 B CN117332395 B CN 117332395B CN 202311574949 A CN202311574949 A CN 202311574949A CN 117332395 B CN117332395 B CN 117332395B
Authority
CN
China
Prior art keywords
data
request
target
data sharing
management terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311574949.8A
Other languages
Chinese (zh)
Other versions
CN117332395A (en
Inventor
李华旸
白耀辉
李又奎
徐惠莲
汪翠芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangxi In New Economic Industry Development Co ltd
Jiangxi University of Finance and Economics
Original Assignee
Jiangxi In New Economic Industry Development Co ltd
Jiangxi University of Finance and Economics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangxi In New Economic Industry Development Co ltd, Jiangxi University of Finance and Economics filed Critical Jiangxi In New Economic Industry Development Co ltd
Priority to CN202311574949.8A priority Critical patent/CN117332395B/en
Publication of CN117332395A publication Critical patent/CN117332395A/en
Application granted granted Critical
Publication of CN117332395B publication Critical patent/CN117332395B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data management method and system for data sharing, and relates to the technical field of data sharing. The method comprises the following steps: the identity management terminal receives the data sharing request, extracts identity verification information and request verification information, performs identity verification on the data sharing request based on the identity verification information, and performs authority verification on the data sharing request based on the request verification information; after passing the identity verification and the authority verification of the data sharing request, generating a request execution instruction and sending the request execution instruction to the data management terminal; the data management terminal selects first target data from the first target database based on the request execution instruction, invokes the security intelligent contract to carry out privacy security processing on the first target data, and writes second target data into the second target database after obtaining the second target data. The invention reduces the risks of privacy leakage and data tampering in the data sharing process.

Description

Data management method and system for data sharing
Technical Field
The present invention relates to the field of data sharing technologies, and in particular, to a data management method and system for data sharing.
Background
Under the information age, data sharing between enterprises is a key to promote the development of enterprises and organizations. The shared data may contain some private information, and disclosure of sensitive data may affect the development of the enterprise. The shared data has the risks of privacy disclosure and tampering in the process of circulating among a plurality of enterprises.
Disclosure of Invention
Aiming at the defects in the prior art, the application provides a data management method and a data management system for data sharing, which aim to improve the data security in the sharing process and reduce the risks of privacy disclosure and data tampering.
As an aspect of the embodiments of the present application, there is provided a data management method for data sharing, including:
the identity management terminal receives a data sharing request sent by a user terminal, extracts identity verification information and request verification information from the data sharing request, and performs identity verification on the data sharing request based on the identity verification information, wherein the identity verification information and the request verification information respectively comprise basic information of a data requester and a data provider, the basic information of the data requester comprises a first identification number and a first authorization password, and the basic information of the data provider comprises a second identification number and a target data type;
responding to the passing of the identity verification of the data sharing request, and carrying out authority verification on the data sharing request based on the request verification information;
after the authority verification of the data sharing request is passed, generating a request execution instruction and sending the request execution instruction to the data management terminal, and simultaneously generating request record information and broadcasting the request record information in a alliance chain;
the data management terminal selects first target data from a first target database based on a request execution instruction, invokes a security intelligent contract to carry out privacy security processing on the first target data, and writes the second target data into a alliance chain and broadcasts the second target data;
if the data management terminal does not receive the interception instruction sent by the data provider after the preset time length, writing second target data into a second target database based on the request execution instruction;
wherein invoking the security intelligence contract to perform privacy security processing on the first target data comprises: adding noise data to the first target data through a differential privacy function stored in the security intelligent contract, determining a target public key from a plurality of public keys stored in the security intelligent contract based on a request execution instruction, and encrypting the first target data added with the noise data based on the target public key to generate second target data;
before writing the second target data to the federation chain, further comprising:
acquiring a risk value of the first target data, if the risk value is larger than a preset safety threshold, writing second target data into a alliance chain and broadcasting, otherwise, writing the second target data into a local database, and if an interception instruction sent by a data provider is not received after a preset time period, writing the second target data in the local database into the second target database based on a request execution instruction by a data management terminal;
for the risk value, the risk value is calculated by the identity management terminal based on the history request record of the first authorized password, and the method comprises the following steps:
acquiring a history request record of a first authorization password, counting the occurrence frequency of data sharing requests in each preset time period in a plurality of preset time periods, and sequencing the plurality of preset time periods based on the occurrence frequency of the data sharing requests;
acquiring a sequence number n of a preset time period to which the data sharing request belongs, wherein the risk value of the first target data is as follows:
V=f 1 +f 2 +…+fn;
wherein V is a risk value, f 1 、f 2 …, fn are the frequency of occurrence of data sharing requests in the 1 st, 2 nd, … th, n preset time periods, respectively.
Further, authenticating the data sharing request based on the authentication information includes:
matching a first identification number in the identity verification information with a plurality of identification numbers in an information base, and determining a target authorization password set based on the first identification number after successful matching;
traversing the target authorization password set, and if a second authorization password matched with the first authorization password in the authentication information exists in the target authorization password set, passing the authentication of the data sharing request.
Further, performing rights verification on the data sharing request based on the request verification information includes:
matching the second identification number in the request verification information with a plurality of identification numbers in an information base, and if the matching is successful, determining a permission configuration table associated with the second identification number;
and determining a plurality of data types accessible by the second authorization password based on the permission configuration table, and if the target data type in the request verification information can be successfully matched with one of the plurality of data types accessible by the second authorization password, verifying the permission of the request through data sharing.
Further, generating the request execution instruction includes:
a first target database for extracting the shared data is determined based on the second identification number, a second target database for storing the shared data is determined based on the first identification number, and a request execution instruction is generated based on the first identification number and the second identification number.
Further, the secure smart contract selects a public key bound with the first identification number from a plurality of public keys as a target public key according to the first identification number, and encrypts first target data added with noise data through the target public key.
As another aspect of the embodiments of the present application, there is provided a data management system for data sharing, including an identity management terminal, a data management terminal, a plurality of user terminals, and a plurality of databases, where the identity management terminal is in communication connection with the data management terminal, the identity management terminal is in communication connection with the plurality of user terminals, and the data management terminal is in communication connection with the plurality of databases;
the data management system for data sharing is used for realizing the data management method for data sharing.
The beneficial effects of the invention are as follows:
according to the invention, the identity management terminal is used for carrying out identity verification and authority verification on the data request party, the alliance chain is used for recording related information in each data sharing process, after the identity verification and the authority verification are carried out on the data request party, target data are extracted from the database of the data provider, the target data are safely processed through the safe intelligent contract, and after the preset condition is met, the target data are written into the database of the data request party, so that the risks of privacy leakage and data falsification in the data sharing process are reduced.
Drawings
Fig. 1 is a flowchart of a data management method for data sharing according to an embodiment of the present invention.
Fig. 2 is a block diagram of a data management system for data sharing according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, some embodiments of the present application will be described in further detail below with reference to the accompanying drawings and embodiments.
Referring to fig. 1, an embodiment of the present application provides a data management method for data sharing, including the following steps:
s010, the identity management terminal receives a data sharing request sent by the user terminal, extracts identity verification information and request verification information from the data sharing request, and performs identity verification on the data sharing request based on the identity verification information;
in this step, the authentication information and the request authentication information respectively include basic information of a data requester and data provider, where the basic information of the data requester includes at least a first identification number and a first authorization password, and the basic information of the data provider includes at least a second identification number and a target data type.
S020, responding to the passing of the identity verification of the data sharing request, and carrying out authority verification on the data sharing request based on the request verification information;
s030, after the authority verification of the data sharing request is passed, generating a request execution instruction and sending the request execution instruction to the data management terminal, and simultaneously generating request record information and broadcasting the request record information in a alliance chain;
in the step, after the identity verification and the authority verification of the data sharing request are passed, a request execution instruction corresponding to the data request is generated, wherein the request execution instruction is used for indicating the source and the destination of data required by a data requester, so that the data management terminal can conveniently extract and send the data, and request record information is used for recording the relevant information of the data sharing request, including request time, authentication result, identity information of the data requester, identity information of a data provider and the like, and is used as a certificate for later security verification.
It should be noted that, the federation chain is used for cooperation between a plurality of enterprises or institutions that need to share data, and the plurality of enterprises or institutions that are authorized can join the network, and relevant information in each data sharing process is recorded.
S040, the data management terminal selects first target data from a first target database based on a request execution instruction, calls a security intelligent contract to carry out privacy security processing on the first target data, and writes the second target data into a alliance chain and broadcasts the second target data;
in this step, the security intelligent contract is pre-deployed in the federation chain, and is used for encrypting data, different script programs, codes and algorithms can be deployed in the intelligent contract, in this embodiment, a differential privacy function for performing privacy processing on the data is written in the security intelligent contract, and a public key selection program is provided, after the first target data is uploaded to the federation chain, the intelligent program in the intelligent contract is executed, the first target data is subjected to privacy processing based on the differential privacy technology, and encrypted by a specific public key to obtain second target data, and then the second target data is written in the federation chain.
S050, if the data management terminal does not receive an interception instruction sent by the data provider after a preset time period, writing second target data into a second target database based on a request execution instruction;
in this step, the second target database is used to indicate the enterprise or organization to which the data requester belongs to be used as the database for storing data in the data sharing process, and similarly the first target database is used to indicate the database for storing data in the data sharing process to which the data provider belongs, the preset time length can be specifically set by multiple parties participating in data sharing based on actual conditions, and is not specifically limited herein, by broadcasting related information in the coalition chain and setting the preset time length, the risk of leakage of identity information and shared data can be further reduced, after the second target data is written into the second target database, the data requester can perform data query from the second target database based on the data query mode inside the enterprise or organization to which the data requester belongs, so as to complete the data sharing process.
In order to improve the data security in the data sharing process, the risk of privacy disclosure and data tampering is reduced, identity verification and authority verification are carried out on the data request party through the identity management terminal, related information in each data sharing process is recorded through the alliance chain, the data request party can send a data sharing request based on related credential information of an enterprise or organization where the data request party is located, but after the data request party sends the identity verification and the authority verification, related data is not directly sent to the data request party, for example, the data transmission is directly carried out in a mode of not adopting a sharing link, providing sharing interface authority and the like, after target data is extracted from a database of the data provider, security processing is carried out on the target data through a security intelligent contract, the target data is written into the database of the data request party after preset conditions are met, the target data is not directly sent to a user terminal used by the data request party, the database used by the data request party and the data provider can be a database in the enterprise, for example, the database in the enterprise intranet is a database in the enterprise, and the data disclosure and the risk of the disclosure and the block chain network is reduced through API (application program interface).
As an alternative embodiment, in step S040, before writing the second target data to the coalition chain, the method further includes:
acquiring a risk value of the first target data, if the risk value is larger than a preset safety threshold, writing the second target data into a alliance chain and broadcasting, otherwise, writing the second target data into a local database;
specifically, for the first target data with the risk value larger than the preset safety threshold, temporary storage of the data is performed through the alliance chain, if an interception instruction sent by the data provider is not received after the preset duration, the data management terminal writes the second target data stored in the alliance chain into the second target database based on the request execution instruction, otherwise, temporary storage of the data is performed through the local database, if the interception instruction sent by the data provider is not received after the preset duration, the data management terminal writes the second target data stored in the local database into the second target database based on the request execution instruction. The identification of the risk value is specifically performed by the instruction program stored in advance in the security intelligent contract, the storage pressure of the alliance chain can be reduced through the mode, data with lower risk value is temporarily stored through the local database and then sent to the second target database, and data with higher risk value is temporarily stored through the alliance chain, so that the safety of the data is further improved.
As an alternative embodiment, for the risk value, the risk value is calculated by the identity management terminal based on the history request record of the first authorized password, and specifically includes the following steps:
acquiring a history request record of a first authorization password, counting the occurrence frequency of data sharing requests in each preset time period in a plurality of preset time periods, sorting the plurality of preset time periods based on the occurrence frequency of the data sharing requests, and particularly sorting the plurality of preset time periods according to the sequence from big to small of the occurrence frequency of the data sharing requests;
acquiring a sequence number n of a preset time period to which the data sharing request belongs, and calculating a risk value of the first target data based on the following formula:
V=f 1 +f 2 +…+fn;
wherein V is a risk value, f 1 、f 2 The frequency of occurrence of the data sharing request in the 1 st, 2 nd, … th and n th preset time periods is respectively indicated by … and fn, and after the identity verification and the authority verification of the data sharing request are passed, the identity management terminal calculates the risk value of the first target data to be extracted by the data sharing request based on the mode.
As an optional implementation manner, the identity management terminal performs identity verification on the data sharing request based on the identity verification information in step S010, and specifically includes the following procedures:
matching a first identification number in the identity verification information with a plurality of identification numbers in an information base, and determining a target authorization password set based on the first identification number after successful matching;
specifically, the information base stores related information of a plurality of enterprises or organizations sharing data, such as a name for each enterprise or organization, an identification number for uniquely representing an identity, an authorized serial number, a shared data type, a permission configuration table and other information, and the first identification number indicates identity information of the enterprise or organization to which the data requester belongs.
The identity management terminal performs identity recognition of the data request party based on the first identification number, and after determining the enterprise or organization to which the data request party belongs, determines a target authorization password set under the enterprise or organization, wherein the target authorization password set records one or more authorization passwords of the enterprise or organization.
Traversing the target authorization password set, and if a second authorization password matched with the first authorization password in the authentication information exists in the target authorization password set, passing the authentication of the data sharing request.
Specifically, a user authorized by the enterprise or organization to which the user belongs can use the identification number as a credential, send a data sharing request through the user terminal, and further characterize the identity to which the user belongs through the related authorization password, so that the identity verification of the data sharing request is realized.
As an optional implementation manner, the authentication management terminal performs authority authentication on the data sharing request based on the request authentication information in step S020, and specifically includes:
matching the second identification number in the request verification information with a plurality of identification numbers in an information base, and if the matching is successful, determining a permission configuration table associated with the second identification number;
specifically, in the data sharing request sent at this time, the second identification number indicates identity information of an enterprise or an organization to which the data required by the data requester belongs, after determining the identity of the enterprise or the organization to which the data required by the data requester belongs, a permission configuration table associated with the second identification number is extracted from the information base, and the permission configuration table records sharing permission information of each data type in a plurality of data types to which the data shared by the enterprise or the organization belongs, and illustratively records one or more authorization passwords of each data type which can be granted access permission.
It should be noted that, before data sharing, each organization or enterprise may determine a plurality of data types based on the content difference of the data to be shared, and determine information of an object that can be shared by each data type, because the data is not directly sent to a user in the data sharing process but is stored based on a database, the organization or enterprise may set the same or different authorization passwords for each type of data based on its management of data authority, and the plurality of organizations or enterprises may set the same or different authorization passwords for the data of the same data type, which is not limited specifically herein, and in this embodiment, the authorization passwords set for the data of the same data type between the plurality of organizations or enterprises are different as an example.
And determining a plurality of data types accessible by the second authorization password based on the permission configuration table, and if the target data type in the request verification information can be successfully matched with one of the plurality of data types accessible by the second authorization password, verifying the permission of the request through data sharing.
For example, one or more accessible data types corresponding to one or more authorized passwords belonging to the first identification number can be extracted from the right configuration table through the first identification number, one or more accessible data types of the request can be determined according to the first authorized password provided by the data request party, whether the target data type in the request verification information can be matched with one of the data types is judged, and if the target data type is matched with the one data type, the right verification of the data sharing request is passed. It should be noted that the target data type in the data sharing request does not refer to a single data type, and the data requester may issue the data sharing request to data of multiple data types simultaneously based on actual situations.
In the process of data sharing, basic information of data used for sharing by each enterprise or organization can be disclosed to other enterprises or organizations, for example, all data types respectively corresponding to all data used for sharing are disclosed, members of the enterprises or organizations can send data sharing requests to the other enterprises or organizations based on own requirements, the above embodiment is only an alternative implementation, each enterprise or organization can also not set authority for the data used for sharing, for example, the sharing authority of each data type is regarded as the same, that is, other enterprises or organizations can send data sharing requests to multiple data types based on a single authorization password.
As an alternative embodiment, the execution instruction for the generation request in step S030 includes:
a first target database for extracting the shared data is determined based on the second identification number, a second target database for storing the shared data is determined based on the first identification number, and a request execution instruction is generated based on the first identification number and the second identification number.
It should be noted that, the first target database and the second target database are respectively used for indicating the data source and the data destination in the data sharing process, and the request execution instruction at least includes the related information of the data requesting party and the data providing party, so that the data management terminal can extract and send the data.
As an optional implementation manner, in step S040, invoking the security intelligence contract to perform privacy security processing on the first target data specifically includes:
adding noise data to the first target data through a differential privacy function stored in the secure smart contract, and determining a target public key from a plurality of public keys stored in the secure smart contract based on a request execution instruction;
specifically, in order to ensure the security in the data transmission process, multiple enterprises or organizations participating in data sharing are respectively provided with public keys in a public-private key pair, the public keys in the public-private key pair are stored by themselves, after privacy removal processing is performed on first target data, a public key bound with a first identification number is selected from multiple public keys according to a public key selection program and the first identification number as a target public key by a secure intelligent contract, the first target data added with noise data is encrypted based on the target public key to generate second target data, after the second target data is written into a second target database, the enterprise to which a data requester belongs can decrypt the second target data based on the held private key, and therefore data sharing is completed.
In the embodiment of the application, the differential privacy function is used for carrying out privacy-removing treatment on noise data of target data and is stored in a private account book, a plurality of public keys are recorded by the security intelligent contract, after first target data is received, the pre-deployed differential privacy function in the security intelligent contract carries out privacy-removing treatment on the first target data based on the noise data in the private account book, the public key selection program carries out data encryption on the first target data based on the selected target public key, and the risk of privacy leakage and tampering of shared data is reduced through the security intelligent contract.
Referring to fig. 2, on the basis of providing a data management method for data sharing in the embodiment of the present application, the embodiment of the present application further provides a data management system for data sharing, including an identity management terminal, a data management terminal, a plurality of user terminals, and a plurality of databases;
the identity management terminal is in communication connection with the data management terminal, the identity management terminal is in communication connection with a plurality of user terminals, and the data management terminal is in communication connection with a plurality of databases.
For a data sharing request sent by any user terminal, the data management system performs the following steps:
the identity management terminal extracts identity verification information and request verification information from the data sharing request, performs identity verification on the data sharing request based on the identity verification information, and performs authority verification on the data sharing request based on the request verification information; after the identity verification and the authority verification of the data sharing request are passed, the identity management terminal generates a request execution instruction based on the data sharing request and sends the request execution instruction to the data management terminal;
the data management terminal selects first target data from the first target database based on the request execution instruction, invokes the security intelligent contract to conduct privacy security processing on the first target data to obtain second target data, and writes the second target data into the second target database based on the request execution instruction.
It will be understood that modifications and variations will be apparent to those skilled in the art from the foregoing description, and it is intended that all such modifications and variations be included within the scope of the following claims. Parts of the specification not described in detail belong to the prior art known to those skilled in the art.

Claims (5)

1. A data management method for data sharing, comprising:
the identity management terminal receives a data sharing request sent by a user terminal, extracts identity verification information and request verification information from the data sharing request, and performs identity verification on the data sharing request based on the identity verification information, wherein the identity verification information and the request verification information respectively comprise basic information of a data requester and a data provider, the basic information of the data requester comprises a first identification number and a first authorization password, and the basic information of the data provider comprises a second identification number and a target data type;
responding to the passing of the identity verification of the data sharing request, and carrying out authority verification on the data sharing request based on the request verification information;
after the authority verification of the data sharing request is passed, generating a request execution instruction and sending the request execution instruction to the data management terminal, and simultaneously generating request record information and broadcasting the request record information in a alliance chain;
the data management terminal selects first target data from a first target database based on a request execution instruction, invokes a security intelligent contract to carry out privacy security processing on the first target data, and writes the second target data into a alliance chain and broadcasts the second target data;
if the data management terminal does not receive the interception instruction sent by the data provider after the preset time length, writing second target data into a second target database based on the request execution instruction;
wherein invoking the security intelligence contract to perform privacy security processing on the first target data comprises: adding noise data to the first target data through a differential privacy function stored in the security intelligent contract, determining a target public key from a plurality of public keys stored in the security intelligent contract based on a request execution instruction, and encrypting the first target data added with the noise data based on the target public key to generate second target data;
before writing the second target data to the federation chain, further comprising:
acquiring a risk value of the first target data, if the risk value is larger than a preset safety threshold, writing second target data into a alliance chain and broadcasting, otherwise, writing the second target data into a local database, and if an interception instruction sent by a data provider is not received after a preset time period, writing the second target data in the local database into the second target database based on a request execution instruction by a data management terminal;
for the risk value, the risk value is calculated by the identity management terminal based on the history request record of the first authorized password, and the method comprises the following steps:
acquiring a history request record of a first authorization password, counting the occurrence frequency of data sharing requests in each preset time period in a plurality of preset time periods, and sequencing the plurality of preset time periods based on the occurrence frequency of the data sharing requests;
acquiring a sequence number n of a preset time period to which the data sharing request belongs, wherein the risk value of the first target data is as follows:
V=f 1 +f 2 +……+fn;
wherein V is a risk value, f 1 、f 2 … … and fn are the occurrence frequencies of data sharing requests in the 1 st, 2 nd, … … th and n th preset time periods respectively;
authenticating the data sharing request based on the authentication information includes:
matching a first identification number in the identity verification information with a plurality of identification numbers in an information base, and determining a target authorization password set based on the first identification number after successful matching;
traversing the target authorization password set, and if a second authorization password matched with the first authorization password in the authentication information exists in the target authorization password set, passing the authentication of the data sharing request.
2. The data management method for data sharing according to claim 1, wherein performing authority verification of the data sharing request based on the request verification information, comprises:
matching the second identification number in the request verification information with a plurality of identification numbers in an information base, and if the matching is successful, determining a permission configuration table associated with the second identification number;
and determining a plurality of data types accessible by the second authorization password based on the permission configuration table, and if the target data type in the request verification information can be successfully matched with one of the plurality of data types accessible by the second authorization password, verifying the permission of the request through data sharing.
3. The data management method for data sharing according to claim 2, wherein generating the request execution instruction includes:
a first target database for extracting the shared data is determined based on the second identification number, a second target database for storing the shared data is determined based on the first identification number, and a request execution instruction is generated based on the first identification number and the second identification number.
4. A data management method for data sharing according to claim 3, wherein the secure smart contract selects a public key bound to the first identification number from the plurality of public keys as a target public key according to the first identification number, and encrypts the first target data to which the noise data has been added by the target public key.
5. A data management system for data sharing, wherein the data management system for data sharing is configured to implement a data management method for data sharing according to any one of claims 1 to 4, the data management system for data sharing comprises an identity management terminal, a data management terminal, a plurality of user terminals, and a plurality of databases, the identity management terminal and the data management terminal are in communication connection, the identity management terminal is in communication connection with the plurality of user terminals, and the data management terminal is in communication connection with the plurality of databases.
CN202311574949.8A 2023-11-23 2023-11-23 Data management method and system for data sharing Active CN117332395B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311574949.8A CN117332395B (en) 2023-11-23 2023-11-23 Data management method and system for data sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311574949.8A CN117332395B (en) 2023-11-23 2023-11-23 Data management method and system for data sharing

Publications (2)

Publication Number Publication Date
CN117332395A CN117332395A (en) 2024-01-02
CN117332395B true CN117332395B (en) 2024-03-08

Family

ID=89293679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311574949.8A Active CN117332395B (en) 2023-11-23 2023-11-23 Data management method and system for data sharing

Country Status (1)

Country Link
CN (1) CN117332395B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108540482A (en) * 2018-04-20 2018-09-14 上海银赛计算机科技有限公司 Account number analysis system, method and device
CN110266648A (en) * 2019-05-21 2019-09-20 平安普惠企业管理有限公司 Data capture method, server and computer storage medium based on alliance's chain
WO2020259635A1 (en) * 2019-06-27 2020-12-30 深圳前海微众银行股份有限公司 Method and apparatus for sharing blockchain data
CN112463843A (en) * 2020-11-27 2021-03-09 国家电网有限公司大数据中心 Power grid data sharing method and system based on block chain and data resource catalog
CN113160944A (en) * 2021-02-03 2021-07-23 江西财经大学 Medical image sharing method based on block chain
CN114547209A (en) * 2022-04-26 2022-05-27 睿至科技集团有限公司 Data sharing interaction method and system based on block chain
CN115374426A (en) * 2022-08-23 2022-11-22 中国电信股份有限公司 Access control method, device, equipment and storage medium
CN115694949A (en) * 2022-10-26 2023-02-03 上海和数软件有限公司 Private data sharing method and system based on block chain

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108540482A (en) * 2018-04-20 2018-09-14 上海银赛计算机科技有限公司 Account number analysis system, method and device
CN110266648A (en) * 2019-05-21 2019-09-20 平安普惠企业管理有限公司 Data capture method, server and computer storage medium based on alliance's chain
WO2020259635A1 (en) * 2019-06-27 2020-12-30 深圳前海微众银行股份有限公司 Method and apparatus for sharing blockchain data
CN112463843A (en) * 2020-11-27 2021-03-09 国家电网有限公司大数据中心 Power grid data sharing method and system based on block chain and data resource catalog
CN113160944A (en) * 2021-02-03 2021-07-23 江西财经大学 Medical image sharing method based on block chain
CN114547209A (en) * 2022-04-26 2022-05-27 睿至科技集团有限公司 Data sharing interaction method and system based on block chain
CN115374426A (en) * 2022-08-23 2022-11-22 中国电信股份有限公司 Access control method, device, equipment and storage medium
CN115694949A (en) * 2022-10-26 2023-02-03 上海和数软件有限公司 Private data sharing method and system based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
区块链与法院工作创新――构建数据共享的司法信用体系;杨东;徐信予;;法律适用;20200101(第01期);第 14-24页 *

Also Published As

Publication number Publication date
CN117332395A (en) 2024-01-02

Similar Documents

Publication Publication Date Title
CN110377239B (en) Data signature method, device, server, system and storage medium
US11314891B2 (en) Method and system for managing access to personal data by means of a smart contract
CN109274652B (en) Identity information verification system, method and device and computer storage medium
CN111931144B (en) Unified safe login authentication method and device for operating system and service application
US8615663B2 (en) System and method for secure remote biometric authentication
CN106488452B (en) Mobile terminal safety access authentication method combining fingerprint
CN110990827A (en) Identity information verification method, server and storage medium
CN110932859B (en) User information processing method, device and equipment and readable storage medium
CN105207776A (en) Fingerprint authentication method and system
CN115118419B (en) Data transmission method of security chip, security chip device, equipment and medium
CN111538784A (en) Block chain-based digital asset transaction method and device and storage medium
CN112733121A (en) Data acquisition method, device, equipment and storage medium
CN112039857B (en) Calling method and device of public basic module
CN110995661B (en) Network card platform
CN113849797A (en) Method, device, equipment and storage medium for repairing data security vulnerability
US11736481B2 (en) Friction-less identity proofing during employee self-service registration
CN117332395B (en) Data management method and system for data sharing
CN110807210A (en) Information processing method, platform, system and computer storage medium
KR102307668B1 (en) Certification system and certification method
CN105743883B (en) A kind of the identity attribute acquisition methods and device of network application
TWI688898B (en) Multi-factor dynamic quick response code authentication system and method
CN112769560B (en) Key management method and related device
US20230291549A1 (en) Securely sharing secret information through an unsecure channel
CN118054948A (en) Cross-chain identity verification method and system based on public key cryptography
CN115659397A (en) Data processing method, device, terminal and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant