WO2024002105A1 - Procédé de commande d'utilisation d'actif de données, client et plateforme de service intermédiaire - Google Patents

Procédé de commande d'utilisation d'actif de données, client et plateforme de service intermédiaire Download PDF

Info

Publication number
WO2024002105A1
WO2024002105A1 PCT/CN2023/102913 CN2023102913W WO2024002105A1 WO 2024002105 A1 WO2024002105 A1 WO 2024002105A1 CN 2023102913 W CN2023102913 W CN 2023102913W WO 2024002105 A1 WO2024002105 A1 WO 2024002105A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
client
aas
user
assets
Prior art date
Application number
PCT/CN2023/102913
Other languages
English (en)
Chinese (zh)
Inventor
韦莎
刘海阳
李铮
吕东阳
高凡
周子文
刘默
Original Assignee
中国信息通信研究院
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国信息通信研究院 filed Critical 中国信息通信研究院
Publication of WO2024002105A1 publication Critical patent/WO2024002105A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/215Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • G06F16/2365Ensuring data consistency and integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2465Query processing support for facilitating data mining operations in structured databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification

Definitions

  • This application relates to the field of data processing technology, for example, to a data asset usage control method, client and intermediate service platform.
  • Embodiments of the present disclosure provide a method for controlling the use of data assets, a client, an intermediate service platform and a storage medium to manage and constrain data assets, give full play to the strategic element resource role and innovation engine role of data, and promote data elements Use value.
  • the data asset usage control method is applied to the client as the data provider, the client as the data user, and the intermediate service platform as the intermediate service party.
  • the method includes:
  • Data providers and data users conduct user registration and identity authentication through their respective clients.
  • the authenticated data provider registers with the data asset active management system AAS-DA through the data provider's client to the intermediate service platform. and certification;
  • the data provider saves the data asset information to be disclosed in AAS-DA-supplier as AAS-DA-public and uploads it to the intermediate service platform through the data provider's client, so that the data user and data provider can reach a smart contract;
  • the client of the data consumer performs a usage environment scan and generates a whitelist of processes that are allowed to access or use control data assets. After confirming the processes in the whitelist, the client of the data provider combines AAS-DA-user with the preprocessed The data assets are sent to the client of the data user;
  • the client of the data user confirms whether the one or more processes that are about to call the data assets have permission based on the processes in the whitelist, and when the changes in the data assets reach the boundary conditions of the smart contract or appear In the event of violation of constraints, data assets will be terminated and/or destroyed through AAS-DA-user and AAS-DA-public.
  • the client is characterized by including a processor and a memory storing program instructions, and the processor is configured to execute the data assets described in this application when running the program instructions.
  • the client is configured as:
  • the intermediate service platform is characterized in that it includes a processor and a memory storing program instructions, and it is characterized in that the processor is configured to execute as described in this application when running the program instructions. Methods to control the use of data assets;
  • the intermediate service platform is configured as:
  • the storage medium stores program instructions, and when the program instructions are run, the method for controlling the use of data assets as described in this application is executed.
  • the data asset usage control method, client, intermediate service platform and storage medium provided by the embodiments of this disclosure can achieve the following technical effects:
  • This application uses AAS-DA to realize the loading and use control of data assets between the client as the data provider, the client as the data user, and the intermediate service platform as the intermediate service party, and maintains data sovereignty in the data provider.
  • data assets are available, invisible, controllable, measurable, access rights controlled, and burned after use, which solves the problems of poor quality of data assets, difficulty in data interoperability, high acquisition costs, difficulty in ensuring security, and ownership rights.
  • Problems such as the complexity of confirmation and valuation transactions have formed a technical system for data sharing, circulation, transaction and security protection.
  • FIG. 1 is a schematic diagram of the functional architecture of AAS-DA provided by this application.
  • Figure 2 is a schematic flow chart of a data asset management method provided by this application.
  • FIG. 3 is a schematic flow chart of another data asset management method provided by this application.
  • FIG. 4 is a schematic flow chart of another data asset management method provided by this application.
  • FIG. 5 is a schematic flow chart of another data asset management method provided by this application.
  • Figure 6 is a schematic flow chart of another data asset management method provided by this application.
  • Figure 7 is a schematic flow chart of another data asset management method provided by this application.
  • Figure 8 is a schematic flow chart of another data asset management method provided by this application.
  • FIG. 9 is a schematic structural diagram of an AAS-DA system provided by this application.
  • Figure 10 is a schematic flow chart of a method for controlling the use of data assets provided by this application.
  • Figure 11 is a schematic flow chart of another data asset usage control method provided by this application.
  • Figure 12 is a schematic flow chart of another data asset usage control method provided by this application.
  • Figure 13 is a schematic flow chart of another data asset usage control method provided by this application.
  • Figure 14 is a schematic flow chart of another data asset usage control method provided by this application.
  • Figure 15 is a schematic flow chart of another data asset usage control method provided by this application.
  • Figure 16 is a schematic flow chart of another method for controlling the use of data assets provided by this application.
  • Figure 17 is a schematic diagram of a computing device provided by this application.
  • A/B means: A or B.
  • a and/or B means: A or B, or A and B.
  • correspondence can refer to an association relationship or a binding relationship.
  • correspondence between A and B refers to an association relationship or a binding relationship between A and B.
  • AAS-DA Active Administration System-Data Asset
  • DA Data-Asset: refers to data assets, used to identify a data asset.
  • API Application Programming Interface
  • connection interface which in this application refers to the interface in the data asset active management system AAS-DA.
  • Non-practical It does not have a physical form and relies on physical carriers to exist; it will not be worn or consumed due to use; it can be used indefinitely during its existence.
  • Dependability must be stored in a certain medium; can exist in multiple media in different forms at the same time.
  • Diversity diverse expression forms; diverse fusion forms; uncertain usage methods.
  • Value volatility Value is affected by many different factors; including technology, capacity, value density, application business model, etc.
  • Processability It can be maintained, updated, supplemented, and added; it can be deleted, merged, aggregated, and redundant eliminated; it can be analyzed, refined, mined, etc.
  • Multiple derivation refers to the fact that the same data subject can be processed in multiple levels and dimensions, thereby deriving different levels of data value, mining the potential value of multi-level and multi-dimensional data assets, and enriching data assets.
  • Shareability refers to the fact that data assets can be exchanged, transferred and used indefinitely, and its shareability can be used to maximize the value of data assets
  • Zero-cost replicability refers to the fact that the cost of data assets mainly lies in the early data reading and research and development stages. Therefore, the cost of starting up data assets is extremely high, but the subsequent copying and sharing, the marginal cost tends to zero.
  • This application aims to manage and restrict the above characteristics of data assets.
  • Metadata management extract abstract information of data, trace data, and explore relationships between data.
  • Data quality management Improve data quality and improve the level of data applications and services.
  • Data security management Divide data security levels and formulate data security management specifications to achieve "manageable beforehand, controllable during the matter, and investigation afterward.”
  • Data value management data cost management and data revenue management to optimize and maximize the release of data value.
  • Data sharing management Through internal sharing of data, external circulation of data, and opening to the outside world, the internal and external value of data is released.
  • Transparency refers to the openness of all parties involved in the sharing of data assets to provide all information needed to successfully deliver the data sharing partnership.
  • Accessibility refers to the ability of all parties to access the data they need when they need it.
  • Standardization refers to the adoption of consistent legal, technical and other measures for all stakeholders in the data sharing process.
  • Security and data integrity refers to the implementation of measures and mechanisms designed to securely protect information and data to achieve a secure environment for data sharing.
  • this application provides a data asset active management system AAS-DA to conduct full life cycle management of data assets, as well as execution supervision, control and management during use.
  • each data asset has its twin matching AAS-DA, thereby upgrading the data asset from a passive asset to an active asset.
  • AAS-DA can define, configure and update the attribute information of data assets, record the full life cycle information, and perform the highest priority operations on data assets, including but not limited to desensitization, encryption, termination and destruction.
  • AAS-DA can record the processing process and terminate the use and/or destroy the data assets when they do not meet the data asset security requirements and other constraints.
  • a new AAS-DA will be generated accordingly, and the AAS-DA of the copied data asset will be associated with the AAS-DA of the original data asset.
  • the AAS-DA of this application supports all types of data assets, including but not limited to streaming data, event data, engineering drawings, videos, algorithms, machine learning models or knowledge graphs, etc.
  • AAS-DA can be divided into AAS-DA-supplier, AAS-DA-user and AAS-DA-public.
  • the three AAS-DAs of the same data asset are related to each other and can be merged under necessary conditions.
  • AAS-DA-supplier has the highest authority and can read all content in AAS-DA-user and AAS-DA-public.
  • the content specified by AAS-DA-user and AAS-DA-public must be a subset of AAS-DA-supplier.
  • the functional architecture of the data asset active management system AAS-DA of this application consists of "identity tag" and "subject".
  • the identity tag is the globally unique identifier of the data asset and AAS-DA;
  • the main body includes: the full life cycle management component of the data asset, the control management component, the log storage management component and the interface management component and their corresponding attributes, etc.
  • the full life cycle management component is configured to perform full life cycle management of various subject attributes of data assets.
  • the various subject attributes include data sovereignty, data history, data quality, data type, data level, Attributes such as data standards, data value, data sharing and contracts are used to manage the data sovereignty, data history, data quality, data types, data levels, data standards, data value, data sharing and smart contracts of data assets.
  • Each The details of the class attribute structure are shown in Table 1:
  • Table 1 Detailed list of attributes throughout the life cycle of data assets
  • control management component is configured to manage the use process of data assets, which specifically includes permission management, access control, contract settings, usage control, usage mode, collaboration mode, and usage environment security. Scan and other attributes to manage the permissions, access control, contract settings, usage control, usage mode, collaboration mode, and usage environment security scan of data assets.
  • Permission management implements the control of user access/use of data assets, and controls that users can access and only access the data assets they are authorized to according to security rules or security policies.
  • Permission management includes two parts: user identity authentication and authorization, referred to as authentication and authorization. Users who need to access/use control data assets must first undergo identity authentication. After passing the authentication, the user can only access/use the resource after passing the authentication.
  • Access control includes setup, operation, monitoring, and interruption.
  • Settings mainly include setting the access control mode, subject, behavior, resources, and environment.
  • Access control modes generally have the following forms: discretionary access control, command access control, role access control, attribute access control or other types of access control; subjects include server administrators, data holders, data users who sign contracts, Data users and other role subjects who have not signed a contract; behaviors include reading, writing, copying, deleting, etc.; resources are mainly references to data asset attributes in the full life cycle management of data assets; environment refers to the time when data transactions occur, location and other environmental factors. Interrupts are mainly divided into active interruptions and passive interruptions.
  • Contract setting mainly involves setting Value (hash value, DNA/ID card of the data), Address (connecting different clients), State (input: target state, such as usage time) after reaching an agreement between the data provider and the data user. , times, etc.) and Function (output: executable strategy) and other contract terms.
  • Usage control mainly monitors the use process of data assets and identifies abnormal situations according to the relevant requirements in the contract settings, as well as suspends the call of data assets and realizes the destruction of data assets.
  • the data usage process is monitored in real time through the monitor.
  • the executor calls the executable strategy in the contract settings-Function to realize the destruction, suspension, suspension, etc. of data assets.
  • usage modes generally include the following: regular usage, private computing mode, federated learning mode, encryption mode, and other customized modes.
  • Collaboration modes include merge collaboration and association collaboration modes. Two/multiple AAS-DA-suppliers that turn on collaborative mode will achieve synchronous management of data assets during the use of data assets.
  • Security scanning of the usage environment is mainly performed by AAS-DA-user before the data assets reach the data user.
  • the software layer and system layer of the usage environment are security scanned, and the software that meets the requirements of the smart contract is safely marked. .
  • Table 2 Detailed list of attributes for data asset management
  • the log storage and evidence management component is configured to manage various types of logs generated during the use of the data asset active management system, where the various types of logs mainly include internal logs and data operation logs. , Collaborative logs with other data asset management systems. Specifically, it includes but is not limited to the operation of each functional component in AAS-DA-supplier, the operation of data assets by AAS-DA-supplier, the operation of data assets sent by AAS-DA-user to AAS-DA-supplier, Other related operations on replicated data or sub-data sent by AAS-DA to AAS-DA-supplier, as well as a time-ordered collection of the results of these operations.
  • Each log file consists of log records, and each log record describes a separate system event.
  • the system log is the AAS-DA-supplier's local log that can be read directly by the data provider, which includes a timestamp and a message or other information unique to the subsystem.
  • Usage log is the operation log of data assets sent by AAS-DA-user to AAS-DA-supplier and AAS-DA-public during the operation process of data assets. Generally, it needs to be stored through the blockchain. For subsequent use in liquidation, auditing, supervision, etc.
  • the interface management component is configured to manage the communication interface of the data asset active management system. Specifically, the interface management component mainly manages the communication between at least two data asset active management systems. Interface, as well as the communication interface between the data asset active management system and the data assets are managed.
  • the data assets are implemented.
  • Full life cycle management and effective governance of data assets solve problems such as poor quality of data assets, difficulty in data interoperability, high acquisition costs, difficulty in ensuring security, and complex ownership confirmation and valuation transactions, forming a system for data sharing. , circulation, transaction and security protection technical system.
  • this application provides a data asset management method, which is applied to the data asset active management system AAS-DA.
  • the data asset active management system AAS-DA is divided into AAS-DA- supplier, AAS-DA-user and AAS-DA-public, the methods include:
  • Step 201 After the data asset is formed, the data provider creates an AAS-DA-supplier corresponding to the data asset, and initializes the configuration of the data asset in the AAS-DA-supplier.
  • Step 202 The data provider saves the data asset information to be disclosed in AAS-DA-supplier as the corresponding AAS-DA-public and uploads it to the intermediary service party.
  • the intermediary service party implements AAS-DA through AAS-DA-public. -supplier information release.
  • Step 203 The data user reads the data asset information disclosed in AAS-DA-public and develops a smart contract through AAS-DA-public and the data provider.
  • Step 204 The data provider saves AAS-DA-supplier as AAS-DA-user, and sends AAS-DA-user and the preprocessed data assets to the data user.
  • Step 205 AAS-DA-user monitors the data asset usage process of the data user according to the smart contract, and records all processing operation information for the data assets.
  • Step 206 When the changes in the data assets reach the boundary conditions of the smart contract or the constraints are violated, AAS-DA-user terminates and/or destroys the data assets of the data user.
  • AAS-DA is used to achieve full life cycle management of data assets among data providers, data users and intermediate service parties, and data sovereignty is maintained in the hands of the data provider. , realizing the availability of data assets that are invisible, controllable, measurable, access rights controlled and burned after use, solving the problems of poor quality of data assets, difficulty in data interoperability, high acquisition costs, difficulty in ensuring security, confirmation of ownership rights and Problems such as the complexity of valuation transactions have formed a technical system for data sharing, circulation, transaction and security protection.
  • the initial configuration of data assets in AAS-DA-supplier includes:
  • Step 301 Generate the initial sovereignty information of the data asset in AAS-DA-supplier, where the initial sovereignty information includes the ownership information, time information and location information of the data asset.
  • the initial sovereignty information of the data asset is generated in the AAS-DA-supplier accordingly, including the ownership, time, location and other information of the data asset generation to facilitate the confirmation of data ownership.
  • Step 302 Define, set and update various subject attributes of the data assets through AAS-DA-supplier.
  • various attributes of data assets can be defined, set and updated through AAS-DA-supplier, including data types, standards, specifications and laws and regulations that data assets comply with, quality levels, security level requirements, etc.
  • Step 303 When the data assets are copied or sub-data is generated, they are associated through their respective AAS-DA-suppliers.
  • data assets when copied or sub-data is generated, they can be associated through their respective AAS-DAs to facilitate traceability.
  • Step 304 Use AAS-DA-supplier to desensitize or encrypt data assets.
  • AAS-DA-supplier can desensitize the data assets and encrypt the data according to the encryption algorithm requirements of the country and the enterprise.
  • AAS-DA-user records all processing operation information for data assets and feeds back to AAS-DA-supplier in real time or afterward.
  • AAS-DA-supplier can, after learning the processing status of data assets, Actively issue termination/destruction instructions to AAS-DA-user, and AAS-DA-user calls the operation script to realize the termination/destruction of data assets; and, AAS-DA can manage the physical carrier and storage media of data assets.
  • the intermediary service party implements the information release of AAS-DA-supplier through AAS-DA-public, including:
  • Step 401 The intermediate service party generates a resource directory based on various subject attributes of AAS-DA-public to implement a centralized management model or a distributed management model of data assets.
  • the resource directory mainly includes the names of various types of resources and their metadata descriptions.
  • the intermediate service platform supports the sharing and trading of the following three types of resources: First, data assets, including but not limited to streaming data, event data, CAD drawings, videos, algorithms, models, digital twins, knowledge maps, APPs, API calls, etc.
  • the metadata of the data asset class is stored in the full life cycle management component of the corresponding AAS-DA-supplier data asset;
  • the second is the IT infrastructure class, including but not limited to cloud computing, edge computing, computing resources, communication resources, etc. ;
  • the third is the trusted environment solution category, including but not limited to trusted environment solutions at the hardware layer, system layer and software layer. Certified AAS-DA and resources will be included in the resource directory for management.
  • the data provider saves the information to be disclosed in AAS-DA-supplier as AAS-DA-public and uploads it to the intermediary service party through the data provider.
  • AAS-DA-public that has been reviewed and approved by the intermediary service platform is included in in the resource directory.
  • Step 402 The data user queries the data assets that meet the requirements by accessing the resource directory of the intermediate service party.
  • Step 403 The intermediate service party pushes data assets to the data user based on the supply of data assets in the resource directory.
  • the data user can access the resource directory of the intermediate service party and query the data assets and other resources that meet its requirements.
  • the data user can also subscribe to resource directory updates, or fill in the data assets and other resources of interest.
  • the intermediate service provider can perform accurate push based on the supply of data assets and other resources.
  • this application does not need to centralize the data assets themselves to the intermediate service provider, but only needs to manage AAS-DA-public, and generate a resource directory based on the attribute information in AAS-DA-public to realize the distribution of data assets.
  • Management and centralized management of AAS-DA reduce the risk of data assets and increase the willingness of data providers to share data assets.
  • the data user reads the data asset information disclosed in AAS-DA-public, and develops a smart contract with the data provider through AAS-DA-public, including:
  • Step 501 The data usage direction initiates an invitation to one or more data providers that meet its needs.
  • Step 502 The data provider that accepts the invitation will negotiate with the data user on the cooperation intention of data assets, and write the negotiated content into AAS-DA-public.
  • Step 503 Configure the usage process of data assets in AAS-DA-public and perform log storage.
  • the data user initiates an invitation to one or more data providers that meet its needs.
  • the data provider that accepts the invitation will negotiate with the data user on the cooperation intention of the data assets, and will The content is written into the contract management attribute of the full life cycle management component of the data asset of AAS-DA-public.
  • the control management component of AAS-DA-public's data assets configure permission management, access control, contract settings, usage control, usage mode, collaboration mode attributes, etc.
  • the time when the smart contract was completed and the information of both parties to the transaction will be recorded in the log storage of AAS-DA-public.
  • the AAS-DA-user monitors the data asset usage process of the data user according to the smart contract, and records all processing operation information for the data assets, including:
  • Step 601 AAS-DA-user performs a security scan on the media and environment where the data assets will be stored and used based on the requirements for the usage environment in the smart contract.
  • this application can perform usage environment scanning by AAS-DA-user: According to the settings about the usage environment in the data asset control management component-usage control, AAS-DA-user will call the control of the data asset Management component - Use the environment security scanning function to perform security scans on the software layer, system layer and hardware layer of the usage environment, and perform security annotations on software that meets the requirements of smart contracts. Software marked by security will be included in the whitelist of access control or usage control in the control management component of data assets. AAS-DA-user feeds back the environment security scan results to AAS-DA-supplier through the data consumer's client. AAS-DA-supplier data Asset control management component - After using control approval, data users will be allowed to access pre-processed data assets.
  • AAS-DA-supplier will preprocess the data assets through the usage pattern of the data asset control management component, including but not limited to detachment. Sensitivity, encryption, generation of calculation factors, etc. If you select "General use" in the usage mode, the data assets will be sent to the data consumer in clear text. If the data usage process involves multi-party collaboration, such as multi-party privacy computing, federated learning, etc., the collaboration mode of the control management component of the data assets will also be set. Two or more AAS-DA-suppliers that turn on collaborative mode will achieve synchronous management of data assets during the use of data assets.
  • Step 602 Confirm the permissions of one or more processes that are about to call the data assets by reading the whitelist of access control or usage control in AAS-DA-user.
  • Step 603 AAS-DA-user monitors in real time whether changes in data assets have reached boundary conditions or whether operations that violate constraint conditions occur, and writes the operation log into the log evidence component.
  • the data assets are monitored through AAS-DA-user.
  • AAS-DA-user monitors the data assets in real time through the use-controlled monitor, which is the control management component of the data assets. Whether the change has reached the maximum value of the boundary condition, or an operation that violates the constraint condition has occurred. If one of the above situations occurs, AAS-DA-user sends an exception message to the data consumer, and the data consumer forcibly terminates the process through the process monitoring-executor, and AAS-DA-user passes the control management component of the data asset-usage control-execution.
  • the server destroys data assets.
  • Termination and/or destruction including:
  • Step 701 According to the constraints and boundary conditions of the smart contract, the AAS-DA-user generates an operation script to terminate or destroy the data assets.
  • Step 702 When the changes in the data assets reach the boundary conditions of the smart contract or the constraint conditions are violated, AAS-DA-user will feed back the recorded processing operation information to AAS-DA-supplier in real time or afterwards, so that AAS-DA- The supplier issues a termination instruction to AAS-DA-user, and AAS-DA-user calls the operation script to terminate the use of data assets, or directly calls the operation script through AAS-DA-user to realize the use of data assets. termination.
  • Step 703 Destroy the data assets after the use of the data assets is terminated or when the AAS-DA-user receives a destruction instruction from the AAS-DA-supplier.
  • this application uses AAS-DA-user to generate operation scripts for terminating and destroying data assets based on the constraints and boundary conditions of the smart contract; during the use of data assets, it records through AAS-DA-user For all processing operation information of data assets; and feedback to AAS-DA-supplier in real time or afterward, there are two possible situations: (1) AAS-DA-supplier can proactively report to AAS-DA-supplier after learning the processing status of data assets. DA-user issues a termination instruction, and AAS-DA-user calls the operation script to terminate the use of data assets; (2) When the constraints and boundary conditions of the smart contract are reached, AAS-DA-user calls the operation script , to achieve the termination of the use of data assets.
  • the data assets will be destroyed after the data is used or when AAS-DA-user receives a destruction instruction from AAS-DA-supplier. Even after the data asset is destroyed, you can still understand its full life cycle information and its correlation through AAS-DA.
  • the status of data assets facilitates subsequent audit, liquidation and arbitration, as well as the traceability of other data assets.
  • the data asset management method of the application also includes:
  • Step 801 When the data assets are destroyed, AS-DA-user terminates the smart contract and sends the data asset destruction and smart contract termination information to the data provider and intermediate service party.
  • Step 802 After receiving the data asset destruction and smart contract termination information, the data provider terminates the smart contract through AAS-DA-supplier, and sends the liquidation application information to the intermediate service party and data user through the data provider.
  • Step 803 After receiving the clearing application information, the intermediate service party terminates the smart contract through AAS-DA-public, and reads the log storage components of AAS-DA-supplier and AAS-DA-user through AAS-DA-public. , compared with the content of the smart contract, and liquidation and auditing are implemented based on the comparison results.
  • this application synchronizes the use process of data assets and stores evidence in multiple parties through the collaboration of AAS-DA-public, AAS-DA-user, and AAS-DA-supplier, and based on AAS-DA- Multi-party certificates of public, AAS-DA-user and AAS-DA-supplier are used to liquidate and audit the use of data assets, so that AAS-DA-public can be dynamically adjusted based on the data user's evaluation of data quality and value. Quality attributes and value attributes of data assets.
  • the smart contract management of the data user's client and the control management component of the AAS-DA-user data asset - contract settings will terminate the smart contract. Then, the information that the data assets are destroyed and the contract is terminated is sent to the client of the intermediate service platform and the data provider through the client of the data user. After the intermediary service platform receives the information, AAS-DA-public will terminate the contract and start the liquidation process through the contract setting function of the data asset control management component.
  • the data asset active management system AAS-DA of this application is deployed on the client and the intermediate service platform.
  • the main functions of the client include AAS-DA management, identity registration and management, intelligence Contract management, process usage control, usage environment scanning, process management, log storage, clearing docking, and communication functions.
  • clients can be deployed on-premises or on a private cloud. Clients can be placed in a hardware-, system-, and/or software-layer trusted and secure environment where:
  • AAS-DA management including creating, updating, and deleting AAS-DA and its components and attributes, configuring the AAS-DA interface, etc.
  • Identity registration and management including the registration of client users, organizations, AAS-DA, data assets, and identity certificate management.
  • Boundary conditions stipulates the maximum time, maximum number of operations on data assets, etc.
  • Constraints Specifies the types of operations that cannot be performed on data assets
  • Monitor Monitor in real time whether the process's operations on data assets have reached the maximum value of the boundary conditions, or whether there are operations that violate the constraints.
  • Usage environment scanning According to the requirements of the smart contract on the hardware layer, system layer and software layer of the usage environment, the usage environment scan is performed; a usage environment scanning result report and a process whitelist are formed, in which the usage environment scanning results are determined by the data user.
  • the client is sent to the client of the intermediate service platform and the data provider at the same time, and the process whitelist is sent to the process management component for management.
  • Process management Dynamically manage access control or use-controlled process whitelists, including maintenance of processes in the whitelist (adding, updating and removing), process permission review, etc. Among them, before the data assets reach the data consumer, the process whitelist output by the usage environment scanning function will be used as the initial whitelist. Processes in the whitelist will be removed from the whitelist if any violation of smart contract regulations is detected during the use of data assets. Processes that are not included in the initial whitelist will be included in the whitelist after the client's process permissions are reviewed.
  • Log storage For the client of the data provider, the log of the entire life cycle of the data asset is stored; for the client and intermediate service platform of the data user, after the smart contract takes effect and before the contract is terminated, the data All operation logs of assets.
  • Liquidation docking When the contract is terminated, by reading the logs of the data user's client, the data provider's client and the intermediate service platform, the number and time of use of the data assets, abnormal situation handling, etc. will be liquidated.
  • Communication functions including communication between clients, communication between clients and AAS-DA, and communication between clients and intermediate service platforms, etc.
  • the functions of the intermediate service platform mainly include: identity authentication, resource directory management, supply and demand docking, smart contract management, log storage, liquidation audit, service evaluation and other functions.
  • the intermediate service platform can be deployed on a public cloud or a private cloud.
  • the intermediate service platform needs to be placed in a trustworthy and secure environment at the hardware layer, system layer and software layer.
  • the functions of the intermediate service platform can be implemented and operated by one or more organizations or units. Each organization or unit needs to pass identity authentication before starting relevant work.
  • this application also provides a data asset usage control method, which is applied to the client as the data provider, the client as the data user, and the intermediate service platform as the intermediate service party.
  • the method includes :
  • Step 1001 The data provider and the data user conduct user registration and identity authentication through their respective clients.
  • the authenticated data provider conducts data asset active management system AAS- through the data provider's client to the intermediate service platform.
  • DA registration and certification The data provider and the data user conducts data asset active management system AAS- through the data provider's client to the intermediate service platform.
  • Step 1002 The data provider saves the data asset information to be disclosed in AAS-DA-supplier as AAS-DA-public and uploads it to the intermediate service platform through the data provider's client, so that the data user and data provider can reach an agreement Smart contracts.
  • Step 1003 The client of the data consumer performs a usage environment scan and generates a whitelist of processes that are allowed to access or use control data assets. After confirming the processes in the whitelist, the client of the data provider compares AAS-DA-user with The preprocessed data assets are sent to the client of the data consumer.
  • Step 1004 During the use of data assets, the client of the data user confirms whether the one or more processes that are about to call the data assets have permission based on the processes in the whitelist, and confirms whether the changes in the data assets reach the boundaries of the smart contract. In the event of conditions or violation of constraints, the use of data assets will be terminated and/or destroyed through AAS-DA-user and AAS-DA-public.
  • AAS-DA is used to realize the control of data assets between the client as the data provider, the client as the data user, and the intermediate service platform as the intermediate service party.
  • Loading and usage control keeps data sovereignty in the hands of the data provider, enabling data assets to be made invisible, controllable, measurable, access rights controlled and destroyed after use, which solves the problems of poor quality and difficult data of data assets. Problems such as interoperability, high acquisition costs, difficulty in ensuring security, and complex ownership confirmation and valuation transactions have formed a technical system for data sharing, circulation, transactions, and security protection.
  • the data provider and the data user perform user registration and identity authentication through their respective clients.
  • the identity-authenticated data provider through the data provider's client
  • the end-to-intermediate service platform carries out registration and certification of the data asset active management system AAS-DA, including:
  • Step 1101 The data provider and the data user register users through their respective clients.
  • the user types include Businesses, organizations and individuals.
  • Step 1102 The intermediate service platform reviews the user registration information sent by the client, authorizes unique identities to users who pass the review, and manages identities according to user types.
  • the intermediary service platform after receiving the user registration information from the client, the intermediary service platform will conduct an audit. Users who pass the audit will be authorized with a globally unique identity. The intermediary service platform will conduct an audit based on the different types of users. Identity management.
  • Step 1103 The identity-authenticated data provider initiates an identity tag authorization application to the intermediate service platform through the data provider's client.
  • Step 1104 After the identity tag authorization application is approved, the intermediate service platform sends the unique data asset code and AAS-DA code to the client of the data provider.
  • Step 1105 The data provider's client automatically writes the data asset code and AAS-DA code into the AAS-DA identity tag, completing the registration and authentication of the data asset active management system AAS-DA.
  • the identity-authenticated data provider initiates an identity tag authorization application to the intermediary service platform through the data provider's client.
  • the intermediary service platform sends a unique "global data asset” Code” and "Global AAS-DA Code” to the data provider's client.
  • the client of the data provider automatically writes the above two codes into the AAS-DA identity tag to complete the registration and authentication of AAS-DA.
  • the data provider saves the data asset information to be disclosed in AAS-DA-supplier as AAS-DA-public and uploads it to the intermediate through the client of the data provider.
  • Service platform to enable data users and data providers to reach smart contracts including:
  • Step 1201 The data provider saves the data asset information to be disclosed in AAS-DA-supplier as AAS-DA-public and uploads it to the intermediate service platform through the data provider's client.
  • the AAS-DA that is approved by the intermediate service platform -public is included in the resource directory.
  • Step 1202 The client of the data user accesses the resource directory of the intermediate service platform and queries the data assets and other resources that meet the requirements.
  • the client of the data user subscribes to the resource directory or fills in the requirements for data assets and other resources.
  • the intermediate service platform then Supply status of data assets and other resources, and push data assets and other resources.
  • Step 1203 The data user initiates an invitation to one or more data providers that meet its needs.
  • the data provider that accepts the invitation will negotiate with the data user on the cooperation intention of the data assets, and write the negotiated content into the middle In the smart contract management function of the service platform, as well as the smart contract management function of the client of the data user and the client of the data provider.
  • the client of the data user performs a usage environment scan and generates a whitelist of processes that are allowed to access or use control data assets.
  • the client of the data provider confirms the whitelist.
  • AAS-DA-user and the pre-processed data assets are sent to the client of the data consumer, including:
  • Step 1301 According to the data user's client's requirements for the usage environment, the data user's client will call the usage environment scanning component to perform a security scan on the hardware layer, system layer and software layer of the usage environment, and perform a security scan on the usage environment that complies with the smart contract.
  • the required processes are security labeled.
  • Step 1302 Add the process that has passed the security annotation into the whitelist of access control or usage control in the process management component, and the client of the data consumer sends it to the client of the intermediate service platform and the data provider at the same time.
  • Step 1303 After the data provider's client confirms the whitelist, it preprocesses the data assets according to AAS-DA-supplier and saves them as AAS-DA-user, and combines AAS-DA-user with the preprocessed data assets. Sent to the client of the data consumer.
  • AAS-DA-supplier will preprocess the data assets through the usage pattern of the data asset control management component, including but not Limited to desensitization, encryption, generating calculation factors, etc. If you select "General use" in the usage mode, the data assets will be sent to the data consumer in clear text. If the data usage process involves multi-party collaboration, such as multi-party privacy computing, federated learning, etc., the collaboration mode of the data asset control management component will also be set. Two or more AAS-DA-suppliers that turn on collaborative mode will achieve synchronous management of data assets during the use of data assets.
  • the data provider's client can also send AAS-DA-supplier and preprocessed data assets (plaintext or ciphertext) to the data consumer's client.
  • the client of the data user merges the received AAS-DA-supplier and AAS-DA-user and generates a new AAS-DA-user.
  • data asset life cycle management component contract management
  • data assets are stored in an environment that meets trusted requirements.
  • the client of the data user confirms whether one or more processes that are about to call the data assets have Permissions include:
  • Step 1401 One or more processes that call the data asset will initiate a permission application to the client of the data user.
  • Step 1402 Confirm the permissions of one or more processes that are about to call the data asset by reading the whitelist of the client of the data consumer.
  • Step 1403 If the process is in the whitelist, the client of the data user sends a confirmation instruction to AAS-DA-user, allowing the process to operate on the data assets according to the Function attribute in AAS-DA-user.
  • Step 1404 If the process is not in the whitelist, the client of the data consumer will not allow the process to call the data asset.
  • one or more processes of the data asset will be called to initiate a permission application to the client-process management of the data user.
  • the client-process management of the data user By reading the whitelist in the client-process management of the data user, Confirm the permissions of the process or processes that will call the data asset.
  • the client of the data user If the process is in the whitelist, the client of the data user will send a confirmation instruction to AAS-DA-user, allowing the process to control the data assets according to the Function attribute in the AAS-DA-user data asset control management component-contract settings. If the process is not in the whitelist, the data consumer's client will not allow the process to call the data asset.
  • Step 1501 According to the boundary conditions and constraints of the smart contract, the client of the data user monitors in real time whether the process's operation on the data assets has reached the maximum value of the boundary conditions, or whether there are operations that violate the constraints.
  • Step 1502 When the changes in the data assets reach the boundary conditions of the smart contract or a constraint violation occurs, the client of the data user forcibly terminates the process.
  • Step 1503 The client of the data user issues an instruction to AAS-DA-User, and AAS-DA-user destroys the data assets.
  • the process is monitored through the client of the data user, and the data assets are monitored through AAS-DA-user.
  • the client of the data user monitors in real time through the process management-monitor whether the operation of the data assets by the process has reached the maximum value of the boundary conditions, or whether there are violations of the constraints. operation occurs, if one of the above situations occurs, the data consumer's client is forced through the process monitoring-executor Abort the process and issue instructions to AAS-DA-User.
  • AAS-DA-user destroys the data assets through the data asset control management component-use control-executor.
  • AAS-DA-user uses the data asset control management component-use control-monitor to monitor in real time whether the changes in data assets have reached the maximum value of the boundary conditions, or there are operations that violate the constraints. If one of the above situations occurs , AAS-DA-user sends exception information to the client of the data consumer, and the client of the data consumer forcibly terminates the process through the process monitoring-executor. AAS-DA-user uses the control-executor to destroy data assets through the data asset control management component.
  • the usage control method provided by the embodiment of the present application also includes:
  • Step 1601 From the conclusion of the smart contract until the data assets are destroyed, all operations on the data assets by the data provider, data user and intermediate service platform will be synchronously retained in the data provider's client and data usage through logs. In the party’s client and intermediate service platform.
  • Step 1602 When the data assets are destroyed, the data user's client and AAS-DA-user will terminate the smart contract, and send the data asset destruction and smart contract termination information to the intermediate service platform through the data user's client. and data provider clients.
  • Step 1603 After the intermediate service platform receives the information that the data assets are destroyed and the smart contract is terminated, AAS-DA-public will terminate the contract through the contract setting function of the data asset control management component and start the liquidation process.
  • the data user's client - smart contract management, and the AAS-DA-user data asset control management component - contract settings will terminate the smart contract.
  • the data asset destruction and contract termination information is sent to the client of the intermediate service platform and the data provider through the client of the data user.
  • the data provider's client-smart contract management, and AAS-DA-supplier will use the data asset control management component-contract settings to terminate the smart contract.
  • AAS-DA- Public data asset control management component - contract termination of contract settings AAS-DA-public reads the log storage component of AAS-DA-supplier and AAS-DA-user and compares it with the content of the data asset control management component-contract settings.
  • AAS-DA-public will form a settlement report based on the unit price of the data assets, the number of uses/time, etc. and send it to Data users and data providers.
  • data users can evaluate data asset attributes such as data quality
  • AAS-DA-public will update attribute information such as the data asset full life cycle management component - data quality management based on the evaluation.
  • Data providers can evaluate the creditworthiness of data users.
  • AAS-DA-public will form a settlement report and send it to the data user and data provider based on the unit price of the data asset, the number/time of use, and illegal operations and other information. Data users cannot evaluate the attributes of data assets after settlement.
  • the intermediary service platform will lower the credit status of data users. The credit status of the data user will affect the permission management and other attributes of the data asset control management component of AAS-DA-user.
  • the intermediary service platform will retain AAS-DA-public until the retention period of AAS-DA-public expires or the data provider requests the destruction of AAS-DA-public.
  • AAS-DA-user-copy will be generated for the copied data assets and associated with AAS-DA-user.
  • AAS-DA-user can better manage and control data assets and ensure the value of data assets.
  • the use control method of data assets in this application also includes the storage and destruction of AAS-DA-supplier information, as well as the update of AAS-DA-supplier and AAS-DA-public.
  • AAS-DA-supplier information as well as the update of AAS-DA-supplier and AAS-DA-public.
  • an embodiment of the present disclosure provides a computing device, including a processor 170 and a memory. 171.
  • the device may also include a communication interface (Communication Interface) 172 and a bus 173.
  • Communication interface 172 may be used for information transmission.
  • the processor 170 can call logical instructions in the memory 171 to implement the data asset active management system of the above embodiment, or to execute the data asset management method of the above embodiment, or to execute the data asset usage control method of the above embodiment. .
  • the above-mentioned logical instructions in the memory 171 can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product.
  • the memory 171 can be used to store software programs, computer-executable programs, such as program instructions/modules corresponding to the methods in the embodiments of the present disclosure.
  • the processor 170 executes the program instructions/modules stored in the memory 171 to execute functional applications and data processing, that is, to implement the data asset active management system of the above embodiment, or to execute the data asset management method of the above embodiment, Or, execute the data asset usage control method of the above embodiment.
  • the memory 171 may include a stored program area and a stored data area, where the stored program area may store an operating system and an application program required for at least one function; the stored data area may store data created according to the use of the terminal device, etc.
  • the memory 171 may include a high-speed random access memory, and may also include a non-volatile memory.
  • Embodiments of the present disclosure provide a storage medium that stores program instructions. When the program instructions are run, they can implement the data asset active management system of the above embodiment, or execute the data asset management method of the above embodiment, or , execute the data asset usage control method of the above embodiment.
  • the above-mentioned storage medium may be a transient computer-readable storage medium or a non-transitory computer-readable storage medium.
  • An embodiment of the present disclosure provides a computer program that, when executed by a computer, causes the computer to implement the data asset usage control method of the above embodiment.
  • Embodiments of the present disclosure provide a computer program product.
  • the computer program product includes computer instructions stored on a computer-readable storage medium. When the program instructions are executed by a computer, they cause the computer to implement the data of the above embodiments. Methods of controlling the use of assets.
  • the technical solution of the embodiments of the present disclosure may be embodied in the form of a software product.
  • the computer software product is stored in a storage medium and includes one or more instructions to enable a computer device (which may be a personal computer, a server, or a network equipment, etc.) to perform all or part of the steps of the method described in the embodiments of the present disclosure.
  • the aforementioned storage media can be non-transitory storage media, including: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk, etc.
  • the term “and/or” as used in this application is meant to include any and all possible combinations of one or more of the associated listed.
  • the term “comprise” and its variations “comprises” and/or “comprising” etc. refer to stated features, integers, steps, operations, elements, and/or The presence of a component does not exclude the presence or addition of one or more other features, integers, steps, operations, elements, components and/or groupings of these.
  • an element defined by the statement “comprises a" does not exclude the presence of additional identical elements in a process, method or apparatus including the stated element.
  • each embodiment may focus on its differences from other embodiments, and the same and similar parts among various embodiments may be referred to each other.
  • the relevant parts can be referred to the description of the method part.
  • the disclosed methods and products can be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units may only be a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined. Either it can be integrated into another system, or some features can be ignored, or not implemented.
  • the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
  • each functional unit in the embodiment of the present disclosure may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of code that includes one or more components for implementing the specified logical function(s).
  • Executable instructions may occur out of the order noted in the figures. For example, two consecutive blocks may actually execute substantially in parallel, or they may sometimes execute in the reverse order, depending on the functionality involved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Quality & Reliability (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)

Abstract

La présente demande se rapporte au domaine technique du traitement de données, et concerne un procédé de commande d'utilisation d'actif de données. Le procédé comprend les étapes suivantes : un fournisseur de données et un utilisateur de données effectuent un enregistrement d'utilisateur et une authentification d'identité par l'intermédiaire de leurs clients respectifs ; l'utilisateur de données et le fournisseur de données concluent un contrat intelligent ; le client de l'utilisateur de données balaye l'environnement d'utilisation et génère une liste blanche de processus qui permet l'accès ou la commande de l'actif de données ; le client du fournisseur de données envoie, après confirmation des processus dans la liste blanche, l'AAS-DA-utilisateur et l'actif de données prétraité au client de l'utilisateur de données ; et lorsque l'actif de données est utilisé, le client de l'utilisateur de données confirme, selon les processus dans la liste blanche, si un ou plusieurs processus qui sont sur le point d'appeler l'actif de données ont la permission, et utilise l'AAS-DA-utilisateur et l'AAS-DA-public pour terminer et/ou détruire l'actif de données si le changement de l'actif de données atteint la condition de limite du contrat intelligent ou enfreint les contraintes.
PCT/CN2023/102913 2022-06-27 2023-06-27 Procédé de commande d'utilisation d'actif de données, client et plateforme de service intermédiaire WO2024002105A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210733769.9 2022-06-27
CN202210733769.9A CN115062324A (zh) 2022-06-27 2022-06-27 一种数据资产的使用控制方法、客户端及中间服务平台

Publications (1)

Publication Number Publication Date
WO2024002105A1 true WO2024002105A1 (fr) 2024-01-04

Family

ID=83201901

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/102913 WO2024002105A1 (fr) 2022-06-27 2023-06-27 Procédé de commande d'utilisation d'actif de données, client et plateforme de service intermédiaire

Country Status (2)

Country Link
CN (1) CN115062324A (fr)
WO (1) WO2024002105A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115062324A (zh) * 2022-06-27 2022-09-16 中国信息通信研究院 一种数据资产的使用控制方法、客户端及中间服务平台
CN115130124A (zh) * 2022-06-27 2022-09-30 中国信息通信研究院 一种数据资产的管理方法及数据资产主动管理系统

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180330428A1 (en) * 2016-06-30 2018-11-15 Guardian Life Insurance Company Of America Enterprise data marketplace system and method
CN109190881A (zh) * 2018-07-24 2019-01-11 东软集团股份有限公司 一种数据资产管理方法、系统及设备
CN112463843A (zh) * 2020-11-27 2021-03-09 国家电网有限公司大数据中心 基于区块链和数据资源目录的电网数据共享方法及系统
CN113886888A (zh) * 2021-10-26 2022-01-04 支付宝(杭州)信息技术有限公司 用于对数据资产进行管控的方法、装置及系统
CN115062324A (zh) * 2022-06-27 2022-09-16 中国信息通信研究院 一种数据资产的使用控制方法、客户端及中间服务平台
CN115081001A (zh) * 2022-06-27 2022-09-20 中国信息通信研究院 一种数据资产主动管理系统、计算设备及存储介质
CN115130124A (zh) * 2022-06-27 2022-09-30 中国信息通信研究院 一种数据资产的管理方法及数据资产主动管理系统

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180330428A1 (en) * 2016-06-30 2018-11-15 Guardian Life Insurance Company Of America Enterprise data marketplace system and method
CN109190881A (zh) * 2018-07-24 2019-01-11 东软集团股份有限公司 一种数据资产管理方法、系统及设备
CN112463843A (zh) * 2020-11-27 2021-03-09 国家电网有限公司大数据中心 基于区块链和数据资源目录的电网数据共享方法及系统
CN113886888A (zh) * 2021-10-26 2022-01-04 支付宝(杭州)信息技术有限公司 用于对数据资产进行管控的方法、装置及系统
CN115062324A (zh) * 2022-06-27 2022-09-16 中国信息通信研究院 一种数据资产的使用控制方法、客户端及中间服务平台
CN115081001A (zh) * 2022-06-27 2022-09-20 中国信息通信研究院 一种数据资产主动管理系统、计算设备及存储介质
CN115130124A (zh) * 2022-06-27 2022-09-30 中国信息通信研究院 一种数据资产的管理方法及数据资产主动管理系统

Also Published As

Publication number Publication date
CN115062324A (zh) 2022-09-16

Similar Documents

Publication Publication Date Title
US10764254B2 (en) Systems and methods of secure data exchange
US9762553B2 (en) Systems and methods of secure data exchange
US20200228574A1 (en) Policy management for data migration
WO2024002102A1 (fr) Système d'administration active pour actifs de données, dispositif informatique et support de stockage
WO2024002103A1 (fr) Procédé de gestion d'actifs de données et système de gestion active d'actifs de données
CA2899996C (fr) Environnement d'echange de donnees securisees personnalisable
WO2024002105A1 (fr) Procédé de commande d'utilisation d'actif de données, client et plateforme de service intermédiaire
US20210126777A1 (en) Systems and methods for providing secure data access control using distributed ledgers
Ghani et al. Issues and challenges in cloud storage architecture: a survey
US20210352077A1 (en) Low trust privileged access management
US11194911B2 (en) Blockchain technique for agile software development framework
CN111814156B (zh) 一种基于可信设备的数据获取方法、装置及设备
US20220083936A1 (en) Access control method
CN111630532A (zh) 资产管理设备和方法
CN107294955B (zh) 电子文件加密中间件管控系统及方法
US20190386968A1 (en) Method to securely broker trusted distributed task contracts
WO2021169767A1 (fr) Procédé et appareil de traitement de données, dispositif et support
US20200019707A1 (en) Blockchain technique for agile software development framework
TW202038109A (zh) 基於區塊鏈的資訊讀寫方法以及裝置
GB2591324A (en) Systems and methods for providing secure data access control using distributed ledgers
Aljanabi et al. Cloud computing issues, challenges, and needs: A survey
CN114239043A (zh) 一种基于区块链技术构建的共享加密存储系统
CN111427961A (zh) 基于区块链的简历确权方法以及区块链简历系统及其设备
CN117094720A (zh) 一种共享记账系统
CN111125242A (zh) 跨组织过程的变换以用于经由区块链执行

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23830282

Country of ref document: EP

Kind code of ref document: A1