A cross-domain data compliance mutual trust computing method

Abstract

The application relates to the field of calculation methods, in particular to a cross-domain data compliance mutual trust calculation method, which comprises the following steps: S1, cross-domain data access control based on a block chain; S2, cross-domain organization key chaining; S3, cross-domain data compliance distinction; S4, construction of a cross-domain data exchange model; S5, cross-domain data chaining by using a block chain; S6, homomorphic operation on cross-domain data; S7, homomorphic operation result chaining; and S8, acquisition of the homomorphic operation result. Under the premise that laws and regulations in two places have protection requirements for related data, the cross-domain data compliance mutual trust calculation method is constructed to realize cross-region data processing. A cross-domain organization mutual trust mechanism is constructed and access control is realized by using a consortium block chain; data security is protected by using a homomorphic encryption method; cross-domain data processing is realized to be "available but invisible" by using a homomorphic operation method; and the problems of homomorphic operation computing power and storage consumption are solved by using a data local cloud computing facility.

Description

Technical Field

[0001] This invention relates to the field of computational methods, and in particular to a cross-domain data compliance and mutual trust computational method. Background Technology

[0002] With the development and widespread global application of information technology, a material and technological foundation for globalization has been provided. In particular, the development of internet technology has greatly facilitated cross-domain information communication and operations between countries and regions. However, due to the protection of data information under different legal provisions, current cross-domain data exchange methods utilize technologies such as blockchain and trusted computing to achieve cross-domain data processing through transmission algorithms without data movement. Nevertheless, the following problems still exist in cross-domain data exchange:

[0003] 1. Data processing efficiency and cost issues: While existing technologies can process data without it moving, they often rely on complex algorithms or frequent on-chain interactions, which can lead to slow processing speeds, especially in scenarios involving large datasets. Furthermore, the high operating costs (such as gas fees) and energy consumption of blockchain technology itself may limit the economic viability and sustainability of its large-scale application.

[0004] 2. Limitations of Homomorphic Encryption and its Applications: While homomorphic encryption can achieve "usable but invisible" data, in practical applications, full homomorphic encryption is computationally inefficient and not yet practical for complex calculations. Partial homomorphic encryption, while improving efficiency, compromises on the comprehensiveness of data protection. Existing technologies may lack sufficient depth and breadth in their application of this technology, failing to fully optimize it to meet the demands for efficient and secure data processing.

[0005] 3. Limitations of cross-domain mutual trust mechanisms: Although blockchain technology helps build trust between cross-domain organizations, existing models may focus more on data verification and traceability, and do not give sufficient consideration to the adaptability to dynamically changing laws and regulations, the coordination mechanism for cross-domain policy differences, and the interoperability between different blockchain systems, making it difficult to flexibly cope with complex compliance environments in practical applications.

[0006] 4. Data Filtering and Privacy Protection Details: Existing research models can filter sensitive data, but the details of how to accurately identify sensitive information in cross-domain environments and balance data utilization and privacy protection may not be clear enough, and there is a lack of detailed adaptation to the specific requirements of laws and regulations in different regions.

[0007] 5. Data processing is limited by user authorization, making it difficult to adapt to the needs of small organizations in a wider range of regions to achieve convenient cross-domain data computing in the face of the big data era. Summary of the Invention

[0008] To address the aforementioned technical challenges, this invention, under the premise of protecting relevant data according to the laws and regulations of both regions, utilizes a consortium blockchain to construct a cross-domain organizational mutual trust mechanism and implement access control, employs homomorphic encryption to protect data security, utilizes homomorphic computation to achieve "usable but invisible" cross-domain data processing, and utilizes local cloud computing facilities to solve the problems of computing power and storage consumption in homomorphic computation, thereby constructing a cross-domain data compliance and mutual trust computation method to achieve cross-regional data processing.

[0009] The technical solution adopted in this invention is: a cross-domain data compliance and mutual trust calculation method, comprising the following steps:

[0010] S1: Blockchain-based cross-domain data access control enables the establishment of consensus mechanisms and permission management between cross-domain organizations;

[0011] S2: Cross-domain organization key on-chain: The file encryption public key, homomorphic encryption public key, and digital signature public key of the cross-domain organization are uploaded to the blockchain consortium chain to ensure the credibility and security of the public key;

[0012] S3: Cross-domain data compliance differentiation, which classifies cross-domain data into privacy data and public data through machine learning, expert approval and deep learning;

[0013] S4: Build a cross-domain data exchange model to ensure the security, determinism, integrity and compliance of data exchange;

[0014] S5: Utilize blockchain to put cross-domain data on the chain, encrypt the data through blockchain smart contracts and store it in IPFS, and put the IPFS address hash value on the chain;

[0015] S6: Perform homomorphic operations on cross-domain data, perform homomorphic operations on encrypted privacy data on a cloud computing server, and upload the operation results to IPFS;

[0016] S7: Upload the homomorphic operation result to the blockchain, sign and encrypt the operation result using the blockchain node's signing private key, and then upload the hash value of the result file and the IPFS address hash value to the blockchain.

[0017] S8: Obtain the homomorphic operation result, retrieve the result address from the blockchain, download the result file from IPFS, decrypt and verify it, and then use it for business updates.

[0018] As a further technical solution of the present invention: the cross-domain organization key on-chaining stage involves uploading the cross-domain organization's file encryption public key, homomorphic encryption public key, and digital signature public key onto the consortium blockchain. Since the consortium blockchain has established a consensus mechanism, and given the blockchain's non-repudiation and immutability, uploading the three public keys onto the blockchain ensures the credibility of the public keys issued across domains and the security of the keys.

[0019] As a further technical solution of the present invention: the cross-domain data compliance distinction stage differentiates between private and public data during cross-domain data transmission. Based on cross-domain laws and regulations, cross-domain data is categorized, distinguishing between private and public data. This part consists of three components: first, machine learning automatically classifies cross-domain data; second, an expert model where experts review the machine learning's distinction results; and third, deep learning retrains the expert model's review results to improve the accuracy of subsequent cross-domain data classification. This stage primarily addresses the challenges of adapting to dynamically changing laws and regulations during cross-domain data transmission and coordinating cross-domain policy differences, which makes it difficult to flexibly handle complex compliance environments in practical applications.

[0020] As a further technical solution of this invention: the construction of the cross-domain data exchange model, this stage ensures the security, determinism, integrity, and compliance of cross-domain data exchange. The work to be completed includes the following parts: First, obtaining the other party's file encryption public key on the blockchain to ensure file security; second, encrypting private data using one's own homomorphic encryption public key; third, forming cross-domain data exchange XML. The private data and public data in encrypted form are combined into an XML file; fourth, file signing; signing the XML file using one's own digital signature private key; fifth, file encryption: encrypting the XML file using the other party's file encryption public key obtained on the blockchain. Finally, the cross-domain data exchange model is formed.

[0021] As a further technical solution of this invention: the step of using blockchain to upload cross-domain data to the chain facilitates the use of blockchain smart contracts to transmit cross-domain data (XML) to IPFS (IPFS is a file storage system, also known as the InterPlanetary File System, a distributed file transfer protocol based on file content to find file addresses), and simultaneously uploads the IPFS address hash value data to the chain. The steps include: first, ensuring data integrity by obtaining the file's hash value; second, transmitting the cross-domain data exchange file to the IPFS of the cross-domain organization and forming the hash value of the IPFS address of the cross-domain data exchange file; and third, using blockchain smart contracts to upload the file's hash value and the file address hash value data to the chain. Only the file's hash address is stored on the blockchain, and using IPFS to store public data helps compress the size of the blockchain's public ledger.

[0022] As a further technical solution of the present invention: the cross-domain data undergoes homomorphic operation. In this stage, the cross-domain data receiver retrieves the cross-domain privacy data from IPFS, uploads it to the cross-domain organization's cloud computing server for homomorphic operation, and finally uses the blockchain consensus mechanism to upload the homomorphic operation result to IPFS, completing the on-chain homomorphic operation result. The steps for the cross-domain data receiver are as follows: First, obtain the file address. Obtain the IPFS address of the file and the hash value of the file integrity from the blockchain; second, verify the file integrity. Obtain the XML file from IPFS based on the address, and simultaneously hash the file and compare it with the hash value on the chain to verify the file integrity; third, decrypt the file. The cross-domain organization's file receiver decrypts the file using its own file's private key; fourth, verify the file's determinism. Obtain the file signature public key of each sender from the chain, decrypt the file using the public key, and determine that the file is the file transmitted by the cross-domain organization; fifth, upload encrypted data to the cloud. Obtain the homomorphically encrypted privacy data from the cross-domain data exchange file and upload it to the cross-domain organization's cloud computing server; sixth, perform homomorphic operation on the privacy data of each party in encrypted form using the homomorphic operation method. The introduction of cloud computing servers has solved the problem of high computing resource consumption in homomorphic encryption operations.

[0023] As a further technical solution of the present invention: the step of uploading the homomorphic operation result to the blockchain involves uploading the homomorphic operation result to IPFS and simultaneously uploading the IPFS address of the operation result file to the blockchain. The steps include: first, ensuring the determinism of the homomorphic operation result. The homomorphic operation result XML file is signed using the private key of a blockchain node to ensure the determinism of the file; second, ensuring the security of the homomorphic operation result file. The homomorphic operation result file is encrypted using the public key of a cross-domain organization; third, ensuring the integrity of the homomorphic operation result file. The homomorphic operation result file is hashed to form a file integrity hash value, and the file is simultaneously uploaded to IPFS to obtain the hash value of the file address; fourth, uploading the homomorphic operation result data to the blockchain. The file hash value and the file IPFS address hash value are uploaded to the blockchain.

[0024] As a further technical solution of the present invention: the stage of obtaining the homomorphic operation result involves obtaining the homomorphic operation result address from the blockchain, obtaining the homomorphic operation result file based on the address, decrypting the operation result using the homomorphic operation private key, and updating the localized business process. This mainly includes the following aspects: First, obtaining the homomorphic operation result file by obtaining the file integrity hash value and IPFS address hash value from the blockchain, and obtaining the homomorphic operation result file from IPFS. Second, verifying the integrity of the homomorphic operation result file by hashing the homomorphic operation result file obtained from IPFS and comparing it with the file integrity hash value on the blockchain to ensure file integrity. Third, decrypting the homomorphic operation file result by decrypting the homomorphic operation result file using the user's own file private key. Fourth, verifying the determinism of the homomorphic operation result file by verifying the file signature using the sender's file signature public key to ensure file determinism. Fifth, decrypting the homomorphic operation result by obtaining the homomorphic operation result from the homomorphic operation file result, decrypting the result using the user's own homomorphic operation private key, and then updating the business system according to the decryption result based on the business process.

[0025] Compared with the prior art, the beneficial effects of the present invention are:

[0026] 1. Utilize consortium blockchains and smart contracts to achieve cross-domain data consensus and mutual trust through access control. On one hand, the consortium blockchain's characteristic of being open only to cross-domain organizations that have joined the consortium ensures that cross-domain data processing is limited to these organizations, establishing mutual trust among them. On the other hand, considering the varying degrees of openness of data within cross-domain organizations to different data requesters, smart contracts are used to control access permissions and record access permissions on the blockchain, ensuring the traceability, immutability, and decentralization of data access permissions.

[0027] 2. The Interstellar File System (IPFS) constructs a cross-domain data processing and storage system. By storing cross-domain data files in the IPFS system, only the data fingerprint is stored in the blockchain ledger. Authorized cross-domain data requesters access the data via address, reducing the data volume of the blockchain consensus ledger and ensuring the efficiency of blockchain transactions.

[0028] 3. When processing cross-domain data, ensure the security of cross-domain data processing. First, use on-chain digital signature private keys to ensure the authenticity of cross-domain data files; second, the data processor uses on-chain public keys to ensure that only the recipient can decrypt the data files; third, cross-domain organizations use the same homomorphic encryption public key and utilize homomorphic operations to process privacy data.

[0029] 4. In this invention, only the cross-domain data requester possesses the homomorphic operation private key. On one hand, when cross-domain data is transmitted out of the country, the encrypted data operator cannot crack it; on the other hand, the cross-domain data requester only obtains the homomorphic operation result, without involving private data, ensuring that private data is protected by law. This achieves compliant and mutually trusting cross-domain data computation. Furthermore, since homomorphic operations require high computing power, local cloud computing services can alleviate the computing power problem. Utilizing blockchain to record the computation result on the chain ensures the traceability and immutability of the result. Homomorphic operations achieve "usable but invisible" cross-domain data.

[0030] 5. In response to the diversity of laws, regulations, and data classifications, this invention adaptively differentiates between privacy and public data based on changes in laws and regulations to ensure that cross-domain data exchange does not violate laws and regulations between regions. Simultaneously, the cross-domain data transmission model can be adjusted to ensure the stability of the core data model.

[0031] Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. Attached Figure Description

[0032] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0033] Figure 1 This is a flowchart of the cross-domain data compliance calculation process of the present invention.

[0034] Figure 2 This is the blockchain cross-domain data exchange access control diagram of the present invention.

[0035] Figure 3 This is the design diagram of the smart contract data access control of the present invention.

[0036] Figure 4 This is a flowchart of the digital signature encryption process in this invention.

[0037] Figure 5 This is a flowchart of the digital signature verification process in this invention.

[0038] Figure 6 This is a blockchain-based CBO file security design diagram in this invention.

[0039] Figure 7 This is a security design diagram of a multi-CBO file based on blockchain in this invention.

[0040] Figure 8 This is a diagram of the cross-domain data differentiation architecture in this invention.

[0041] Figure 9 This is a diagram illustrating the acquisition and decryption of homomorphic operation results in this invention.

[0042] Figure 10 This is the optimized design diagram of homomorphic operations in this invention. Detailed Implementation

[0043] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of the present invention. For details on the symbols shown in the following embodiments, please refer to the table below:

[0044] Symbol Explanation Table

[0045]

[0046] The technical solution of this invention is: a cross-domain data compliance and mutual trust calculation method, such as... Figure 1 As shown, it includes the following steps:

[0047] S1: Blockchain-based cross-domain data access control. During cross-domain data exchange, access control is established between cross-domain organizational nodes based on business needs. A permission management system is provided to establish a consensus mechanism between cross-domain organizations while managing read and write controls on business and data levels between cross-domain organizations, ensuring permission control in the details of data filtering and privacy protection.

[0048] S2: Cross-domain organization key on-chain. The file encryption public key, homomorphic encryption public key, and digital signature public key of a cross-domain organization are on-chain on the consortium blockchain. Since the consortium blockchain has established a consensus mechanism, and given the non-repudiation and immutability of the blockchain, putting the three public keys on-chain ensures the credibility of the public keys issued across domains and ensures the security of the keys.

[0049] S3: Cross-Domain Data Compliance Classification. Based on cross-domain laws and regulations, cross-domain data is classified, distinguishing between privacy data and public data. This part consists of three components: first, machine learning automatically classifies cross-domain data; second, an expert model reviews the machine learning results; and third, deep learning retrains the expert model's review results to improve the accuracy of future cross-domain data classification. This stage primarily addresses the challenges of adapting to dynamically changing laws and regulations during cross-domain data transmission and coordinating mechanisms for cross-domain policy differences, which makes it difficult to flexibly handle complex compliance environments in practical applications.

[0050] S4: Construct a cross-domain data exchange model. Ensuring the security, determinism, integrity, and compliance of cross-domain data exchange requires the following steps: First, obtain the recipient's file encryption public key from the blockchain to ensure file security; second, encrypt private data using your own homomorphic encryption public key; third, generate the cross-domain data exchange XML file, combining the encrypted private and public data into a single XML file; fourth, file signing; sign the XML file using your own digital signature private key; fifth, file encryption: encrypt the XML file using the recipient's file encryption public key obtained from the blockchain. This ultimately forms the cross-domain data exchange model.

[0051] S5: Cross-Domain Data On-Chain. This stage utilizes blockchain smart contracts to on-chain cross-domain data (XML) by transmitting the cross-domain data to IPFS. IPFS, also known as the InterPlanetary File System, is a distributed file transfer protocol that uses file content to find file addresses. Simultaneously, the IPFS address hash value is on-chain. The steps include: first, ensuring data integrity by obtaining the file's hash value; second, transmitting the cross-domain data exchange file to the cross-domain organization's IPFS and generating the hash value of the cross-domain data exchange file's IPFS address; and third, using blockchain smart contracts to on-chain the file's hash value and the file address hash value. Only the file's hash address is stored on the blockchain; using IPFS to store public data helps compress the size of the blockchain's public ledger.

[0052] S6: Homomorphic Operations on Cross-Domain Data. In this stage, the cross-domain data receiver retrieves the cross-domain privacy data from IPFS, uploads it to the cross-domain organization's cloud computing server for homomorphic operations, and finally uploads the homomorphic operation result back to IPFS using the blockchain consensus mechanism, completing the on-chain homomorphic operation result. The steps for the cross-domain data receiver are as follows: First, obtain the file address. Obtain the file's IPFS address and the hash value of the file's integrity from the blockchain; second, verify file integrity. Retrieve the XML file from IPFS based on the address, and simultaneously hash the file and compare it with the hash value on the chain to verify the file's integrity; third, decrypt the file. The cross-domain organization's file receiver decrypts the file using its own file's private key; fourth, verify file determinism. Obtain the file signature public keys of each sender from the chain, decrypt the file using the public key, and determine that the file is the file transmitted by the cross-domain organization; fifth, upload encrypted data to the cloud. Obtain the homomorphically encrypted privacy data from the cross-domain data exchange file and upload it to the cross-domain organization's cloud computing server; sixth, perform homomorphic operations on the privacy data of all parties in encrypted form using homomorphic operation methods. The introduction of cloud computing servers has solved the problem of high computing resource consumption in homomorphic encryption operations.

[0053] S7: Upload the homomorphic operation result to the blockchain. This stage uploads the homomorphic operation result to IPFS and simultaneously uploads the IPFS address of the result file to the blockchain. The steps include: 1) Guaranteeing the determinism of the homomorphic operation result. The homomorphic operation result XML file is signed using the private key of a blockchain node to ensure file determinism; 2) Guaranteeing the security of the homomorphic operation result file. The homomorphic operation result file is encrypted using the public key of a cross-domain organization; 3) Guaranteeing the integrity of the homomorphic operation result file. The homomorphic operation result file is hashed to form a file integrity hash value, and the file is uploaded to IPFS to obtain the hash value of the file address; 4) Uploading the homomorphic operation result data to the blockchain. The file hash value and the file IPFS address hash value are uploaded to the blockchain.

[0054] S8: Obtain the homomorphic operation result. This stage obtains the homomorphic operation result address from the blockchain, retrieves the homomorphic operation result file based on the address, decrypts the operation result using the homomorphic operation private key, and updates the localized business process. It mainly includes the following aspects: First, obtaining the homomorphic operation result file: obtaining the file integrity hash value and IPFS address hash value from the blockchain, and retrieving the homomorphic operation result file from IPFS. Second, verifying the integrity of the homomorphic operation result file: comparing the hashed version of the homomorphic operation result file obtained from IPFS with the file integrity hash value on the blockchain to ensure file integrity. Third, decrypting the homomorphic operation file result: decrypting the homomorphic operation result file using its own file private key. Fourth, verifying the determinism of the homomorphic operation result file: verifying the file signature using the sender's file signature public key to ensure file determinism. Fifth, decrypting the homomorphic operation result: obtaining the homomorphic operation result from the homomorphic operation file result, decrypting the result using its own homomorphic operation private key, and then updating the business system according to the decryption result based on the business process.

[0055] The following provides a detailed explanation of the blockchain-based cross-domain data access control process. First, data is stored using IPFS, and computation is performed off-chain. The blockchain acts as the access control mechanism; after cross-domain data passes through the blockchain's access control, it is stored off-chain. Specifically, when cross-domain data needs processing, the cross-domain organizations must first access the blockchain. The blockchain performs access control, determining whether the cross-domain organizations trust each other, and whether they have data read and computation permissions, before proceeding with data processing. Figure 2As shown, the Cross-Domain Data Compliance Computing Consortium involves multiple cross-domain organizations. The data access control principle of this invention is "authorized data access permissions are provided by the data producer." Therefore, the data access control design includes two parts: first, the allocation of data access control permissions, i.e., when data is generated, it is necessary to define which party can access the data; second, data access control, i.e., only data requesters with data access permissions can obtain data according to their permissions. Several issues arise regarding data access control. First, from a business perspective, data access allocation changes frequently; for example, changes in departments, policies, business processes, and systems can all affect data access permissions. Second, at the data level, the data producer is required to adhere to "one source, one data source," meaning that data generation only occurs after the consortium is established and can be simultaneously provided to multiple data requesters through access control, rather than generating different data for different data requesters. Third, from a technical perspective, cross-domain organizations have multiple server entities, and the IP addresses and domain names of these servers may change frequently. The analysis of these three issues regarding data access control concludes that the data producer remains fixed, while the data requesters are likely to change frequently. Therefore, combining the characteristics of blockchain's consensus ledger and smart contracts, this invention stores the data permission generator and its allocation rules in the blockchain's consensus ledger, and stores the data access rules in smart contracts, which are then installed on each blockchain node. Leveraging the immutability of blockchain, this ensures that every cross-domain data access complies with the access rules.

[0056] Further as Figure 3 As shown, the blockchain consensus ledger consists of block hash addresses, business hash addresses, and a server key form. The block hash address is generated by the blockchain, the business hash address is generated by the data producer based on the cross-domain data exchange business, and the server key form stores key server values ​​related to this cross-domain data exchange business within the blockchain channel. The blockchain consensus ledger only stores information about which servers can provide external data access for this specific cross-domain data exchange business. The blockchain smart contract establishes a link with the consensus ledger through the business hash address. Simultaneously, the smart contract defines the real address of the server and the corresponding read / write permissions for the data types accessed by that address.

[0057] Furthermore, this invention uses digital signature technology to protect the integrity and determinism of data units between cross-domain organizations during cross-domain data file transfer. Specifically, the file recipient can use the data signature to authenticate the identity of the cross-domain data transfer and verify the data source; the file recipient can use the data signature decryption result to verify the integrity of the cross-domain data transfer unit; only the data sender can sign the data unit. Further, the digital signature process is as follows: Figure 4As shown, the process involves three steps: first, obtaining the hash value of the cross-domain data using a hash function; second, encrypting the hash value using the private key of the information sender in the cross-domain data transmission organization, with the encryption result serving as the cross-domain data digest; and third, combining the cross-domain data and the cross-domain data digest into new cross-domain transmission data. The digital signature verification process is as follows: Figure 5 The process involves three steps: first, obtaining a cross-domain data digest and decrypting it using the sender's public key to obtain a decryption hash value; second, obtaining the cross-domain data and using a hash function to obtain a comparison hash value; and third, comparing the decryption hash value and the comparison hash value. If they are equal, it indicates that the file is complete and confirms that the file was sent by the sender.

[0058] Furthermore, the aforementioned To ensure file security, such as Figure 6 As shown: Step 1: Public key on-chain, each Broadcast to the blockchain Implemented through smart contracts Uploaded to the blockchain. By each of Submit to the blockchain On-chain requests, within other consortium blockchains The newly added file encryption public key is confirmed. Once more than 51% of the nodes confirm the block information, the public key block is successfully created. Step Two: Public Key Usage. Towards When sending cross-domain data exchange files, a request is made to the blockchain via a smart contract. of After more than 51% of the nodes confirm the public key usage request, Only then can you obtain At the same time, blockchain records use Recording step three: File encryption, Get Then, using ,right Encrypt the file, and finally form Step four: File decryption. First obtain from IPFS ,use Decrypt the file and perform cross-domain data exchange calculations.

[0059] Further as Figure 7 As shown: The It is necessary to form a multi-party When exchanging files across domains, first use of Encrypted data and transmitted to , Utilize oneself After decrypting the data, in New After the data, and request of ,use of Encrypted data and transmitted to , After acquiring the data, utilize its own Decrypted data in New The data is processed in this cycle until the final cross-domain data exchange requirement is met. Transmitted to ,use of form .

[0060] The above design applies blockchain technology. The creation and acquisition process utilizes blockchain to ensure [the security of] [the data / data]. All operations are recorded in the block, ensuring... The traceability and authenticity are ensured. On the other hand, asymmetric encryption technology is used to ensure the ownership... Only the data recipient can decrypt the data and obtain the data information.

[0061] Strategies for Differentiating Between Privacy and Public Data. Cross-domain data exchange involves various aspects of data content. According to the laws and regulations governing cross-domain data exchange in different countries, data can be divided into two categories: public data and privacy data. Distinguishing between these categories is of great significance. First, from a legal perspective, the laws of various countries explicitly stipulate that privacy data may not be transferred across borders. Second, from a technical perspective, the large storage resources, high computing power, and long processing time required for homomorphic operations make it unsuitable for large amounts of data. Therefore, performing homomorphic operations only on necessary privacy data can save computing resources.

[0062] The distinction between public and private data comprises two parts: first, the collection of data distinction standards, which involves identifying public data items through cross-domain data collection from various departments; and second, data distinction itself, which involves differentiating public and private data according to the standards. This invention designs a data distinction architecture as follows: Figure 8 As shown: of Set up a molecular system in the data area , Set up a public data collection subsystem . Deployed at It has the following advantages: First, it ensures the security of private data. It belongs to the business system server, and the private data within it cannot leave the country. Secondly... For business systems belonging to business departments, data differentiation strategies can be redeployed according to business rules and local laws and regulations. Deployed at It has the following advantages: First, it offers convenient access to public data. As part of the blockchain node, it provides alliance nodes with easier access to its data partitioning standards. Secondly, it facilitates the updating of public data standards. As Blockchain nodes that enable cross-domain data exchange Need to pass Broadcast to the blockchain, analysis The distinction between private and public data in China should be clarified, and a single data source should be identified and updated. This ensures the accuracy of public data allocation.

[0063] Furthermore, the cross-domain data exchange includes public data. and privacy data Swap the two parts. Strictly protected by the laws and regulations of various countries, Without the data subject's consent, data may not be transmitted overseas. Based on the aforementioned legal provisions, this invention introduces a homomorphic operation method to... After homomorphic encryption, cross-domain pairs Homomorphic operations are performed to achieve cross-domain data exchange. This requires ensuring the following three points: First... Depend on Transmit to back, Unable to obtain via key Privacy information; secondly Obtain After the data, Ensure that it can provide services based on cross-domain data exchange needs. ,support and The third is to perform homomorphic operations; and the result of the homomorphic operations. Only cross-domain data exchange is possible for the demand side. To obtain the above three points, this invention, combining the immutability of blockchain, designs the following scenarios: First, homomorphic encryption public keys. Upload to the blockchain. To their own to satisfy Get For oneself Perform homomorphic encryption to achieve and First, perform homomorphic operations. Second, perform homomorphic operations and their results. On-chain, to meet Get This enables cross-domain data exchange. Thirdly, it facilitates the acquisition and decryption of homomorphic operation results.

[0064] Further as Figure 9 As shown: the various Utilize its own Encrypted data sent of ,at the same time According to each The need to utilize one's own data in various ways of Encrypt its own data and send it to , After homomorphic operation, the result is returned to each , Utilize oneself Decrypting the results of homomorphic operations enables cross-domain data exchange. The above method has several advantages: firstly, data exchange complies with laws and regulations. Secondly, various... Transmit to of of The various methods used of , No The data cannot be decrypted, therefore ensuring that the encrypted data does not involve privacy issues, except... It is unbreakable from the outside; on the other hand In Firstly, it does not involve data leaving the country, and the method does not violate laws and regulations regarding the prohibition of privacy data leaving the country; secondly, it enables cross-domain data exchange. The homomorphic encryption method supports homomorphic operations, and the result of the homomorphic operation... Only usable of Decryption enabled cross-domain data exchange.

[0065] Further as Figure 10 As shown, homomorphic operations are broken down into three parts: homomorphic addition, homomorphic multiplication, and other complex calculations. Homomorphic addition and homomorphic multiplication are further divided into... Completed internally, other complex calculations are sent back. ,Depend on After decryption, perform operations on the plaintext of the decryption result, then homomorphically encrypt the result and send it back. Homomorphic operations are performed. The optimization strategy employs two main approaches: First, it transforms fully homomorphic operations into semi-homomorphic operations, improving instruction cycle time. Semi-homomorphic operations, with their earlier origins, consume fewer computational resources and have a faster instruction cycle compared to fully homomorphic operations. Second, it offloads complex non-addition and non-multiplication operations to plaintext operations, further improving instruction cycle time. This optimization strategy requires ensuring the determinism, integrity, and security of the homomorphic operation data, which is guaranteed through a blockchain network.

Claims

1. A cross-domain data compliance mutual trust calculation method, characterized in that... It includes the following steps: S1: Blockchain-based cross-domain data access control enables the establishment of consensus mechanisms and permission management between cross-domain organizations; S2: Cross-domain organization key on-chain: The file encryption public key, homomorphic encryption public key, and digital signature public key of the cross-domain organization are uploaded to the blockchain consortium chain to ensure the credibility and security of the public key; S3: Cross-domain data compliance differentiation, which classifies cross-domain data into privacy data and public data through machine learning, expert approval and deep learning; S4: Construct a cross-domain data exchange model to ensure the security, determinism, integrity, and compliance of data exchange; the specific steps for model construction in S4 are as follows: S41: Obtain the other party's file encryption public key on the blockchain to ensure file security; S42: Encrypt private data using its own homomorphic public key; S43: Combine the private data and public data in the encrypted state into a single XML file; S44: Sign the XML file using your own digital signature private key; S45: Obtain the other party's file encryption public key on the blockchain to encrypt the XML file, forming a cross-domain data exchange model; S5: Utilize blockchain to put cross-domain data on the chain, encrypt the data through blockchain smart contracts and store it in IPFS, and put the IPFS address hash value on the chain; S6: Perform homomorphic operations on cross-domain data, perform homomorphic operations on encrypted privacy data on a cloud computing server, and upload the operation results to IPFS; S7: Upload the homomorphic operation result to the blockchain, sign and encrypt the operation result using the blockchain node's signing private key, and then upload the hash value of the result file and the IPFS address hash value to the blockchain. S8: Obtain the homomorphic operation result, retrieve the result address from the blockchain, download the result file from IPFS, decrypt and verify it, and then use it for business updates.

2. The cross-domain data compliance mutual trust calculation method according to claim 1, characterized in that, S1 establishes access control between cross-domain organizational nodes based on business needs, providing a set of permission management systems. While establishing a consensus mechanism between cross-domain organizations, it can manage read and write controls between cross-domain organizations on business and data levels, ensuring permission control in the details of data filtering and privacy protection.

3. The cross-domain data compliance mutual trust calculation method according to claim 1, characterized in that, The S2 cross-domain organization key on-chain method uploads cross-domain organization files onto the consortium blockchain using file encryption public keys, homomorphic encryption public keys, and digital signature public keys, ensuring the credibility of public keys issued across domains and ensuring key security.

4. The cross-domain data compliance mutual trust calculation method according to claim 1, characterized in that, The specific steps for distinguishing compliance in S3 cross-domain data are as follows: S31: Automatically classify cross-domain data through machine learning; S32: Enable expert mode, and then experts will review the differentiation results of machine learning. S32: Retrain the expert mode approval results to improve the accuracy of cross-domain data classification in the future.

5. The cross-domain data compliance mutual trust calculation method according to claim 1, characterized in that, The specific steps of S5 in using blockchain to upload cross-domain data are as follows: S51: Obtain the hash value of the file to ensure data integrity; S52: Transfer the cross-domain data exchange file to the IPFS of the cross-domain organization and generate a hash value of the IPFS address of the cross-domain data exchange file; S53: Use blockchain smart contracts to put the hash value of the file and the hash value of the file address on the blockchain.

6. The cross-domain data compliance mutual trust calculation method according to claim 1, characterized in that, The specific steps of the S6 cross-domain data homomorphic operation are as follows: S61: Obtain the IPFS address and file integrity hash of the file from the blockchain; S62: Retrieve the XML file from IPFS based on the address, and simultaneously hash the file and compare it with the hash value on the blockchain to verify the integrity of the file; S63: The recipient of a cross-domain file decrypts the file using its own file's private key; S64: Obtain the file signature public key from each sender on the chain, decrypt the file using the public key, and determine that the file is the file transmitted by the cross-domain organization. S65: Obtain homomorphically encrypted privacy data from cross-domain data exchange files and upload it to the cloud computing server of the cross-domain organization; S66: Use homomorphic operations to perform homomorphic operations on the privacy data of all parties in the dense state.

7. The cross-domain data compliance mutual trust calculation method according to claim 1, characterized in that, The specific steps for uploading the homomorphic operation result to the chain in S7 are as follows: S71: Use the private key of the blockchain node to sign the XML file of the homomorphic operation result to ensure the determinism of the file; S72: Encrypt the homomorphic operation result file using the public key of the cross-domain organization; S73: Hash the homomorphic operation result file to form a file integrity hash value, and upload the file to IPFS to obtain the hash value of the file address; S74: Upload the file hash value and the file IPFS address hash value data to the blockchain.

8. The cross-domain data compliance mutual trust calculation method according to claim 1, characterized in that, The specific steps for obtaining the homomorphic operation result in S8 are as follows: S81: Obtain the file integrity hash value and IPFS address hash value from the chain, and obtain the result file of the homomorphic operation from IPFS; S82: The homomorphic operation result file obtained from IPFS is hashed and compared with the file integrity hash value on the chain to ensure file integrity; S83: Decrypt the homomorphic operation result file using its own file private key; S84: Verify the file signature using the sender's file signature public key to ensure the file's determinism; S85: Obtain the homomorphic operation result from the homomorphic operation file.

Images