An industrial internet-based data cross-platform secure transmission method and system
By comparing the lineage diagram of the transmitted dataset with that of sensitive data and the receiving end, the anonymization strength of the dataset can be obtained. Combined with the historical data transmission frequency, the sensitivity of the data can be judged and necessary security processing can be carried out. This solves the problem of insufficient data security in traditional methods and realizes efficient cross-platform secure data transmission.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING HI TECH TECH
- Filing Date
- 2026-02-26
- Publication Date
- 2026-06-05
AI Technical Summary
Traditional cross-platform data transmission methods cannot effectively determine the sensitivity of the dataset to the receiving end, resulting in low data security and easy leakage of sensitive data.
By comparing the lineage diagram of the transmitted dataset with that of sensitive data, and combining the anonymization strength and historical data transmission frequency of the dataset obtained at the receiving end, the sensitivity and credibility of the data can be determined, and necessary security processing can be performed before transmission.
It improves the security of data transmission, avoids the leakage of sensitive data, protects the interests of the sender, and enables secure data transmission when the network is stable.
Smart Images

Figure CN121727870B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of digital information transmission technology, specifically to a method and system for secure cross-platform data transmission based on the Industrial Internet. Background Technology
[0002] Through data aggregation and correlation analysis, macro trends and hidden patterns can be extracted from micro-level data, revealing global laws that are invisible at the individual level. This provides crucial insights for precise decision-making, business intelligence, and scientific research. This process, while strictly adhering to anonymization and privacy protection, unlocks the enormous potential value of data, driving innovation and efficiency improvements.
[0003] Traditional methods judge the ease of inferring the sensitivity of a dataset by its own derived properties and the magnitude of k-anonymity and l-diversity. However, this method does not combine the dataset with the dataset already acquired by the receiving platform. As a result, the sensitivity judgment and evaluation of the transmitted dataset by the receiving end is flawed, leading to low data security and easy leakage of sensitive data. Summary of the Invention
[0004] To address the technical problem of deficiencies in the judgment and evaluation of the sensitivity of transmitted datasets at the receiving end, leading to low data security and easy leakage of sensitive data, the present invention aims to provide a secure cross-platform data transmission method and system based on the Industrial Internet. The specific technical solution adopted is as follows:
[0005] This invention provides a method for secure cross-platform data transmission based on the Industrial Internet, the method comprising:
[0006] By comparing the lineage diagrams of the transmitted dataset and the sensitive data, the severity of the transmission of the sensitive data from the transmitted dataset can be determined.
[0007] The degree of sensitivity increase of the transmitted dataset is obtained by combining the anonymization strength of the associated dataset between the transmitted dataset and the available dataset at the receiving end with the severity of easy derivation.
[0008] The degree of sensitivity increase is used to determine the sensitivity of the transmitted dataset to the receiving end, and the reliability of the receiving end is determined by the historical data transmission frequency information of the sending and receiving ends.
[0009] The degree of processing necessity for the transmitted dataset is determined by using sensitivity and trustworthiness, and a decision is made on whether to perform secure processing on the transmitted dataset before transmission based on the degree of processing necessity.
[0010] Furthermore, the comparison of the lineage diagrams of the transmitted dataset and the sensitive data to determine the severity of the transmission dataset's susceptibility to the sensitive data includes:
[0011] By comparing the lineage diagrams of the transmitted dataset and the sensitive data, the proportion of the number of identical nodes between the transmitted dataset and the sensitive data in the lineage diagram of the sensitive data is determined.
[0012] The first sensitive dataset is identified by determining the proportion of nodes that exceeds a preset threshold. The severity of the transmission dataset's susceptibility to sensitive data is then determined by using the sensitivity level and data volume of each sensitive data in the first sensitive dataset.
[0013] Furthermore, the method of utilizing the anonymization strength of the associated dataset between the transmitted dataset and the available dataset at the receiving end, combined with the severity of susceptibility to derivation, to determine the increased sensitivity of the transmitted dataset includes:
[0014] The first anonymization strength of the transmitted dataset is determined by using the k-value of k-anonymity and the l-value of l-diversity.
[0015] Determine the number of associated datasets between the transmitted dataset and the available dataset at the receiving end, as well as the second anonymization strength of the associated dataset;
[0016] The degree of sensitivity increase of the transmitted dataset is obtained by using the first anonymization strength, the second anonymization strength, and the number of associated datasets, combined with the severity of easy derivation.
[0017] Furthermore, the step of using the first anonymization strength, the second anonymization strength, and the number of associated datasets, combined with the severity of easy derivation, to obtain the degree of increased sensitivity of the transmitted dataset includes:
[0018] Determine the minimum first anonymization strength among all transmitted data sets in the sending end, and determine the anonymization strength difference between the first anonymization strength and the minimum first anonymization strength;
[0019] The degree of sensitivity increase of the transmitted dataset is obtained by using the anonymization intensity difference, the second anonymization intensity, and the number of associated datasets, combined with the severity of easy derivation.
[0020] Furthermore, determining the sensitivity of the transmitted dataset to the receiving end using the degree of sensitivity increase includes:
[0021] The sensitivity level of the transmitted dataset is corrected by adjusting the increase in sensitivity after normalization, thus obtaining the sensitivity of the transmitted dataset to the receiving end.
[0022] Furthermore, the step of determining the reliability of the receiver by utilizing historical data transmission frequency information of the sending and receiving ends includes:
[0023] Determine the target number of data transmissions from the sending end to the target receiving end and the maximum number of data transmissions to all receiving ends within a preset period;
[0024] The reliability of the receiver can be determined by the ratio of the number of transmissions between the target number of data transmissions and the maximum number of data transmissions.
[0025] Furthermore, determining the reliability of the receiving end by utilizing the ratio of the target data transmission count to the maximum data transmission count includes:
[0026] Determine the time interval between the most recent data transmission time from the sender to the target receiver and the current time, and determine the security level of other transmission platforms associated with the target receiver;
[0027] The reliability of the receiving end is determined by using the percentage of transmissions, the time interval, and the security level.
[0028] Furthermore, the step of determining the processing necessity of the transmitted dataset using sensitivity and trustworthiness, and then determining whether to perform secure processing on the transmitted dataset before transmission based on the processing necessity, includes:
[0029] Determine the target sensitivity of the transmitted dataset relative to the target receiver and the maximum sensitivity relative to all receivers, as well as the ratio of their respective sensitivity.
[0030] The processing necessity of the transmitted dataset is obtained by using the sensitivity ratio and the confidence level. If the processing necessity is greater than the preset processing threshold, it is determined that the transmitted dataset needs to be processed securely before transmission.
[0031] Furthermore, the step of determining whether to perform secure processing on the transmitted dataset before transmission based on the necessity of processing further includes:
[0032] Get the network congestion level between the sender and receiver at the current moment and the network stability level during the preset period before the current moment;
[0033] Determine the average sensitivity of the transmitted dataset after security processing within a preset time period prior to the current moment to the receiving end;
[0034] By using the average values of network congestion, network stability, and sensitivity, we can determine the suitability of the data transmission from the sender to the receiver at the current moment.
[0035] When the suitability level is greater than a preset suitable threshold, the transmitting end sends the transmission dataset to the receiving end.
[0036] This invention also provides a secure cross-platform data transmission system based on the Industrial Internet, the system being used to implement the secure cross-platform data transmission method based on the Industrial Internet as described in any of the preceding claims; the system includes:
[0037] The derivation analysis module is used to compare the lineage diagrams of the transmitted dataset and the sensitive data to determine the severity of the ease with which the transmitted dataset can be derived from the sensitive data.
[0038] The sensitivity analysis module is used to determine the degree of sensitivity increase of the transmitted dataset by utilizing the anonymization strength of the associated datasets between the transmitted dataset and the available datasets at the receiving end, combined with the severity of the potential for derivation.
[0039] The trust analysis module is used to determine the sensitivity of the transmitted dataset to the receiving end by utilizing the degree of sensitivity increase, and to determine the trustworthiness of the receiving end by utilizing the historical data transmission frequency information of the sending and receiving ends.
[0040] The data processing module is used to determine the processing necessity of the transmitted dataset based on the sensitivity and trust level, and to determine whether to perform secure processing on the transmitted dataset before transmission based on the processing necessity.
[0041] The present invention has the following beneficial effects:
[0042] This invention assesses the likelihood of obtaining sensitive data derived from transmitted data based on the similarity of the transmitted dataset to other sensitive data in its data lineage diagram; it also assesses the ease of analysis and acquisition of sensitive data based on the anonymization of the correlation between the transmitted data and the data obtainable by the receiving end. Furthermore, it comprehensively evaluates and judges the credibility of the data transmission frequency from the sending end to the receiving end platform and the security status of the platform the receiving end cooperates with, determining the necessity of secure data processing and implementing secure data processing when security is insufficient. Simultaneously, considering network conditions during data transmission, it selects to transmit processed sensitive information that is difficult to obtain to the receiving end platform when the network is stable, thus avoiding the leakage of sensitive data, improving data security and privacy protection, and safeguarding the interests of the sending end platform. Attached Figure Description
[0043] To more clearly illustrate the technical solutions and advantages in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0044] Figure 1A flowchart illustrating the steps of a secure cross-platform data transmission method based on the Industrial Internet, as provided in one embodiment of the present invention;
[0045] Figure 2 This is a detailed flowchart of step S1 in a method for secure cross-platform data transmission based on the Industrial Internet, provided in an embodiment of the present invention.
[0046] Figure 3 This is a detailed flowchart of step S2 in a method for secure cross-platform data transmission based on the Industrial Internet, provided in an embodiment of the present invention.
[0047] Figure 4 This is a detailed flowchart of step S3 in a method for secure cross-platform data transmission based on the Industrial Internet, provided in an embodiment of the present invention.
[0048] Figure 5 This is a detailed flowchart of step S4 in a method for secure cross-platform data transmission based on the Industrial Internet, provided in an embodiment of the present invention.
[0049] Figure 6 This is a detailed flowchart of step S4 and beyond in a cross-platform secure data transmission method based on the Industrial Internet, provided in an embodiment of the present invention.
[0050] Figure 7 This is a schematic diagram of the hardware operating environment of the cross-platform secure data transmission device based on the Industrial Internet involved in the embodiments of the present invention;
[0051] Figure 8 This is a schematic diagram of the framework structure of a cross-platform secure data transmission system based on the Industrial Internet, which is involved in the embodiments of the present invention. Detailed Implementation
[0052] To further illustrate the technical means and effects adopted by the present invention to achieve its intended purpose, the following, in conjunction with the accompanying drawings and preferred embodiments, details the specific implementation, structure, features, and effects of a cross-platform secure data transmission method based on the Industrial Internet proposed by the present invention. In the following description, different "one embodiment" or "another embodiment" do not necessarily refer to the same embodiment. Furthermore, specific features, structures, or characteristics in one or more embodiments can be combined in any suitable form.
[0053] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention pertains.
[0054] To facilitate understanding of the following embodiments of the present invention, the main objectives and the scenarios targeted by the present invention will be briefly described:
[0055] The main objective of this invention is:
[0056] This invention assesses the likelihood of deriving sensitive data from ordinary data based on the similarity of the data lineage diagram of transmitted data to other sensitive information data. It assesses the ease of analysis and acquisition of sensitive data based on the anonymity between the transmitted data and the data obtainable at the receiving end. It also assesses the reliability of the receiving platform based on the frequency of data transmission. Considering network conditions during data transmission, it selects a stable network environment to transmit processed sensitive information, which is difficult to obtain, to the receiving platform.
[0057] The scenario addressed by this invention is:
[0058] Through data aggregation and correlation analysis, macro trends and hidden patterns can be extracted from micro-level data, revealing global laws that are imperceptible at the individual level, thus providing crucial insights for precise decision-making, business intelligence, and scientific research. This process, while strictly adhering to anonymization and privacy protection, unlocks the enormous potential value of data, driving innovation and efficiency improvements. This invention assesses the likelihood of obtaining sensitive data from ordinary data based on the similarity of the data lineage diagram of transmitted data to other sensitive information data. It assesses the ease of analysis and acquisition of sensitive data based on the anonymity between the transmitted data and the data available at the receiving end. It assesses the credibility of the receiving platform based on the frequency of data transmission. Considering network conditions during data transmission, it selects to transmit processed sensitive information that is difficult to obtain to the receiving platform when the network is stable.
[0059] The following description, in conjunction with the accompanying drawings, details a specific scheme for a secure cross-platform data transmission method based on the Industrial Internet provided by this invention.
[0060] Example 1:
[0061] For a method for secure cross-platform data transmission based on the Industrial Internet provided by this invention, please refer to [link / reference]. Figure 1 The diagram illustrates a flowchart of a method for secure cross-platform data transmission based on the Industrial Internet, provided by an embodiment of the present invention.
[0062] The method for secure cross-platform data transmission based on the Industrial Internet includes:
[0063] Step S1: Compare the lineage diagrams of the transmitted dataset and the sensitive data to determine the severity of the transmission dataset's susceptibility to the sensitive data.
[0064] In this embodiment, the data (transmission dataset) transmitted from the sending end to the receiving end platform is first acquired, and the relevant process is as follows:
[0065] The receiving platform precisely defines data requirements such as resource identifiers, filtering conditions, field selection, sorting, and pagination. It selects the request method (GET / POST), sets the API (Application Programming Interface) endpoint, adds request parameters such as the URL (Uniform Resource Locator) query string, path parameters, and request body, and configures request headers to construct the request. The receiving end then sends the constructed HTTP request over the network to the specified address of the sending end.
[0066] The web server directs requests to the appropriate handler based on the URL and method. It checks the validity and completeness of request parameters (e.g., whether the date format is correct and pagination parameters are valid) to prevent malicious input.
[0067] Based on the validated parameters, a query is executed in the sending database or data source. This includes applying filtering conditions, selecting specific fields, sorting, and pagination. The following examples analyze the acquired transmission dataset to prevent the leakage of sensitive data and avoid harm to the interests of the sending platform.
[0068] In this embodiment, the likelihood of obtaining sensitive data after the data to be transmitted is determined based on the overlap between the lineage graph of the transmitted dataset and the data that the receiving end has obtained or can obtain from other sources (referred to as the receiver's obtainable dataset, such as a publicly available dataset and a dataset that the receiver itself has transmitted and obtained).
[0069] A single data point may not be particularly sensitive, but when multiple data points are aggregated and transmitted, sensitive data may be derived from the aggregated data. For example, a single logistics record (such as "package A was shipped from X to Y") has limited value. However, when thousands of records are aggregated by "shipping address" or "delivery address," a customer geographic distribution heatmap can be formed. To avoid the leakage of sensitive data, the likelihood of obtaining sensitive data should be assessed by examining the similarity between the data lineage diagram of the currently transmitted aggregated data and the sensitive data.
[0070] The steps for obtaining the data lineage map can be as follows (or other existing methods can be used):
[0071] Define the core purpose (such as compliance, impact analysis) and scope (specific business domains, systems and key data assets) to avoid getting out of control.
[0072] Identify and interview key roles (data engineers, analysts, etc.), and through communication and document collection, initially sort out the data processing logic and process, and establish a preliminary framework.
[0073] Automated metadata collection is achieved using existing tools. Core methods include: parsing SQL (Structured Query Language) scripts and ETL (Extract, Transform, Load) task logs to extract table-level dependencies; using the data platform's built-in functions to track access relationships; and deploying professional metadata management tools to integrate multi-source information.
[0074] The automated data collection results are integrated and correlated with information from manual surveys to form an end-to-end link. This data is then reviewed and verified by frontline developers and users to correct errors and supplement business logic that cannot be captured purely by technology. The verified lineage data is then presented in layered, interactive charts.
[0075] Specifically, please refer to Figure 2 Step S1 includes:
[0076] Step S11: Compare the lineage diagrams of the transmitted dataset and the sensitive data to determine the percentage of the number of identical nodes between the transmitted dataset and the sensitive data in the lineage diagram of the sensitive data.
[0077] Step S12: Determine the first sensitive dataset whose node count ratio is greater than a preset threshold, and use the sensitivity level and data volume of each sensitive data in the first sensitive dataset to obtain the severity of the transmission dataset's susceptibility to sensitive data.
[0078] In this embodiment, the lineage graph corresponding to the current transmission dataset j (also referred to as the target transmission dataset in various embodiments) is compared with the lineage graph of a single data m (referred to as sensitive data) with a higher sensitivity level (sensitivity level greater than 3, the sensitivity level is determined according to existing industry standards or custom definitions), and the proportion of the number of identical nodes in the lineage graph of data m is obtained. (Percentage of nodes).
[0079] when (When a preset percentage threshold is obtained, which can be adjusted according to actual needs), the sensitivity level corresponding to data m is determined. And statistics. The total number of all sensitive data (denoted as the first sensitive data) with a value greater than 0.7. (Data volume in the first sensitive dataset). The total number of records obtained when comparing all historical datasets (historical transmission data sets with the sensitive data). maximum value .
[0080] when At that time, the sensitivity levels of the multiple data points r (which are the first sensitive data points at this time) are determined. The sum The larger, and and ratio The larger the dataset, the easier it is to extract sensitive data, and the greater the sensitivity of the data.
[0081] This allows us to determine the severity of the potential for sensitive data to be derived from the current transmitted dataset j. The above analysis was performed on all transmitted data from all receiving platforms. This analysis serves as a reference for determining whether subsequent data can be directly transmitted, thus preventing the leakage of sensitive data.
[0082] Step S2: Utilize the anonymization strength of the associated dataset between the transmitted dataset and the available dataset at the receiving end, and combine this with the severity of the susceptibility to derivation to obtain the degree of increased sensitivity of the transmitted dataset.
[0083] Specifically, please refer to Figure 3 Step S2 includes:
[0084] Step S21: Determine the first anonymization strength of the transmitted dataset using the k-anonymity value of the transmitted dataset and the l-diversity value of the transmitted dataset;
[0085] Step S22: Determine the number of associated datasets between the transmitted dataset and the available dataset at the receiving end, as well as the second anonymization strength of the associated datasets.
[0086] Step S23: Using the first anonymization strength, the second anonymization strength, and the number of associated datasets, combined with the severity of easy derivation, the degree of increase in sensitivity of the transmitted dataset is obtained.
[0087] More specifically, step S23 includes:
[0088] Determine the minimum first anonymization strength among all transmitted data sets in the sending end, and determine the anonymization strength difference between the first anonymization strength and the minimum first anonymization strength;
[0089] The degree of sensitivity increase of the transmitted dataset is obtained by using the anonymization intensity difference, the second anonymization intensity, and the number of associated datasets, combined with the severity of easy derivation.
[0090] In this embodiment, linking datasets can compromise anonymity. For example, dataset A is an anonymous health dataset containing records of "having diabetes," but with random IDs instead of names. Dataset B is a public voter list containing names, zip codes, dates of birth, and genders. Linking datasets poses a risk: by sharing attributes (such as zip code, date of birth, and gender), it's possible to precisely match "disease records" in dataset A with "specific individuals" in dataset B, thereby re-identifying the health status of anonymous individuals. This is known as a link attack in the field of privacy protection.
[0091] The meaning of k-anonymity: k represents the minimum number of records corresponding to any set of quasi-identifiers (such as zip code, age, gender) in a dataset. When the value of k is small, attackers can target a very small group, and with a little additional background knowledge, it is easy to infer the identity of the target.
[0092] The meaning of l-diversity: l represents the minimum number of distinct values for a sensitive attribute (such as disease or salary) within any k-anonymized group (equivalence class). The l value is like the "fog concentration" protecting sensitive information. The smaller the l value, the lighter the fog, and the more clearly the sensitive information is visible.
[0093] Therefore, the ease with which sensitive information can be inferred can be judged by the k-anonymity and l-diversity of the current transmitted dataset after being correlated with other datasets available at the receiving end.
[0094] Obtain the size of k-anonymity and l-diversity of the transmitted dataset j. (i.e., k-value, l-value). Calculation The sum of these values represents the anonymization strength of the transmitted dataset j. (Denotes this as the first anonymization strength). The minimum anonymization strength among all datasets j sent by the sender is obtained through comparison. (Minimum of first anonymization strength).
[0095] By identifying direct join keys (such as whether there are common key fields between datasets, such as identity ID), the number of datasets (related datasets) that are associated with dataset j among the multiple datasets available to the receiving end can be determined. .
[0096] Associating the datasets at receiver p that can be associated with the transmitted dataset j with the transmitted dataset j, and treating the multiple associated datasets (the associated datasets) as a whole, we recalculate k-anonymity and l-diversity based on the complete associated dataset to obtain the anonymization strength of the associated dataset. (Second level of anonymization).
[0097] When the anonymization strength of the transmitted dataset j and minimum value Difference The smaller the (anonymization strength difference), the better. The more numerous the cases, the more likely they are to escalate into more severe cases. The larger the value, the stronger the anonymization of the dataset after association. The smaller the data size, the easier it is to infer sensitive data after the data in the transmitted dataset j is associated with other data. The easier it is to obtain sensitive data after aggregating single data. The more sensitive the transmitted dataset j is, the greater the corresponding sensitivity should be.
[0098] This allows us to determine the degree of increase in sensitivity of the transmitted dataset j. Using the max-min normalization method to... After normalization, we get Its range is [0,1]. The 1 in this formula is a stable value set to prevent the denominator from being 0. The calculation error caused by adding 1 to the denominator position is within the overall controllable range.
[0099] Step S3: Determine the sensitivity of the transmitted dataset to the receiving end by using the degree of sensitivity increase, and determine the reliability of the receiving end by using the historical data transmission frequency information of the sending and receiving ends;
[0100] The ease of analysis of specific data is determined by the correlation between transmitted data and data available at the receiving end. The reliability of the receiving platform is evaluated based on its historical data reception performance and the security status of its collaborating platforms.
[0101] Specifically, in one embodiment, step S3, determining the sensitivity of the transmitted dataset to the receiving end based on the degree of sensitivity increase, includes:
[0102] The sensitivity level of the transmitted dataset is corrected by adjusting the increase in sensitivity after normalization, thus obtaining the sensitivity of the transmitted dataset to the receiving end.
[0103] In this embodiment, the degree of increase in normalized sensitivity The larger the value, the easier it is to obtain sensitive data from the transmitted dataset j through derivation or association with other datasets, and its sensitivity should increase accordingly. This leads to the conclusion of the sensitivity of the transmitted dataset j to the receiving platform p. ; Let be the sensitivity level of the transmitted dataset j (the average of the sensitivity levels of each dataset can be taken and rounded up). This process is used to estimate the sensitivity of different transmitted datasets to different receiving platforms, serving as a reference for determining the necessity of data processing during subsequent data transmission.
[0104] Specifically, in one embodiment, please refer to Figure 4Step S3, which uses historical data transmission frequency information between the sending and receiving ends to determine the reliability of the receiving end, includes:
[0105] Step S31: Determine the target number of data transmissions from the sending end to the target receiving end and the maximum number of data transmissions to all receiving ends within a preset period;
[0106] Step S32: Determine the reliability of the receiving end by using the ratio of the number of transmissions between the target number of data transmissions and the maximum number of data transmissions.
[0107] More specifically, step S32 includes:
[0108] Determine the time interval between the most recent data transmission time from the sender to the target receiver and the current time, and determine the security level of other transmission platforms associated with the target receiver;
[0109] The reliability of the receiving end is determined by using the percentage of transmissions, the time interval, and the security level.
[0110] In this example, when the receiving platform has low credibility, the more sensitive the dataset it requires to transmit, the more important it is to consider the direct transmissibility of the data. The credibility of the receiving platform can be judged by the frequency of recent historical data transmissions and the security level of other transmission platforms associated with the receiving platform.
[0111] Count back 30 days from the current analysis time (preset period, can be adjusted according to actual needs) to count the number of data transmissions from the sending end to the receiving end platform p. (Target data transmission count). This involves comparing the maximum number of data transmissions performed by different receiving platforms within a 30-day period at different times. (Maximum number of data transfers).
[0112] Get the time interval between the time of the last data transmission from the sending end to the receiving end platform p and the current time. .
[0113] By comprehensively examining other transmission platforms associated with the receiving platform (with whom data transmission has occurred), including their encryption strength (e.g., TLS 1.3), authentication and access control mechanisms (e.g., multi-factor authentication), auditing and monitoring capabilities, compliance (e.g., SOC 2 certification), and past security incident records, the security level of associated platform b is determined. Regarding the level of security The above security-related factors can be evaluated separately according to business needs, and corresponding weights can be set for different factors. The weighted summation can then be performed to obtain the final security level.
[0114] when With the maximum number ratio The larger the percentage of transmissions and the longer the time interval, the better. The smaller the (normalized value), the higher the average security level of all platforms associated with the receiving platform p. The larger the (normalized value) is, the closer the data transmission of the receiving platform p is, the greater the trust level, the more secure the associated platform is, the lower the risk of information leakage, and the greater the credibility of the receiving platform.
[0115] This allows us to determine the reliability of the receiving platform p. Using the max-min normalization method to... After normalization, we get Its value range is [0,1]. The trustworthiness of all receiving platforms is judged based on this, and the transmitted data is processed to different degrees according to different trust levels to avoid the leakage of sensitive data.
[0116] Step S4: Utilize the sensitivity and trustworthiness to determine the processing necessity of the transmitted dataset, and determine whether to perform secure processing on the transmitted dataset before transmission based on the processing necessity.
[0117] Specifically, please refer to Figure 5 Step S4 includes:
[0118] Step S41: Determine the target sensitivity of the transmitted dataset relative to the target receiver and the maximum sensitivity relative to all receivers, as well as the ratio of their sensitivity.
[0119] Step S42: The processing necessity of the transmitted dataset is obtained by using the sensitivity ratio and the confidence level. If the processing necessity is greater than the preset processing threshold, it is determined that the transmitted dataset needs to be processed securely before transmission.
[0120] In this embodiment, the normalized reliability of the data receiving platform p is... The smaller the value, the less sensitive the transmitted dataset j is to the receiving platform p. With the maximum value of sensitivity The ratio of the sensitivity of the transmitted dataset to the maximum sensitivity of all receivers. The larger the dataset j, the less suitable it is for direct transmission of its current data state. To avoid the leakage of other sensitive data, appropriate processing should be performed. This leads to the determination of the necessity of processing dataset j. .
[0121] Using the maximum-minimum normalization method After normalization, we get Its range is [0,1]. When When the preset processing threshold is determined to be high, sensitive data of the transmitted dataset j is at high risk of leakage in its current state and should be processed.
[0122] When transmitting dataset j, mathematically verified noise is injected into the data query and analysis stages to ensure that the existence of a single record does not affect the statistical results, thus fundamentally defending against association inference attacks.
[0123] For statically published data, in addition to achieving k-anonymity (preventing identity theft), sufficient l-diversity (protecting sensitive attributes) must be ensured. Homomorphic encryption or secure multi-party computation should be used for joint analysis across data sources to achieve "data usable but not visible".
[0124] The sending end performs necessary transformations, calculations, or formatting on the processed data to conform to the format requirements of the API response. It converts the processed data (such as objects in memory) into a cross-platform format, a process known as serialization. It sets the HTTP status code, places the serialized data into the response body, sets the appropriate response headers, and then returns the complete HTTP response to the receiving end.
[0125] After receiving the data, the receiving end checks the status code to quickly determine whether the request was successful. If the status code is 4xx or 5xx, it handles the error accordingly (e.g., prompting the user or logging). If the status code is 2xx (success), it parses the JSON data in the response body into objects or data structures that are locally usable by the receiving program.
[0126] In one embodiment, please refer to Figure 6 After step S4, the method further includes:
[0127] Step S5: Obtain the network congestion level between the sender and receiver at the current moment and the network stability level during the preset period before the current moment;
[0128] Step S6: Determine the average sensitivity of the securely processed transmission dataset to the receiving end within the preset time period before the current moment;
[0129] Step S7: Using the average values of network congestion, network stability, and sensitivity, determine the suitability of the sending end to transmit data to the receiving end at the current moment.
[0130] Step S8: When the suitability level is greater than a preset suitable threshold, the transmitting end sends the transmission dataset to the receiving end.
[0131] In this embodiment, high latency and packet loss disrupt the normal generation and verification of TCP (Transmission Control Protocol Sequence Number), which facilitates attackers launching sequence number prediction attacks to hijack or forge data packets. To ensure the security of transmitted data, a better network transmission condition should be selected to transmit data to the receiving end.
[0132] The sensitivity of the securely processed transmitted dataset j to the receiving platform p, as described in the above embodiments. Reacquire.
[0133] The network congestion level at time c (as the current time) is obtained using an active probing method. (Values greater than 0). The network stability over a 10-minute period (a preset period prior to the current time, adjustable) is calculated using continuous connectivity testing, estimating the time from moment c backwards. This yields the secure transmission status of the network. .
[0134] The secure transmission status of the network at time c. The larger the average sensitivity of the multiple transmission datasets that should be processed and transmitted to platform p to the receiving platform p, the greater the sensitivity of the receiving platform p. The smaller the time, the better it is to transmit data at time c, as this can better prevent data leakage due to packet loss.
[0135] Therefore, the suitability of transmitting data to the receiving platform p at time c can be determined. Using the max-min normalization method to... After normalization, we get Its value range is [0,1]. After the transmitted data is processed, when When a suitable threshold is preset and can be adjusted, data is transmitted to ensure secure data transmission.
[0136] This invention assesses the likelihood of obtaining sensitive data derived from transmitted data based on the similarity of the transmitted dataset to other sensitive data in its data lineage diagram; it also assesses the ease of analysis and acquisition of sensitive data based on the anonymization of the correlation between the transmitted data and the data obtainable by the receiving end. Furthermore, it comprehensively evaluates and judges the credibility of the data transmission frequency from the sending end to the receiving end platform and the security status of the platform the receiving end cooperates with, determining the necessity of secure data processing and implementing secure data processing when security is insufficient. Simultaneously, considering network conditions during data transmission, it selects to transmit processed sensitive information that is difficult to obtain to the receiving end platform when the network is stable, thus avoiding the leakage of sensitive data, improving data security and privacy protection, and safeguarding the interests of the sending end platform.
[0137] Example 2:
[0138] This invention also proposes a secure cross-platform data transmission device based on the Industrial Internet. The device can be a computer, a server, or other data analysis and computing equipment, or a combination of multiple devices.
[0139] like Figure 7 As shown, Figure 7 This is a schematic diagram of the hardware operating environment of the cross-platform secure data transmission device based on the Industrial Internet involved in the embodiments of the present invention.
[0140] like Figure 7 As shown, the industrial internet-based cross-platform secure data transmission device may include: a processor 1001, such as a CPU; a network interface 1004; a user interface 1003; a memory 1005; and a communication bus 1002. The communication bus 1002 is used to enable communication between these components. The user interface 1003 may include a display or an input unit such as a control panel; the user interface 1003 may also include standard wired or wireless interfaces. The network interface 1004 may optionally include standard wired or wireless interfaces (such as a Wi-Fi interface). The memory 1005 may be high-speed RAM or non-volatile memory, such as a disk drive. The memory 1005 may also optionally be a storage device independent of the aforementioned processor 1001. The memory 1005, as a computer storage medium, may include a cross-platform secure data transmission program.
[0141] Those skilled in the art will understand that Figure 7 The hardware structure shown does not constitute a limitation on the device and may include more or fewer components than shown, or combine certain components, or have different component arrangements.
[0142] Continue to refer to Figure 7 , Figure 7 The memory 1005, which is a computer-readable storage medium, may include an operating system, a user interface module, a network communication module, and a cross-platform secure data transmission program.
[0143] exist Figure 7 In this embodiment, the network communication module is mainly used to connect to the server and can communicate with the server for data; while the processor 1001 can call the cross-platform secure data transmission program stored in the memory 1005 and execute the steps in the above embodiments.
[0144] Based on the hardware structure of the above-mentioned cross-platform secure data transmission device based on the Industrial Internet, various embodiments of the present invention's cross-platform secure data transmission method based on the Industrial Internet are implemented.
[0145] Furthermore, this invention also provides a secure cross-platform data transmission system based on the Industrial Internet, please refer to... Figure 8 The industrial internet-based cross-platform secure data transmission system includes:
[0146] The derivative analysis module A10 is used to compare the lineage diagrams of the transmitted dataset and the sensitive data to determine the severity of the ease with which the transmitted dataset can be derived from the sensitive data.
[0147] The sensitivity analysis module A20 is used to determine the degree of sensitivity increase of the transmitted dataset by utilizing the anonymization strength of the associated dataset between the transmitted dataset and the available dataset at the receiving end, combined with the degree of susceptibility to derivation.
[0148] The Trust Analysis Module A30 is used to determine the sensitivity of the transmitted dataset to the receiving end by utilizing the degree of sensitivity increase, and to determine the trustworthiness of the receiving end by utilizing the historical data transmission frequency information of the sending and receiving ends.
[0149] The data processing module A40 is used to determine the processing necessity of the transmitted dataset based on the sensitivity and trust level, and to determine whether to perform secure processing on the transmitted dataset before transmission based on the processing necessity.
[0150] Furthermore, the derivative analysis module A10 is also used for:
[0151] By comparing the lineage diagrams of the transmitted dataset and the sensitive data, the proportion of the number of identical nodes between the transmitted dataset and the sensitive data in the lineage diagram of the sensitive data is determined.
[0152] The first sensitive dataset is identified by determining the proportion of nodes that exceeds a preset threshold. The severity of the transmission dataset's susceptibility to sensitive data is then determined by using the sensitivity level and data volume of each sensitive data in the first sensitive dataset.
[0153] Furthermore, the sensitivity analysis module A20 is also used for:
[0154] The first anonymization strength of the transmitted dataset is determined by using the k-value of k-anonymity and the l-value of l-diversity.
[0155] Determine the number of associated datasets between the transmitted dataset and the available dataset at the receiving end, as well as the second anonymization strength of the associated dataset;
[0156] The degree of sensitivity increase of the transmitted dataset is obtained by using the first anonymization strength, the second anonymization strength, and the number of associated datasets, combined with the severity of easy derivation.
[0157] Determine the minimum first anonymization strength among all transmitted data sets in the sending end, and determine the anonymization strength difference between the first anonymization strength and the minimum first anonymization strength;
[0158] The degree of sensitivity increase of the transmitted dataset is obtained by using the anonymization intensity difference, the second anonymization intensity, and the number of associated datasets, combined with the severity of easy derivation.
[0159] Furthermore, the trust analysis module A30 is also used for:
[0160] The sensitivity level of the transmitted dataset is corrected by adjusting the increase in sensitivity after normalization, thus obtaining the sensitivity of the transmitted dataset to the receiving end.
[0161] Determine the target number of data transmissions from the sending end to the target receiving end and the maximum number of data transmissions to all receiving ends within a preset period, respectively;
[0162] The reliability of the receiver can be determined by the ratio of the number of transmissions between the target number of data transmissions and the maximum number of data transmissions.
[0163] Determine the time interval between the most recent data transmission time from the sender to the target receiver and the current time, and determine the security level of other transmission platforms associated with the target receiver;
[0164] The reliability of the receiving end is determined by using the percentage of transmissions, the time interval, and the security level.
[0165] Furthermore, the data processing module A40 is also used for:
[0166] Determine the target sensitivity of the transmitted dataset relative to the target receiver and the maximum sensitivity relative to all receivers, as well as the ratio of their respective sensitivity.
[0167] The processing necessity of the transmitted dataset is obtained by using the sensitivity ratio and the confidence level. If the processing necessity is greater than the preset processing threshold, it is determined that the transmitted dataset needs to be processed securely before transmission.
[0168] Get the network congestion level between the sender and receiver at the current moment and the network stability level during the preset period before the current moment;
[0169] Determine the average sensitivity of the transmitted dataset after security processing within a preset time period prior to the current moment to the receiving end;
[0170] By using the average values of network congestion, network stability, and sensitivity, we can determine the suitability of the data transmission from the sender to the receiver at the current moment.
[0171] When the suitability level is greater than a preset suitable threshold, the transmitting end sends the transmission dataset to the receiving end.
[0172] The specific implementation of the cross-platform secure data transmission system based on the Industrial Internet of the present invention is basically the same as the embodiments of the cross-platform secure data transmission method based on the Industrial Internet described above, and will not be repeated here.
[0173] Furthermore, the present invention also provides a computer-readable storage medium. This computer-readable storage medium stores a cross-platform secure data transmission program, wherein, when executed by a processor, the cross-platform secure data transmission program implements the steps of the above-described industrial internet-based cross-platform secure data transmission method.
[0174] The method implemented when the data cross-platform secure transmission program is executed can be referred to in various embodiments of the data cross-platform secure transmission method based on the Industrial Internet of Things of this invention, and will not be repeated here.
[0175] It should be noted that the order of the above embodiments of the present invention is merely for descriptive purposes and does not represent the superiority or inferiority of the embodiments. The processes depicted in the accompanying drawings do not necessarily require a specific or sequential order to achieve the desired result. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
[0176] The various embodiments in this specification are described in a progressive manner. The same or similar parts between the various embodiments can be referred to each other. Each embodiment focuses on describing the differences from other embodiments.
[0177] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
[0178] The above description is only a preferred embodiment of the present invention and does not limit the scope of protection of the present invention. All equivalent structural / method transformations made under the inventive concept of the present invention using the contents of the present invention specification and drawings, or direct / indirect applications in other related technical fields, are included within the scope of protection of the present invention.
Claims
1. A method for secure cross-platform data transmission based on the Industrial Internet, characterized in that, Applied to the sending end; the method includes: By comparing the lineage diagrams of the transmitted dataset and the sensitive data, the severity of the transmission of the sensitive data from the transmitted dataset can be determined. The degree of sensitivity increase of the transmitted dataset is obtained by combining the anonymization strength of the associated dataset between the transmitted dataset and the available dataset at the receiving end with the severity of easy derivation. The degree of sensitivity increase is used to determine the sensitivity of the transmitted dataset to the receiving end, and the reliability of the receiving end is determined by the historical data transmission frequency information of the sending and receiving ends. The degree of processing necessity for the transmitted dataset is determined by using sensitivity and trustworthiness, and a decision is made on whether to perform secure processing on the transmitted dataset before transmission based on the degree of processing necessity. Methods for determining the severity of potential complications include: By comparing the lineage diagrams of the transmitted dataset and the sensitive data, the proportion of the number of identical nodes between the transmitted dataset and the sensitive data in the lineage diagram of the sensitive data is determined. The first sensitive dataset is identified, with the proportion of nodes exceeding a preset threshold. The severity of the transmission dataset's susceptibility to the sensitive data is then determined by the sensitivity level and data volume of each sensitive data in the first sensitive dataset. Methods for determining the degree of increased sensitivity include: The first anonymization strength of the transmitted dataset is determined by using the k-value of k-anonymity and the l-value of l-diversity. Determine the number of associated datasets between the transmitted dataset and the available dataset at the receiving end, as well as the second anonymization strength of the associated dataset; Determine the minimum first anonymization strength among all transmitted data sets in the sending end, and determine the anonymization strength difference between the first anonymization strength and the minimum first anonymization strength; The degree of sensitivity increase of the transmitted dataset is obtained by using the anonymization intensity difference, the second anonymization intensity, and the number of associated datasets, combined with the severity of easy derivation.
2. The method for secure cross-platform data transmission based on the Industrial Internet according to claim 1, characterized in that, The method of determining the sensitivity of the transmitted dataset to the receiving end by utilizing the increase in sensitivity includes: The sensitivity level of the transmitted dataset is corrected by adjusting the increase in sensitivity after normalization, thus obtaining the sensitivity of the transmitted dataset to the receiving end.
3. The method for secure cross-platform data transmission based on the Industrial Internet according to claim 1, characterized in that, The method of determining the reliability of the receiver by utilizing historical data transmission frequency information from both the transmitting and receiving ends includes: Determine the target number of data transmissions from the sending end to the target receiving end and the maximum number of data transmissions to all receiving ends within a preset period, respectively; The reliability of the receiver can be determined by the ratio of the number of transmissions between the target number of data transmissions and the maximum number of data transmissions.
4. The method for secure cross-platform data transmission based on the Industrial Internet according to claim 3, characterized in that, The method of determining the reliability of the receiving end by using the ratio of the target data transmission count to the maximum data transmission count includes: Determine the time interval between the most recent data transmission time from the sender to the target receiver and the current time, and determine the security level of other transmission platforms associated with the target receiver; The reliability of the receiving end is determined by using the percentage of transmissions, the time interval, and the security level.
5. The method for secure cross-platform data transmission based on the Industrial Internet according to claim 1, characterized in that, The process of determining the processing necessity of the transmitted dataset by utilizing sensitivity and trustworthiness, and then determining whether to perform secure processing on the transmitted dataset before transmission based on the processing necessity, includes: Determine the target sensitivity of the transmitted dataset relative to the target receiver and the maximum sensitivity relative to all receivers, as well as the ratio of their respective sensitivity. The processing necessity of the transmitted dataset is obtained by using the sensitivity ratio and the confidence level. If the processing necessity is greater than the preset processing threshold, it is determined that the transmitted dataset needs to be processed securely before transmission.
6. The method for secure cross-platform data transmission based on the Industrial Internet according to claim 1, characterized in that, The step of determining whether to perform secure processing on the transmitted dataset before transmission based on the necessity of processing also includes: Get the network congestion level between the sender and receiver at the current moment and the network stability level during the preset period before the current moment; Determine the average sensitivity of the transmitted dataset after security processing within a preset time period prior to the current moment to the receiving end; By using the average values of network congestion, network stability, and sensitivity, we can determine the suitability of the data transmission from the sender to the receiver at the current moment. When the suitability level is greater than a preset suitable threshold, the transmitting end sends the transmission dataset to the receiving end.
7. A cross-platform secure data transmission system based on the Industrial Internet, characterized in that, The system is used to implement the secure cross-platform data transmission method based on the Industrial Internet as described in any one of claims 1 to 6; the system includes: The derivation analysis module is used to compare the lineage diagrams of the transmitted dataset and the sensitive data to determine the severity of the ease with which the transmitted dataset can be derived from the sensitive data. The sensitivity analysis module is used to determine the degree of sensitivity increase of the transmitted dataset by utilizing the anonymization strength of the associated datasets between the transmitted dataset and the available datasets at the receiving end, combined with the severity of the potential for derivation. The trust analysis module is used to determine the sensitivity of the transmitted dataset to the receiving end by utilizing the degree of sensitivity increase, and to determine the trustworthiness of the receiving end by utilizing the historical data transmission frequency information of the sending and receiving ends. The data processing module is used to determine the processing necessity of the transmitted dataset based on the sensitivity and trust level, and to determine whether to perform secure processing on the transmitted dataset before transmission based on the processing necessity.