Method, device, medium and program product for routing gdpr compliant data
By combining node compliance fuzzy evaluation and path risk prediction models with an improved A* algorithm, the rigidity problem of path selection in GDPR compliant data transmission is solved, achieving dynamic path optimization and global compliance assurance while meeting compliance constraints.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- XIAMEN XINGZONG DIGITAL TECH CO LTD
- Filing Date
- 2025-11-05
- Publication Date
- 2026-06-09
Smart Images

Figure CN122179360A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the fields of cloud computing and data security technology, and in particular to a method, device, medium and program product for routing GDPR compliant data. Background Technology
[0002] With the widespread adoption of cloud computing technology, large enterprises typically use globally distributed object storage services (OSS) such as AWS S3 and Azure Blob Storage to store massive amounts of data. These services have multiple storage regions, or OSS nodes, around the world to provide low latency and high availability. However, when data involves the personal information of EU citizens, its transmission and storage are strictly regulated by the General Data Protection Regulation (GDPR). The GDPR explicitly stipulates that personal data may not be transferred to non-EU countries / regions that the European Commission has not deemed to provide “adequate protection,” i.e., non-GDPR-controlled areas.
[0003] Currently, the common solution in the industry is static policy configuration, which mostly uses binary "yes / no" judgments, and has limitations. Specifically: Static policy configuration mainly involves administrators manually tagging specific types of data and statically configuring the list of regions where they are allowed to be stored, such as "EU only". This method is extremely rigid and cannot cope with complex network conditions, such as a compliant node going down or network congestion. In multi-hop transmission, such as from the user to the edge node and then to the core storage node, it cannot guarantee that all transit nodes along the entire path are compliant.
[0004] Furthermore, existing solutions mostly rely on binary "yes / no" judgments, resulting in a lack of quantification and optimization. Firstly, there is a lack of quantitative assessment of node compliance. For example, a node located in a country with "adequate protection" certification differs in compliance risk from a node in a country with an unstable legal environment, but existing systems cannot distinguish between them. Simultaneously, they fail to integrate network performance factors such as latency and compliance risks into a unified framework for comprehensive optimization.
[0005] Therefore, there is an urgent need for a technical solution that can assess the comprehensive risks of transmission paths in real time and automatically select the optimal path while meeting compliance constraints, in order to solve the problems of inflexibility and unreliability caused by static configuration. Summary of the Invention
[0006] Embodiments of the present invention provide a routing method, device, medium, and program product for GDPR compliant data, which automatically selects the optimal path for routing while meeting GPDR compliance constraints.
[0007] To achieve the above objectives, on the one hand, a method for routing GDPR compliant data is provided, including: Receive requests from users to upload GDPR data; A pre-established fuzzy comprehensive evaluation model for node compliance is used to obtain the compliance score C(v) of each OSS node v, and nodes with compliance scores C(v) greater than or equal to a predetermined compliance threshold are identified as candidate nodes. The node compliance fuzzy comprehensive evaluation model is as follows: C(v) = w1 J(v) + w2 L(v) + w3 S(v) J(v) is the jurisdiction weight, which is predefined based on the legal relevance of the country or region where node v is located to the GDPR; L(v) is the legal stability weight, which is pre-calculated based on the frequency of changes in the laws of the country or region where node v is located over the past N years and / or the severity of enforcement, where N is a predetermined number; S(v) is the security posture weight, which is pre-calculated based on the physical security level of the data center to which node v belongs, the security certification system passed, and / or historical security event records; w1, w2, w3 are weight coefficients, w1 + w2 + w3 = 1; The comprehensive risk R(P) of the path P from source node s to target node t is evaluated using a pre-established transmission path risk prediction model. The transmission path risk prediction model is as follows: R(P) = max{v∈P} [ (1 - C(v)) ] + λ Σ{e∈P} H(e) The meaning of max{v ∈ P} [ (1 - C(v)) ] is: the maximum value of (1 - C(v)) of all nodes v on path P; H(e) is the transmission risk of single-hop link e in path P; λ is a predetermined global trade-off parameter, λ>0; Using improved A * The algorithm finds the optimal path P that minimizes the value of R(P). * P * = argmin P { R(P)}, where the constraints for solving include: all nodes along the optimal path must be candidate nodes; the total delay of the optimal path does not exceed a predetermined delay limit, and the transmission cost does not exceed the budget; Using the optimal path P * To perform GDPR data routing.
[0008] Preferably, in the routing method, the improved A* algorithm uses g(v) to represent the known minimum risk from source node s to node v; and uses a heuristic function h(v) to estimate the residual risk from node v to target node t, where: h(v) = (1 - C(t)) (GeographicDistance(v, t) / MaxNetworkSpeed) GeographicDistance(v, t) is the geographic distance between node v and target node t; MaxNetworkSpeed is the theoretical maximum signal propagation speed.
[0009] Preferably, in the routing method, C(v) is a continuous value in the interval [0, 1], and the higher the value, the better the compliance of node v; L(v) ∈ [0, 1]; S(v) ∈ [0, 1]; J(v) ∈ [0, 1].
[0010] Preferably, in the routing method, wherein: When the country or region where node v is located is a member state of the European Union, J(v) = 1.0; When the country or region where node v is located is a pre-defined country that is deemed to have sufficient protection by the European Union, J(v) = 0.8; When the legal status of the country or region where node v is located is a predetermined country in a gray area, J(v) = 0.5; When the country or region where node v is located is a clearly defined non-GDPR jurisdiction, J(v) = 0.1.
[0011] Preferably, in the routing method, the countries recognized by the European Union as having sufficient protection include Switzerland and Japan.
[0012] Preferably, in the routing method, wherein, H(e) = α (Latency{e} / Latency{max}) + β (PacketLoss{e}) + γ GeoPoliticalRisk(e) Latency{e} is the current network latency of single-hop link e; Latency{max} is the maximum latency that the system can tolerate; PacketLoss{e} is the current packet loss rate of single-hop link e; GeoPoliticalRisk(e) is the geopolitical risk, whose value is preset and used to evaluate the stability and reliability of the data flow protocol between the two countries at the two ends of single-hop link e; α, β, γ are weighting coefficients, α + β + γ = 1.
[0013] Preferably, the method further includes: dynamically adjusting the values of w1, w2 and w3 according to the sensitivity of the transmitted data.
[0014] On the other hand, an electronic device is also provided, including a memory and a processor, the memory storing at least one program, the at least one program being executed by the processor to implement the steps of the GDPR compliance data routing method as described in any of the above.
[0015] In another aspect, a computer-readable storage medium is also provided, wherein at least one program is stored therein, the at least one program being executed by a processor to implement the steps of the routing method for GDPR compliant data as described in any of the above descriptions.
[0016] In another aspect, a computer program product is also provided, comprising a computer program, characterized in that, when the computer program is executed by a processor, it implements the steps of the GDPR compliance data routing method as described in any of the above descriptions.
[0017] The above technical solution has the following technical effects: The technical solution of this invention can perform real-time and intelligent assessment of the comprehensive risk of a transmission path by using a fuzzy comprehensive evaluation model of node compliance based on jurisdiction, legal stability, and security situation, and a transmission path risk prediction model based on node compliance risk and link transmission risk; and by using an improved A... * The algorithm is used to find the optimal path, enabling automatic selection of the optimal path for routing while meeting GPDR compliance constraints.
[0018] Specifically, the technical solution of the embodiments of the present invention has the following effects: It has achieved a leap from rigid static strategy configuration to real-time, dynamic path calculation, and can automatically adapt to network fluctuations and node status changes; By using fuzzy comprehensive evaluation, compliance is transformed from a binary judgment into a quantitative continuous score, thus achieving a more refined risk measurement. Using the highest compliance risk item ensures compliance throughout the entire transmission path, resolves compliance blind spots in multi-hop transmission, and achieves global path compliance assurance. It achieves a multi-objective intelligent trade-off that simultaneously optimizes compliance, network performance, and political risk within a unified framework, providing a scientific basis for decision-making; By using improved heuristic algorithms such as A*, we provide an efficient and feasible engineering solution for NP-hard problems, which is engineering feasible. Attached Figure Description
[0019] Figure 1 This is a flowchart illustrating a method for routing GDPR compliant data according to an embodiment of the present invention. Figure 2 This is a system topology diagram for routing data using a routing method for GDPR compliant data according to an embodiment of the present invention. Detailed Implementation
[0020] To further illustrate the various embodiments, the present invention provides accompanying drawings. These drawings are part of the disclosure of the present invention, primarily used to illustrate the embodiments and to explain the operating principles of the embodiments in conjunction with the relevant descriptions in the specification. With reference to these drawings, those skilled in the art should be able to understand other possible implementations and the advantages of the present invention. Components in the drawings are not drawn to scale, and similar component symbols are generally used to represent similar components.
[0021] The present invention will now be further described in conjunction with the accompanying drawings and specific embodiments.
[0022] Example 1: The core idea of this invention is to abstract the global object storage service (OSS) node network into a graph structure and define a comprehensive risk function for OSS nodes, ultimately transforming the routing problem into a constrained optimization problem.
[0023] Figure 1 This is a flowchart illustrating a method for routing GDPR compliant data according to an embodiment of the present invention. Figure 2 This is a system topology diagram for routing data using a routing method for GDPR compliant data according to an embodiment of the present invention.
[0024] like Figure 1 The GDPR compliance data routing method in this embodiment includes the following steps: Receive requests from users to upload GDPR data; GDPR data refers to data that needs to comply with GDPR regulations. A pre-established fuzzy comprehensive evaluation model for node compliance is used to obtain the compliance score C(v) of each OSS node v, and nodes with compliance scores C(v) greater than or equal to a predetermined compliance threshold are identified as candidate nodes. The fuzzy comprehensive evaluation model for node compliance is as follows: C(v) = w1 J(v) + w2 L(v) + w3 S(v) J(v) is the jurisdiction weight, which is predefined based on the legal relevance of the country or region where node v is located to the GDPR; L(v) is the legal stability weight, which is pre-calculated based on the frequency of changes in the laws and / or the severity of enforcement of the data in the country or region where node v is located over the past N years, where N is a predetermined number; S(v) is the security posture weight, which is pre-calculated based on the physical security level of the data center to which node v belongs, the security certification system passed, and / or historical security event records; w1, w2, and w3 are weight coefficients, w1 + w2 + w3 = 1; the aforementioned security certification system is, for example, ISO27001; in a specific implementation, the values of w1, w2, and w3 are dynamically adjusted according to the sensitivity of the transmitted data; for example, for extremely sensitive data, w1, i.e., the jurisdiction weight, can be set to have a higher proportion; In one specific implementation, C(v) is a continuous value in the interval [0, 1], with a higher value indicating better compliance of node v; in this implementation, the compliance threshold θc is greater than or equal to 0.7; preferably, θc = 0.7; S(v) ∈ [0, 1]; J(v) ∈ [0, 1]; J(v) is a predetermined constant, where: when the country or region where node v is located is an EU member state, J(v) = 1.0; when the country or region where node v is located is a predetermined country recognized by the EU as having sufficient protection, J(v) = 0.8; when the legal status of the country or region where node v is located is a predetermined country in a gray area, J(v) = 0.5; when the country or region where node v is located is a clearly non-GDPR jurisdiction, J(v) = 0.1. The aforementioned countries in the gray area are, for example, countries currently undergoing "sufficiency determination" negotiations; the aforementioned clearly non-GDPR jurisdictions are, for example, certain cloud regions such as Hong Kong, China, and the United States. In one specific implementation, L(v) is a stability index calculated through time series analysis based on historical data such as the frequency of legal changes and the severity of law enforcement in the region over the past N years; L(v) ∈ [0, 1], and the higher the value, the more stable the legal environment; L(v) is calculated based on the variance or volatility of historical events or by other methods. The comprehensive risk R(P) of the path P from source node s to target node t is evaluated using a pre-established transmission path risk prediction model; the goal is to minimize the value of R(P) through an optimization algorithm. The transmission path risk prediction model is as follows: R(P) = max{v∈P} [ (1 - C(v)) ] + λ Σ{e∈P} H(e) The meaning of max{v ∈ P} [ (1 - C(v)) ] is: the maximum value of (1 - C(v)) of all nodes v on path P; this maximum value follows the "barrel effect", ensuring that the compliance of the path is determined by the weakest node, thereby eliminating the possibility of data "accidentally" flowing through high-risk nodes; H(e) is the transmission risk of single-hop link e in path P; λ is a predetermined global trade-off parameter; λ is a constant greater than 0, used to balance the proportion of "node compliance risk" represented by max{v∈P} [ (1 - C(v)) ] and "link transmission risk" represented by Σ{e∈P} H(e) in the total risk R(P); H(e) = α (Latency{e} / Latency{max}) + β (PacketLoss{e}) + γ GeoPoliticalRisk(e) Latency{e} is the current network latency of single-hop link e; Latency{max} is the maximum tolerable latency of the system, used for normalization; PacketLoss{e} is the current packet loss rate of single-hop link e; GeoPoliticalRisk(e) is the geopolitical risk, whose value is preset and used to evaluate the stability and reliability of the data flow protocol between the two countries at the two ends of single-hop link e; in a specific implementation, the determined geopolitical risks are stored in a geopolitical risk database in advance; α, β, γ are weighting coefficients, α + β + γ = 1; Using improved A * The algorithm finds the optimal path P that minimizes the value of R(P). * P * = argmin P { R(P)}, where the constraints include: all nodes along the optimal path must be candidate nodes, i.e., nodes with compliance scores greater than or equal to a predetermined compliance threshold; the total delay of the optimal path does not exceed a predetermined delay limit, which is a performance constraint; and the transmission cost does not exceed the budget, which is an economic constraint. argmin P { R(P)} represents the P that minimizes the value of R(P); Use the optimal path P * To perform GDPR data routing.
[0025] The optimal path P in this embodiment of the invention * The solution process involves a multi-objective optimization function and a solution procedure, essentially a constrained shortest path problem. Since the objective function R(P) includes a max function, it is an NP-hard problem. This embodiment of the invention uses an improved A* algorithm for solving the problem. The design of the improved A* algorithm includes: Let g(v) represent the known minimum risk from source node s to node v; The heuristic function h(v) is used to estimate the residual risk from node v to the target node t, where: h(v) = (1 - C(t)) (GeographicDistance(v, t) / MaxNetworkSpeed) GeographicDistance(v, t) is the geographic distance between node v and target node t; MaxNetworkSpeed is the theoretical maximum signal propagation speed; this function can guide the algorithm to prioritize exploring directions that are geographically close to the target and have high compliance with the target node, greatly improving search efficiency.
[0026] The role of (GeographicDistance(v, t) / MaxNetworkSpeed) in the heuristic function is to derive time from distance / velocity. This gives the calculated result of GeographicDistance(v, t) / MaxNetworkSpeed a time dimension. This time estimate can be compared with the delay constraint in the optimization objective on the same dimension, ensuring that the residual risk h(v) estimated by the heuristic function is comparable in magnitude to the actual cumulative risk g(v) of the path (which also includes time-related delay costs). This is a prerequisite for the improved A* algorithm to find the optimal solution. The subexpression `GeographicDistance(v, t) / MaxNetworkSpeed` represents the estimated minimum transmission delay from the current node `v` to the target node `t`. The entire heuristic function `h(v)` combines the compliance risk (1 - C(t)) with the performance estimate (`GeographicDistance(v, t) / MaxNetworkSpeed`). The effect is as follows: if the compliance of the target node `t` is high (e.g., `C(t) ≈ 1`), then `(1 - C(t)) ≈ 0`, and `h(v)` will be small. The algorithm considers the "residual risk" of reaching this target to be low and prioritizes searching for that target. If the compliance of the target node `t` is low (e.g., `C(t) ≈ 0`), then `(1 - C(t)) ≈ 1`, and the value of `h(v)` mainly depends on the geographical distance. The algorithm considers it a "high-risk" target and will only consider it if there are no better options.
[0027] like Figure 2 In one specific implementation, after a user uploads a GDPR data request, the routing method of this embodiment of the invention is executed through a path decision engine to determine the routing path. Then, the routing executor performs routing based on the optimal path across multiple nodes or links in the global OSS network. The data required for path decision-making is obtained through a decision support system, including: real-time data calculated by a node compliance fuzzy evaluation model, real-time data from a geopolitical risk database, and network monitoring data obtained by a real-time network monitoring module; wherein the network monitoring data includes path performance feedback data after routing execution.
[0028] Example 2: The present invention also provides an electronic device, comprising: a processor and a memory, and a computer program stored in the memory and executable on the processor. The processor includes one or more processing cores, and the memory is connected to the processor via a bus. The memory is used to store program instructions, and when the processor executes the computer program, it implements the steps in the method embodiments described above in Embodiment 1 of the present invention. In one specific implementation, the electronic device is a device or terminal for implementing routing engine decisions.
[0029] Furthermore, as an executable solution, the electronic device can be a computer unit, which can be a desktop computer, laptop, handheld computer, cloud server, or other computing device. The computer unit may include, but is not limited to, a processor and memory. Those skilled in the art will understand that the above-described structure of the computer unit is merely an example and does not constitute a limitation on the computer unit. It may include more or fewer components, or combine certain components, or use different components. For example, the computer unit may also include input / output devices, network access devices, buses, etc., and this embodiment of the invention does not limit this.
[0030] Furthermore, as an executable solution, the processor can be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor can be a microprocessor or any conventional processor, etc. The processor is the control center of the computer unit, connecting various parts of the entire computer unit via various interfaces and lines.
[0031] The memory can be used to store the computer programs and / or modules. The processor implements various functions of the computer unit by running or executing the computer programs and / or modules stored in the memory and by calling data stored in the memory. The memory may mainly include a program storage area and a data storage area. The program storage area may store the operating system and at least one application program required for a function; the data storage area may store data created based on the use of the mobile phone, etc. In addition, the memory may include high-speed random access memory and may also include non-volatile memory, such as hard disk, RAM, plug-in hard disk, smart media card (SMC), secure digital card (SD card), flash card, at least one disk storage device, flash memory device, or other volatile solid-state storage device.
[0032] Example 3: The present invention also provides a computer-readable storage medium storing a computer program, which, when executed by a processor, implements the steps of the method described in the embodiments of the present invention.
[0033] If the modules / units integrated in the computer unit are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, all or part of the processes in the methods of the above embodiments can also be implemented by a computer program instructing related hardware. The computer program can be stored in a computer-readable storage medium, and when executed by a processor, it can implement the steps of the various method embodiments described above. The computer program includes computer program code, which can be in the form of source code, object code, executable files, or certain intermediate forms. The computer-readable medium can include: any entity or device capable of carrying the computer program code, recording media, USB flash drives, portable hard drives, magnetic disks, optical disks, computer memory, read-only memory (ROM), random access memory (RAM), and software distribution media, etc. It should be noted that the content contained in the computer-readable medium can be appropriately increased or decreased according to the requirements of legislation and patent practice in the jurisdiction.
[0034] Example 4: The present invention also provides a computer program product, including a computer program that, when executed by a processor, implements the steps described above.
[0035] Although the invention has been specifically shown and described in conjunction with preferred embodiments, those skilled in the art should understand that various changes in form and detail may be made to the invention without departing from the spirit and scope of the invention as defined in the appended claims, all of which shall be within the scope of protection of the invention.
Claims
1. A method for routing GDPR compliant data, characterized in that, include: Receive requests from users to upload GDPR data; A pre-established fuzzy comprehensive evaluation model for node compliance is used to obtain the compliance score C(v) of each OSS node v, and nodes with compliance scores C(v) greater than or equal to a predetermined compliance threshold are identified as candidate nodes. The node compliance fuzzy comprehensive evaluation model is as follows: C(v) = w1 J(v) + w2 L(v) + w3 S(v) J(v) is the jurisdiction weight, which is predefined based on the legal relevance of the country or region where node v is located to the GDPR; L(v) is the legal stability weight, which is pre-calculated based on the frequency of changes in the laws of the country or region where node v is located over the past N years and / or the severity of enforcement, where N is a predetermined number; S(v) is the security posture weight, which is pre-calculated based on the physical security level of the data center to which node v belongs, the security certification system passed, and / or historical security event records; w1, w2, w3 are weight coefficients, w1 + w2 + w3 = 1; The comprehensive risk R(P) of the path P from source node s to target node t is evaluated using a pre-established transmission path risk prediction model. The transmission path risk prediction model is as follows: R(P) = max{v∈P} [ (1 - C(v)) ] + λ Σ{e∈P} H(e) The meaning of max{v ∈ P} [ (1 - C(v)) ] is: the maximum value of (1 - C(v)) for all nodes v on path P; H(e) is the transmission risk of single-hop link e in path P; λ is a predetermined global trade-off parameter, λ>0; Using improved A * The algorithm finds the optimal path P that minimizes the value of R(P). * P * = argmin P { R(P)}, where the constraints for solving include: all nodes along the optimal path must be candidate nodes; the total delay of the optimal path does not exceed a predetermined delay limit, and the transmission cost does not exceed the budget; Using the optimal path P * To perform the routing of the GDPR data.
2. The routing method according to claim 1, characterized in that, The improved A* algorithm uses g(v) to represent the known minimum risk from source node s to node v; and uses a heuristic function h(v) to estimate the residual risk from node v to target node t, where: h(v) = (1 - C(t)) (GeographicDistance(v, t) / MaxNetworkSpeed) GeographicDistance(v, t) is the geographic distance between node v and target node t; MaxNetworkSpeed is the theoretical maximum signal propagation speed.
3. The routing method according to claim 1, characterized in that, C(v) is a continuous value in the interval [0, 1]. The higher the value, the better the compliance of node v; L(v) ∈ [0, 1]; S(v) ∈ [0, 1]; J(v) ∈ [0, 1].
4. The routing method according to claim 1, characterized in that: When the country or region where node v is located is a member state of the European Union, J(v) = 1.0; When the country or region where node v is located is a pre-defined country that is deemed to have sufficient protection by the European Union, J(v) = 0.8; When the legal status of the country or region where node v is located is a predetermined country in a gray area, J(v) = 0.5; When the country or region where node v is located is a clearly defined non-GDPR jurisdiction, J(v) = 0.
1.
5. The routing method according to claim 4, characterized in that, The countries recognized by the EU as having adequate protection include: Switzerland and Japan.
6. The routing method according to claim 1, characterized in that, H(e) = α (Latency{e} / Latency{max}) + β (PacketLoss{e}) + γ GeoPoliticalRisk(e) Latency{e} is the current network latency of single-hop link e; Latency{max} is the maximum latency that the system can tolerate; PacketLoss{e} is the current packet loss rate of single-hop link e; GeoPoliticalRisk(e) is the geopolitical risk, whose value is preset and used to evaluate the stability and reliability of the data flow protocol between the two countries at the two ends of single-hop link e; α, β, γ are weighting coefficients, α + β + γ = 1.
7. The routing method according to claim 1, characterized in that, Also includes: The values of w1, w2, and w3 are dynamically adjusted based on the sensitivity of the transmitted data.
8. An electronic device, characterized in that, It includes a memory and a processor, the memory storing at least one program, which is executed by the processor to implement the steps of the GDPR compliance data routing method as described in any one of claims 1 to 7.
9. A computer-readable storage medium, characterized in that, The storage medium stores at least one program segment, which is executed by a processor to implement the steps of the GDPR compliance data routing method as described in any one of claims 1 to 7.
10. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the steps of the routing method for GDPR compliant data as described in any one of claims 1 to 7.