A supply chain data security management method and system

By using dynamic identity anchoring, segmented data anonymization, and cross-node traceability, combined with closed-loop permission revoke, the system addresses the lack of collaboration and security vulnerabilities in existing supply chain data security management technologies, and achieves full lifecycle security management of supply chain data.

CN122247682APending Publication Date: 2026-06-19ZHUHAI NEZHA TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
ZHUHAI NEZHA TECHNOLOGY CO LTD
Filing Date
2026-03-19
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing supply chain data security management technologies suffer from severe homogenization, simplistic protection logic, and insufficient collaboration. They are unable to adapt to complex scenarios involving multiple nodes, multiple entities, and frequent data transfers, making it difficult to balance data security and availability, and resulting in security vulnerabilities and management shortcomings.

Method used

By employing dynamic identity anchoring and binding, segmented data anonymization, cross-node behavior tracing, and closed-loop permission revoke, a closed-loop protection system is formed by collecting multi-dimensional behavioral features to generate temporary identity identifiers, processing data in segments and embedding micro-tags, and monitoring and revoking permission status in real time.

Benefits of technology

It achieves dynamic and secure identity authentication, ensures the security and availability of data during the flow process, provides end-to-end traceability and real-time protection, reduces the risk of data leakage, and forms a systematic security protection capability.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247682A_ABST
    Figure CN122247682A_ABST
Patent Text Reader

Abstract

This invention discloses a supply chain data security management method and system. The invention relates to the field of supply chain data management and includes the following steps: S1: Dynamic identity anchoring and binding; S2: Segmented data de-identification and splitting for refined data segmentation; S3: Cross-node behavior tracing and marking; S4: Automatic closed-loop permission revocation for immediate permission revocation. The supply chain data security management method and system of this invention provide a legitimate basis for segmented de-identification through dynamic identity anchoring, ensuring that only legitimate entities can access the complete de-identified data; segmented de-identification provides a precise data carrier for cross-node tracing, enabling tracing markers to accurately correspond to the operational behaviors of each data segment; cross-node tracing provides precise triggering conditions for closed-loop permission revocation, allowing abnormal operations to be detected through tracing trajectories and timely permission revocation.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of supply chain data management, and in particular to a supply chain data security management method and system. Background Technology

[0002] With the accelerated digital transformation of global supply chains, the amount of order data, logistics information, supplier core data, and customer privacy data generated at each stage of the supply chain is growing explosively. Data has become a core asset for the collaborative operation of the supply chain, and its security management is directly related to the stability of the supply chain, the core interests of enterprises, and even the healthy development of the industry. Currently, existing supply chain data security management technologies generally suffer from serious homogenization, simplistic protection logic, and insufficient collaboration. They cannot adapt to the complex scenarios of multiple nodes, multiple entities, and frequent data flows in the supply chain, and they struggle to balance data security and data availability, resulting in numerous security vulnerabilities and management shortcomings.

[0003] In summary, existing supply chain data security management methods all have their own shortcomings, and the various technical links are independent and lack coordination, making it impossible to form a systematic security protection capability. They are also unable to cope with the increasingly complex security risks in the current digital transformation of the supply chain and cannot meet the needs of enterprises for secure and efficient management of supply chain data throughout its entire lifecycle.

[0004] Therefore, it is necessary to propose a supply chain data security management method and system to solve the above problems. Summary of the Invention

[0005] The main objective of this invention is to provide a supply chain data security management method and system that can effectively solve the problems in the background art.

[0006] To achieve the above objectives, the technical solution adopted by the present invention is as follows: A supply chain data security management method includes the following operational steps: S1: Dynamic identity anchoring and binding, used to uniquely lock the operational identity of each participant in the supply chain; S2: Segmented data desensitization and splitting, used for fine-grained segmentation of data; S3: Cross-node behavior traceability marker, used to achieve traceability of data operations throughout the entire supply chain, and the traceability information does not rely on external storage, thus avoiding the tampering of traceability data; S4: Automatic closed-loop permission revocation, used to realize the immediate revocation of permissions.

[0007] Preferably, step S1 specifically includes the following steps: S101: Collect multi-dimensional behavioral characteristics of the main entities operating at the supply chain nodes, including fixed operating time periods, physical information of commonly used operating equipment, sequence of routine operating paths, and fixed data access frequency. Integrate the above information to form a non-replicable baseline of entity behavior. S102: Before each data access, collect the current operation behavior information in real time, compare it with the preset behavior baseline dimension by dimension, and generate a temporary operation identity identifier after the comparison is passed. The validity period of the identifier is strictly bound to the duration of this operation. S103: The temporary identity identifier is unidirectionally associated with the supply chain data corresponding to this operation. The association only exists within the operation period and is automatically decoupled after the operation ends, leaving no association record.

[0008] Preferably, step S2 specifically includes the following steps: S201: According to the usage scenarios of supply chain data, the data is divided into core confidential segment, intermediate general segment, and basic display segment. The core confidential segment includes supplier costs, core capacity, and customer privacy information. The intermediate general segment includes logistics nodes and delivery cycle information. The basic display segment includes order status and basic material name information. S202: Differentiated desensitization rules are adopted for different segments. The core confidential segment is subjected to irreversible feature masking, retaining only the logical integrity of the data. The intermediate general segment is subjected to recoverable desensitization, and the basic display segment is not desensitized.

[0009] Preferably, step S2 further includes: independently encapsulating each de-identified data segment, wherein the encapsulated segmented data can only be combined and invoked through a temporary operation identity identifier, and the complete data content cannot be obtained without the corresponding identity.

[0010] Preferably, step S3 specifically includes the following steps: S301: During the operation and flow of each data segment, micro-tags of operation behavior are embedded in real time. The tag content includes the operation subject, operation time, operation action, and data segmentation status. S302: Micro-tags are transferred synchronously with data segments. When the data is transferred to the next supply chain node, the validity of the micro-tags of the previous node is automatically verified. If the verification fails, the data is rejected. S303: All micro-tags adopt a chain-like association method, with the previous node tag serving as the basis for generating the next node tag, forming an immutable chain-like traceability trajectory. The trajectory information is only embedded in the data flow process and is not stored separately.

[0011] Preferably, step S4 specifically includes the following steps: S401: Monitor the status of temporary operation identity in real time. Once any of the following conditions is detected: operation completed, operation timed out, or abnormal behavior baseline, immediately trigger the permission revocation command. S402: The permission revocation instruction applies synchronously to data segmentation combination permissions, data access permissions, and micro-tagged generation permissions. All permissions become invalid at the same time, without delay or omission. S403: After the permission is revoked, the temporary identity information, data combination records, and chain-based traceability temporary traces generated by the current operation are automatically cleared, and only the core traceability records that are kept in compliance are retained to ensure that the data environment is clean and free of residues.

[0012] A supply chain data security management system includes a dynamic identity anchoring submodule, a segmented data anonymization submodule, a cross-node behavior tracing submodule, and a closed-loop permission revoke submodule. The dynamic identity anchoring submodule specifically includes: Behavioral Feature Collection Submodule: Responsible for collecting multi-dimensional behavioral features of operators at each node of the supply chain, including fixed operation time periods, physical information of commonly used operating equipment, sequence of regular operation paths, and fixed data access frequency. It integrates all collected feature information to generate an uncopyable baseline of operator behavior, providing a basis for subsequent identity verification. Real-time identity verification submodule: When the operating entity initiates a data access request, it collects the current operation behavior information in real time and compares it with the preset behavior baseline generated by the behavior feature collection submodule in each dimension. After the comparison is successful, a temporary operation identity identifier is automatically generated. Identity Data Association Submodule: This module unidirectionally associates the temporary identity identifier generated by the real-time identity verification submodule with the supply chain data corresponding to this operation. The association only exists within the current operation period and is automatically terminated after the operation ends, leaving no association records.

[0013] Preferably, the segmented data desensitization submodule specifically includes: Data segmentation submodule: The supply chain data is divided into core confidential segment, intermediate general segment, and basic display segment; Differentiated desensitization submodule: For different data segments split by the data segmentation submodule, the core confidential segment is subjected to irreversible feature masking to preserve the logical integrity of the data; the intermediate general segment is subjected to recoverable desensitization; the basic display segment is not desensitized to ensure that the desensitization effect meets the method requirements. Data segmentation and encapsulation submodule: Each data segment processed by the differentiated desensitization submodule is encapsulated independently, and encapsulation permissions are set so that combined calls are only allowed through temporary operation identity identifiers. Without the corresponding temporary identity identifier, the complete data content cannot be obtained.

[0014] Preferably, the cross-node behavior tracing submodule specifically includes: Behavior micro-tag generation submodule: During each data operation flow, operation behavior micro-tags are embedded in real time, including operation subject, operation time, operation action, and data segmentation status; Micro-tag verification submodule: When data flows to the next supply chain node, it automatically verifies the legality of the micro-tags embedded in the previous node. If the verification fails, the data is rejected. Chain-based traceability trajectory generation submodule: It integrates the micro-marks of each node in a chain-based association manner, using the mark of the previous node as the basis for generating the mark of the next node, forming an immutable chain-based traceability trajectory. The trajectory information is only embedded in the data flow process and is not stored separately.

[0015] Preferably, the closed-loop permission revocation module specifically includes: Permission Status Monitoring Submodule: Monitors the status of temporary operation identity in real time, accurately identifies three trigger scenarios: operation completion, operation timeout, and abnormal behavior baseline. Once any scenario is detected, a permission revocation command is immediately triggered. Multi-dimensional permission revoke submodule: After receiving the revoke instruction from the permission status monitoring submodule, it synchronously revokes data segmentation combination permissions, data access permissions, and micro-tag generation permissions to ensure that all related permissions become invalid at the same time; Operation trace clearing submodule: After the permission is revoked, it automatically clears the temporary identity information, data combination records, and chain-based trace temporary traces generated by the current operation, and only retains the core trace records that are kept in compliance with regulations, so as to ensure that the data environment is clean and free of residues.

[0016] Compared with existing technologies, the present invention provides a supply chain data security management method and system, which has the following beneficial effects: This supply chain data security management method and system achieves dynamic, unique, and secure identity authentication through a dynamic identity anchoring process. By collecting multi-dimensional behavioral characteristics of various entities in the supply chain to form an unreplicable behavioral baseline, a real-time comparison is performed before each data access, generating a temporary operational identity identifier. This identifier is strictly bound to the operation duration and automatically delinked after the operation ends, eliminating the risk of identity impersonation and account theft at the source and ensuring that only legitimate entities can obtain data access permissions. Simultaneously, the unidirectional association between the temporary identity identifier and the data avoids long-term binding of identity information to data, further enhancing the security of identity authentication and solving the core problems of static and insufficiently secure existing identity authentication methods.

[0017] This supply chain data security management method and system employs segmented data anonymization, dividing data into core confidential segments, intermediate general segments, and basic display segments based on the supply chain data's usage scenarios. Differentiated anonymization rules are applied to each segment, ensuring both the absolute security of core confidential data and the normal usability of the intermediate general and basic display segments. This solves the problem that existing anonymization technologies either affect data availability or fail to effectively protect core data. Furthermore, the anonymized data segments require temporary identity identifiers for access, further strengthening data security. Even if a segment is leaked during data flow, attackers cannot obtain the complete data, significantly reducing the harm caused by data breaches.

[0018] This supply chain data security management method and system achieves full-process, tamper-proof traceability of supply chain data through cross-node behavioral tracing steps, solving the problems of existing traceability technologies that rely on external storage, are easily tampered with, and cannot trace across nodes. By embedding micro-tags during the segmented data flow and forming a traceability trajectory using a chain-like association method, the micro-tags flow synchronously with the data and automatically verify their legality. This not only eliminates the need for additional storage of traceability information, reducing storage costs, but also ensures the immutability of the traceability trajectory. At the same time, the chain-like traceability trajectory can completely record cross-node operational behaviors. In the event of a data security incident, the responsible party can be quickly located, and the data flow path can be traced, achieving full-process traceability and accountability.

[0019] This supply chain data security management method and system features a closed-loop permission revoke mechanism that monitors the status of temporary identities in real time. Once revoke conditions are triggered, it immediately and synchronously revokes data segmentation and combination permissions, data access permissions, and micro-tag generation permissions. Furthermore, it automatically clears temporary operation records after revokement, ensuring a clean and residue-free data environment. Simultaneously, permission revoke is deeply integrated with preceding identity anchoring, data anonymization, and traceability steps, forming a closed-loop protection system of "identity authentication - data anonymization - traceability - permission revoke." This ensures that security protection at each stage is mutually supportive and mutually reinforcing, preventing security gaps.

[0020] This supply chain data security management method and system provides a legitimate basis for accessing segmented data anonymization through dynamic identity anchoring, ensuring that only legitimate entities can access the complete anonymized data. Segmented anonymization provides a precise data carrier for cross-node traceability, enabling traceability markers to accurately correspond to the operational behaviors of each data segment. Cross-node traceability provides precise triggering conditions for closed-loop permission revocation, allowing abnormal operations to be detected through traceability tracing and timely permission revocation. Closed-loop permission revocation, in turn, ensures the effectiveness of identity anchoring, preventing the abuse of temporary identity identifiers and ensuring that anonymized data is not illegally accessed and traceability tracing tracing is not illegally tampered with. Attached Figure Description

[0021] Figure 1 This is a flowchart of the present invention. Detailed Implementation

[0022] To make the technical means, creative features, objectives and effects of this invention easier to understand, the invention will be further described below in conjunction with specific embodiments.

[0023] Example 1: like Figure 1 As shown, a supply chain data security management method includes the following operational steps: S1: Dynamic identity anchoring and binding, used to uniquely identify the operational identity of each participant in the supply chain, specifically including the following steps: S101: Collect multi-dimensional behavioral characteristics of the main entities operating at the supply chain nodes, including fixed operating time periods, physical information of commonly used operating equipment, sequence of routine operating paths, and fixed data access frequency. Integrate the above information to form a non-replicable baseline of entity behavior. S102: Before each data access, collect the current operation behavior information in real time, compare it with the preset behavior baseline dimension by dimension, and generate a temporary operation identity identifier after the comparison is passed. The validity period of the identifier is strictly bound to the duration of this operation. S103: The temporary identity identifier is unidirectionally associated with the supply chain data corresponding to this operation. The association only exists within the operation period and is automatically decoupled after the operation ends, leaving no association record.

[0024] S2: Segmented data desensitization and splitting, used for fine-grained segmentation of data, specifically including the following steps: S201: According to the usage scenarios of supply chain data, the data is divided into core confidential segment, intermediate general segment, and basic display segment. The core confidential segment includes supplier costs, core capacity, and customer privacy information. The intermediate general segment includes logistics nodes and delivery cycle information. The basic display segment includes order status and basic material name information. S202: Differentiated desensitization rules are adopted for different segments. The core confidential segment is subjected to irreversible feature masking, retaining only the data logic integrity. The intermediate general segment is subjected to recoverable desensitization. The basic display segment is not desensitized. It also includes: independently encapsulating each desensitized data segment. The encapsulated segment data can only be combined and called through temporary operation identity identifiers. Without the corresponding identity, the complete data content cannot be obtained.

[0025] S3: Cross-node behavior traceability tag, used to achieve traceability of data operations throughout the entire supply chain, and the traceability information does not rely on external storage, avoiding the tampering of traceability data. It specifically includes the following steps: S301: During the operation and flow of each data segment, micro-tags of operation behavior are embedded in real time. The tag content includes the operation subject, operation time, operation action, and data segmentation status. S302: Micro-tags are transferred synchronously with data segments. When the data is transferred to the next supply chain node, the validity of the micro-tags of the previous node is automatically verified. If the verification fails, the data is rejected. S303: All micro-tags adopt a chain-like association method, with the previous node tag serving as the basis for generating the next node tag, forming an immutable chain-like traceability trajectory. The trajectory information is only embedded in the data flow process and is not stored separately.

[0026] S4: Closed-loop automatic permission revocation, used to realize the immediate revocation of permissions, solving the security vulnerabilities of traditional permission expiration and permission redundancy, forming a closed-loop protection with the preceding steps, specifically including the following steps: S401: Monitor the status of temporary operation identity in real time. Once any of the following conditions is detected: operation completed, operation timed out, or abnormal behavior baseline, immediately trigger the permission revocation command. S402: The permission revocation instruction applies synchronously to data segmentation combination permissions, data access permissions, and micro-tagged generation permissions. All permissions become invalid at the same time, without delay or omission. S403: After the permission is revoked, the temporary identity information, data combination records, and chain-based traceability temporary traces generated by the current operation are automatically cleared, and only the core traceability records that are kept in compliance are retained to ensure that the data environment is clean and free of residues.

[0027] Example 2: A supply chain data security management system includes a dynamic identity anchoring submodule, a segmented data anonymization submodule, a cross-node behavior tracing submodule, and a closed-loop permission revoke submodule. The dynamic identity anchoring submodule specifically includes: Behavioral Feature Collection Submodule: Responsible for collecting multi-dimensional behavioral features of operators at each node of the supply chain, including fixed operation time periods, physical information of commonly used operating equipment, sequence of regular operation paths, and fixed data access frequency. It integrates all collected feature information to generate an uncopyable baseline of operator behavior, providing a basis for subsequent identity verification. Real-time identity verification submodule: When the operating entity initiates a data access request, it collects the current operation behavior information in real time and compares it with the preset behavior baseline generated by the behavior feature collection submodule in each dimension. After the comparison is successful, a temporary operation identity identifier is automatically generated. Identity Data Association Submodule: This module unidirectionally associates the temporary identity identifier generated by the real-time identity verification submodule with the supply chain data corresponding to this operation. The association only exists within the current operation period and is automatically terminated after the operation ends, leaving no association records.

[0028] The segmented data anonymization submodule specifically includes: Data segmentation submodule: The supply chain data is divided into core confidential segment, intermediate general segment, and basic display segment; Differentiated desensitization submodule: For different data segments split by the data segmentation submodule, the core confidential segment is subjected to irreversible feature masking to preserve the logical integrity of the data; the intermediate general segment is subjected to recoverable desensitization; the basic display segment is not desensitized to ensure that the desensitization effect meets the method requirements. Data segmentation and encapsulation submodule: Each data segment processed by the differentiated desensitization submodule is encapsulated independently, and encapsulation permissions are set so that combined calls are only allowed through temporary operation identity identifiers. Without the corresponding temporary identity identifier, the complete data content cannot be obtained.

[0029] The cross-node behavior tracing submodule specifically includes: Behavior micro-tag generation submodule: During each data operation flow, operation behavior micro-tags are embedded in real time, including operation subject, operation time, operation action, and data segmentation status; Micro-tag verification submodule: When data flows to the next supply chain node, it automatically verifies the legality of the micro-tags embedded in the previous node. If the verification fails, the data is rejected. Chain-based traceability trajectory generation submodule: It integrates the micro-marks of each node in a chain-based association manner, using the mark of the previous node as the basis for generating the mark of the next node, forming an immutable chain-based traceability trajectory. The trajectory information is only embedded in the data flow process and is not stored separately.

[0030] The closed-loop permission revocation module specifically includes: Permission Status Monitoring Submodule: Monitors the status of temporary operation identity in real time, accurately identifies three trigger scenarios: operation completion, operation timeout, and abnormal behavior baseline. Once any scenario is detected, a permission revocation command is immediately triggered. Multi-dimensional permission revoke submodule: After receiving the revoke instruction from the permission status monitoring submodule, it synchronously revokes data segmentation combination permissions, data access permissions, and micro-tag generation permissions to ensure that all related permissions become invalid at the same time; Operation trace clearing submodule: After the permission is revoked, it automatically clears the temporary identity information, data combination records, and chain-based trace temporary traces generated by the current operation, and only retains the core trace records that are kept in compliance with regulations, so as to ensure that the data environment is clean and free of residues.

[0031] The foregoing has shown and described the basic principles, main features, and advantages of the present invention. Those skilled in the art should understand that the present invention is not limited to the above embodiments. The embodiments and descriptions in the specification are merely illustrative of the principles of the invention. Various changes and modifications can be made to the invention without departing from its spirit and scope, and all such changes and modifications fall within the scope of the present invention as claimed. The scope of protection of this invention is defined by the appended claims and their equivalents.

Claims

1. A supply chain data security management method, characterized in that: The following steps are included: S1: Dynamic identity anchoring and binding, used to uniquely lock the operational identity of each participant in the supply chain; S2: Segmented data desensitization and splitting, used for fine-grained segmentation of data; S3: Cross-node behavior traceability marker, used to achieve traceability of data operations throughout the entire supply chain, and the traceability information does not rely on external storage, thus avoiding the tampering of traceability data; S4: Automatic closed-loop permission revocation, used to realize the immediate revocation of permissions.

2. The supply chain data security management method according to claim 1, characterized in that: S1 specifically includes the following steps: S101: Collect multi-dimensional behavioral characteristics of the main entities operating at the supply chain nodes, including fixed operating time periods, physical information of commonly used operating equipment, sequence of routine operating paths, and fixed data access frequency. Integrate the above information to form a non-replicable baseline of entity behavior. S102: Before each data access, collect the current operation behavior information in real time, compare it with the preset behavior baseline dimension by dimension, and generate a temporary operation identity identifier after the comparison is passed. The validity period of the identifier is strictly bound to the duration of this operation. S103: The temporary identity identifier is unidirectionally associated with the supply chain data corresponding to this operation. The association only exists within the operation period and is automatically decoupled after the operation ends, leaving no association record.

3. The supply chain data security management method according to claim 1, characterized in that: S2 specifically includes the following steps: S201: According to the usage scenarios of supply chain data, the data is divided into core confidential segment, intermediate general segment, and basic display segment. The core confidential segment includes supplier costs, core capacity, and customer privacy information. The intermediate general segment includes logistics nodes and delivery cycle information. The basic display segment includes order status and basic material name information. S202: Differentiated desensitization rules are adopted for different segments. The core confidential segment is subjected to irreversible feature masking, retaining only the logical integrity of the data. The intermediate general segment is subjected to recoverable desensitization, and the basic display segment is not desensitized.

4. The supply chain data security management method according to claim 3, characterized in that: S2 further includes: independently encapsulating each desensitized data segment; the encapsulated segmented data can only be combined and invoked through a temporary operation identity identifier; without the corresponding identity, the complete data content cannot be obtained.

5. A supply chain data security management method according to claim 1, characterized in that: S3 specifically includes the following steps: S301: During the operation and flow of each data segment, micro-markers of operation behavior are embedded in real time. The mark content includes the operation subject, operation time, operation action, and data segmentation status. S302: Micro-tags are transferred synchronously with data segments. When the data is transferred to the next supply chain node, the validity of the micro-tags of the previous node is automatically verified. If the verification fails, the data is rejected. S303: All micro-tags adopt a chain-like association method, with the previous node tag serving as the basis for generating the next node tag, forming an immutable chain-like traceability trajectory. The trajectory information is only embedded in the data flow process and is not stored separately.

6. The supply chain data security management method according to claim 1, characterized in that: S4 specifically includes the following steps: S401: Monitor the status of temporary operation identity in real time. Once any of the following conditions is detected, such as operation completion, operation timeout, or abnormal behavior baseline, immediately trigger the permission revocation command. S402: The permission revocation instruction applies synchronously to data segmentation combination permissions, data access permissions, and micro-tagged generation permissions. All permissions become invalid at the same time, without delay or omission. S403: After the permission is revoked, the temporary identity information, data combination records, and chain-based traceability temporary traces generated by the current operation are automatically cleared, and only the core traceability records that are kept in compliance are retained to ensure that the data environment is clean and free of residues.

7. A supply chain data security management system, employing a supply chain data security management method as described in any one of claims 1-6, comprising a dynamic identity anchoring submodule, a segmented data desensitization submodule, a cross-node behavior tracing submodule, and a closed-loop permission revoke submodule, characterized in that: The dynamic identity anchoring submodule specifically include: Behavioral Feature Collection Submodule: Responsible for collecting multi-dimensional behavioral features of operators at each node of the supply chain, including fixed operation time periods, physical information of commonly used operating equipment, sequence of regular operation paths, and fixed data access frequency. It integrates all collected feature information to generate an uncopyable baseline of operator behavior, providing a basis for subsequent identity verification. Real-time identity verification submodule: When the operating entity initiates a data access request, it collects the current operation behavior information in real time and compares it with the preset behavior baseline generated by the behavior feature collection submodule in each dimension. After the comparison is successful, a temporary operation identity identifier is automatically generated. Identity Data Association Submodule: This module unidirectionally associates the temporary identity identifier generated by the real-time identity verification submodule with the supply chain data corresponding to this operation. The association only exists within the current operation period and is automatically terminated after the operation ends, leaving no association records.

8. A supply chain data security management system according to claim 7, characterized in that: The segmented data desensitization submodule specifically includes: Data segmentation submodule: The supply chain data is divided into core confidential segment, intermediate general segment, and basic display segment; Differentiated desensitization submodule: For different data segments split by the data segmentation submodule, the core confidential segment is subjected to irreversible feature masking to preserve the logical integrity of the data; the intermediate general segment is subjected to recoverable desensitization; the basic display segment is not desensitized to ensure that the desensitization effect meets the method requirements. Data segmentation and encapsulation submodule: Each data segment processed by the differentiated desensitization submodule is encapsulated independently, and encapsulation permissions are set so that combined calls are only allowed through temporary operation identity identifiers. Without the corresponding temporary identity identifier, the complete data content cannot be obtained.

9. A supply chain data security management system according to claim 7, characterized in that: The cross-node behavior tracing submodule specifically includes: Behavior micro-tag generation submodule: During each data operation flow, operation behavior micro-tags are embedded in real time, including operation subject, operation time, operation action, and data segmentation status; Micro-tag verification submodule: When data flows to the next supply chain node, it automatically verifies the legality of the micro-tags embedded in the previous node. If the verification fails, the data is rejected. Chain-based traceability trajectory generation submodule: It integrates the micro-marks of each node in a chain-based association manner, using the mark of the previous node as the basis for generating the mark of the next node, forming an immutable chain-based traceability trajectory. The trajectory information is only embedded in the data flow process and is not stored separately.

10. A supply chain data security management system according to claim 7, characterized in that: The closed-loop permission revocation module specifically includes: Permission Status Monitoring Submodule: Monitors the status of temporary operation identity in real time, accurately identifies three trigger scenarios: operation completion, operation timeout, and abnormal behavior baseline. Once any scenario is detected, a permission revocation command is immediately triggered. Multi-dimensional permission revoke submodule: After receiving the revoke instruction from the permission status monitoring submodule, it synchronously revokes data segmentation combination permissions, data access permissions, and micro-tag generation permissions to ensure that all related permissions become invalid at the same time; Operation trace clearing submodule: After the permission is revoked, it automatically clears the temporary identity information, data combination records, and chain-based trace temporary traces generated by the current operation, and only retains the core trace records that are kept in compliance with regulations, so as to ensure that the data environment is clean and free of residues.