A multi-tenant data protection method under a city rail cloud platform
By adopting a layered architecture and random data encryption mechanism in the urban rail cloud platform, the problems of multi-tenant data isolation and privacy protection are solved, achieving efficient data isolation and privacy protection, and improving the security and trustworthiness of the urban rail cloud platform.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- QINGDAO METRO GRP CO LTD
- Filing Date
- 2026-03-20
- Publication Date
- 2026-06-19
Smart Images

Figure CN122247685A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of data security and is applied to big data management in urban rail transit cloud platforms, specifically to a method for protecting multi-tenant data under an urban rail transit cloud platform. Background Technology
[0002] With the continuous improvement of the informatization and intelligentization level of urban rail transit, technologies such as cloud computing and big data have been gradually introduced into the urban rail industry, forming urban rail cloud platforms that cater to multiple business scenarios such as operation management, equipment maintenance, and passenger services. Urban rail cloud platforms typically adopt a cloud architecture to centrally manage and uniformly schedule dispersed business systems and data resources, thereby improving resource utilization, reducing operation and maintenance costs, and enhancing the scalability and flexibility of the system.
[0003] In practical applications, urban rail cloud platforms often need to provide services to multiple operating entities, business departments, or external partners simultaneously (such as line operators, maintenance units, and third-party service providers), thus commonly adopting a multi-tenant architecture. Multi-tenant architecture allows different tenants to share the same cloud platform infrastructure and application services, but each tenant has significant differences in business logic, data content, and security requirements. Therefore, how to achieve effective data isolation between different tenants under the premise of resource sharing, and prevent unauthorized access or leakage of data, has become one of the key technical issues in the construction of urban rail cloud platforms.
[0004] Existing multi-tenant data isolation methods mainly include physical isolation, virtual isolation, and logical isolation. While physical isolation offers high security, it suffers from low resource utilization and high deployment and maintenance costs, making it unsuitable for large-scale, multi-tenant urban rail cloud platform applications. Virtual isolation relies on virtual machine or container technology, improving resource utilization efficiency to some extent, but still suffers from complex configuration, limited isolation granularity, and potential security risks. Logical isolation is typically implemented through database table structures and access control policies; while flexible and low-cost, it is prone to failure due to improper permission configuration or system vulnerabilities when facing complex business scenarios and high concurrency. Furthermore, with increasingly stringent data security and privacy protection requirements, existing technologies still fall short in terms of access control, privacy protection, and compliance assurance for sensitive data in multi-tenant environments, making it difficult to simultaneously meet the comprehensive needs of security, flexibility, and efficiency. Summary of the Invention
[0005] The purpose of this invention is to overcome the shortcomings of the prior art and provide a multi-tenant data protection method for urban rail cloud platforms. While ensuring system resource sharing and efficient operation, it achieves reliable isolation of data from different tenants and provides an effective privacy protection mechanism for sensitive data, thereby improving the overall security and credibility of urban rail cloud platforms.
[0006] This invention provides a multi-tenant data protection method for urban rail transit cloud platforms, comprising the following steps performed sequentially:
[0007] (1) Create independent virtual resource units for different tenants at the infrastructure layer to isolate physical resources at the infrastructure layer; assign a unique identifier to the tenants accessing the platform and bind the corresponding virtual resource units based on the identifier;
[0008] (2) Deploy an independent data space for each tenant at the platform layer. The data of different tenants are stored in different data spaces and managed by mapping through tenant identifiers;
[0009] (3) At the application layer, users within the tenant are divided into different roles and corresponding access permissions are configured according to the actual urban rail transit business.
[0010] Specifically, when data is transmitted across layers such as the infrastructure layer, platform layer, and / or application layer, the transmitted data is encrypted using randomized Sudoku rules involving random letters and numbers, and then transmitted after a second encryption process.
[0011] Furthermore, it also includes a data acquisition step: embedding a desensitization rule engine in the data access interface, and when the acquired data contains sensitive content, masking or partially desensitizing the sensitive fields according to preset rules.
[0012] Furthermore, in step (2), when the data of different tenants are stored in different data spaces, a specific encryption storage mechanism is implemented for data fields involving operational data, equipment status data, and personal privacy information, and isolation control is carried out according to the tenant.
[0013] Furthermore, the random data encryption processing for transmitting data by performing random letter and number Sudoku rule deduction includes dynamically generating random encryption parameters based on the data size and data category of the data to be transmitted, selecting the corresponding encryption algorithm and encryption strength, encrypting the data before storage and / or transmission, and using different random encryption strategies for different categories of data.
[0014] Furthermore, data verification modules are set up at both the data sending and receiving ends. After the encrypted data transmission is completed, the integrity and legality of the data are verified based on the data size and classification information to ensure that the data is not tampered with or intercepted during transmission.
[0015] Furthermore, the process of encrypting transmitted data using random letters and numbers according to Sudoku rules includes the following steps:
[0016] (A) When a cross-layer data transmission request is detected, the feature information of the data to be transmitted is obtained, including the size and classification information of the data to be transmitted, and the data size is classified according to a preset rule;
[0017] (B) Based on the data size classification results, data classification information and current data transmission parameters, generate a random starting identifier and generate a random alphanumeric mixed sequence;
[0018] (C) Convert the random letter and number mixed sequence into an initial numerical arrangement that conforms to the Sudoku rules, and use this arrangement as the input for Sudoku deduction; according to the row constraints, column constraints and area constraints of Sudoku rules, perform deduction processing on the initial numerical arrangement to generate a complete Sudoku structure;
[0019] (D) Perform traversal analysis on the generated Sudoku structure, extract multiple numerical features, and generate random encryption parameters according to preset mapping rules; match random encryption parameters of different security levels with data of different categories according to data classification information;
[0020] (E) Based on the generated random encryption parameters, perform the first round of encryption processing on the data to be transmitted to generate the first encrypted data;
[0021] (F) Further extract numerical features at preset positions from the Sudoku structure, wherein the numerical features at preset positions are the numerical distribution features within a specified area;
[0022] (G) Based on the extracted numerical features, the encryption parameters used in the first round of encryption are perturbed to generate encryption parameters for the second round of encryption. The second round of encryption parameters are related to the first round of encryption parameters, but cannot be directly deduced from a single encryption result.
[0023] (H) Using the secondary encryption parameters, perform secondary encryption on the first encrypted data to generate the final encrypted data.
[0024] Further, step (B) specifically involves selecting multiple characters from a preset set of alphanumeric characters according to a random starting identifier to form a random alphanumeric mixed sequence, the mixed sequence being different in different data transmission sessions.
[0025] Furthermore, step (D) also includes assigning higher encryption strength to privacy-sensitive data and relatively lower encryption strength to ordinary business data. The random encryption parameters include at least an algorithm identifier for indicating the encryption algorithm type, a security level identifier for indicating the encryption strength, and / or an encryption parameter identifier for controlling the complexity of the encryption process.
[0026] Furthermore, the designated area in step (F) is a diagonal area.
[0027] Furthermore, it also includes a decryption step: at the data receiving end, based on the same feature information, the corresponding random letter and number mixed sequence and Sudoku structure are regenerated, and the second decryption and the first round of decryption operations are performed in sequence to restore the original data.
[0028] The multi-tenant data protection method for urban rail cloud platforms of this invention, compared with existing technologies, can achieve the following: dynamically determine the encryption algorithm or encryption strength based on data size and data classification; and use encrypted transmission protocols to prevent data from being stolen or tampered with during transmission when data is transmitted across modules or systems. The big data management of the urban rail cloud platform incorporates a random number generation mechanism based on random letter and number Sudoku rules, combined with secondary encryption processing, resulting in a higher level of encryption. Specifically, in the multi-tenant environment of the urban rail cloud platform, it achieves multi-level data isolation and full lifecycle privacy protection, ensuring data security for different tenants under resource sharing conditions, and improving the platform's ability to protect privacy data and its response efficiency to security incidents. It is suitable for urban rail cloud platform scenarios with multiple lines and multiple entities operating collaboratively. Attached Figure Description
[0029] Figure 1 This is a flowchart illustrating the multi-tenant data protection method under the urban rail cloud platform. Detailed Implementation
[0030] The specific implementation of this invention is described in detail below. It should be noted that the following implementation is merely for further illustration of this invention and should not be construed as limiting the scope of protection of this invention. Non-essential improvements and adjustments made to this invention by those skilled in the art based on the above description are still within the scope of protection of this invention. It should be noted that the acquisition, storage, use, and processing of data in the technical solution of this application all comply with the relevant provisions of national laws and regulations, and have been clearly marked or authorized in accordance with relevant requirements.
[0031] This invention provides a multi-tenant data protection method for urban rail transit cloud platforms, as shown in the attached figure. Figure 1 The diagram illustrates the multi-tenant data protection method under the urban rail cloud platform. The urban rail cloud platform adopts a layered architecture, implementing hierarchical protection according to the infrastructure layer, platform layer, and application layer, and extending throughout the entire lifecycle of data collection, storage, use, transmission, and destruction to achieve coordinated implementation of multi-tenant data isolation and privacy protection. Specifically, the infrastructure layer provides computing, storage, and network resources; the platform layer provides data management and service support capabilities; and the application layer carries urban rail business applications and provides specific business functions to tenants (such as line operators, maintenance units, and third-party service providers). By introducing targeted isolation and security control mechanisms at each layer, a multi-layered protection system is formed, which will be described in detail below.
[0032] A method for multi-tenant data protection under an urban rail transit cloud platform includes the following steps performed sequentially:
[0033] First, virtualization technology is used to abstract and pool physical resources, creating independent virtual resource units for different tenants at the infrastructure layer, thus isolating physical resources at the infrastructure layer. These physical resources include computing, storage, and network resources. When a tenant connects to the platform, the system assigns it a unique identifier and binds it to the corresponding virtual resource unit, ensuring that different tenants can only access their authorized computing, storage, and network resources, preventing cross-tenant resource access.
[0034] Secondly, an independent data space (including database instance space or logical database space) is deployed at the platform layer for each tenant. Data from different tenants is stored in different data spaces and managed through mapping using tenant identifiers. For important data fields involving operational data, device status data, and personal privacy information, an encrypted storage mechanism is introduced. After encryption, the encryption keys are centrally managed by a separate key management module and isolated according to tenants, thereby preventing unauthorized access and preventing direct access to plaintext data.
[0035] When data is transmitted across layers, random data encryption is applied to the transmitted data. While methods of encryption using random data already exist, the technical solution of this invention incorporates a random number generation mechanism based on random letter and number Sudoku rules, combined with secondary encryption processing, resulting in a higher level of encryption. Specifically, the system dynamically generates random encryption parameters based on the data size and data category to be transmitted, selects the corresponding encryption algorithm and encryption strength, encrypts the data before storage and / or transmission, and uses different random encryption strategies for different categories of data (such as business data, device operation data, and / or privacy-sensitive data). Simultaneously, data verification modules are set up at both the data sending and receiving ends. After encrypted data transmission is completed, the integrity and legality of the data are verified based on the data size and classification information to ensure that the data has not been tampered with or intercepted during transmission.
[0036] Specifically, the process of randomly encrypting transmitted data includes the following steps:
[0037] First, when a cross-layer data transmission request is detected, the feature information of the data to be transmitted is obtained, including the size and classification information of the data to be transmitted, and the data size is classified according to preset rules.
[0038] Second, based on the data size classification results, data classification information, and current data transmission parameters, a random start identifier is generated, and a random alphanumeric mixed sequence is generated. Specifically, multiple characters are selected from the preset set of alphanumeric characters according to the random start identifier to form a set of random alphanumeric mixed sequences. The mixed sequence is different in different data transmission sessions, so as to ensure the dynamic change of encryption parameters.
[0039] Third, the random letter and number mixed sequence is converted into an initial numerical arrangement that conforms to the Sudoku rules, and this arrangement is used as the input for Sudoku deduction. Specifically, the initial numerical arrangement is deduced according to the row constraints, column constraints and area constraints of Sudoku rules to generate a complete Sudoku structure. The Sudoku structure, as the core carrier of random number generation, has a numerical distribution that is affected by the random mixed sequence and has high randomness and unpredictability.
[0040] Fourth, the generated Sudoku structure is traversed and analyzed to extract multiple numerical features, and random encryption parameters are generated according to preset mapping rules. Based on the data classification information, random encryption parameters of different security levels are matched with different categories of data, where privacy-sensitive data corresponds to higher encryption strength and ordinary business data corresponds to relatively lower encryption strength. The random encryption parameters include at least an algorithm identifier for indicating the encryption algorithm type, a security level identifier for indicating the encryption strength, and / or an encryption parameter identifier for controlling the complexity of the encryption process.
[0041] Fifth, based on the generated random encryption parameters, the first round of encryption processing is performed on the data to be transmitted to generate the first encrypted data. The first round of encryption is used to provide basic security protection for the data content and prevent the data from being directly identified or parsed during transmission.
[0042] Sixth, further extract numerical features at preset positions from the Sudoku structure, wherein the numerical features at preset positions are the numerical distribution features within a specified area, preferably the diagonal area;
[0043] Seventh, based on the extracted numerical features, the encryption parameters used in the first round of encryption are perturbed to generate encryption parameters for the second round of encryption. The second round of encryption parameters are related to the first round of encryption parameters, but cannot be directly deduced from a single encryption result.
[0044] Eighth, using the aforementioned secondary encryption parameters, perform secondary encryption processing on the first encrypted data to generate the final encrypted data.
[0045] In addition, the process includes a decryption step. Specifically, at the data receiving end, based on the same characteristic information, a corresponding random letter and number mixed sequence and Sudoku structure are regenerated, and a second decryption and a first-round decryption operation are performed sequentially to restore the original data. During the decryption process, the consistency of the encryption parameters used for decryption is verified. If the verification fails, an anomaly in data transmission is determined, and security control measures are triggered.
[0046] Through a secondary encryption mechanism, even if the first round of encryption is detected, the original data cannot be directly recovered, thereby further improving the security of data transmission. Ultimately, encrypted data can be transmitted between the infrastructure layer, platform layer, or application layer.
[0047] Then, based on the actual urban rail transit operations, users within the tenant are divided into different roles at the application layer, and corresponding access permissions are configured for each role. These roles can include operations management, equipment maintenance, data analysis, etc. During user login and business operations, the identity authentication module obtains the user's tenant and role information, and the permission verification module determines whether the user has the necessary permissions to perform the current operation. Permission granularity can be refined to specific business functions, data objects, and operation types, granting users only the minimum permissions necessary to complete their business, thereby reducing the risk of permission abuse.
[0048] In addition, the system includes a data collection step, embedding a desensitization rule engine into the data access interface. When the collected data contains sensitive content, the system masks or partially desensitizes sensitive fields according to preset rules. By completing the desensitization process before the data enters the platform, the exposure scope of sensitive data within the system can be effectively reduced, lowering the risk of privacy leaks in subsequent stages.
[0049] Although exemplary embodiments of the invention have been described for illustrative purposes, those skilled in the art will understand that various modifications, additions, and substitutions in form and detail may be made without departing from the scope and spirit of the invention disclosed in the appended claims, and all such modifications and substitutions should fall within the scope of protection of the appended claims. Furthermore, the various parts of the product and the various steps of the method claimed in this invention can be combined in any combination. Therefore, the description of the embodiments disclosed in this invention is not intended to limit the scope of the invention, but rather to describe the invention. Accordingly, the scope of the invention is not limited by the above embodiments, but is defined by the claims or their equivalents.
Claims
1. A method for protecting multi-tenant data under an urban rail cloud platform, characterized in that, This includes the following steps performed sequentially: (1) Create independent virtual resource units for different tenants at the infrastructure layer to isolate physical resources at the infrastructure layer; assign a unique identifier to the tenants accessing the platform and bind the corresponding virtual resource units based on the identifier; (2) Deploy an independent data space for each tenant at the platform layer. The data of different tenants are stored in different data spaces and managed by mapping through tenant identifiers; (3) At the application layer, users within the tenant are divided into different roles and corresponding access permissions are configured according to the actual urban rail transit business. Specifically, when data is transmitted across layers such as the infrastructure layer, platform layer, and / or application layer, the transmitted data is encrypted using randomized Sudoku rules involving random letters and numbers, and then transmitted after a second encryption process.
2. The method as described in claim 1, characterized in that, It also includes a data collection step: embedding a desensitization rule engine in the data access interface, and when the collected data contains sensitive content, masking or partially desensitizing the sensitive fields according to preset rules.
3. The method as described in claim 2, characterized in that: In step (2), when the data of different tenants are stored in different data spaces, a specific encryption storage mechanism is implemented for data fields involving operational data, equipment status data, and personal privacy information, and isolation control is carried out according to the tenant.
4. The method as described in claim 1, characterized in that, Random data encryption processing, which involves deriving random letters and numbers according to Sudoku rules for transmitted data, includes dynamically generating random encryption parameters based on the data size and data category of the data to be transmitted, selecting the corresponding encryption algorithm and encryption strength, encrypting the data before storage and / or transmission, and using different random encryption strategies for different categories of data.
5. The method as described in claim 4, characterized in that: Data verification modules are set up at both the data sending and receiving ends. After the encrypted data transmission is completed, the integrity and legality of the data are verified based on the data size and classification information to ensure that the data is not tampered with or intercepted during transmission.
6. The method as described in claim 5, characterized in that, The process of encrypting transmitted data using random letters and numbers derived from Sudoku rules includes the following steps: (A) When a cross-layer data transmission request is detected, the feature information of the data to be transmitted is obtained, including the size and classification information of the data to be transmitted, and the data size is classified according to a preset rule; (B) Based on the data size classification results, data classification information and current data transmission parameters, generate a random starting identifier and generate a random alphanumeric mixed sequence; (C) Convert the random letter and number mixed sequence into an initial numerical arrangement that conforms to the Sudoku rules, and use this arrangement as the input for Sudoku deduction; according to the row constraints, column constraints and area constraints of Sudoku rules, perform deduction processing on the initial numerical arrangement to generate a complete Sudoku structure; (D) Perform traversal analysis on the generated Sudoku structure, extract multiple numerical features, and generate random encryption parameters according to preset mapping rules; match random encryption parameters of different security levels with data of different categories according to data classification information; (E) Based on the generated random encryption parameters, perform the first round of encryption processing on the data to be transmitted to generate the first encrypted data; (F) Further extract numerical features at preset positions from the Sudoku structure, wherein the numerical features at preset positions are the numerical distribution features within a specified area; (G) Based on the extracted numerical features, the encryption parameters used in the first round of encryption are perturbed to generate encryption parameters for the second round of encryption. The second round of encryption parameters are related to the first round of encryption parameters, but cannot be directly deduced from a single encryption result. (H) Using the secondary encryption parameters, perform secondary encryption on the first encrypted data to generate the final encrypted data.
7. The method as described in claim 6, characterized in that: Step (B) specifically involves selecting multiple characters from a preset set of alphanumeric characters according to a random starting identifier to form a random alphanumeric mixed sequence. The mixed sequence is different in different data transmission sessions.
8. The method as described in claim 7, characterized in that: Step (D) further includes assigning higher encryption strength to privacy-sensitive data and relatively lower encryption strength to ordinary business data. The random encryption parameters include at least an algorithm identifier for indicating the encryption algorithm type, a security level identifier for indicating the encryption strength, and / or an encryption parameter identifier for controlling the complexity of the encryption process.
9. The method as described in claim 8, characterized in that: The area specified in step (F) is the diagonal area.
10. The method as described in claim 9, characterized in that, It also includes a decryption step: at the data receiving end, based on the same feature information, the corresponding random letter and number mixed sequence and Sudoku structure are regenerated, and the second decryption and the first round of decryption operations are performed in sequence to restore the original data.