A data processing method, apparatus, device, medium, and product
By building a global data lineage in a secure platform and using hash trees and blockchain storage, the problem of incomplete data lineage is solved, the security and transparency of cross-domain data processing are achieved, data traceability and privacy protection are ensured, and flexible access control is realized.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHINA MOBILE ZIJIN INNOVATION INST CO LTD
- Filing Date
- 2026-03-11
- Publication Date
- 2026-06-23
AI Technical Summary
In existing technologies, when data lineage is built and stored by third-party platforms, there are issues with incomplete data, which cannot ensure the transparency, traceability, and compliance of data processing. Furthermore, access control is not flexible enough in cross-domain scenarios, leading to a high risk of data leakage.
By employing nodes in a trusted execution environment within a secure platform, the de-identified secret shares of data providers are acquired and locally aggregated to construct a global data lineage. Hash trees and blockchain storage are used to ensure data security and traceability, while differentiated privacy processing is performed according to permission levels to achieve flexible access control.
It solves the problem of incomplete data lineage in cross-domain scenarios, ensures the security of data transmission and aggregation processes, achieves data traceability and privacy protection, reduces the risk of data leakage, and enables flexible access control.
Smart Images

Figure CN122263149A_ABST
Abstract
Description
Technical Field
[0001] This application belongs to the field of blockchain and specifically relates to a data processing method, apparatus, device, medium, and product. Background Technology
[0002] With the rapid development of information technology, the amount of data generated is growing rapidly, as is the volume of data transactions between different organizations. To record the entire lifecycle of data—from production, processing, storage, and circulation to final destruction—data lineage technology has emerged. It enables organizations to effectively trace the data processing flow, quickly locate anomalies, and improve the transparency of data circulation. Simultaneously, it meets the compliance audit requirements of regulatory agencies, making it a crucial technology in data circulation, data governance, and other application scenarios.
[0003] In existing technologies, data lineage is constructed and stored by third-party partner platforms. This presents challenges, including organizations' reluctance to provide local data lineages to these platforms, resulting in incomplete data lineages and issues of unreliability in the construction process and data leakage. In cross-domain scenarios, data lineage is typically stored on third-party platforms, raising concerns about data tampering and compromising transparency, traceability, and compliance in data processing. Furthermore, access control for data lineage in cross-domain data flow scenarios is inflexible, often employing a uniform hierarchical access system. For example, a single user might have high-level access to all data lineage information. This design fails to meet the demands of organizations in cross-domain scenarios who require more specific control over their own data lineage permissions. Summary of the Invention
[0004] This application provides a data processing method, apparatus, device, medium, and product to address the problems of incomplete data lineage obtained from existing third-party platforms, as well as the unreliability of the construction process and data leakage issues.
[0005] Firstly, a data processing method is provided, applied to a security platform, the security platform including nodes with a trusted execution environment, the method comprising:
[0006] The data provider obtains multiple secret shares sent by the data provider, wherein the secret shares are obtained by the data provider from splitting the lineage of the local data product after anonymization, and wherein the data provider includes at least one secret share with the same location index among the secret shares sent by different data providers.
[0007] Locally aggregate secret shares of the same location index from at least one of the data providers to obtain the global data lineage.
[0008] Optional, also includes:
[0009] Construct a hash tree based on the global data lineage;
[0010] The construction of the hash tree based on the global data lineage includes:
[0011] Combine the hash values of two adjacent leaf nodes, where the leaf nodes of the hash tree are the hash values of all operation records;
[0012] The combined hash result is then hashed to obtain the hash value of the parent node. This process is repeated upwards to obtain a unique root hash value, which is then encrypted and stored in the blockchain storage module.
[0013] Optional, also includes:
[0014] Obtain data product transaction requests between the data providers and trigger a global data lineage update based on the data product transaction requests;
[0015] The global data lineage update includes:
[0016] The system obtains multiple updated secret shares sent by the data provider. The updated secret shares are obtained by the data provider by splitting the de-identified updated local data product lineage. The data provider performs privacy processing on the data product lineage according to the lineage permission level in the data product transaction request to obtain the updated local data product lineage.
[0017] Optional, also includes:
[0018] Obtain the data product lineage information query request sent by the target data provider;
[0019] The data product lineage information query request is split into sub-query requests, which include target node query, upstream lineage relationship query and downstream lineage relationship query;
[0020] Based on the sub-query request, the target node information, upstream bloodline information, and downstream bloodline information are obtained respectively;
[0021] Verify the access permissions and target lineage permission levels of the target data provider based on the data product lineage information query request;
[0022] Differential privacy processing is performed on the target node information, the upstream bloodline relationship information, and the downstream bloodline relationship information according to the target bloodline permission level to obtain the target query result;
[0023] Send the target query results to the target data provider.
[0024] Optionally, the lineage permission hierarchy includes: an internal lineage permission hierarchy set within each data provider and an external lineage permission hierarchy between data providers.
[0025] Optionally, the bloodline permission levels include: full permission, high permission, and low permission;
[0026] When the permission level is low, the privacy processing includes: using differential privacy noise less than a first threshold and performing full-field desensitization;
[0027] When the permission level is medium, the privacy processing includes: using differential privacy noise that is not less than a first threshold and less than a second threshold to desensitize key fields;
[0028] When the permission level is high, differential privacy noise greater than the second threshold is used, and noise is added only to non-de-identified fields, wherein the first threshold is less than the second threshold.
[0029] Secondly, a security platform is provided, the security platform including nodes with a trusted execution environment, the platform comprising:
[0030] The acquisition module is used to acquire multiple secret shares sent by a data provider. The secret shares are obtained by the data provider from splitting the lineage of the de-identified local data product. The data provider includes at least one secret share with the same location index among the secret shares sent by different data providers.
[0031] The first processing module is used to locally aggregate secret shares of the same location index of at least one of the data providers to obtain a global data lineage.
[0032] Optional, also includes:
[0033] A construction module is used to construct a hash tree based on the global data lineage; wherein, constructing a hash tree based on the global data lineage includes: combining the hash values of two adjacent leaf nodes, wherein the leaf nodes of the hash tree are the hash values of all operation records; then performing hash processing on the combined hash result to obtain the hash value of the parent node, constructing upwards sequentially to obtain a unique root hash value, and encrypting the root hash value and storing it in the blockchain storage module.
[0034] Optional, also includes:
[0035] The second processing module is used to obtain data product transaction requests between the data providers and trigger a global data lineage update based on the data product transaction requests.
[0036] The global data lineage update includes: obtaining multiple updated secret shares sent by the data provider, wherein the updated secret shares are obtained by the data provider splitting the de-identified updated local data product lineage; wherein the data provider performs privacy processing on the data product lineage according to the lineage permission level of the data product lineage in the data product transaction request to obtain the updated local data product lineage.
[0037] Optional, also includes:
[0038] The third processing module is used to acquire a data product lineage information query request sent by the target data provider; split the data product lineage information query request into sub-query requests, the sub-query requests including target node query, upstream lineage relationship query, and downstream lineage relationship query; obtain target node information, upstream lineage relationship information, and downstream lineage relationship information according to the sub-query requests; verify the access permissions and target lineage permission levels of the target data provider according to the data product lineage information query request; perform differentiated privacy processing on the target node information, upstream lineage relationship information, and downstream lineage relationship information according to the target lineage permission level to obtain the target query result; and send the target query result to the target data provider.
[0039] Optionally, the lineage permission hierarchy includes: an internal lineage permission hierarchy set within each data provider and an external lineage permission hierarchy between data providers.
[0040] Optionally, the bloodline permission levels include: full permission, high permission, and low permission;
[0041] When the permission level is low, the privacy processing includes: using differential privacy noise less than a first threshold and performing full-field desensitization;
[0042] When the permission level is medium, the privacy processing includes: using differential privacy noise that is not less than a first threshold and less than a second threshold to desensitize key fields;
[0043] When the permission level is high, differential privacy noise greater than the second threshold is used, and noise is added only to non-de-identified fields, wherein the first threshold is less than the second threshold.
[0044] In a third aspect, an electronic device is provided, including a processor, a memory, and a program or instructions stored in the memory and executable on the processor, wherein the program or instructions, when executed by the processor, implement the steps of the data processing method as described in any one of the first aspects.
[0045] Fourthly, a readable storage medium is provided, on which a program or instructions are stored, which, when executed by a processor, implement the steps of the data processing method as described in any one of the first aspects.
[0046] Fifthly, a computer program product is provided, including computer instructions that, when executed by a processor, implement the steps of the data processing method as described in any one of the first aspects.
[0047] In this invention, multiple secret shares sent by data providers are obtained. These secret shares are derived by the data providers from the de-identified local data product lineage. The data providers include at least one entity, and secret shares with the same location index are sent from different entities. The secret shares with the same location index from at least one data provider are locally aggregated to obtain the global data lineage. Each entity de-identifies its data lineage locally before splitting it into secret shares, transmitting only fragmented information to the security platform. This solves the problem of entities being unwilling to share their original private data lineage in cross-domain scenarios. Furthermore, the secret shares with the same location index from different entities are locally aggregated in a trusted execution environment on a secure computing node, ensuring the entire aggregation process is executed in a hardware-isolated trusted environment, preventing external attacks or internal personnel from snooping on the original data. This ensures that data achieves traceability without leaking private information and guarantees the security of data transmission and aggregation. It solves the problems of incomplete data lineage obtained by existing third-party platforms, as well as the untrustworthy construction process and data leakage issues. Attached Figure Description
[0048] Figure 1 This is a flowchart of a data processing method provided in an embodiment of this application;
[0049] Figure 2 This is a schematic diagram of the tree structure of a data processing method provided in an embodiment of this application;
[0050] Figure 3 This is a flowchart illustrating the global data lineage construction process of a data processing method provided in an embodiment of this application;
[0051] Figure 4 This is a data transaction flowchart of a data processing method provided in an embodiment of this application;
[0052] Figure 5 This is a flowchart illustrating a data lineage query method provided in an embodiment of this application.
[0053] Figure 6 This is a schematic diagram of the permission hierarchy of a data processing method provided in an embodiment of this application;
[0054] Figure 7 This is a schematic diagram of the permission hierarchy parameters of a data processing method provided in an embodiment of this application;
[0055] Figure 8 This is a schematic diagram of the structure of a security platform provided in an embodiment of this application;
[0056] Figure 9 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation
[0057] The technical solutions of the embodiments of this application will be clearly described below with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of this application. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0058] The terms "first," "second," etc., used in the specification and claims of this application are used to distinguish similar objects and are not used to describe a specified order or sequence. It should be understood that such use of data can be interchanged where appropriate so that embodiments of this application can be implemented in orders other than those illustrated or described herein, and the objects distinguished by "first" and "second" are generally of the same class, not limited in number; for example, a first object can be one or more. Furthermore, in the specification and claims, "and" indicates at least one of the connected objects, and the character " / " generally indicates that the preceding and following objects are in an "or" relationship.
[0059] Please refer to Figure 1 This application provides a data processing method applied to a security platform, the security platform including nodes with a trusted execution environment, the method comprising:
[0060] Step 11: Obtain multiple secret shares sent by the data provider. The secret shares are obtained by the data provider from splitting the lineage of the de-identified local data product. The data provider includes at least one secret share with the same location index among the secret shares sent by different data providers.
[0061] In this embodiment, the security platform includes: a Secure Multi-Party Computation (MPC) module, which is deployed with a cluster of secure computing nodes with a trusted execution environment, thereby providing functions for building, updating, and querying global data lineages; and various data providers joining the security platform. This primarily provides information on the data products that each entity intends to publish for sale, as well as local data lineage information related to the published data products; data providing organizations. The local data lineage is standardized and anonymized, and the processed data lineage is recorded as follows: The security platform provides predefined, unified data standards and formats (including but not limited to: unified data models, naming conventions, and data formats) and unified data anonymization strategies; data providing organizations Based on the defined unified data standards and formats and the unified data anonymization strategy, the local data lineage is standardized and anonymized to obtain the processed data lineage. Data provider The processed local data lineage is shared using Shamir secret sharing technology. After being split into multiple shares, they are transmitted to the secure platform, specifically:
[0062] (1) Data provider Random selection coefficients Construct a polynomial:
[0063] ;
[0064] in, It means at least Only a certain share can restore the secret. , For large prime numbers, the coefficient Randomly selected from a finite field ;
[0065] (2) Using the above polynomials, calculate respectively To obtain a secret share, of which ;
[0066] (3) Assume there are a total Several institutions participate in the aggregation, and each institution targets the same location. ( , With step 2 The corresponding share is sent to a secure computing node with a Trusted Execution Environment (TEE) through a secure channel;
[0067] In this embodiment, each organization first de-identifies the data lineage locally before splitting it into secret shares, and only transmits the fragmented information to the security platform. This fundamentally solves the core obstacle of organizations being unwilling to share the original private data lineage in cross-domain scenarios; it prevents external attacks or internal personnel from snooping on the original data, and ensures the privacy of the data through secret sharing. Even if individual organizations are compromised or the network is monitored, the complete lineage cannot be restored. Furthermore, each organization's local original data lineage never leaves its own security domain, but is only fragmented during transmission, ensuring the credibility of the data transmission process and the immutability of the data, effectively protecting privacy and trust mechanisms in cross-domain cooperation scenarios.
[0068] Step 12: Locally aggregate the secret shares of the same location index of at least one of the data providers to obtain the global data lineage.
[0069] In this embodiment of the application, the data providing organization The transmitted data lineage secret shares are aggregated to obtain the global data lineage. Specifically:
[0070] (1) Index for each secret share The secure computing node receives shares from various data providers. Calculate the sum: ;
[0071] Based on the linear homomorphism of Shamir's secret sharing, the addition operation satisfies:
[0072] ;
[0073] make: ;
[0074] And for , ;
[0075] The aggregate polynomial is then: ;
[0076] (2) Secure computing nodes collect at least After aggregating the shares, calculate using Lagrange interpolation. :
[0077] ;
[0078] Among them, the Lagrange coefficient for: ;
[0079] Among them, the calculated It is the global aggregation secret This refers to the sum of the data lineages of various data providers.
[0080] In this embodiment of the application, the data provider is... Only the desensitized lineage information from step 11 is shared; detailed information remains with the data provider. Locally, this ensures the privacy and security of data lineage, and protects the data provider organization. The design of separating data lineage information and transmitting it to secure computing nodes through a secure channel ensures the security of data transmission. The secure computing nodes are designed with a Trusted Execution Environment (TEE) to ensure the security of data aggregation and prevent malicious attacks. At the same time, the hardware acceleration design through the Trusted Execution Environment (TEE) can improve the computing performance of MPC.
[0081] In this embodiment, multiple secret shares sent by data providers are obtained. These secret shares are obtained by splitting the lineage of local data products after anonymization by the data providers. The data providers include at least one entity, and secret shares with the same location index are sent by different data providers. The secret shares with the same location index from at least one data provider are locally aggregated to obtain the global data lineage. Each entity first anonymizes its data lineage locally before splitting it into secret shares, transmitting only fragmented information to the security platform. This solves the problem of entities being unwilling to share their original private data lineage in cross-domain scenarios. Furthermore, the secret shares with the same location index from different entities are locally aggregated in a trusted execution environment on a secure computing node, ensuring that the entire aggregation process is executed in a hardware-level isolated trusted environment, preventing external attacks or internal personnel from snooping on the original data. This ensures that data achieves traceability without leaking private information and guarantees the security of data transmission and aggregation processes. This solves the problems of incomplete data lineage obtained by existing third-party platforms, as well as the untrustworthy construction process and data leakage issues.
[0082] In this embodiment of the application, optionally, it also includes:
[0083] Construct a hash tree based on the global data lineage;
[0084] The construction of the hash tree based on the global data lineage includes:
[0085] Combine the hash values of two adjacent leaf nodes, where the leaf nodes of the hash tree are the hash values of all operation records;
[0086] The combined hash result is then hashed to obtain the hash value of the parent node. This process is repeated upwards to obtain a unique root hash value, which is then encrypted and stored in the blockchain storage module.
[0087] In this embodiment of the application, the security platform further includes: a blockchain module for storing the root hash values of the Merkle hash trees generated from each version of the data lineage; and an interface module that provides data lineage query capabilities through a pre-packaged interface for users of various data providers to query and access; such as Figure 2 As shown, a hash tree is constructed based on the global data lineage, specifically:
[0088] The hash values of all operation records are used as leaf nodes H(Li) of the Merkle hash tree; the hash values of two adjacent leaf nodes are combined, and the combined result is hashed to obtain the hash value of the parent node; this process is repeated continuously to build upwards, and finally the unique root hash value Hroot of the Merkle hash tree is obtained. The root hash value Hroot represents the unique identifier of this data lineage version and will be encrypted and stored in the blockchain.
[0089] At this point, if the global data lineage S is tampered with, the root hash value of the generated Merkle hash tree will change and will be different from the root hash value Hroot of the Merkle hash tree stored in the blockchain. This will immediately detect that the data has been tampered with, thereby verifying the accuracy of the global data lineage S.
[0090] In this embodiment, the root hash value Hroot of each Merkle hash tree version is encrypted and stored in the blockchain, instead of uploading detailed data lineage information and leaf nodes H(Li) in the Merkle hash tree to the blockchain. This improves the efficiency of blockchain storage and prevents leakage of data lineage information. Although the leaf nodes H(Li) in the Merkle hash tree are just hash values, uploading them to the blockchain could still lead to indirect leakage of data privacy due to factors such as the topology between hashes, the number of nodes, data flow, and access frequency. This prevents attackers from using external information such as transaction logs, external data sources, and timestamp patterns to reconstruct part of the lineage content through collision inference or enumeration guessing. The encryption method is a hash-based message authentication code (HMAC). This method improves storage efficiency on the blockchain, enhances privacy protection, and enables versioned management, making it a reliable and efficient method for data lineage evidence preservation.
[0091] Please refer to Figure 3 In this embodiment of the application, the complete process for constructing the global data lineage is as follows:
[0092] The data provider De-identify the local data lineage to obtain the de-identified data lineage. ;
[0093] The data provider The data lineage After being split into multiple secret shares, they are sent to a third-party platform, namely the multi-party secure computation module of the security platform.
[0094] The security platform will connect the data provider. The secret shares are aggregated to obtain the global data lineage. .
[0095] In this embodiment of the application, optionally, it also includes:
[0096] Obtain data product transaction requests between the data providers and trigger a global data lineage update based on the data product transaction requests;
[0097] The global data lineage update includes:
[0098] The system obtains multiple updated secret shares sent by the data provider. The updated secret shares are obtained by the data provider by splitting the de-identified updated local data product lineage. The data provider performs privacy processing on the data product lineage according to the lineage permission level in the data product transaction request to obtain the updated local data product lineage.
[0099] Please refer to Figure 4 In this embodiment of the application, the global data lineage update specifically includes:
[0100] Data provider 2 publishes data product D through a third-party platform (security platform) and simultaneously transmits the data lineage information related to data product D to the third-party platform (security platform). This will trigger a global data lineage update, that is, the data provider will de-identify and split the updated local data product lineage, as described in steps 11 and 12 above.
[0101] When data provider 1 initiates a request to purchase data product D, it negotiates a strategy with data provider 2 through a third-party platform (security platform). The agreement stipulates the permission levels for data provider 1 regarding the data lineage of data product D. For example, if it's a low-level permission, this permission information is stored in the permission table corresponding to data product D. The permission table is then hashed to obtain the corresponding hash value, which is then stored in the blockchain to ensure the permission information is immutable. The agreed-upon permission levels during the strategy negotiation consist of three layers: full permission, high permission, and low permission. Simultaneously, the organization also sets its internal permission levels, also with three layers: full permission, high permission, and low permission. When processing the query results for privacy based on permissions, the privacy levels corresponding to the three types of permissions within the organization and on the third-party platform are the same.
[0102] Data provider 1 processes data product D according to the strategy negotiated with data provider 2, such as using data provider 1's own data N and data product D to perform joint calculations to obtain data ND and form new record information;
[0103] Trigger local data lineage updates for data provider 1 and data provider 2. The local data lineage of data provider 1 records detailed information about data ND, while the local data lineage of data provider 2 only records coarse information about data ND. Trigger global data lineage updates, and the specific update process is as described in steps 11 and 12 above.
[0104] In this embodiment of the application, each institution can set internal permission levels. When data products are traded through a third-party platform, each institution will negotiate the use of the data products in this transaction. At this time, the permission levels of the data lineage of the data products in this transaction will be negotiated among the institutions participating in the negotiation. This level will control the privacy level of the data lineage when users query the data lineage information in the future, so as to achieve a more flexible permission control effect.
[0105] In this embodiment of the application, optionally, it also includes:
[0106] Obtain the data product lineage information query request sent by the target data provider;
[0107] The data product lineage information query request is split into sub-query requests, which include target node query, upstream lineage relationship query and downstream lineage relationship query;
[0108] Based on the sub-query request, the target node information, upstream bloodline information, and downstream bloodline information are obtained respectively;
[0109] Verify the access permissions and target lineage permission levels of the target data provider based on the data product lineage information query request;
[0110] Differential privacy processing is performed on the target node information, the upstream bloodline relationship information, and the downstream bloodline relationship information according to the target bloodline permission level to obtain the target query result;
[0111] Send the target query results to the target data provider.
[0112] Please refer to Figure 5 In this embodiment of the application, the query for the global data lineage specifically includes:
[0113] User A, a high-privilege user in data provider 1, initiates a query request to request the data lineage information of data ND.
[0114] After receiving the query request, the interface module of the third-party platform (security platform) splits the query request into three sub-queries: target node query, upstream lineage query, and downstream lineage query, and sends the three sub-query tasks to the MPC module, thereby greatly improving the computation efficiency and preventing performance problems caused by the excessive size of the query computation content.
[0115] The MPC module executes three sub-query tasks in the Trusted Execution Environment (TEE) of the secure computing node to obtain target node information, upstream lineage information, and downstream lineage information, respectively. Then, privacy processing is performed according to the permissions of the query user A. For example, according to the permission level of data provider 1 recorded in the permission table corresponding to data product D, user A of data provider 1 has a low permission level for the data lineage information corresponding to data product D provided by data provider 2, while user A has a high permission level for the internal data of data provider 1.
[0116] Therefore, for data lineage information belonging to data provider 1, a high-level privacy processing will be used, while for data lineage information belonging to data provider 2 associated with data product D, a low-level privacy processing will be used. This will ultimately result in privacy-processed target node information, upstream lineage information, and downstream lineage information, allowing each data provider to more flexibly control the privacy level of its own data lineage and reduce the risk of privacy leakage.
[0117] The MPC module aggregates the privacy-processed target node information, upstream lineage information, and downstream lineage information obtained from the above three sub-query tasks to obtain the complete query results, and then returns the complete query results to user A.
[0118] In this embodiment of the application, optionally, the lineage permission hierarchy includes: an internal lineage permission hierarchy set within each data provider and an external lineage permission hierarchy between the data providers.
[0119] In this embodiment of the application, optionally, the bloodline permission level includes: full permission, high permission, and low permission;
[0120] When the permission level is low, the privacy processing includes: using differential privacy noise less than a first threshold and performing full-field desensitization;
[0121] When the permission level is medium, the privacy processing includes: using differential privacy noise that is not less than a first threshold and less than a second threshold to desensitize key fields;
[0122] When the permission level is high, differential privacy noise greater than the second threshold is used, and noise is added only to non-de-identified fields, wherein the first threshold is less than the second threshold.
[0123] In this embodiment, the privacy processing performed on the target node information, upstream lineage information, and downstream lineage information calculated by the sub-query task includes desensitization and differential privacy processing. The degree of privacy processing is related to the query user's permissions, such as... Figure 6 As shown.
[0124] Since the global data lineage has already undergone some anonymization, no further anonymization will be performed in the privacy handling method corresponding to the full permissions design.
[0125] The formula for adding differential privacy noise is: ;
[0126] in, ;
[0127] in, Query sensitivity represents the maximum impact of a change in a single data entry on the result; For privacy budgets, the smaller the value, the stronger the privacy protection; The relaxation factor represents the allowed probability of privacy leakage. For details on permission levels and parameter mappings, please refer to [reference needed]. Figure 7 In this scheme, δ= The noise intensity is controlled by adjusting ϵ. The smaller ϵ is, the larger σ is, the stronger the noise, and the stricter the privacy protection. This enables query computation to be performed in the Trusted Execution Environment (TEE) of the secure computing node, ensuring data security.
[0128] In this embodiment of the application, in a cross-domain scenario, flexible control over data lineage permissions is achieved. Each data institution sets its own internal permission hierarchy. When data products are traded through a third-party platform, the data providers will also negotiate the use of the data products. At this time, they will negotiate the permission hierarchy of the data lineage of the data products traded by the participating institutions. This hierarchy will control the privacy level of the data lineage when users query data lineage information in the future, thereby achieving a more flexible permission control effect.
[0129] Please refer to Figure 8 A security platform is provided, the security platform including nodes with a trusted execution environment, the platform comprising:
[0130] The acquisition module 81 is used to acquire multiple secret shares sent by a data provider. The secret shares are obtained by the data provider from splitting the lineage of the de-identified local data product. The data provider includes at least one secret share with the same location index among the secret shares sent by different data providers.
[0131] The first processing module 82 is used to locally aggregate secret shares of the same location index of at least one of the data providing institutions to obtain a global data lineage.
[0132] In this embodiment of the application, optionally, it also includes:
[0133] A construction module is used to construct a hash tree based on the global data lineage; wherein, constructing a hash tree based on the global data lineage includes: combining the hash values of two adjacent leaf nodes, wherein the leaf nodes of the hash tree are the hash values of all operation records; then performing hash processing on the combined hash result to obtain the hash value of the parent node, constructing upwards sequentially to obtain a unique root hash value, and encrypting the root hash value and storing it in the blockchain storage module.
[0134] In this embodiment of the application, optionally, it also includes:
[0135] The second processing module is used to obtain data product transaction requests between the data providers and trigger a global data lineage update based on the data product transaction requests.
[0136] The global data lineage update includes: obtaining multiple updated secret shares sent by the data provider, wherein the updated secret shares are obtained by the data provider splitting the de-identified updated local data product lineage; wherein the data provider performs privacy processing on the data product lineage according to the lineage permission level of the data product lineage in the data product transaction request to obtain the updated local data product lineage.
[0137] In this embodiment of the application, optionally, it also includes:
[0138] The third processing module is used to acquire a data product lineage information query request sent by the target data provider; split the data product lineage information query request into sub-query requests, the sub-query requests including target node query, upstream lineage relationship query, and downstream lineage relationship query; obtain target node information, upstream lineage relationship information, and downstream lineage relationship information according to the sub-query requests; verify the access permissions and target lineage permission levels of the target data provider according to the data product lineage information query request; perform differentiated privacy processing on the target node information, upstream lineage relationship information, and downstream lineage relationship information according to the target lineage permission level to obtain the target query result; and send the target query result to the target data provider.
[0139] In this embodiment of the application, optionally, the lineage permission hierarchy includes: an internal lineage permission hierarchy set within each data provider and an external lineage permission hierarchy between the data providers.
[0140] In this embodiment of the application, optionally, the bloodline permission level includes: full permission, high permission, and low permission;
[0141] When the permission level is low, the privacy processing includes: using differential privacy noise less than a first threshold and performing full-field desensitization;
[0142] When the permission level is medium, the privacy processing includes: using differential privacy noise that is not less than a first threshold and less than a second threshold to desensitize key fields;
[0143] When the permission level is high, differential privacy noise greater than the second threshold is used, and noise is added only to non-de-identified fields, wherein the first threshold is less than the second threshold.
[0144] The security platform device provided in this application embodiment can achieve... Figure 1 The various processes implemented in the method embodiments achieve the same technical effect, and will not be described again here to avoid repetition.
[0145] This application provides an electronic device 90, see [link]. Figure 9 As shown, Figure 9 This is a schematic block diagram of an electronic device 90 according to an embodiment of this application, including a processor 91, a memory 92, and a program or instructions stored in the memory 92 and executable on the processor 91. When the program or instructions are executed by the processor, they implement the steps in any data processing method of this application.
[0146] This application provides a readable storage medium on which a program or instruction is stored. When the program or instruction is executed by a processor, it implements the various processes of the data processing method embodiment as described above and achieves the same technical effect. To avoid repetition, it will not be described again here.
[0147] This application also provides a computer program product, including computer instructions, which, when executed by a processor, implement the above-described... Figure 1 The various processes of the method embodiments shown can achieve the same technical effect, and will not be described again here to avoid repetition.
[0148] Computer-readable media include both permanent and non-permanent, removable and non-removable media, which can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.
[0149] It should be noted that the collection, gathering, updating, analysis, processing, use, transmission, and storage of user personal information involved in this disclosed technical solution all comply with relevant laws and regulations, are used for legitimate purposes, and do not violate public order and good morals. Necessary measures are taken to prevent unauthorized access to user personal information data and to safeguard user personal information security and network security.
[0150] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.
[0151] The embodiments of this application have been described above with reference to the accompanying drawings. However, this application is not limited to the specific embodiments described above. The specific embodiments described above are merely illustrative and not restrictive. Those skilled in the art can make many other forms under the guidance of this application without departing from the spirit and scope of the claims, and all of these forms are within the protection scope of this application.
Claims
1. A data processing method, characterized in that, Applied to a security platform, the security platform including nodes with a trusted execution environment, the method includes: The data provider obtains multiple secret shares sent by the data provider, wherein the secret shares are obtained by the data provider from splitting the lineage of the local data product after anonymization, and wherein the data provider includes at least one secret share with the same location index among the secret shares sent by different data providers. Locally aggregate secret shares of the same location index from at least one of the data providers to obtain the global data lineage.
2. The data processing method according to claim 1, characterized in that, Also includes: Construct a hash tree based on the global data lineage; The construction of the hash tree based on the global data lineage includes: Combine the hash values of two adjacent leaf nodes, where the leaf nodes of the hash tree are the hash values of all operation records; The combined hash result is then hashed to obtain the hash value of the parent node. This process is repeated upwards to obtain a unique root hash value, which is then encrypted and stored in the blockchain storage module.
3. The data processing method according to claim 1, characterized in that, Also includes: Obtain data product transaction requests between the data providers and trigger a global data lineage update based on the data product transaction requests; The global data lineage update includes: The system obtains multiple updated secret shares sent by the data provider. The updated secret shares are obtained by the data provider by splitting the de-identified updated local data product lineage. The data provider performs privacy processing on the data product lineage according to the lineage permission level in the data product transaction request to obtain the updated local data product lineage.
4. The data processing method according to claim 1, characterized in that, Also includes: Obtain the data product lineage information query request sent by the target data provider; The data product lineage information query request is split into sub-query requests, which include target node query, upstream lineage relationship query and downstream lineage relationship query; Based on the sub-query request, the target node information, upstream bloodline information, and downstream bloodline information are obtained respectively; Verify the access permissions and target lineage permission levels of the target data provider based on the data product lineage information query request; Differential privacy processing is performed on the target node information, the upstream bloodline relationship information, and the downstream bloodline relationship information according to the target bloodline permission level to obtain the target query result; Send the target query results to the target data provider.
5. The data processing method according to claim 3 or 4, characterized in that, The lineage permission hierarchy includes: the internal lineage permission hierarchy set within each data provider and the external lineage permission hierarchy between various data providers.
6. The data processing method according to claim 3 or 4, characterized in that, The bloodline permission levels include: full permission, high permission, and low permission; When the permission level is low, the privacy processing includes: using differential privacy noise less than a first threshold and performing full-field desensitization; When the permission level is medium, the privacy processing includes: using differential privacy noise that is not less than a first threshold and less than a second threshold to desensitize key fields; When the permission level is high, differential privacy noise greater than the second threshold is used, and noise is added only to non-de-identified fields, wherein the first threshold is less than the second threshold.
7. A security platform, characterized in that, The security platform includes nodes with a trusted execution environment, and the platform includes: The acquisition module is used to acquire multiple secret shares sent by a data provider. The secret shares are obtained by the data provider from splitting the lineage of the de-identified local data product. The data provider includes at least one secret share with the same location index among the secret shares sent by different data providers. The first processing module is used to locally aggregate secret shares of the same location index of at least one of the data providers to obtain a global data lineage.
8. An electronic device, characterized in that, It includes a processor, a memory, and a program or instructions stored in the memory and executable on the processor, wherein the program or instructions, when executed by the processor, implement the steps of the data processing method as claimed in any one of claims 1 to 6.
9. A readable storage medium, characterized in that, The readable storage medium stores a program or instructions that, when executed by a processor, implement the steps of the data processing method as described in any one of claims 1 to 6.
10. A computer program product, characterized in that, It includes computer instructions that, when executed by a processor, implement the steps in the data processing method as described in any one of claims 1 to 6.