Data security sharing method, device and system based on available invisible mechanism
By establishing a unified registration system and trusted execution environment based on spatiotemporal coding and root of rights, the system solves the problems of privacy protection and value measurement in cross-domain data interconnection and interoperability, and realizes secure computation and controllable and measurable sharing of data without leaving the domain, thus supporting the trusted circulation and compliant supervision of data elements.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SHANGHAI GERUDE BIG DATA TECHNOLOGY CO LTD
- Filing Date
- 2026-04-27
- Publication Date
- 2026-07-03
AI Technical Summary
The current system for organizing, confirming ownership, and circulating data suffers from inconsistent data standards, difficulties in cross-domain interoperability, insufficient privacy protection, and ambiguous value measurement, making it difficult to fully release the potential value of data. In particular, in scenarios such as multi-entity collaboration, government-enterprise cooperation, and industrial chain collaboration, issues such as reliable data circulation, secure computing, and asset-based operation become prominent.
By establishing a unified registration and rights confirmation system based on spatiotemporal coding and root of rights, and combining digital contracts and a trusted execution environment, secure computation of data can be achieved without leaving the original storage domain. The computation results are generated and traceable evidence information and encrypted measurement certificates are recorded, ensuring that data users cannot directly access the original data.
It enables the discovery and traceability of multi-source heterogeneous data in the global trusted space, and completes the secure sharing of "data not leaving the domain, usable but not visible, controllable and measurable", providing system-level technical support and laying the foundation for the secure circulation, trusted measurement and compliant supervision of data elements.
Smart Images

Figure CN122339656A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of cross-domain data sharing security technology, specifically to a data security sharing method, device and system based on an available but invisible mechanism, applicable to application scenarios such as cross-domain data sharing, data element circulation, data computing services and compliance supervision. Background Technology
[0002] As the fourth paradigm (a data-intensive research method that combines data-driven approaches with model learning) expands from scientific research to all sectors, including economics, industry, energy, finance, culture and tourism, and urban governance, massive, multi-source, and heterogeneous data is gradually becoming a key production factor triggering economic and social innovation. The demand for data collection, governance, analysis, sharing, and trading is constantly growing across industries, and data has transformed from a "supporting resource" into a crucial "core asset."
[0003] However, the current system for organizing, defining, and circulating data still suffers from significant shortcomings: inconsistent data standards, difficulties in cross-domain interoperability, insufficient privacy protection, and ambiguous value measurement. In other words, it lacks effective mechanisms for data interconnection (the ability of different systems to discover and locate data), interoperability (the ability of different systems to exchange and schedule data based on data interconnection), and interoperability (the ability of different systems to use data based on data interconnection and interoperability), making it difficult to fully realize the potential value of data. This is especially true in scenarios involving multi-entity collaboration, government-enterprise cooperation, and supply chain collaboration, where issues such as reliable data circulation, secure computing, and asset-based operation become increasingly prominent.
[0004] Therefore, in the process of building the new generation of information infrastructure, there is an urgent need for a systematic solution that can not only ensure data security and privacy, but also achieve cross-domain interconnection, on-demand scheduling and trusted circulation. Summary of the Invention
[0005] In view of this, embodiments of this specification provide a data security sharing method, apparatus and system based on an available but invisible mechanism, which solves the problem of enabling data to participate in computation in a controlled trusted execution environment without leaving the original storage domain, ensuring that data users cannot directly access, view or copy the original data content, and can only obtain authorized computation results, thereby realizing a truly secure sharing mechanism of "data not leaving the domain, available but invisible, controllable and measurable" in multi-entity collaborative scenarios.
[0006] The embodiments in this specification provide the following technical solutions: This specification provides a data security sharing method based on an available-but-not-visible mechanism, applied to an operation platform in a trusted data space. The operation platform includes at least a digital object management module, a data usage request routing module, a digital contract verification module, and a trusted execution environment scheduling module. The data security sharing method includes: The system receives and stores digital object registration information submitted by the data provider. The digital object registration information includes at least spatiotemporal coding and ownership information. The spatiotemporal coding is generated based on a unified spatiotemporal grid coding system and is used to perform globally unique positioning and routing of digital objects. The ownership information is registered based on the root of rights mechanism and is used to identify the rights holder corresponding to the digital object and serve as the basis for subsequent authorization and contract binding. Receive a data usage request for a target digital object initiated by the data user side, the data usage request including at least: a machine-readable digital contract corresponding to the target digital object; After completing the authentication of the initiator of the data usage request and the compliance verification of the digital contract, the data usage request is routed to the data provider corresponding to the target digital object based on the identifier and spatiotemporal encoding of the target digital object. Schedule and authorize a trusted execution environment bound to the digital contract so that the original data from the data provider can be used to execute the computational tasks agreed upon by the digital contract in the trusted execution environment without leaving the domain, generating computational results that do not contain the original data, and recording the execution process of the computational tasks; Based on the execution process, evidence storage information and encrypted measurement certificates are generated, and the calculation results are returned to the data user side. The evidence storage information and encrypted measurement certificates are then distributed to the data provider side and the preset regulatory audit node.
[0007] This specification also provides a data security sharing method based on an available-but-not-visible mechanism, applied to the data provider side, the data security sharing method including: The raw data is encapsulated into standardized digital objects through the first data network gateway, and a globally unique identifier is assigned to the digital objects and metadata is generated. Based on a unified spatiotemporal grid coding system, a computable spatiotemporal code is generated for the digital object, which integrates geographical location, time information and object unique identifier; Based on the root rights mechanism, the digital object is linked to the rights holder corresponding to the data provider to complete the ownership registration; The digital object registration information, including the identifier, spatiotemporal encoding, ownership information, and metadata, is submitted to the identifier resolution system of the trusted data space for registration, so as to enable global discovery and authorized access; wherein, the original data is stored in the local or controlled storage domain of the data provider. In response to a data usage request authorized and routed by the operating platform, the corresponding trusted execution environment is authorized to access the raw data in accordance with the usage control policy specified in the digital contract, so as to execute the computational task agreed upon in the digital contract; Receive evidence storage information and encrypted measurement credentials, wherein the evidence storage information and the encrypted measurement credentials are generated based on the record of the execution process of the computing task.
[0008] This specification also provides a data security sharing method based on an available-but-not-visible mechanism, applied to the data user side, the data security sharing method including: By accessing the operation platform through the second digital network gateway, digital objects can be searched to discover target digital objects and obtain their ownership information; Based on the ownership information, a machine-readable digital contract corresponding to the target digital object is generated, and a data usage request including the digital contract is submitted to the operating platform. After the data usage request is approved, the data provider is triggered to authorize the corresponding trusted execution environment to access the original data in accordance with the usage control policy specified in the digital contract, so as to execute the computational task agreed in the digital contract. Receive computation results returned by a trusted execution environment, which do not contain the original data.
[0009] This specification also provides a data security sharing platform based on an available-but-not-visible mechanism, the data security sharing platform comprising: The digital object management module is used to receive and store digital object registration information submitted by the data provider. The digital object registration information includes at least spatiotemporal coding and ownership information. The spatiotemporal coding is generated based on a unified spatiotemporal grid coding system and is used to perform global unique positioning and routing of digital objects. The ownership information is registered based on the root of rights mechanism and is used to identify the rights holder corresponding to the digital object and serve as the basis for subsequent authorization and contract binding. The data usage request receiving module is used to receive a data usage request for a target digital object initiated by the data user side. The data usage request includes at least: a machine-readable digital contract corresponding to the target digital object. The digital contract verification module is used to verify the identity of the initiator of the data usage request and the compliance of the digital contract. The data usage request routing module is used to, after completing the authentication of the initiator of the data usage request and the compliance verification of the digital contract, route the data usage request to the data provider corresponding to the target digital object based on the identifier and spatiotemporal encoding of the target digital object. The trusted computing module is used to schedule and authorize a trusted execution environment bound to the digital contract according to the computing constraints specified in the digital contract, so that the original data of the data provider can be executed in the trusted execution environment to perform the computing tasks agreed upon by the digital contract without leaving the domain. The trusted execution environment is configured to only allow the execution of calculations according to the input, calculation logic and output rules agreed upon by the digital contract, and generate a calculation result that does not contain the original data after the calculation is completed. At the same time, it generates evidence storage information and encrypted measurement certificates based on the trusted record of the entire process of the calculation task execution. The feedback module is used to return the calculation results to the data user side and distribute the evidence information and the encrypted measurement certificate to the data provider side and the preset regulatory audit node.
[0010] This specification also provides a data security sharing device based on an available-but-not-visible mechanism, deployed on the data providing side, the data security sharing device comprising: The data encapsulation module is used to encapsulate raw data into standardized digital objects through the first data network gateway, assign a globally unique identifier to the digital objects and generate metadata. The spatiotemporal coding generation module is used to generate a computable spatiotemporal code for the digital object based on a unified spatiotemporal grid coding system, which integrates geographical location, time information and object unique identifier. The ownership registration module is used to link the digital object with the corresponding rights holder on the data provider side based on the rights root mechanism, so as to complete the ownership registration. The digital object registration module is used to submit digital object registration information, including the identifier, spatiotemporal encoding, ownership information, and metadata, to the identifier resolution system of the trusted data space for registration, so as to enable global discovery and authorized access; wherein, the original data is stored in the local or controlled storage domain of the data provider. The execution module is used to respond to data usage requests authorized and routed by the operating platform, and authorize the corresponding trusted execution environment to access the raw data in accordance with the usage control policy specified in the digital contract, so as to execute the computational tasks agreed in the digital contract. A receiving module is used to receive evidence storage information and encrypted measurement credentials, wherein the evidence storage information and the encrypted measurement credentials are generated based on the record of the execution process of the computing task.
[0011] This specification also provides a data security sharing device based on an available-but-not-visible mechanism, deployed on the data-using side, the data security sharing device comprising: The retrieval module is used to access the operation platform through the second digital network gateway to search for digital objects in order to discover target digital objects and obtain their ownership information; The digital usage request module is used to generate a machine-readable digital contract corresponding to the target digital object based on the ownership information, and submit a data usage request including the digital contract to the operation platform. The trusted execution environment driver module is used to drive the data provider to authorize the corresponding trusted execution environment to access the original data in order to execute the computational task agreed upon in the digital contract after the data usage request is approved. The receiving module is used to receive computation results returned by the trusted execution environment, which do not contain the original data.
[0012] This specification also provides a data security sharing system based on an available-but-not-visible mechanism, the data security sharing system comprising: The operation platform module is used to execute the data security sharing method described above for operation platforms applied in trusted data spaces; The data provider module is used to execute the data security sharing method applied to the data provider side described above; The data usage side module is used to execute the data security sharing method applied to the data usage side described above; The operation platform module, data provider module, and data user module work together through a trusted execution environment to achieve data sharing where the original data does not leave the domain but is available and invisible. The analysis module, based on the evidence information and encrypted measurement certificates of historical data circulation, uses knowledge graphs or artificial intelligence models to perform circulation trend analysis, abnormal behavior detection or data value assessment, and optimizes platform routing strategies, risk control strategies or resource scheduling strategies based on the analysis results.
[0013] Compared with the prior art, the beneficial effects that at least one technical solution adopted in the embodiments of this specification can achieve include at least: 1. By establishing a unified registration and rights confirmation system based on spatiotemporal coding and root of rights, the discoverability and traceability of multi-source heterogeneous data in the global trusted space have been realized; 2. By introducing an automated execution mechanism that combines digital contracts with a trusted execution environment, secure data computation is completed while strictly ensuring that data does not leave the domain, achieving "usable but invisible"; 3. By reliably storing and measuring the entire calculation process, an auditable and traceable spatiotemporal evidence chain and value settlement certificate are formed, providing system-level technical support for the secure circulation, reliable measurement and compliant supervision of data elements. Attached Figure Description
[0014] To more clearly illustrate the technical solutions of the embodiments of this application, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0015] Figure 1 This is a flowchart of a data security sharing method based on an available-but-not-visible mechanism, as described in this application; Figure 2 This is a diagram of the data network architecture in this application; Figure 3 This is a schematic diagram of the working principle of the data network in this application; Figure 4 This is a diagram of the "Trusted Data Space" fusion foundation architecture in this application; Figure 5 This is a conceptual model diagram of the "trusted data space" for data-real integration in this application; Figure 6 This is the "Trusted Data Space" system architecture in this application. Detailed Implementation
[0016] The embodiments of this application will now be described in detail with reference to the accompanying drawings.
[0017] The following specific examples illustrate the implementation of this application. Those skilled in the art can easily understand other advantages and effects of this application from the content disclosed in this specification. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of them. This application can also be implemented or applied through other different specific embodiments, and the details in this specification can also be modified or changed based on different viewpoints and applications without departing from the spirit of this application. It should be noted that, in the absence of conflict, the following embodiments and features in the embodiments can be combined with each other. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0018] It should be noted that various aspects of embodiments within the scope of the appended claims are described below. It will be apparent that the aspects described herein can be embodied in a wide variety of forms, and any particular structure and / or function described herein is merely illustrative. Based on this application, those skilled in the art will understand that one aspect described herein can be implemented independently of any other aspect, and two or more of these aspects can be combined in various ways. For example, any number and aspects set forth herein can be used to implement the device and / or practice the method. Additionally, this device and / or method can be implemented using structures and / or functionalities other than one or more of the aspects set forth herein.
[0019] It should also be noted that the illustrations provided in the following embodiments are only schematic representations of the basic concept of this application. The drawings only show the components related to this application and are not drawn according to the actual number, shape and size of the components in the actual implementation. In the actual implementation, the shape, quantity and proportion of each component can be arbitrarily changed, and the layout of the components may also be more complex.
[0020] Additionally, specific details are provided in the following description to facilitate a thorough understanding of the examples. However, those skilled in the art will understand that practice can be carried out without these specific details.
[0021] Traditional data sharing models have mainly developed in three directions, but each has obvious limitations and cannot fully meet the needs of cross-domain, reliable, and measurable data circulation.
[0022] The first category is traditional data sharing and exchange platforms, which are based on centralized databases, file systems, or API services, and achieve data collection, storage, and sharing through a unified interface. Examples include government data sharing and exchange platforms and enterprise data platforms, which mainly achieve data access through interface authorization. Although they are mature in deployment and easy to operate, they have significant drawbacks: they are mostly based on a single domain or organization, lacking cross-domain trust mechanisms; they lack a data ownership confirmation and usage measurement system, making it difficult to trace and hold accountable; and they often rely on a central node to transmit raw data, posing risks of data leaving the domain, leakage, or misuse.
[0023] The second category is the Data Space or Data Platform architecture, represented by the European International Data Space (IDS), GAIA-X, and the International Data Space model based on Digital Object Architecture (DOA). These architectures attempt to achieve interoperability and sharing of data resources across institutions and regions by constructing distributed metadata catalogs, unified identification systems, and access control policies. While improving data discovery capabilities and governance transparency, significant shortcomings remain: heterogeneous identification systems, with different institutions often using different identification registration and resolution systems (such as Handle, DOI, CSTR, DID, etc.), lacking a unified resolution and mapping mechanism, leading to difficulties in cross-system resolution and mapping; primarily static access control, lacking dynamic authorization and billing capabilities; and the absence of a unified spatiotemporal semantic support system, making it difficult to aggregate, compare, and manage multi-source data across spatial and temporal dimensions. These deficiencies significantly limit the Data Space's ability to handle cross-domain, cross-system, and cross-industry data collaboration.
[0024] The third category of technologies focuses on enhancing trust and security. These mainly include technologies for evidence storage and traceability based on distributed ledgers (blockchain), digital object registration and interaction protocols based on DOA / DOIP protocols, and spatiotemporal indexing and positioning mechanisms centered on spatiotemporal grid coding systems (such as GeoSOT and BeiDou grid location codes). These technologies have advantages in trusted evidence storage, unique identification, and spatiotemporal reference, but they are isolated and lack systemic integration: blockchain is disconnected from identification systems and data delivery protocols; DOIP fails to address the issues of data not leaving the domain for computation and secure measurement; and spatiotemporal coding has failed to effectively link with the data governance system.
[0025] In view of this, the inventors, through research and exploration, discovered that although existing data sharing and data space-related technologies have made some progress in data identification, metadata management, access control, and local trust, they still generally suffer from the following common technical defects: First, the data usage phase still relies on the premise of "visible data," making it impossible to prevent data leakage and misuse from a technical perspective. Second, the identification system, spatiotemporal system, and data delivery mechanism are fragmented and lack a unified and integrated architecture; Third, the lack of verifiable, measurable, and liquidable execution-level constraints on data usage behavior makes it impossible to support true data asset operation. These shortcomings are precisely the key areas for improvement in this invention.
[0026] Based on this, the embodiments of this specification propose a data security sharing method based on a usable but invisible mechanism. The overall idea is as follows: construct a secure sharing mechanism based on the three-dimensional collaboration of "spatiotemporal-object-rights". By deeply integrating the spatiotemporal grid coding system with the digital object identification system, a unique identifier with spatiotemporal semantics is generated, and data ownership registration is completed in conjunction with the root rights mechanism. During the data circulation process, relying on the data network infrastructure and digital contract mechanism, usage requests are routed to the data provider side, and a trusted execution environment bound to the contract is scheduled to ensure that the original data completes secure computation without leaving the local domain. While generating the computation results, traceable evidence information and measurable encrypted credentials are automatically generated. Ultimately, a trusted sharing of data throughout its entire lifecycle is achieved, ensuring that the data does not leave the domain, is usable but invisible, and is controllable and measurable, providing fundamental support for a data-driven society.
[0027] The technical solutions provided by the various embodiments of this application are described below with reference to the accompanying drawings.
[0028] The technical terms used in the embodiments of this specification are explained as follows: DOA: Digital Object Architecture, a system that encapsulates data / services / devices as independently addressable digital objects.
[0029] DOIP: Digital Object Interface Protocol, a communication protocol under DOA used for the discovery, access, and manipulation of digital objects.
[0030] DO / Digital Object: Data entities (files, streams, models, etc.) that are encapsulated by DOA and can be registered, parsed, and called.
[0031] DOID: Digital Object Identifier, a unique identifier used to identify a digital object.
[0032] IRP: Identifier Resolution Protocol, used to resolve identifiers into object location / routing information.
[0033] IDS: International Data Space, a general concept for a distributed data sharing and trust framework (representative implementations include IDS / GAIA-X, etc.).
[0034] GAIA-X: A European-led data infrastructure initiative that emphasizes a distributed ecosystem of interoperability and data sovereignty.
[0035] DRI: Data-Reality Integration, is the concept and method of mapping real-world entities and digital objects in a unified way across time and space.
[0036] Data of Things (DoT) is an infrastructure network for identification, addressing, and circulation of trusted data.
[0037] Data Network Gateway: The entry node for the Data Network to connect with external data entities, responsible for object registration, identifier resolution, and cross-domain access adaptation.
[0038] Available but not visible: This means that data participates in computational processing only in a controlled trusted execution environment without leaving its original storage domain. Data users cannot directly obtain, copy, or view the original data content; they can only obtain the authorized computation results. Data network switch: a central node located between gateways, responsible for request routing, trusted metering, evidence storage and scheduling.
[0039] Network router: A network layer device or software module that enables long-link interconnection between multiple nodes and forwarding of data packets / requests.
[0040] Spatio-Temporal Code: This code integrates spatial location, temporal information, and object identification for unified spatio-temporal indexing and positioning.
[0041] GeoSOT (BeiDou Grid Location Code): A type of spatiotemporal grid coding system (e.g., BeiDou Grid Location Code) used for precise geographic spatiotemporal division and identification.
[0042] Cyber Grid Code (CGC): A cyber / spatiotemporal grid coding system that integrates geospatial, network address, and object information.
[0043] Root of rights: A mechanism / recording system used to link data objects with rights holders (ownership, right of use, right of income) and serve as the anchor of ownership.
[0044] Data connector: A lightweight adapter / proxy component used on the platform or user side to trigger and manage data access, registration, synchronization and invocation.
[0045] Data assets: Data products or datasets that have been registered, have been confirmed as owned, and are circulated, measurable, and subject to profit sharing.
[0046] Data providers: Market entities that provide value-added services for data circulation (such as data source providers, matchmakers, algorithm / model service providers, clearing and settlement providers, etc.).
[0047] Digital contracts: Contract templates that define data usage rules (subject, frequency, duration, algorithm, settlement rules) in a machine-readable format and can be executed automatically.
[0048] Usage control: A technical mechanism that imposes fine-grained mandatory constraints on subjects, behaviors, time, and location during data transmission / storage / use / destruction.
[0049] Trusted Execution Environment (TEE): Executes code and data processing within a secure area isolated by hardware and software, ensuring the confidentiality and integrity of the computation process.
[0050] like Figure 1 As shown in the embodiments of this specification, a data security sharing method based on an available-but-not-visible mechanism is provided and applied to an operating platform in a trusted data space. The operating platform includes at least a digital object management module, a data usage request routing module, a digital contract verification module, and a trusted execution environment scheduling module. The data security sharing method includes: Step S100: Receive and store digital object registration information submitted by the data provider. The digital object registration information includes at least spatiotemporal coding and ownership information. The spatiotemporal coding is generated based on a unified spatiotemporal grid coding system and is used to globally and uniquely locate and route digital objects. The ownership information is registered based on the root rights mechanism and is used to identify the rights holder corresponding to the digital object and serve as the basis for subsequent authorization and contract binding.
[0051] In implementation, dispersed data resources will be encapsulated and registered as globally addressable "data assets" with clear ownership. Specifically: Data providers must submit digital object registration information that includes at least spatiotemporal coding and ownership information: the spatiotemporal coding is generated based on spatiotemporal grid systems such as BeiDou grid codes, injecting a unified spatial location and timestamp into the data, enabling it to achieve accurate fusion and spatiotemporal semantic alignment in multi-source heterogeneous environments; the ownership information is registered based on the root rights mechanism, completing the anchoring and confirmation of data ownership, usage rights and other rights at the technical level, providing an immutable legal and technical basis for subsequent data circulation, measurement and value distribution. This step is equivalent to establishing a "digital ID card" and "property certificate" for the data, ensuring the basic premise that the data is locatable, reliable and controllable throughout its entire life cycle.
[0052] Step S200: Receive a data usage request for a target digital object initiated by the data user side. The data usage request includes at least: a machine-readable digital contract corresponding to the target digital object.
[0053] In practice, digital contracts are machine-readable and automatically executable programmatic contracts. They are negotiated and signed by the data user and the data provider before the request is initiated, based on the ownership information of the target digital object and the specific computing needs. The contract defines the rules for data use and is the core control procedure that drives subsequent data routing, trusted computing, behavior measurement and compliance auditing.
[0054] Step S300: After completing the authentication of the initiator of the data usage request and the compliance verification of the digital contract, the data usage request is routed to the data provider corresponding to the target digital object based on the identifier and spatiotemporal encoding of the target digital object.
[0055] In practice, the identity of the request initiator is verified when the received data is received, and the compliance of the digital contract is verified based on preset rules. Specifically, two-factor or multi-factor authentication mechanisms can be adopted to verify the identity credentials submitted by the data user. For example, a combination of trusted authentication mechanisms such as digital certificates, dynamic passwords, and multi-factor authentication can be used to confirm that the requester's identity is genuine and valid and has not been impersonated, thus establishing a trusted identity association foundation for subsequent operations. Furthermore, the content of the digital contract itself can be subject to compliance review based on pre-set rules such as laws and regulations, industry regulatory policies, platform operation rules, and data classification and grading requirements. The review includes, but is not limited to, whether the computing task involves data mining scenarios prohibited by the state, whether it exceeds the business scope authorized by the data user, and whether the settlement terms meet regulatory audit requirements, thereby avoiding legal and compliance risks from the source.
[0056] Only when the initiator's identity and the compliance of the digital contract are both verified, the data usage request is accurately forwarded to the corresponding data network gateway on the target data provider side based on the identification information and spatiotemporal encoding of the target digital object, combined with the topology status and routing strategy in the data network infrastructure, so as to achieve secure access scheduling across domains and nodes.
[0057] If the identity is invalid or the contract is non-compliant, the platform will terminate the process and return an error message to the requester. It can also generate a security event log for auditing and tracing, which protects the rights and interests of data providers and ensures that the entire data circulation ecosystem operates in an orderly manner within the legal and regulatory framework.
[0058] Step S400: Schedule and authorize the trusted execution environment bound to the digital contract so that the original data of the data provider can execute the computational task agreed upon by the digital contract in the trusted execution environment without leaving the domain, generate computational results, and generate evidence storage information and encrypted measurement certificates based on the record of the execution process of the computational task.
[0059] Specifically, the trusted execution environment is launched within a controlled security domain on the data provider side, allowing only the loading of algorithm models and computational logic authorized by the digital contract. The original data remains within the storage boundaries of the data provider side, and the computation process is completed in a hardware-isolated secure environment, ensuring that the data content is invisible to the data user side. Simultaneously, the system automatically records and cryptographically encapsulates all key operations, resource consumption, and state changes of this computation task, generating immutable evidence and encrypted measurement certificates for subsequent value settlement. This achieves the secure sharing goal of "data remaining within the domain, computation process visible and controllable, and usage behavior auditable and measurable."
[0060] Step S500: Schedule and authorize the trusted execution environment bound to the digital contract so that the original data from the data provider can be used to execute the computational tasks agreed upon by the digital contract in the trusted execution environment without leaving the domain, generating computational results that do not contain the original data, and recording the execution process of the computational tasks.
[0061] During execution, the original data remains encrypted and isolated. Any intermediate data and calculation results are processed within the Trusted Execution Environment (TEE). Ultimately, only the calculation results without the original data are output. At the same time, the system records the complete execution process of the calculation task through the evidence graph mechanism, including key information such as task trigger time, execution nodes, and computing power consumption, forming an auditable spatiotemporal evidence chain to provide a reliable basis for subsequent measurement, settlement, and compliance audits.
[0062] Step S600: Generate evidence information and encrypted measurement certificates based on the execution process, return the calculation results to the data user side, and distribute the evidence information and encrypted measurement certificates to the data provider side and the preset regulatory audit node.
[0063] In practice, computational results that comply with the digital contract and do not disclose original privacy will be formally delivered to the data user as a secure data service, providing factual basis for their subsequent value settlement.
[0064] As the owner of the data assets, the data provider obtains tamper-proof evidence as an "electronic receipt" for the legal and compliant use of its data, and at the same time obtains encrypted measurement certificates as an objective technical basis for obtaining revenue and conducting clearing and settlement.
[0065] The pre-defined regulatory audit node acts as the regulator, and by obtaining the full amount of evidence storage chain and measurement certificates with spatiotemporal tags, it can independently verify whether the data circulation behavior is compliant, whether the contract is faithfully performed, and whether there are any anomalies or risks.
[0066] In summary, this application constructs a trusted data circulation system based on the three-dimensional collaboration of "space-object-rights," and its technical architecture can be generally divided into a three-tiered architecture from bottom to top: The bottom layer is a data-real integration foundation layer, and the core consists of "spatial-temporal code - data network - rights root". It achieves accurate mapping of physical world data through spatiotemporal grid coding, transforms data into independently addressable first-order digital objects based on the data network infrastructure, and completes the technical anchoring of data ownership based on the rights root mechanism, thereby constructing a unified data foundation that integrates spatiotemporal information, object identification and ownership relationship.
[0067] The middle layer is the trusted circulation engine layer, which is based on trusted computing and contract control mechanisms such as "usage control, evidence storage graph, and identity authentication" to achieve full lifecycle management of the data circulation process. This layer ensures that data can achieve secure computing that is "usable but not visible" under the premise of "not leaving the domain", and makes all operations fully controllable and auditable, forming a traceable and verifiable trusted circulation closed loop.
[0068] The upper layer is the intelligent empowerment ecosystem layer, which combines AI models, knowledge graphs and value leap logic on the basis of trusted circulation to form a dynamically adaptive intelligent data ecosystem, realizing multi-level leaps in the value of data elements and applications in industrial scenarios.
[0069] The three-tier architecture, through standardized interfaces and policy linkages, forms a technical closed loop of "trustworthy underlying layer, controllable process, and value-added capability," providing a systematic solution for building a secure, compliant, and efficient data element market.
[0070] In some embodiments, the digital contract is a structured, machine-parseable contract template, and the digital contract includes at least one or more of the following data usage strategies: user entity identifier, allowed number of uses, allowed usage duration, allowed algorithm model to be invoked, and settlement rules.
[0071] Specifically, digital contracts are machine-readable, automatically executable programmatic contract templates that include at least the following key data usage strategies: User entity: A unique or limited identity identifier that is clearly defined as having the right to execute the contract and receive the calculation results. It is usually bound to a data user account that has been authenticated to ensure "whoever signs the contract, uses the data" and achieve precise accountability for operational actions. Number of uses: Limits the total number of times the contract can be invoked within its validity period. For example, it may be agreed that only one analysis can be performed, or that multiple calls are allowed within a specified period. This strategy is related to the measurement of data value, preventing unlimited duplication and protecting the rights and interests of data providers. Usage duration: Specifies the maximum allowed running time for a single computing task or the entire contract, preventing malicious tasks from occupying the time for a long time, and also providing a time dimension basis for the quantitative measurement of computing power costs. Allowed algorithm models: Precisely specify one or more algorithm models that are allowed to be loaded and run in a trusted execution environment, ensuring that data can only be processed by pre-reviewed, compliant and secure algorithms, thus technically eliminating the possibility of data being accessed or misused by unauthorized programs; Settlement rules: Define the value measurement and fee settlement logic based on this data usage behavior. It is usually linked to "number of uses", "duration of use" and the "algorithm model" invoked to form a quantitative pricing formula.
[0072] In some embodiments, the generation of evidence storage information and encrypted measurement certificates based on the execution process includes: The computation behavior log is associated with the spatiotemporal encoding and operation time information of the target digital object and written into the blockchain to generate a storage chain unit with a spatiotemporal tag. The evidence storage chain unit is added to the data flow evidence storage graph constructed based on the graph database to form a traceable data flow evidence chain; Based on a predefined metering algorithm, the data retrieval behavior in the computing task is encrypted and metered to generate an encrypted metering certificate associated with the evidence storage chain unit.
[0073] In practice, computational tasks are executed within the secure isolation domain of a Trusted Execution Environment (TEE). Combined with privacy-preserving computation technology, secure algorithm computation and result output are achieved while ensuring that the original data never leaves the provider's security boundary. This achieves "data does not leave the domain and is usable but not visible" at the underlying technology level, thus guaranteeing data security and privacy.
[0074] The system performs multi-node distributed notarization on the blockchain for every circulation operation (such as identity authentication, contract triggering, TEE calculation start and end, result generation, and other key events). Each notarization is associated with the spatiotemporal code of the data object and the operation timestamp, forming an immutable "spatiotemporal evidence chain." The notarization itself has the characteristics of being unforgeable, unalterable, and traceable, which can provide a legal basis for subsequent disputes. On this basis, a full "data circulation graph" is constructed through a knowledge graph, which can be queried and audited by regulatory authorities. Furthermore, it introduces data lineage, knowledge graph, and AI big data models, especially spatiotemporal AI, to explore the relationship between source data and downstream application scenarios (between various elements such as subjects, data, algorithms, and scenarios), and continuously expand the value creation capabilities of data in more scenarios.
[0075] Based on the predefined measurement rules and algorithms in the digital contract, the system automatically measures indicators such as the frequency of each data call, call time, computing power consumption, and algorithm contribution, and generates encrypted measurement vouchers. These vouchers are logically linked to the corresponding evidence storage chain units, together forming an indivisible auditable unit for a data usage behavior. The platform or third-party clearing and settlement services can use these encrypted measurement vouchers to automatically and accurately complete the fee settlement and revenue sharing between the parties in accordance with the settlement rules agreed upon in the digital contract, thereby realizing cross-domain value clearing and data asset revenue distribution.
[0076] In some embodiments, the data secure sharing method further includes: Based on historically generated evidence and encrypted measurement certificates, knowledge graph models or artificial intelligence models are used to analyze data flow trends, abnormal computing behaviors, or data usage value. Based on the analysis results, platform routing strategies and risk control strategies are optimized or decision support is provided to participants.
[0077] In implementation, based on historically accumulated evidence information (spatiotemporal evidence chain) and encrypted measurement certificates, an intelligent analysis engine is built using knowledge graph technology and artificial intelligence models. This engine is capable of: Conduct circulation trend analysis: Visualize the flow path, hot spots, and collaborative networks of data assets; Perform abnormal behavior detection: identify access, calculation, or settlement behaviors that deviate from normal patterns and provide early warnings of potential risks; Complete data value assessment: quantify the actual contribution and market value of different data assets, algorithm models, and circulation scenarios.
[0078] Feeding the above analysis results back to the core control link of the system can enable online self-learning of AI models by utilizing real-time data streams and event-driven architecture (EDA); it can also automatically collect model execution data through the data circulation engine to evaluate prediction accuracy and revenue performance; and it can dynamically adjust data call weights and resource scheduling strategies to enable the system to have adaptive evolution capabilities.
[0079] By leveraging tools such as AI models, knowledge graphs, digital twins, and industry-wide big data models, we can achieve deep correlation, automatic value-added services, and intelligent decision support for data assets.
[0080] In some embodiments, the data security sharing method further includes: training and optimizing multi-domain data in a trusted data space to construct industry intelligent agents such as "culture and tourism, energy, finance, and urban governance".
[0081] This application provides a neutral, trustworthy, and verifiable technical environment to ensure the secure flow and compliant use of data in multi-entity collaborative scenarios, thereby supporting the operation of a large-scale and sustainable data element market.
[0082] Correspondingly, this specification also provides another data security sharing method based on the available-but-not-visible mechanism. The difference between the method provided in this embodiment and the above embodiment is that the method provided in this embodiment is applied to the data providing side.
[0083] The data secure sharing method includes: In response to a data sharing instruction, the raw data is encapsulated into standardized digital objects via a first data network gateway; wherein, the encapsulation includes: assigning a globally unique identifier to the digital object and generating descriptive metadata; Based on a unified spatiotemporal grid coding system, a computable spatiotemporal code is generated for the digital object, which integrates geographical location, time information and object unique identifier; The raw data is encapsulated into standardized digital objects through the first data network gateway, and a globally unique identifier is assigned to the digital objects and metadata is generated. Based on a unified spatiotemporal grid coding system, a computable spatiotemporal code is generated for the digital object, which integrates geographical location, time information and object unique identifier; Based on the root rights mechanism, the digital object is linked to the rights holder corresponding to the data provider to complete the ownership registration; The digital object registration information, including the identifier, spatiotemporal encoding, ownership information, and metadata, is submitted to the identifier resolution system of the trusted data space for registration, so as to enable global discovery and authorized access; wherein, the original data is stored in the local or controlled storage domain of the data provider. In response to a data usage request authorized and routed by the operating platform, the corresponding trusted execution environment is authorized to access the original data in accordance with the usage control policy specified in the digital contract, so as to execute the computational task agreed upon in the digital contract; Receive evidence storage information and encrypted measurement credentials, wherein the evidence storage information and the encrypted measurement credentials are generated based on the record of the execution process of the computing task.
[0084] Specifically, such as Figure 2 and Figure 3 As shown, the Data of Things (DoT) integrates digital object architecture, smart contracts, and distributed ledger technology to support the first-order entityization, trusted circulation, and measurable value of data. In this embodiment, the core components of the Data of Things include: Data network gateway (data network source gateway / data network target gateway): It is the entry node in the data space that connects to external entities and is responsible for the registration, parsing and cross-domain access control of data objects; Data network switches (source switches / target switches): Located between gateways, they are the central nodes responsible for forwarding, recording, metering, and ensuring the security of data access requests.
[0085] In implementation, after responding to the sharing instruction, the data provider first encapsulates the raw data through the local first data network gateway (i.e., the data network source gateway), transforming the raw data into standardized entities conforming to the "Digital Object Architecture (DOA)," including: Assign a unique, resolvable identifier to each data object within the global trusted data space, and create structured metadata that describes the data content, format, source, quality, interface, and other information. This allows other participants to understand the purpose and access methods of the data object without touching the data itself.
[0086] To enable data to be used in "data-real integration" scenarios, a unified spatiotemporal grid coding system (such as BeiDou grid code) is used to generate spatiotemporal codes for digital objects, strongly associating the data with the real geographical location and time point / segment from which it was generated, giving the data a unified spatiotemporal semantics, and realizing the organization, mapping and computation of data resources across spatial scenarios.
[0087] Based on the root rights mechanism, the encapsulated digital object is formally and immutably linked to itself (or the rights holder it represents) as the legal root anchor point for all subsequent rights transfers such as ownership, usage rights, and revenue rights of the data asset, ensuring that the revenue generated from data circulation can be accurately and legally returned to the rights holder.
[0088] After completing the above steps, the digital object registration information, which includes identifiers, spatiotemporal codes, ownership information, and metadata, will be submitted to the identifier resolution system of the trusted data space for registration. It should be noted that the original data itself is not uploaded, but continues to be stored locally on the data provider's side or in a fully controlled private storage domain.
[0089] Once the operating platform routes the authorized data usage request to this side, the data provider authorizes a trusted execution environment (TEE) that complies with security standards and is scheduled by the platform, according to the usage control policies (such as allowed algorithms and durations) explicitly stated in the digital contract. This TEE is launched in the controlled environment of the data provider and is authorized to access the raw data to execute the computational tasks agreed upon in the contract. The entire process is completed within a secure hardware isolation zone. The data provider has the ability to supervise the computation process but cannot spy on the specific operations inside the TEE, ensuring the security and privacy of both parties.
[0090] After the calculation task is completed, the data provider receives the evidence storage information and encrypted measurement certificate generated by the platform or TEE. The evidence storage information serves as an "electronic receipt" for the secure and compliant use of the data and can be used for auditing and dispute resolution. The encrypted measurement certificate serves as an encrypted carrier for quantifying the value of this data service and is the basis for subsequent automated revenue clearing and settlement.
[0091] In some embodiments, generating a computable spatiotemporal code for the digital object based on a unified spatiotemporal grid coding system, which integrates geographical location, time information, and the object's unique identifier, includes: Based on the spatial location, time information, and identifier associated with the digital object, a globally unique string sequence is generated as the spatiotemporal code according to the BeiDou grid location code or cyber grid code system.
[0092] During implementation, a spatiotemporal big data grid foundation integrating "geospatial space, cyberspace, and data space" is used. Under a unified grid coding system, multi-dimensional space (geographical location, network address, and data object) is progressively subdivided and ordered, enabling the organization, mapping, and computation of data resources across spatial scenarios.
[0093] In some embodiments, the ownership registration is completed based on a multi-level node architecture of the root of rights mechanism, which includes a global root node, a national top-level node, and lower-level business nodes to form a distributed rights authentication network.
[0094] During implementation, such as Figure 4 As shown, based on the fusion technology framework of "(data) space and (data) object", a three-in-one fusion foundation system of "spatiotemporal code-data network-rights root" is constructed to serve as the foundation support for the new "trustworthy data space".
[0095] In practical applications, the integrated foundation system primarily showcases the functions and services related to the "root of rights" externally, while internalizing spatiotemporal codes and data networks as underlying protocol rules. In particular, the technical hierarchy of the "root of rights," which inherently requires "global root node - national top-level node - first-level node - second-level node," should be combined with administrative divisions such as "country - region - city" to form a distributed architecture of "a nationwide network and nodes at different levels in various regions."
[0096] In some embodiments, the authorized trusted execution environment accessing the original data includes: loading a secure container bound to the digital contract in the trusted execution environment, wherein the secure container is configured to: access the original data through a secure data channel and automatically destroy all temporary data within the container after the computation task is completed.
[0097] In practice, a Trusted Execution Environment (TEE) is a secure area built on a computing platform using software and hardware methods. It ensures that the code and data loaded within the secure area are protected in terms of confidentiality and integrity. During data processing, encryption and decryption are performed within this secure area to ensure security. After the calculation is completed, the original data is destroyed within the secure area to ensure that the original data is not leaked.
[0098] In some embodiments, from the perspective of data-real integration, the trusted data space is both the infrastructure for the circulation of data elements and the core ecological carrier for data application and value creation. Its overall form can be likened to a "data mart"-style data circulation platform. The platform's infrastructure is built and operated by a unified entity, possessing public reusability. The market participants are highly dispersed, encompassing various roles such as data providers, data service providers, and data demanders. Simultaneously, the platform operates under unified rules and a strong regulatory framework, possessing a clear and controllable governance entity. Under this model, the platform does not directly participate in specific data transactions but provides a neutral, trustworthy, and verifiable technical environment to ensure the secure circulation and compliant use of data in multi-entity collaborative scenarios, thereby supporting the large-scale and sustainable operation of the data element market.
[0099] like Figure 5 As shown, the trusted data space is composed of a virtual data space and the physical world. The two form a mapping and feedback relationship through a data-real fusion mechanism. The physical world is divided into three layers: The lowest layer consists of spatial grids and object entities, which are the origin of data generation. Spatial grids have a regular data structure (seamless, non-overlapping, and non-hierarchical nesting), while object entities are infinitely varied and inexhaustible. The intermediate layer consists of data classification based on attributes, forming multiple classification domains, which often have significant overlap. For example, in the context of grain production and consumption, wheat production involves agricultural machinery and pesticides, while these machinery, pesticides, and the produced wheat all involve logistics, commerce, and other related fields. Furthermore, these classification domains themselves are constantly evolving and being updated. The top layer consists of the rights holders, with no overlapping layers between them, and their structure is always finite within a certain spatiotemporal scope. From a cybernetics perspective, it is necessary to utilize stable / finite / clearly structured entities as carriers to manage and control changing / infinite / intersecting entities. This is the reason why the rights holder information needs to be loaded into the ID of massive, diverse data assets.
[0100] Within the data space, the primary circulating assets are registered and owned data assets (i.e., digital objects). These dispersed assets need to be channeled through data pragmatic chains (composed of several data products and algorithmic models in sequence) to serve specific real-world scenarios and create value. Each pragmatic chain: Ultimately, it leads to a paying party (the rights holder) who uses it for their actual business. It requires the participation of professional data providers (such as matchmakers, algorithm service providers, and compliance service providers) to form; The overall revenue generated is shared by all participants on the chain.
[0101] like Figure 5 As shown, three data pragmatic chains (data circulation chain and value creation chain) have been formed in the data space. Each point on the chain corresponds to a stakeholder in the real world. As a trusted data space for data application ecosystem, the goal is to facilitate the formation of more data pragmatic chains. Each data pragmatic chain consists of several data products and algorithm models, each representing a specific and real value creation.
[0102] In the data space, the same data asset can be reused millions of times; however, transaction matching, compliance authentication, and algorithm services serving a specific chain are one-off. Supported by a trusted data space system, future data commerce (in a broad sense) will emerge in two major directions: Data providers (data source providers) with the ability to continuously collect source data: Their responsibility is to continuously mine data deposits and generate revenue through the continuous reuse of data; Specialized service providers (in a narrow sense, data providers) specializing in specific circulation events include solution providers, transaction matching service providers, algorithm model service providers, compliance certification service providers, and transaction clearing and settlement service providers. Their revenue is settled on a per-transaction basis.
[0103] Correspondingly, the trusted data space, as infrastructure, must take the form of an online platform. All data circulation takes place online within the platform. The core functions of the platform are the confirmation of data asset ownership at the source and the full map of data circulation. Data entity content and algorithm models circulate and run on the platform. What data requesters ultimately download are data analysis results—their downloads must be subject to platform review.
[0104] It should be noted that the essence of a data circulation activity is to concentrate scattered upstream data resources in one place for joint computing and then empower downstream scenarios with the results. Therefore, the convergence point of data entity content should be a neutral infrastructure platform, rather than either party in the data supply and demand. This also gives rise to the platform's demand for computing power resources. A reasonable implementation model is for the platform to uniformly connect and schedule, and for each data circulation, the demand party pays according to the computing power traffic used.
[0105] Correspondingly, the trusted data space system architecture reference Figure 6 The capability support layer mainly comprises six subsystems: data-real-data fusion foundation, data asset management, rights holder management, trusted environment management, data security protection, and evidence storage log management. Among these, the data-real-data fusion foundation subsystem, data asset management subsystem, and rights holder management subsystem not only constitute the foundational capabilities of the "Trusted Data Space" platform but also directly facilitate user interactions such as asset publishing, entity registration, and rights registration. These interactions are triggered on the user side by the "data connector," which essentially acts as the platform's engine. Furthermore, from a functional role perspective, the services and capabilities of the capability support layer should fall under the category of basic platform services and are undertaken by the platform's operating entity.
[0106] The application service layer mainly comprises 14 subsystems in a "8+3+3" structure. Among them, the data circulation end-to-end service includes eight subsystems: supply and demand matching, contract signing, execution preparation, online execution, process synchronization, usage control, privacy computation, and billing settlement, providing end-to-end services for a specific user's data circulation activity. The circulation assurance service includes three subsystems: audit compliance, credit evaluation, and dispute resolution. The global "trustworthy and controllable" monitoring service includes three subsystems: full circulation map, real-time situational awareness, and a large-scale data circulation model, enabling global systemic monitoring and analysis. From a functional role perspective, the data circulation end-to-end service (excluding billing settlement) falls under the category of value-added services and is undertaken by professional data vendors; the circulation assurance service (compliance auditing is handled by qualified third-party institutions, and credit evaluation data comes from mutual evaluations among participating parties) and the global monitoring service fall under the category of basic services and are undertaken by the "Trustworthy Data Space" platform operating entity.
[0107] Correspondingly, this specification also provides another data security sharing method based on the usable but invisible mechanism. The difference between the method provided in this embodiment and the above embodiment is that the method provided in this embodiment is applied to the data usage side.
[0108] The data secure sharing method includes: By accessing the operation platform through the second digital network gateway, digital objects can be searched to discover target digital objects and obtain their ownership information; Based on the ownership information, a machine-readable digital contract corresponding to the target digital object is generated, and a data usage request including the digital contract is submitted to the operating platform. After the data usage request is approved, the data provider is driven to authorize the corresponding trusted execution environment to access the original data in accordance with the usage control policy specified in the digital contract, so as to execute the computing task agreed in the digital contract. Receive computation results returned by a trusted execution environment, which do not contain the original data.
[0109] During implementation, the data user first securely accesses the operation platform through its local second data network gateway (data network target gateway). This gateway serves as the user's standardized access point, responsible for identity authentication, communication encryption, and protocol adaptation. After access, the user can search for registered digital objects in the platform's global directory based on specific business needs.
[0110] Specifically, based on the accurate discovery of multi-dimensional metadata such as time, space, classification, and quality, the target digital objects that meet the requirements can be located, and their publicly available ownership information can be obtained, ensuring that the initiation of data demand is based on a legitimate and knowable supply.
[0111] After identifying the target object and its ownership, the data user negotiates specific usage terms with the corresponding data provider (the rights holder or its agent) based on the ownership information. The core of the negotiation is to jointly formulate a machine-readable digital contract that clearly stipulates the user, algorithm model, number of calculations, duration, scope of data use, form of result delivery, and settlement rules.
[0112] After the negotiation is completed, the data user formally submits a data usage request through the platform. Upon receiving the request, the platform will perform subsequent automated scheduling based on the contract content (especially the usage control policy), including routing to the correct provider and scheduling a trusted execution environment bound to the contract.
[0113] After the platform completes request verification, routing, TEE scheduling and authorization, the computing task is executed in a secure environment. The data user side does not need to and cannot intervene in or spy on the computing process. After the computing task is completed, the computing results agreed upon in the contract are directly returned to the data user side through the trusted execution environment authorized and controlled by the platform. The user side obtains compliant analysis results or derived data that can be directly used for business, without touching the original data throughout the process, thus achieving "usable but invisible".
[0114] This application deeply integrates the identifier resolution system, the spatiotemporal coding system, and the data delivery system to form a trusted data space that is interoperable across domains, measurable and clearable, and auditable and traceable. This enables data elements to leap from "isolated storage" to "trusted circulation," providing fundamental support for a data-driven society.
[0115] Based on the same inventive concept, this application also provides a data security sharing platform based on an available-but-not-visible mechanism, the data security sharing platform comprising: The digital object management module is used to receive and store digital object registration information submitted by the data provider. The digital object registration information includes at least spatiotemporal coding and ownership information. The spatiotemporal coding is generated based on a unified spatiotemporal grid coding system and is used to perform global unique positioning and routing of digital objects. The ownership information is registered based on the root of rights mechanism and is used to identify the rights holder corresponding to the digital object and serve as the basis for subsequent authorization and contract binding. The data usage request receiving module is used to receive a data usage request for a target digital object initiated by the data user side. The data usage request includes at least: a machine-readable digital contract corresponding to the target digital object. The digital contract verification module is used to verify the identity of the initiator of the data usage request and the compliance of the digital contract. The data usage request routing module is used to, after completing the authentication of the initiator of the data usage request and the compliance verification of the digital contract, route the data usage request to the data provider corresponding to the target digital object based on the identifier and spatiotemporal encoding of the target digital object. The trusted computing module is used to schedule and authorize a trusted execution environment bound to the digital contract according to the computing constraints specified in the digital contract, so that the original data of the data provider can be executed in the trusted execution environment to perform the computing tasks agreed upon by the digital contract without leaving the domain. The trusted execution environment is configured to only allow the execution of calculations according to the input, calculation logic and output rules agreed upon by the digital contract, and generate a calculation result that does not contain the original data after the calculation is completed. At the same time, it generates evidence storage information and encrypted measurement certificates based on the trusted record of the entire process of the calculation task execution. The feedback module is used to return the calculation results to the data user side and distribute the evidence storage information and the encrypted measurement certificate to the data provider side and the preset regulatory audit node. Based on the same inventive concept, this application also provides a data security sharing device based on an available-but-not-visible mechanism, deployed on the data providing side, the data security sharing device comprising: The data encapsulation module is used to encapsulate raw data into standardized digital objects through the first data network gateway, assign a globally unique identifier to the digital objects and generate metadata. The spatiotemporal coding generation module is used to generate a computable spatiotemporal code for the digital object based on a unified spatiotemporal grid coding system, which integrates geographical location, time information and object unique identifier. The ownership registration module is used to link the digital object with the corresponding rights holder on the data provider side based on the rights root mechanism, so as to complete the ownership registration. The digital object registration module is used to submit digital object registration information, including the identifier, spatiotemporal encoding, ownership information, and metadata, to the identifier resolution system of the trusted data space for registration, so as to enable global discovery and authorized access; wherein, the original data is stored in the local or controlled storage domain of the data provider. The execution module is used to respond to data usage requests authorized and routed by the operating platform, and authorize the corresponding trusted execution environment to access the raw data in accordance with the usage control policy specified in the digital contract, so as to execute the computational tasks agreed in the digital contract. A receiving module is used to receive evidence storage information and encrypted measurement credentials, wherein the evidence storage information and the encrypted measurement credentials are generated based on the record of the execution process of the computing task.
[0116] Based on the same inventive concept, this application also provides a data security sharing device based on an available-but-not-visible mechanism, deployed on the data user side, the data security sharing device comprising: The retrieval module is used to access the operation platform through the second digital network gateway to search for digital objects in order to discover target digital objects and obtain their ownership information; The digital usage request module is used to generate a machine-readable digital contract corresponding to the target digital object based on the ownership information, and submit a data usage request including the digital contract to the operation platform. The trusted execution environment driver module is used to drive the data provider to authorize the corresponding trusted execution environment to access the original data in order to execute the computational task agreed upon in the digital contract after the data usage request is approved. The receiving module is used to receive computation results returned by the trusted execution environment, which do not contain the original data.
[0117] Based on the same inventive concept, this application also provides a data security sharing system based on an available-but-not-visible mechanism, the data security sharing system comprising: The operation platform module is used to execute the data security sharing method described above for operation platforms applied in trusted data spaces; The data provider module is used to execute the data security sharing method applied to the data provider side described above; The data usage side module is used to execute the data security sharing method applied to the data usage side described above; The operation platform module, data provider module, and data user module work together through a trusted execution environment to achieve data sharing where the original data does not leave the domain but is available and invisible. The analysis module, based on the evidence information and encrypted measurement certificates of historical data circulation, uses knowledge graphs or artificial intelligence models to perform circulation trend analysis, abnormal behavior detection or data value assessment, and optimizes platform routing strategies, risk control strategies or resource scheduling strategies based on the analysis results.
[0118] In this specification, the same or similar parts between the various embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. In particular, the descriptions of the embodiments described later are relatively simple, and relevant parts can be referred to the descriptions of the foregoing embodiments.
[0119] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. A method for secure sharing of data based on available invisible mechanism, characterized in that, An operation platform applied in a trusted data space, the operation platform including at least a digital object management module, a data usage request routing module, a digital contract verification module, and a trusted execution environment scheduling module, wherein the data secure sharing method includes: The system receives and stores digital object registration information submitted by the data provider. The digital object registration information includes at least spatiotemporal coding and ownership information. The spatiotemporal coding is generated based on a unified spatiotemporal grid coding system and is used to perform globally unique positioning and routing of digital objects. The ownership information is registered based on the root of rights mechanism and is used to identify the rights holder corresponding to the digital object and serve as the basis for subsequent authorization and contract binding. Receive a data usage request for a target digital object initiated by the data user side, the data usage request including at least: a machine-readable digital contract corresponding to the target digital object; After completing the authentication of the initiator of the data usage request and the compliance verification of the digital contract, the data usage request is routed to the data provider corresponding to the target digital object based on the identifier and spatiotemporal encoding of the target digital object. Schedule and authorize a trusted execution environment bound to the digital contract so that the original data from the data provider can be used to execute the computational tasks agreed upon by the digital contract in the trusted execution environment without leaving the domain, generating computational results that do not contain the original data, and recording the execution process of the computational tasks; Based on the execution process, evidence storage information and encrypted measurement certificates are generated, and the calculation results are returned to the data user side. The evidence storage information and encrypted measurement certificates are then distributed to the data provider side and the preset regulatory audit node.
2. The data security sharing method of claim 1, wherein, The digital contract is a structured, machine-parseable contract template, and the digital contract includes at least one or more of the following data usage strategies: user entity identifier, allowed number of uses, allowed usage duration, allowed algorithm model to be called, and settlement rules.
3. The data security sharing method of claim 1, wherein, The generation of evidence storage information and encrypted measurement certificates based on the execution process includes: The computation behavior log is associated with the spatiotemporal encoding and operation time information of the target digital object and written into the blockchain to generate a storage chain unit with a spatiotemporal tag. The evidence storage chain unit is added to the data flow evidence storage graph constructed based on the graph database to form a traceable data flow evidence chain; Based on a predefined measurement algorithm, the data retrieval behavior in the computing task is encrypted and measured to generate an encrypted measurement certificate associated with the evidence storage chain unit. And / or, the data secure sharing method further includes: Based on historically generated evidence and encrypted measurement certificates, knowledge graph models or artificial intelligence models are used to analyze data flow trends, abnormal computing behaviors, or data usage value. Based on the analysis results, platform routing strategies and risk control strategies are optimized or decision support is provided to participants.
4. A method for secure sharing of data based on available invisible mechanism, characterized in that, Applied to the data providing side, the data secure sharing method includes: The raw data is encapsulated into standardized digital objects through the first data network gateway, and a globally unique identifier is assigned to the digital objects and metadata is generated. Based on a unified spatiotemporal grid coding system, a computable spatiotemporal code is generated for the digital object, which integrates geographical location, time information and object unique identifier; Based on the root rights mechanism, the digital object is linked to the rights holder corresponding to the data provider to complete the ownership registration; The digital object registration information, including the identifier, spatiotemporal encoding, ownership information, and metadata, is submitted to the identifier resolution system of the trusted data space for registration, so as to enable global discovery and authorized access; wherein, the original data is stored in the local or controlled storage domain of the data provider. In response to a data usage request authorized and routed by the operating platform, the corresponding trusted execution environment is authorized to access the original data in accordance with the usage control policy specified in the digital contract, so as to execute the computational task agreed upon in the digital contract; Receive evidence storage information and encrypted measurement credentials, wherein the evidence storage information and the encrypted measurement credentials are generated based on the record of the execution process of the computing task.
5. The data security sharing method of claim 4, wherein, The data security sharing method based on the available-but-not-visible mechanism satisfies at least one of the following conditions: i. The aforementioned method, based on a unified spatiotemporal grid coding system, generates a computable spatiotemporal code for the digital object that integrates geographical location, time information, and the object's unique identifier, including: Based on the spatial location, time information, and identifier associated with the digital object, a globally unique string sequence is generated as the spatiotemporal code according to the BeiDou grid location code or cyber grid code system. ii. The ownership registration is completed based on a multi-level node architecture of the root rights mechanism, which includes a global root node, a national top-level node, and lower-level business nodes to form a distributed rights authentication network. iii. Accessing the original data in the trusted execution environment corresponding to the authorization includes: loading a secure container bound to the digital contract in the trusted execution environment, wherein the secure container is configured to: access the original data through a secure data channel, and automatically destroy all temporary data in the container after the computation task is completed.
6. A method for secure sharing of data based on available invisible mechanism, characterized in that, Applied to the data user side, the data secure sharing method includes: By accessing the operation platform through the second digital network gateway, digital objects can be searched to discover target digital objects and obtain their ownership information; Based on the ownership information, a machine-readable digital contract corresponding to the target digital object is generated, and a data usage request including the digital contract is submitted to the operating platform. After the data usage request is approved, the data provider is triggered to authorize the corresponding trusted execution environment to access the original data in accordance with the usage control policy specified in the digital contract, so as to execute the computational task agreed in the digital contract. Receive computation results returned by a trusted execution environment, which do not contain the original data.
7. A data security sharing platform based on an available-but-not-visible mechanism, characterized in that, The data security sharing platform includes: The digital object management module is used to receive and store digital object registration information submitted by the data provider. The digital object registration information includes at least spatiotemporal coding and ownership information. The spatiotemporal coding is generated based on a unified spatiotemporal grid coding system and is used to perform global unique positioning and routing of digital objects. The ownership information is registered based on the root of rights mechanism and is used to identify the rights holder corresponding to the digital object and serve as the basis for subsequent authorization and contract binding. The data usage request receiving module is used to receive a data usage request for a target digital object initiated by the data user side. The data usage request includes at least: a machine-readable digital contract corresponding to the target digital object. The digital contract verification module is used to verify the identity of the initiator of the data usage request and the compliance of the digital contract. The data usage request routing module is used to, after completing the authentication of the initiator of the data usage request and the compliance verification of the digital contract, route the data usage request to the data provider corresponding to the target digital object based on the identifier and spatiotemporal encoding of the target digital object. The trusted computing module is used to schedule and authorize a trusted execution environment bound to the digital contract according to the computing constraints specified in the digital contract, so that the original data of the data provider can be executed in the trusted execution environment to perform the computing tasks agreed upon by the digital contract without leaving the domain. The trusted execution environment is configured to only allow the execution of calculations according to the input, calculation logic and output rules agreed upon by the digital contract, and generate a calculation result that does not contain the original data after the calculation is completed. At the same time, it generates evidence storage information and encrypted measurement certificates based on the trusted record of the entire process of the calculation task execution. The feedback module is used to return the calculation results to the data user side and distribute the evidence information and the encrypted measurement certificate to the data provider side and the preset regulatory audit node.
8. A data security sharing device based on an available-but-not-visible mechanism, characterized in that, Deployed on the data providing side, the data security sharing device includes: The data encapsulation module is used to encapsulate raw data into standardized digital objects through the first data network gateway, assign a globally unique identifier to the digital objects and generate metadata. The spatiotemporal coding generation module is used to generate a computable spatiotemporal code for the digital object based on a unified spatiotemporal grid coding system, which integrates geographical location, time information and object unique identifier. The ownership registration module is used to link the digital object with the corresponding rights holder on the data provider side based on the rights root mechanism, so as to complete the ownership registration. The digital object registration module is used to submit digital object registration information, including the identifier, spatiotemporal encoding, ownership information, and metadata, to the identifier resolution system of the trusted data space for registration, so as to enable global discovery and authorized access; wherein, the original data is stored in the local or controlled storage domain of the data provider. The execution module is used to respond to data usage requests authorized and routed by the operating platform, and authorize the corresponding trusted execution environment to access the raw data in accordance with the usage control policy specified in the digital contract, so as to execute the computational tasks agreed in the digital contract. A receiving module is used to receive evidence storage information and encrypted measurement credentials, wherein the evidence storage information and the encrypted measurement credentials are generated based on the record of the execution process of the computing task.
9. A data security sharing device based on an available-but-not-visible mechanism, characterized in that, Deployed on the data usage side, the data security sharing device includes: The retrieval module is used to access the operation platform through the second digital network gateway to search for digital objects in order to discover target digital objects and obtain their ownership information; The digital usage request module is used to generate a machine-readable digital contract corresponding to the target digital object based on the ownership information, and submit a data usage request including the digital contract to the operation platform. The trusted execution environment triggering module is used to trigger the data provider to authorize the corresponding trusted execution environment to access the original data in order to execute the computing task agreed upon in the digital contract after the data usage request is approved. The receiving module is used to receive computation results returned by the trusted execution environment, which do not contain the original data.
10. A data security sharing system based on an available-but-not-visible mechanism, characterized in that, The data security sharing system includes: The operation platform module is used to execute the data security sharing method as described in any one of claims 1-3; A data provider module is used to execute the data secure sharing method as described in any one of claims 4-5; A data-using module is used to execute the data secure sharing method as described in claim 6; The operation platform module, data provider module, and data user module work together through a trusted execution environment to achieve data sharing where the original data does not leave the domain but is available and invisible. The analysis module, based on the evidence information and encrypted measurement certificates of historical data circulation, uses knowledge graphs or artificial intelligence models to perform circulation trend analysis, abnormal behavior detection or data value assessment, and optimizes platform routing strategies, risk control strategies or resource scheduling strategies based on the analysis results.