Identity generation method, device, storage medium and computer program product

By introducing an identity generation method into the data circulation and sharing service network, and using DSP and DSN to generate global identity information, the security risks and privacy leakage issues throughout the entire data circulation lifecycle are resolved, and full-lifecycle control of data resources is achieved.

CN122348830APending Publication Date: 2026-07-07CHINA MOBILE COMM LTD RES INST +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA MOBILE COMM LTD RES INST
Filing Date
2025-01-07
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Existing technologies cannot achieve a globally unified identity for digital objects throughout the entire data circulation cycle, leading to security risks and privacy leakage challenges during data circulation.

Method used

By introducing an identity generation method into the Data Circulation and Sharing Service Network (DSSN), and leveraging the collaborative work between the Delivery Service Platform (DSP) and the Data Service Node (DSN), global identity information is generated based on the characteristic information of data resources, thereby achieving full-lifecycle management and control of data resources.

Benefits of technology

It enables the identification and control of data resources throughout their entire lifecycle, enhances the security and privacy protection during data circulation, and adapts to the differences in data confidentiality requirements and delivery models.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122348830A_ABST
    Figure CN122348830A_ABST
Patent Text Reader

Abstract

The application provides an identity generation method and device, a storage medium and a computer program product. The method comprises the following steps: receiving first data feature information of a data resource sent by a second network node; determining first identification information corresponding to the data resource based on the first data feature information, and sending the first identification information to the second network node; and receiving the data resource and global identity information corresponding to the data resource sent by the second network node, wherein the global identity information is generated by the second network node based on the first identification information and second data feature information of the data resource obtained by the second network node, and the global identity information is used for controlling the data resource in a data resource flow process.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of data security technology, and in particular to an identity generation method, device, storage medium, and computer program product. Background Technology

[0002] Data, as a new production factor in the digital economy, is the foundation of digitalization, networking, and intelligence. The circulation and use of data elements helps promote data integration and resource consolidation, activate data potential, and strengthen and expand the digital economy. However, the environment for the circulation and use of data elements is complex, involving multiple stakeholders and stages. Furthermore, data products are easily copied, non-exclusive, and difficult to trace, all of which pose security risks and privacy challenges to data circulation and use.

[0003] Due to the characteristics of data elements being numerous, long, and dynamically changing during circulation, the identification information used in related technologies during data circulation cannot solve the problem of identifying digital objects throughout the entire data circulation cycle. Summary of the Invention

[0004] In view of this, this application aims to provide an identity generation method, device, storage medium, and computer program product that can identify digital objects throughout the entire data circulation lifecycle.

[0005] The technical solution of this application is implemented as follows:

[0006] In a first aspect, this application provides an identity generation method, applied to a first network node, the method comprising:

[0007] Receive the first data characteristic information of the data resources sent by the second network node;

[0008] Based on the first data feature information, determine the first identification information corresponding to the data resource, and send the first identification information to the second network node;

[0009] The system receives data resources and corresponding global identity information sent by the second network node. The global identity information is generated by the second network node based on the first identity information and the second data feature information of the acquired data resources. The global identity information is used to manage and control data resources during the data resource circulation process.

[0010] Secondly, this application provides an identity generation method applied to a second network node, the method comprising:

[0011] Send the first data feature information of the data resource to the first network node, and receive the first identification information of the data resource determined by the first network node based on the first data feature information;

[0012] Obtain the second data feature information of the data resources;

[0013] Global identity information is generated based on the first identification information and the second data feature information;

[0014] The global identity information and data resources are sent to the first network node so that the first network node can manage and control the data resources during the data resource circulation process based on the global identity information.

[0015] Thirdly, this application provides a first network node, the first network node comprising:

[0016] The first receiving unit is used to receive the first data characteristic information of the data resources sent by the second network node;

[0017] The determining unit is used to determine the first identification information corresponding to the data resource based on the first data feature information;

[0018] The first sending unit is used to send the first identification information to the second network node;

[0019] The first receiving unit is further configured to receive data resources and corresponding global identity information sent by the second network node, wherein the global identity information is generated by the second network node based on the first identity information and the second data feature information of the acquired data resources; the global identity information is used for data resource management and control during the data resource circulation process.

[0020] Fourthly, this application provides a second network node, the second network node comprising:

[0021] The second sending unit is used to send the first data feature information of the data resource to the first network node;

[0022] The second receiving unit is used to receive the first identification information of the data resource determined by the first network node based on the first data feature information;

[0023] The acquisition unit is used to acquire the second data feature information of the data resource;

[0024] The generation unit is used to generate global identity information based on the first identification information and the second data feature information;

[0025] The second sending unit is also used to send global identity information and data resources to the first network node, so that the first network node can manage and control data resources based on the global identity information during the data resource circulation process.

[0026] Fifthly, this application provides a first network node, which includes a first processor and a first memory; when the first processor executes the running program stored in the first memory, it implements the above-described identity generation method on the first network node side.

[0027] Sixthly, this application provides a second network node, the second network node comprising: a second processor and a second memory; the second processor, when executing a running program stored in the second memory, implements the aforementioned identity generation method on the second network node side.

[0028] In a seventh aspect, this application provides a storage medium storing a computer program thereon, which, when executed by a processor, implements the aforementioned identity generation method on the first network node side, or, when executed by a processor, implements the aforementioned identity generation method on the second network node side.

[0029] Eighthly, this application provides a computer program product, including a computer program that, when executed by a processor, implements the aforementioned first network node-side identity generation method, or, when executed by a processor, implements the aforementioned second network node-side identity generation method.

[0030] This application provides an identity generation method, device, storage medium, and computer program product. The method includes: a first network node receiving first data feature information of a data resource sent by a second network node; determining first identification information corresponding to the data resource based on the first data feature information, and sending the first identification information to the second network node; receiving the data resource and corresponding global identity information sent by the second network node, wherein the global identity information is generated by the second network node based on the first identification information and the obtained second data feature information of the data resource, and the global identity information is used for data resource management during data resource circulation; the second network node sending the first data feature information of the data resource to the first network node and receiving the first identification information of the data resource determined by the first network node based on the first data feature information; obtaining the second data feature information of the data resource; generating global identity information based on the first identification information and the second data feature information; and sending the global identity information and the data resource to the first network node for the first network node to manage the data resource during data resource circulation based on the global identity information. By adopting the above implementation scheme, global identity information of data resources is introduced. Since the global identity information is generated by the second network node based on the first identity information and the second data feature information, and the first identity information corresponds to the first data feature of the data resource, the generated global identity information uses the feature information inherent in the data resource itself. By associating the feature information inherent in the data resource itself with the global identity information, corresponding global identity information can be generated for the feature information of different data resources during the data resource circulation process. This allows for the identification of digital objects throughout the entire data circulation cycle, enabling full-cycle control of digital objects. Attached Figure Description

[0031] Figure 1 A schematic diagram of the Data Switching Service Network (DSSN) architecture used in an identity generation method provided in this application embodiment;

[0032] Figure 2 A flowchart illustrating an identity generation method provided in this application embodiment. Figure 1 ;

[0033] Figure 3 This application provides a schematic flowchart of an identity prefix generation method.

[0034] Figure 4 A flowchart illustrating an identity generation method provided in this application embodiment. Figure 2 ;

[0035] Figure 5 This is a schematic flowchart of an identity identifier suffix generation method provided in an embodiment of this application;

[0036] Figure 6 A flowchart illustrating an identity generation method provided in this application embodiment. Figure 3 ;

[0037] Figure 7 A schematic diagram of the composition structure of a first network node provided in an embodiment of this application. Figure 1 ;

[0038] Figure 8 A schematic diagram of the composition structure of a first network node provided in an embodiment of this application. Figure 2 ;

[0039] Figure 9 A schematic diagram of the composition structure of a second network node provided in an embodiment of this application. Figure 1 ;

[0040] Figure 10 A schematic diagram of the composition structure of a second network node provided in an embodiment of this application. Figure 2 . Detailed Implementation

[0041] To gain a more detailed understanding of the features and technical content of the embodiments of this application, the technical solution of this application will be further described in detail below with reference to the accompanying drawings and specific embodiments. The accompanying drawings are for reference only and are not intended to limit the embodiments of this application.

[0042] Unless otherwise defined, all technical and scientific terms used in the embodiments of this application have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used in the embodiments of this application is for the purpose of describing the embodiments of this application only and is not intended to limit this application.

[0043] In the following description, references to "some embodiments" refer to a subset of all possible embodiments. It is understood that "some embodiments" may be the same or different subsets of all possible embodiments and may be combined with each other without conflict. It should also be noted that the terms "first / second / third" used in the embodiments of this application are merely for distinguishing similar objects and do not represent a specific ordering of objects. It is understood that "first / second / third" may be interchanged in a specific order or sequence where permitted, so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein.

[0044] Data, as a new production factor in the digital economy, is the foundation of digitalization, networking, and intelligence. The circulation and use of data elements helps promote data integration and resource consolidation, activate data potential, and strengthen the digital economy. However, the environment for the circulation and use of data elements is complex, involving multiple stakeholders and multiple stages. Furthermore, data products are easily copied, non-exclusive, and difficult to trace, all of which pose security risks and privacy challenges to data circulation and use. The characteristics of data elements and their circulation constrain the actual development of data circulation. To eliminate security risks and strengthen comprehensive supervision and protection of data subjects in data circulation activities, it is necessary to construct a method and system for globally unified identification of digital objects throughout the entire circulation lifecycle, achieving control over data element subjects throughout the entire data circulation lifecycle.

[0045] In related technologies, there are identification systems such as Digital Object Unique Identifiers (DOIs) for academic publications, Globally Unique Identifiers (GUIDs) for databases and other systems, and Uniform Resource Locators (URLs) for identifying data resources on the Internet. However, these identification systems typically need to be combined with data governance strategies, data management platforms, and data exchange protocols to ensure the effective management and utilization of data throughout its lifecycle. In practical applications, it may be necessary to select an appropriate identification system based on specific business needs and compliance requirements. Given the characteristics of data elements in circulation—numerous points, long distances, and dynamic, time-varying processes—the aforementioned identification systems cannot solve the problem of globally unified identity identification for digital objects throughout their entire circulation lifecycle.

[0046] A data circulation and sharing service network is a next-generation, intensive, and efficient data circulation infrastructure that spans industries, regions, fields, and entities, providing a low-cost, high-efficiency, and reliable circulation environment for data circulation and transactions. It mainly consists of a delivery service platform (DSP), data service nodes (DSN), and a private network. The DSP and each node device can be connected via a private network using Internet Protocol (IP) to ensure the security of data transmission.

[0047] In some embodiments, a data object identifier generation method is involved: determining the current timestamp, where the current timestamp is a date format string of the current time; obtaining the current sequence value corresponding to the current timestamp, where the current sequence value is the value obtained by updating the sequence value corresponding to the current timestamp; and generating an identification identifier for the data object in the distributed system based on the current timestamp and the current sequence value. This method can save storage space. Although this method redesigns the data object identifier generation method in the distributed system to save storage resources by determining the current timestamp and the current sequence value, its implementation is limited to use within the same sovereign domain. When digital objects are circulated as data resources or digital assets, or even used across domains, this method cannot be synchronized between different domains and cannot be applied to the entire data circulation lifecycle.

[0048] In some embodiments, a trusted data circulation system and its operation method for industrial scenarios are disclosed, including an identifier resolution system, a blockchain system, and a data management system. The identifier resolution system manages and identifies industrial data, registers and manages unique identifiers for industrial data, and maps them onto the blockchain system. The blockchain system stores transaction information. The data management system is responsible for the storage, transmission, and cleaning of industrial data, and also manages the permissions and identities of various roles on the platform, providing interfaces and visualizations for data circulation and transactions. The operation method is also disclosed. The above solution uses a blockchain system and an identifier resolution system to achieve secure, trusted, and tamper-proof industrial data circulation and management, improving the efficiency of industrial data management and use. In this method, the identifier resolution system manages and identifies industrial data, registers and manages unique identifiers for industrial data, and maps them onto the blockchain system, achieving unified identification and management of industrial data in the trusted data circulation system. However, in this implementation, the data provider must first upload the raw data to the data management system and store it in the data management system after data processing, and there are out-of-domain requirements for the circulating digital objects. In reality, data circulation scenarios are diverse and data confidentiality requirements for circulation and delivery are not uniform. There are many practical needs to achieve data circulation and use without requiring the original data to leave the domain. The identifier resolution system in the above solution cannot be applied to such scenarios.

[0049] In some embodiments, a method for encapsulating digital objects for streaming data resources is also provided: determining the basic metadata of the streaming data resource to be encapsulated, standardizing the basic metadata to obtain standardized basic metadata; determining the configuration metadata of the streaming data resource to be encapsulated, which includes at least streaming data configuration, streaming channel configuration, production relationship configuration, and consumption relationship configuration, initializing the configuration metadata to obtain initialized configuration metadata; generating a digital object identifier for the streaming data resource to be encapsulated; and encapsulating the streaming data resource to be encapsulated into a digital object based on the standardized basic metadata, the initialized configuration metadata, and the digital object identifier to obtain a streaming digital object, thereby realizing the digital object encapsulation of streaming data within the data network and solving the problem of connecting and encapsulating streaming data to the data network. In this method, the streaming digital object consists of standardized basic metadata, initialized configuration metadata, and a digital object identifier for encapsulating the streaming digital resource. The digital object identifier of the streaming digital object is used for discovery and indexing of the streaming digital object in the interconnection and interoperability operations of heterogeneous, cross-domain, and cross-master data within the data network. This method can effectively transform streaming data resources into digital objects and then connect and encapsulate them into the data network. However, the effective scope of this method is mainly concentrated on the discovery and location of data resources. It cannot be effectively used throughout the entire process of data circulation, including supply and demand matching, transmission and use, and joint computing. Furthermore, the digital object identification method in this approach does not establish an association with the computing entity during computation. Therefore, when cross-domain use of original data resources occurs throughout the entire data circulation process, it is difficult to ensure the traceability of data sources and the verification of cross-domain operating entities through digital object identification, posing a risk of data being used beyond its scope.

[0050] Based on the above technical solutions, data resources, as a new type of production factor, are characterized by high fixed costs, low marginal costs, unclear property rights, diverse sources, and variable structures compared to ordinary commodities. Their circulation and use involve a wider range of entities, more diverse stakeholders, and more complex processes. However, the technical solutions in related technologies currently lack the means to identify data object subjects during data circulation and to control the associated behaviors of the circulating digital objects through identification information.

[0051] To address the aforementioned technical issues, this application proposes a method for generating global identity identifiers for digital objects throughout the entire data circulation lifecycle. This method systematically considers the differences in the entire data circulation lifecycle, various data confidentiality requirements, and different data delivery models, thereby achieving global uniformity and trusted use control of digital object identity identifiers.

[0052] In this embodiment, the identity generation method is implemented based on DSSN, which can be abstractly adapted to any data circulation management and control infrastructure to complete the actual business of data element circulation.

[0053] In this embodiment, the identity generation method can be implemented based on modules of different network elements in the DSSN. This mainly involves the registry module, identity calculation module, data directory table module, contract information table module, permission management module, and storage system module of the delivery service platform (DSP); and also the data resource processing module, identity calculation module, and permission verification module of the data service node (DSN). Taking data circulation party A as the data resource provider and data circulation party B as the data demander, and using the DSSN to complete data circulation activities as an example, the architecture diagram of the identity generation method implemented through the DSSN is as follows: Figure 1 As shown.

[0054] Based on the above, Figure 1 As shown in the DSSN architecture, this application embodiment provides an identity generation method, such as... Figure 2 As shown, applied to the first network node, the method may include:

[0055] S201, Receive the first data characteristic information of the data resources sent by the second network node.

[0056] In this embodiment, the first network node is a delivery service platform (DSP).

[0057] In this embodiment of the application, the second network node is the DSN corresponding to the data circulation party A (also known as the data provider).

[0058] In this application embodiment, the first data feature information includes: data ownership certificate corresponding to the data resource, data confidentiality requirements (such as core data, important data or ordinary data), data resource information required for data catalog registration (such as administrative division, organization code, industry, etc.), and data circulation and usage methods (such as privacy computing, controlled use, API calls, etc.).

[0059] In this embodiment, the data resource processing module in the DSN corresponding to data circulation party A completes the preprocessing of local data. The local data may be generated by data circulation party A during production and operation, or it may be collected or read from other platforms. The data preprocessing includes operations such as data cleaning and format conversion after data collection or generation. Data resources are selected from the preprocessed data (these data resources are data that data circulation party A has the right to use and can trade).

[0060] In this embodiment of the application, after the data circulation party A selects a data resource, it sends the data ownership certificate, data confidentiality requirements (such as core data, important data, and ordinary data), data resource information required for data catalog registration (such as administrative division, organization code, industry, etc.), and data circulation usage method (such as privacy computing, controlled use, API call, etc.) corresponding to the selected data resource to the delivery service platform (i.e., DSP). The DSP receives the above information sent by the DSN corresponding to the data circulation party A.

[0061] In this embodiment of the application, data circulation party A can send a request to the DSP to generate a data circulation object from the data resources. The request contains the first data feature information corresponding to the data resources. The DSP can obtain the first data feature information corresponding to the data resources from the request.

[0062] S202. Based on the first data feature information, determine the first identification information corresponding to the data resource, and send the first identification information to the second network node.

[0063] In this embodiment of the application, determining the first identifier information corresponding to the data resource based on the first data feature information can be achieved in the following ways:

[0064] Based on the first data feature information, the data resources are classified into levels to obtain the level information corresponding to the data resources; based on the level information and / or the first data feature information, the first identification information corresponding to the data resources is determined.

[0065] In this embodiment of the application, the first identification information can be referred to as the identity identification prefix.

[0066] In this embodiment of the application, the identifier calculation module in the DSP classifies and grades the data resources based on the first data feature information (i.e., the relevant data feature information corresponding to the data resources) received from the data circulation party A. The basis for classifying and grading the data resources is the data feature information of the data resources (such as ownership certificates, etc.), rather than the data resources themselves.

[0067] In the embodiments of this application, data resources can be classified and graded using classifier algorithms such as Bayesian models, vector machine models, and graph neural network pre-trained models to establish classification and grading standards for data feature information.

[0068] In this embodiment of the application, the first data feature information can be input into the above model to classify and grade the data resources, and obtain the corresponding classification and grading results of the data resources.

[0069] In this embodiment of the application, the obtained classification and grading results can be further integrated with the source characteristics of data resources (such as the first data feature information, or the obtained credit code, the time of requesting the generation of data circulation objects, etc.) to calculate the identity identifier prefix.

[0070] In this embodiment of the application, the specific calculation method for the identity prefix can be as follows: Figure 3 The calculation was obtained using the process shown. Figure 3 In the process, hash calculation (MD5 can be used) is performed based on the level information and / or the first data feature information. After obtaining the calculation result, Base62 encoding is performed to shorten the length, and 8 characters are truncated. The obtained 8 characters are compared with the identity prefix stored in the data directory table in the DSP. If they are not duplicated, the obtained 8 characters are determined as the identity prefix. If they are duplicated, the aforementioned calculation process is repeated to obtain the identity prefix.

[0071] In this embodiment, the DSP sends the generated identity prefix to the DSN corresponding to the data circulation party A.

[0072] S203. Receive data resources and corresponding global identity information sent by the second network node. The global identity information is used for data resource management during the data resource circulation process.

[0073] Among them, the global identity information is generated by the second network node based on the first identity information and the second data feature information of the acquired data resources.

[0074] In this application embodiment, the second data feature information may include one or more of the following: the size of the data resource, the modification time of the data resource, the URL of the data resource, the classification and grading results of the data resource, etc.

[0075] In this embodiment of the application, the DSP receiving data resources sent by the second network node can include the following two cases:

[0076] Receive encrypted data resources obtained by encrypting data resources sent by the second network node; or receive unencrypted data resources sent by the second network node.

[0077] In this embodiment, data circulation party A determines whether the circulating data resource is classified and cannot be circulated across domains. If it is a non-cross-domain data resource, data circulation party A uses the SHA256 secure hash algorithm to calculate a data tag code for the data resource and sends the generated data tag code to the DSP. The DSP receives the data tag code (i.e., encrypted data resource) sent by data circulation party A's DSN. Alternatively, if it is a cross-domain data resource, data circulation party A's DSN directly sends the circulating data resource body to the DSP, and the DSP receives the data resource body (i.e., unencrypted data resource) sent by data circulation party A's DSN.

[0078] In this embodiment, after the DSP sends the generated identity prefix to the DSN corresponding to the data circulation party A, the identity calculation module of the DSN corresponding to the data circulation party A combines one or more of the following: the size of the data resource, the modification time of the data resource, the URL of the data resource, and the classification and grading results of the data resource, and generates global identity information together with the identity prefix, and sends the generated global identity information to the DSP.

[0079] In this embodiment, the DSP receives global identity information sent by the DSN corresponding to the data circulation party A, and manages the aforementioned data resources based on the global identity information during the data resource circulation process.

[0080] It is understood that the identity generation method provided in this application embodiment introduces global identity information of data resources. Since the global identity information is generated by the second network node based on the first identification information and the second data feature information, and the first identification information corresponds to the first data feature of the data resource, the generated global identity information uses the feature information inherent in the data resource itself. By associating the feature information inherent in the data resource itself with the global identity information, corresponding global identity information can be generated for the feature information of different data resources during the data resource circulation process. This enables the identification of digital objects throughout the entire data circulation cycle, thereby achieving full-cycle control of digital objects.

[0081] In one embodiment of this application, after receiving the first data feature information of the data resource sent by the second network node, if the first data feature information is verified to be valid, the storage request or usage area information of the data resource sent by the second network node is received.

[0082] In this embodiment of the application, if the data resource can be circulated across domains, the DSP receives a storage request for the data resource; if the data resource cannot be circulated across domains, the DSP receives a notification message that the circulating data resource cannot be circulated across domains based on confidentiality requirements.

[0083] Specifically, the data circulation platform (DSP) reviews the request sent by data circulation party A, that is, it reviews the first data feature information carried in the request. If the review is successful, the DSP sends a review approval message to the DSN of data circulation party A. After receiving the message, if the data resource to be circulated can be circulated across domains, the data resource needs to be stored in the DSP first. Therefore, the DSN of data circulation party A sends a storage request for the data resource (for data resources that can be circulated across domains) to the DSP, and the DSP receives the storage request sent by the DSN of data circulation party A. If the data resource to be circulated cannot be circulated across domains, the DSN of data circulation party A sends a notification message to the DSP that the data resource cannot be circulated across domains, and the DSP receives the notification message sent by the DSN of data circulation party A.

[0084] In this embodiment, after receiving a storage request or a notification message indicating that data resources cannot be transferred across domains from the DSN of data circulation party A, the DSP sends different information to the DSN of data circulation party A based on the different information received. Specifically: after determining the first identification information corresponding to the data resource based on the first data feature information, the DSP not only sends the generated first identification information to the DSN of data circulation party A, but also sends the storage information of the data resource and the level information of the data resource determined based on the first data feature information to the second network node based on the storage request, or sends the level information to the second network node based on the usage area information, so that the second network node can determine the second identification information based on the storage information and / or the level information.

[0085] In this embodiment, the storage information may be a storage location or storage path (such as a target URL) allocated by the DSP for the data resources of the data circulation party A.

[0086] In this embodiment of the application, if the DSP receives a storage request, it sends the storage information (such as the target URL) of the circulating data (i.e., the data resource to be circulated) and characteristic information such as the data classification and grading results to the DSN of the data circulation party A.

[0087] In this embodiment, if the DSP receives a notification message that data resources cannot be circulated across domains, it sends characteristic information such as the data classification and grading results of the circulating data to the DSN of the data circulation party A, but does not send storage information.

[0088] In this embodiment of the application, if the DSP verifies the first data feature information, the DSP generates a public-private key pair (P... k S k ), public key P kThe approval message sent by the DSP to the DSN of data circulation party A is simultaneously sent to data circulation party A, S k It is stored in the DSP's registry module.

[0089] It should be noted that the public and private key pairs can be generated using asymmetric encryption algorithms such as RSA.

[0090] In this embodiment of the application, the public key P received by the DSN of data circulation party A k It can be used to encrypt the ontology of circulating data resources or the data token generated by circulating data resources (for data resources that cannot be circulated across domains), and then utilize the public key P. k The encrypted information is packaged with global identity information and sent to the DSP. The DSP receives the public key P sent by the DSN of data circulation party A. k The encrypted information and the global identity information.

[0091] It should be noted that the data resource ontology received by the DSP is stored in the DSP's storage system module. The global unified identity identification information, the received first data feature information, classification and grading results, etc. are stored in the DSP's data directory table module. The data directory table module uses blockchain for storage to avoid the risk of data directory table being tampered with, and at the same time realizes cross-domain identity mutual recognition, making it more compliant.

[0092] In one embodiment of this application, after receiving the first data feature information of the data resource sent by the second network node, if the verification of the first data feature information fails, an update request for the first data feature information is sent to the second network node; and the updated first data feature information resent by the second network node based on the update request is received.

[0093] In this embodiment of the application, if the DSP fails to verify the first data feature information in the request, it sends a request to update the first data feature information to the DSN of the data circulation party A. That is, when the review fails, the DSP notifies the data circulation party A to modify the first data feature information and resubmit it, and then the DSP reviews it again.

[0094] In this embodiment of the application, data circulation party A modifies the information carried in the request and resubmits the updated first data feature information to the DSP. The DSP receives the updated first data feature information sent by the DSN of data circulation party A and re-examines it. After the examination is passed, the relevant steps after the examination are performed as described above.

[0095] In one embodiment of this application, after the DSP receives the circulating data resources and the global unified identity identification information, it can also obtain the identification information of the third network node from the third network node when conducting actual data circulation; generate the third identification information of the data resources based on the global identity identification information and the identification information; and manage the data resources based on the third identification information.

[0096] In this embodiment of the application, the third network node can be the DSN corresponding to the data flow party B (also known as the data demand party).

[0097] In this embodiment of the application, the DSP retrieves the contract information table in the contract information table module. If there is an associated contract for the circulating data resource ontology, the identification information (i.e., the circulation code of the data circulation party B) is obtained from the data circulation party B that has reached the delivery circulation contract. This identification information can be the social credit code of the data circulation party B, etc.

[0098] In this embodiment of the application, a circulation code for data circulation B is added to the global identity information to generate a single circulation identification code (i.e., third identification information) for the data resource, which is used to manage and control digital objects (data resources) throughout the circulation cycle.

[0099] In this embodiment, when data elements (i.e., data resources associated with the circulation business of the DSP) are actually circulated and used, the permission verification module in the DSN of the data circulation party B parses the data identification information (i.e., the single circulation identification code generated and sent by the DSP), compares it with the circulation contract, and when the verification is successful, the DSN of the data circulation party B sends a verification success message to the DSP. After receiving the verification success message sent by the data circulation party B, the DSP stores the corresponding private key S. k It is sent to data circulation party B for decryption of data resources during a single data circulation process.

[0100] This application also provides an identity generation method, such as... Figure 4 As shown, when applied to a second network device, the method may include:

[0101] S401. Send the first data feature information of the data resource to the first network node, and receive the first identification information of the data resource determined by the first network node based on the first data feature information.

[0102] In this embodiment of the application, the second network node is the DSN corresponding to the data circulation party A (also known as the data provider).

[0103] In this application embodiment, the first data feature information includes: data ownership certificate corresponding to the data resource, data confidentiality requirements (such as core data, important data or ordinary data), data resource information required for data catalog registration (such as administrative division, organization code, industry, etc.), and data circulation and usage methods (such as privacy computing, controlled use, API calls, etc.).

[0104] In this embodiment of the application, the first identification information can be referred to as the identity identification prefix.

[0105] In this embodiment of the application, data circulation party A can send a request to the DSP to generate a data circulation object by sending data resources. The request includes the first data feature information corresponding to the aforementioned data resources.

[0106] It should be noted that the first data feature information can be obtained by data circulation party A based on the data resources selected after preprocessing.

[0107] In this embodiment, after the DSN of data circulation party A sends the first data feature information to the DSP, the DSP determines the identity prefix based on the first data feature information. The specific determination method can be referred to the implementation process in the aforementioned embodiment, and will not be repeated here.

[0108] In this embodiment of the application, after sending the first data feature information of the data resource to the first network node, it is also possible to receive the update request for the first data feature information sent by the first network node; and resend the updated first data feature information to the first network node based on the update request.

[0109] In this embodiment, after the DSN of data circulation party A sends the first data feature information to the DSP, the DSP can verify the first data feature information. If the verification is different, the DSP sends an update request to the DSN of data circulation party A. Upon receiving the update request, the DSN of data circulation party A resubmits the updated first data feature information to the DSP.

[0110] S402, Obtain the second data feature information of the data resource.

[0111] In this application embodiment, the second data feature information may include one or more of the following: the size of the data resource, the modification time of the data resource, the URL of the data resource, the classification and grading results of the data resource, etc.

[0112] In this embodiment of the application, the second data feature information of the data resource can be obtained in the following ways:

[0113] Send a storage request or usage area information for data resources to a first network node; receive storage information and grade information of data resources sent by the first network node, or receive grade information sent by the first network node; determine the storage information and / or grade information, as well as the attribute information of data resources obtained from a second network node, as second data feature information.

[0114] In this embodiment of the application, the attribute information of the data resource may include the size of the data resource and the modification time of the data resource.

[0115] In this embodiment of the application, the size of the data resource and the modification time of the data resource can be obtained by the data circulation party A from itself.

[0116] In this embodiment of the application, the URL of the data resource (i.e., storage information) and the classification and grading results of the data resource (i.e., grade information) are obtained through DSP.

[0117] In this embodiment, the DSN of data circulation party A sends a storage request for data resources (data resources that can be circulated across domains) or usage area information of data resources (resources that cannot be circulated across domains) to the DSP, i.e., information on non-cross-domain circulation. When the DSP receives the storage request, it sends the URL and classification information of the data resource to the DSN of data circulation party A. When the DSP receives the information that the data resource cannot be circulated across domains, it sends the classification information to the DSN of data circulation party A.

[0118] In this embodiment of the application, the data circulation party A determines the URL of the received data resource, the classification and grading results, the size of the data resource that it can obtain, and the modification time of the data resource as the second data feature information.

[0119] S403. Generate global identity information based on the first identification information and the second data feature information.

[0120] In this embodiment of the application, global identity information is generated based on the first identification information and the second data feature information, which can be achieved in the following ways:

[0121] Based on the stored information and / or the level information and / or the attribute information, generate the second identification information; based on the first identification information and the second identification information, generate the global identity identification information.

[0122] In this embodiment of the application, the second identification information can be an identity identifier suffix.

[0123] In this embodiment, the DSN identifier calculation module of data circulation party A performs data feature fusion based on the classification and grading results of the received data resources, the URL for storing the data resources (if received), the size of the data resources, the modification time of the data resources, etc., to calculate the identity identifier suffix. The identity identifier suffix calculation method can adopt... Figure 5 The process shown is as follows. Specifically, hash calculations (MD5 can be used) can be performed based on the data resource classification and grading results (such as attributes and security levels), URL (optional), data resource size, and data resource modification time to obtain the calculation result. The result is then further shortened using Base62 encoding and truncated to 16 characters. This is compared with the existing identity identifier suffix in the data directory table. If they are duplicates, the MD5 calculation and subsequent processes are repeated. If they are not duplicates, the identity identifier suffix is ​​obtained.

[0124] In this embodiment of the application, the identity identifier suffix and the identity identifier prefix are combined to form the global identity identifier information of the data resource.

[0125] S404. Send the global identity information and data resources to the first network node so that the first network node can manage and control the data resources during the data resource circulation process based on the global identity information.

[0126] In this embodiment, data circulation party A sends the generated global identity information and data resources to the DSP.

[0127] In this embodiment, before sending the global identity information and data resources to the first network node, the DSN of data circulation party A needs to determine the usage area information corresponding to the data resources; if the data resources correspond to the first usage area information, it is determined that the data resources will be encrypted to obtain encrypted data resources, so as to send the encrypted data resources to the first network node; or, if the data resources correspond to the second usage area information, it is determined that the data resources will not be encrypted, so as to send the data resources to the first network node.

[0128] In this embodiment, the DSN of data circulation party A needs to determine whether the circulating data resource can be circulated across domains. If the data resource cannot be circulated across domains, the data resource is encrypted using the SHA256 secure hash algorithm to obtain a data tag code (i.e., encrypted data resource), and the data tag code is sent to the DSP. If the data resource can be circulated across domains, the data resource is not encrypted, and the data resource body is directly sent to the DSP.

[0129] In this embodiment of the application, the DSN of data circulation party A can also receive the public key P sent by the DSP. k Public key Pk The DSN can be used by data circulation party A to encrypt the data resource ontology or the data resource generated during circulation (for data resources that cannot be circulated across domains), and then utilize the public key P. k The encrypted information is packaged with global identity information and sent to the DSP. The DSP receives the public key P sent by the DSN of data circulation party A. k The encrypted information and the global identity information.

[0130] It is understood that the identity generation method provided in this application embodiment introduces global identity information of data resources. Since the global identity information is generated by the second network node based on the first identification information and the second data feature information, and the first identification information corresponds to the first data feature of the data resource, the generated global identity information uses the feature information inherent in the data resource itself. By associating the feature information inherent in the data resource itself with the global identity information, corresponding global identity information can be generated for the feature information of different data resources during the data resource circulation process. This enables the identification of digital objects throughout the entire data circulation cycle, thereby achieving full-cycle control of digital objects.

[0131] Based on the above embodiments, this application also provides a schematic diagram of the overall process of an identity generation method, such as... Figure 6 As shown, the specific steps include:

[0132] S1. Data Circulator A's DSN selects a data resource and sends a request to the Delivery Service Platform (DSP) containing the first data characteristic information corresponding to the data resource (including data ownership certificate, data confidentiality requirements (such as core data, important data, and ordinary data), data resource information required for data catalog registration (such as administrative division, organization code, and industry), data circulation and usage method (such as privacy computation, controlled use, and API calls), and data export requirements). The data resource is selected from the pre-processed data by the data resource processing module in Data Circulator A's DSN after local data preprocessing.

[0133] It should be noted that a request to generate a data flow object from data resources can be sent to the DSP, and this request carries the first data characteristic information.

[0134] S1', Data Circulation Provider B submits a data circulation request to the DSP.

[0135] S2, DSP verifies whether the request sent by the DSN of data circulation party A is approved.

[0136] S3. If the request for review fails, notify the data circulation party A to modify the first data feature information and resubmit.

[0137] S3' If the request is approved, generate a public-private key pair (P). k S k ), will S k It is stored in the registry module.

[0138] S4. Send an approval message to the DSN of data circulation party A, and simultaneously send the public key P. k .

[0139] S5. The DSN of data circulation party A resubmits the updated request to the DSP, or sends a storage request or a notification that data resources cannot be circulated across domains.

[0140] It should be noted that storage requests are for data resources that can be circulated across domains.

[0141] S6 and DSP classify data resources into different levels based on the first data feature information, and obtain classification and grading results.

[0142] S7 and DSP generate an identity prefix based on the classification and grading results and / or the first data feature information.

[0143] S8, DSP sends the identity prefix, storage information and / or classification and grading results to the DSN of data circulation party A.

[0144] S9. The DSN of data circulation party A generates an identity identifier suffix based on the storage information (if it exists), the classification and grading results, the size of the data resources it acquires, and the modification time, and generates global identity identifier information by combining the identity identifier prefix.

[0145] S10 (optional): Calculate the data tag code using the DSN of data transfer party A. This step is only for data resources that cannot be transferred across domains.

[0146] S11. Data circulator A's DSN sends a message to the DSP using public key P. k Encrypted circulating data resource ontology or data tag code, as well as global identity identification information.

[0147] S12, DSP stores the data resource ontology, global identity information, first data feature information, classification and grading results, etc.

[0148] When data provider A and data provider B enter into a data transaction contract, the following steps are performed:

[0149] S13. The DSP combines the global identity information sent by data circulation party A with the circulation code (such as institutional information) obtained from data circulation party B to form a single circulation identification code.

[0150] S14. When the DSN of data circulation party B passes the verification of the circulation identification code, the DSP sends S to the DSN of data circulation party B. k To facilitate single-transaction data resource circulation.

[0151] It should be noted that S k Used for decryption and exploitation of P k Data resources that have been encrypted.

[0152] It should be noted that the above implementation steps can be adjusted in order according to actual needs.

[0153] Based on the above embodiments, this application embodiment constructs global identity identification information for digital objects, which is unique, universal, and tamper-proof throughout the entire data circulation cycle and contains actual characteristic information of data resources, thereby realizing the data ontology as trustworthy, controllable, and traceable.

[0154] In this embodiment, a global identity identifier is constructed for digital objects (i.e., circulating data resources) by combining an identity identifier prefix with an identity identifier suffix. This ensures that the identifier of the digital object is globally unified. The global identity identifier is associated with the source information of the digital object and the characteristics of the data itself. In addition to associating it with the data resource itself provided by data circulation party A, it can also treat the data resource as a data asset entering circulation activities. This method is well adapted to the current data catalog registration method and has strong compatibility with existing general systems. Furthermore, different global identity identifiers are generated and associated with the digital object ontology for data resources delivered with different levels of confidentiality requirements. This ensures that the global identity identifier of the digital object assists in the management and control of the digital object's source throughout the entire data circulation lifecycle, making the constructed global identity identifier for digital objects applicable to data resources with different confidentiality requirements and different delivery modes, without forcing data providers to store data across domains.

[0155] In this embodiment, a globally unified and mutually recognized global identity identifier is designed to ensure that digital objects are universally applicable across all nodes during cross-domain circulation. Finally, after the data circulation activity is completed and the contract is clarified, the information of the entities involved in operating on this digital object, such as data suppliers and demanders, is added to the global identity identifier. In a single data circulation delivery task, a single circulation identification code is generated for the entire circulating digital object, associating it with the circulating data resource entity, effectively achieving the control requirements for digital objects throughout the entire circulation lifecycle. Simultaneously, a good general solution is provided for personalized adjustments to individual data resources to adapt to a specific data circulation activity.

[0156] Compared with related technologies, the technical solutions in the embodiments of this application have the following technical advantages:

[0157] (1) The implementation of the embodiments of this application is not limited to use within the same sovereign domain. When digital objects are circulated as data resources or digital assets or even used across domains, the representation method in the embodiments of this application is synchronized between different domains and can support application throughout the entire data circulation cycle.

[0158] (2) Real-world data circulation scenarios are diverse, and the confidentiality requirements for data delivery are not uniform. There are many real-world needs for data circulation and use where the original data must not leave the domain. The DSP in this application embodiment can be flexibly applied to such scenarios by generating a single-transaction identification code.

[0159] (3) Compared to most implemented data identification applications, whose effective scope is mainly concentrated on the discovery and location of data resources, and which cannot be effectively used throughout the entire process of data circulation, such as supply and demand matching, transmission and use, and joint computing, the global identity information generation method for digital objects in this application establishes an association with the computing subject during computing use. Therefore, when cross-domain use of original data resources occurs in the entire data circulation process, it can ensure the traceability of data source and realize the verification of cross-domain operation subjects through the global identity information of digital objects, thus preventing the risk of data being used beyond its scope.

[0160] Based on the above embodiments, another embodiment of this application provides a first network node 1, such as... Figure 7 As shown, the first network node 1 includes:

[0161] The first receiving unit 10 is used to receive the first data characteristic information of the data resources sent by the second network node.

[0162] The determining unit 11 is used to determine the first identification information corresponding to the data resource based on the first data feature information.

[0163] The first sending unit 12 is used to send the first identification information to the second network node.

[0164] The first receiving unit 10 is further configured to receive data resources and corresponding global identity information sent by the second network node. The global identity information is generated by the second network node based on the first identity information and the second data feature information of the acquired data resources. The global identity information is used to manage and control data resources during the data resource circulation process.

[0165] In one embodiment, the determining unit 11 is further configured to classify the data resources into levels based on the first data feature information to obtain the level information corresponding to the data resources; and to determine the first identification information corresponding to the data resources based on the level information and / or the first data feature information.

[0166] In one embodiment, the first receiving unit 10 is further configured to receive a storage request for data resources or usage area information sent by the second network node if the verification of the first data feature information is successful.

[0167] The first sending unit 12 is further configured to send storage information of data resources and grade information of data resources determined based on the first data feature information to the second network node based on the storage request, or to send the grade information to the second network node based on the usage restriction information, so that the second network node can determine the second identification information based on the storage information and / or the grade information.

[0168] In one embodiment, the first sending unit 12 is further configured to send an update request for the first data feature information to the second network node if the verification of the first data feature information fails.

[0169] The first receiving unit 10 is also used to receive the updated first data feature information retransmitted by the second network node based on the update request.

[0170] In one embodiment, the first receiving unit 10 is further configured to receive encrypted data resources obtained by encrypting the data resources sent by the second network node; or, to receive unencrypted data resources sent by the second network node.

[0171] In one embodiment, the first network node may further include: an acquisition unit and a management unit.

[0172] The acquisition unit is used to acquire the identification information of the third network node from the third network node.

[0173] The determining unit 11 is also used to generate third identification information of data resources based on global identity information and identification information.

[0174] The control unit is used to control data resources based on third-party identification information.

[0175] This application provides a first network node that receives first data feature information of data resources sent by a second network node; determines first identification information corresponding to the data resources based on the first data feature information, and sends the first identification information to the second network node; and receives data resources and corresponding global identity information sent by the second network node. The global identity information is generated by the second network node based on the first identification information and the second data feature information of the acquired data resources. The global identity information is used for data resource management during data resource circulation. Therefore, the first network node proposed in this application introduces global identity information for data resources. Since the global identity information is generated by the second network node based on the first identification information and the second data feature information, and the first identification information corresponds to the first data feature of the data resources, the generated global identity information uses the feature information inherent in the data resources themselves. By associating the feature information inherent in the data resources with the global identity information, corresponding global identity information can be generated for different data resources during data resource circulation. This allows for the identification of digital objects throughout the entire data circulation cycle, achieving full-cycle management of digital objects.

[0176] Figure 8 This is a schematic diagram of the composition structure of a first network node 1 provided in an embodiment of this application. In practical applications, based on the same disclosed concept of the above embodiments, such as... Figure 8 As shown, the first network node 1 in this embodiment of the application includes a first processor 13, a first memory 14, and a first communication bus 15.

[0177] In specific embodiments, the first receiving unit 10, determining unit 11, first sending unit 12, acquiring unit, and control unit can be implemented by a first processor 13 located on the first network node 1. The first processor 13 can be at least one of the following: Application Specific Integrated Circuit (ASIC), Digital Signal Processor (DSP), Digital Signal Processing Device (DSPD), Programmable Logic Device (PLD), Field Programmable Gate Array (FPGA), CPU, controller, microcontroller, and microprocessor. It is understood that for different devices, the electronic device used to implement the above processor functions can also be other types, and this application embodiment does not impose specific limitations.

[0178] In this embodiment, the first communication bus 15 is used to establish a connection and communication between the first processor 13 and the first memory 14; when the first processor 13 executes the running program stored in the first memory 14, it implements the following identity generation method:

[0179] The system receives first data feature information of data resources sent by a second network node; determines first identification information corresponding to the data resources based on the first data feature information, and sends the first identification information to the second network node; and receives data resources and global identity information corresponding to the data resources sent by the second network node, wherein the global identity information is generated by the second network node based on the first identification information and the second data feature information of the data resources obtained, and the global identity information is used for data resource management during data resource circulation.

[0180] In one embodiment, the first processor 13 is further configured to classify the data resources into levels based on the first data feature information to obtain level information corresponding to the data resources; and to determine the first identification information corresponding to the data resources based on the level information and / or the first data feature information.

[0181] In one embodiment, the first processor 13 is further configured to, upon successful verification of the first data feature information, receive a storage request or usage area information of the data resource sent by the second network node; send storage information of the data resource and level information of the data resource determined based on the first data feature information to the second network node based on the storage request, or send level information to the second network node based on usage restriction information, so that the second network node can determine the second identification information based on the storage information and / or level information.

[0182] In one embodiment, the first processor 13 is further configured to send an update request for the first data feature information to the second network node if the verification of the first data feature information fails; and to receive the updated first data feature information resent by the second network node based on the update request.

[0183] In one embodiment, the first processor 13 is further configured to receive encrypted data resources obtained by encrypting data resources sent by the second network node; or, to receive unencrypted data resources sent by the second network node.

[0184] In one embodiment, the first processor 13 is further configured to obtain the identification information of the third network node from the third network node; generate third identification information of the data resource based on the global identity identification information and the identification information; and manage the data resource based on the third identification information.

[0185] Based on the above embodiments, another embodiment of this application provides a second network node 2, such as... Figure 9 As shown, the second network node 2 includes:

[0186] The second sending unit 20 is used to send the first data feature information of the data resource to the first network node.

[0187] The second receiving unit 21 is used to receive the first identification information of the data resource determined by the first network node based on the first data feature information.

[0188] The acquisition unit 22 is used to acquire the second data feature information of the data resource.

[0189] The generation unit 23 is used to generate global identity information based on the first identification information and the second data feature information.

[0190] The second sending unit 20 is also used to send global identity information and data resources to the first network node, so that the first network node can manage and control data resources based on the global identity information during the data resource circulation process.

[0191] In one embodiment, the second network node may further include a determining unit.

[0192] The second sending unit 20 is also used to send a storage request for data resources or usage area information to the first network node.

[0193] The second receiving unit 21 is also used to receive storage information and grade information of data resources sent by the first network node, or to receive grade information sent by the first network node.

[0194] The determining unit is used to determine the storage information and / or level information, as well as the attribute information of the data resources obtained from the second network node, as the second data feature information.

[0195] In one embodiment, the generation unit 23 is further configured to generate second identification information based on storage information and / or level information and / or attribute information; and generate global identity identification information based on the first identification information and the second identification information.

[0196] In one embodiment, the second receiving unit 21 is further configured to receive an update request for the first data feature information sent by the first network node.

[0197] The second sending unit 20 is also used to resend the updated first data feature information to the first network node based on the update request.

[0198] In one embodiment, the determining unit is further configured to determine the usage area information corresponding to the data resource; if the data resource corresponds to the first usage area information, determine to encrypt the data resource to obtain encrypted data resource, and send the encrypted data resource to the first network node; or, if the data resource corresponds to the second usage area information, determine not to encrypt the data resource, and send the data resource to the first network node.

[0199] This application provides a second network node that sends first data feature information of data resources to a first network node and receives first identification information of data resources determined by the first network node based on the first data feature information; acquires second data feature information of data resources; generates global identity identification information based on the first identification information and the second data feature information; and sends the global identity identification information and data resources to the first network node so that the first network node can manage and control data resources during the data resource circulation process based on the global identity identification information. Thus, this application provides a second network node that introduces global identity identification information for data resources. Since the global identity identification information is generated by the second network node based on the first identification information and the second data feature information, and the first identification information corresponds to the first data feature of the data resource, the generated global identity identification information uses the feature information inherent in the data resource itself. By associating the feature information inherent in the data resource itself with the global identity identification information, corresponding global identity identification information can be generated for different data resource feature information during the data resource circulation process. This allows for the identification of digital objects throughout the entire data circulation cycle, achieving full-cycle management and control of digital objects.

[0200] Figure 10 This is a schematic diagram of the composition structure of a second network node 2 provided in an embodiment of this application. In practical applications, based on the same disclosed concept of the above embodiments, such as... Figure 10 As shown, the second network node 2 in this embodiment of the application includes a second processor 24, a second memory 25, and a second communication bus 26.

[0201] In specific embodiments, the second transmitting unit 20, the second receiving unit 21, the acquiring unit 22, the generating unit 23, and the determining unit described above can be implemented by a second processor 24 located on the second network node 2. The second processor 24 can be at least one of an ASIC, DSP, DSPD, PLD, FPGA, CPU, controller, microcontroller, or microprocessor. It is understood that for different devices, the electronic device used to implement the above processor functions can also be other types, and this application embodiment does not impose specific limitations.

[0202] In this embodiment, the second communication bus 26 is used to establish communication between the second processor 24 and the second memory 25; when the second processor 24 executes the running program stored in the second memory 25, it implements the following identity generation method:

[0203] Send the first data feature information of the data resource to the first network node, and receive the first identification information of the data resource determined by the first network node based on the first data feature information; obtain the second data feature information of the data resource; generate global identity identification information based on the first identification information and the second data feature information; send the global identity identification information and the data resource to the first network node so that the first network node can manage the data resource during the data resource circulation process based on the global identity identification information.

[0204] In one embodiment, the second processor 24 is further configured to send a storage request or usage area information of data resources to the first network node; receive storage information and grade information of data resources sent by the first network node, or receive the grade information sent by the first network node; and determine the storage information and / or grade information, as well as the attribute information of data resources obtained from the second network node, as second data feature information.

[0205] In one embodiment, the second processor 24 is further configured to generate second identification information based on storage information and / or level information and / or attribute information; and to generate global identity identification information based on the first identification information and the second identification information.

[0206] In one embodiment, the second processor 24 is further configured to receive an update request for the first data feature information sent by the first network node; and resend the updated first data feature information to the first network node based on the update request.

[0207] In one embodiment, the second processor 24 is further configured to determine the usage area information corresponding to the data resource; if the data resource corresponds to the first usage area information, determine to encrypt the data resource to obtain encrypted data resource, and send the encrypted data resource to the first network node; or, if the data resource corresponds to the second usage area information, determine not to encrypt the data resource, and send the data resource to the first network node.

[0208] Based on the above embodiments, this application provides a storage medium storing a computer program thereon. The computer-readable storage medium stores one or more programs, which can be executed by one or more processors and applied in a first network node / second network node. The computer program implements the identity generation method described above.

[0209] Based on the above embodiments, this application provides a computer program product, including a computer program that can be executed by one or more processors and applied in a first network node / second network node. The computer program implements the identity generation method described above.

[0210] It should be noted that, in the embodiments of this application, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.

[0211] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solutions of the embodiments of this application, or the parts that contribute to the related technology, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) and includes several instructions to cause an image display device (which may be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in the various embodiments of the embodiments of this application.

[0212] The above description is merely a specific implementation of the embodiments of this application, but the protection scope of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the protection scope of this application. Therefore, the protection scope of this application should be determined by the protection scope of the claims.

Claims

1. A method for generating an identity identifier, characterized in that, Applied to a first network node, the method includes: Receive the first data characteristic information of the data resources sent by the second network node; Based on the first data feature information, determine the first identification information corresponding to the data resource, and send the first identification information to the second network node; The system receives the data resource and the corresponding global identity information sent by the second network node. The global identity information is generated by the second network node based on the first identity information and the second data feature information of the data resource. The global identity information is used to manage the data resource during the data resource circulation process.

2. The method according to claim 1, characterized in that, The step of determining the first identifier information corresponding to the data resource based on the first data feature information includes: Based on the first data feature information, the data resources are classified into levels to obtain the level information corresponding to the data resources; Based on the grade information and / or the first data feature information, determine the first identification information corresponding to the data resource.

3. The method according to claim 1, characterized in that, After receiving the first data feature information of the data resources sent by the second network node, the method further includes: If the first data feature information is verified, the storage request or usage area information of the data resource sent by the second network node is received. After determining the first identifier information corresponding to the data resource based on the first data feature information, the method further includes: Based on the storage request, the storage information of the data resource and the level information of the data resource determined based on the first data feature information are sent to the second network node, or the level information is sent to the second network node based on the usage area information, so that the second network node can determine the second identification information based on the storage information and / or the level information.

4. The method according to claim 1, characterized in that, After receiving the first data feature information of the data resources sent by the second network node, the method further includes: If the verification of the first data feature information fails, an update request for the first data feature information is sent to the second network node. Receive the updated first data feature information resent by the second network node based on the update request.

5. The method according to claim 1, characterized in that, The receipt of the data resources sent by the second network node includes: Receive encrypted data resources obtained by encrypting the data resources sent by the second network node; Alternatively, it may receive unencrypted data resources sent by the second network node.

6. The method according to claim 1, characterized in that, The method further includes: Obtain the identification information of the third network node from the third network node; Based on the global identity information and the identification information, a third identification information for the data resource is generated; The data resources are managed and controlled based on the third identification information.

7. A method for generating an identity identifier, characterized in that, Applied to a second network node, the method includes: Send first data feature information of the data resource to the first network node, and receive first identification information of the data resource determined by the first network node based on the first data feature information; Obtain the second data feature information of the data resource; Based on the first identification information and the second data feature information, global identity identification information is generated; The global identity information and the data resources are sent to the first network node so that the first network node can manage the data resources based on the global identity information during the data resource circulation process.

8. The method according to claim 7, characterized in that, The acquisition of the second data feature information of the data resource includes: Send the storage request or usage area information of the data resource to the first network node; Receive storage information and grade information of the data resources sent by the first network node, or receive the grade information sent by the first network node; The storage information and / or level information, as well as the attribute information of the data resources obtained from the second network node, are determined as the second data feature information.

9. The method according to claim 8, characterized in that, The step of generating global identity information based on the first identification information and the second data feature information includes: Based on the stored information and / or the level information and / or the attribute information, generate second identification information; The global identity information is generated based on the first identification information and the second identification information.

10. The method according to claim 7, characterized in that, After sending the first data feature information of the data resource to the first network node, the method further includes: Receive an update request for the first data feature information sent by the first network node; Based on the update request, the updated first data feature information is resent to the first network node.

11. The method according to claim 7, characterized in that, Before sending the global identity information and the data resources to the first network node, the method further includes: Determine the usage area information corresponding to the data resource; If the data resource corresponds to the first usage area information, it is determined that the data resource should be encrypted to obtain encrypted data resource, and the encrypted data resource should be sent to the first network node. Alternatively, if the data resource corresponds to the second usage area information, it is determined that the data resource will not be encrypted in order to send the data resource to the first network node.

12. A first network node, characterized in that, The first network node includes: The first receiving unit is used to receive the first data characteristic information of the data resources sent by the second network node; The determining unit is configured to determine the first identification information corresponding to the data resource based on the first data feature information; The first sending unit is configured to send the first identification information to the second network node; The first receiving unit is further configured to receive the data resource and the global identity information corresponding to the data resource sent by the second network node, wherein the global identity information is generated by the second network node based on the first identity information and the second data feature information of the data resource obtained, and the global identity information is used to manage the data resource during the data resource circulation process.

13. A second network node, characterized in that, The second network node includes: The second sending unit is used to send the first data feature information of the data resource to the first network node; The second receiving unit is configured to receive the first identification information of the data resource determined by the first network node based on the first data feature information; The acquisition unit is used to acquire the second data feature information of the data resource; The generation unit is used to generate global identity information based on the first identification information and the second data feature information; The second sending unit is further configured to send the global identity information and the data resources to the first network node, so that the first network node can manage the data resources based on the global identity information during the data resource circulation process.

14. A first network node, characterized in that, The first network node includes a first processor and a first memory; when the first processor executes the running program stored in the first memory, it implements the method as described in any one of claims 1 to 6.

15. A second network node, characterized in that, The second network node includes: a second processor and a second memory; when the second processor executes the running program stored in the second memory, it implements the method as described in any one of claims 7 to 11.

16. A storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the method as described in any one of claims 1 to 6, or when the computer program is executed by a processor, it implements the method as described in any one of claims 7 to 11.

17. A computer program product, comprising a computer program, characterized in that, The computer program, when executed by a processor, implements the method as described in any one of claims 1 to 6, or the computer program, when executed by a processor, implements the method as described in any one of claims 7 to 11.