Data provenance method, apparatus, device, medium, and program product

By generating target watermarks that meet the geographical requirements based on order information, the problem of inflexible traceability of cross-border data products caused by static watermarks is solved, and reliable traceability of data products is realized during the circulation process.

CN122389009APending Publication Date: 2026-07-14CHINA UNITED NETWORK COMM GRP CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA UNITED NETWORK COMM GRP CO LTD
Filing Date
2026-04-27
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

In existing technologies, the limited information provided by static watermarks cannot meet the flexibility requirements for tracing the flow of cross-border data products, resulting in insufficient flexibility in tracing data products during cross-border transactions.

Method used

By obtaining order information of data products, determining the geographical region information of the recipient, querying the geographical region mapping table to obtain watermark template information, generating a target watermark that meets the requirements of the target geographical region, and embedding it into the data product as a basis for traceability.

Benefits of technology

It improves the flexibility of data product circulation and traceability, prevents traceability difficulties caused by the single watermark content, and ensures that data products can be reliably traced during circulation.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122389009A_ABST
    Figure CN122389009A_ABST
Patent Text Reader

Abstract

The application provides a data traceability method, device, equipment, medium and program product, relates to the technical field of electronic technology, and is used for improving the flexibility of data product flow traceability. The specific technical scheme is: obtaining order information corresponding to a first data product; determining geographical area information of a first data flow receiver based on the order information and a geographical area mapping table; obtaining label template information corresponding to the first data flow receiver based on the geographical area information of the first data flow receiver, the label template information being used for indicating requirements of a geographical area corresponding to the first data flow receiver on information contained in a data product watermark; generating a target watermark corresponding to the first data product based on the label template information and the order information, and embedding the target watermark in the first data product; and the target watermark is used for data traceability of the first data product. The application is applied to the scene of data product flow traceability.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of electronic technology, and in particular to a data traceability method, apparatus, device, medium, and program product. Background Technology

[0002] With the globalization of the digital economy, the cross-border flow of data products through trusted data spaces is becoming increasingly common. To ensure copyright protection and liability definition during this cross-border flow, tracing the origin of data products is crucial.

[0003] In related technologies, when data products are transferred across borders, the data provider first uploads the data product to a trusted data space. Then, the data product is published to the corresponding data recipient according to the pre-set authorization rules. Before the data is published, a static watermark representing the identity of the provider and the recipient is embedded, which serves as the basis for subsequent traceability of the transfer.

[0004] However, the information contained in static watermarks in the aforementioned technical solutions may not meet the requirements for tracing the flow of data. Therefore, the methods for tracing the flow of cross-border data products in these technologies are not flexible enough. Summary of the Invention

[0005] This application provides a data traceability method, apparatus, device, medium, and program product to improve the flexibility of data product flow traceability.

[0006] In a first aspect, embodiments of this application provide a data traceability method, the method comprising: obtaining order information corresponding to a first data product, the order information including location information of a first data transfer recipient corresponding to the first data product; determining the geographical region information of the first data transfer recipient based on the order information and a geographical region mapping table, the geographical region mapping table including at least one mapping relationship between the location information of the data transfer recipient and a geographical region; obtaining tag template information corresponding to the first data transfer recipient based on the geographical region information of the first data transfer recipient, the tag template information being used to indicate the requirements of the geographical region corresponding to the first data transfer recipient for the information contained in the watermark of the data product; generating a target watermark corresponding to the first data product based on the tag template information and the order information, and embedding the target watermark into the first data product; and sending the first data product embedded with the target watermark to the first data transfer recipient through a trusted data space, the target watermark being used for data traceability of the first data product.

[0007] The technical solution provided in this application brings at least the following beneficial effects: Based on the order information, the recipient's location information for the data product is determined; then, based on the recipient's location information, the target geographical region to which the recipient belongs is determined; thereby, a geographical region mapping table is queried to obtain watermark template information indicating the requirements of the target geographical region for the watermark information contained in the data product; based on the watermark template information, a target watermark that meets the requirements of the target geographical region for the watermark information contained in the data product is generated; and the target watermark is used as the basis for subsequent data traceability, preventing the problem of data traceability being impossible due to the single watermark content, and improving the flexibility of data product circulation traceability.

[0008] One possible implementation is that, based on the geographic region information of the first data transfer recipient, the above-mentioned acquisition of the tag template information corresponding to the first data transfer recipient includes: based on the geographic region information of the first data transfer recipient and a target strategy library, the acquisition of the tag template information corresponding to the first data transfer recipient; wherein, the target strategy library includes at least one mapping relationship between geographic region information and tag templates.

[0009] Another possible implementation, the above-mentioned generation of the target watermark corresponding to the first data product based on the tag template information and order information, includes: obtaining the circulation path information corresponding to the first data product based on the order information; obtaining target metadata based on the tag template information and the order information; generating the target watermark corresponding to the first data product based on the circulation path information and the target metadata; wherein the target metadata represents the information required to be included in the watermark of the data product for the geographical region corresponding to the first data circulation recipient.

[0010] In another possible implementation, before obtaining the order information corresponding to the first data product, the method further includes: obtaining data transmission information corresponding to the first data product based on the metadata of the first data product, the data transmission information including at least one of the following: the identity information of the uploader of the first data product, the time information of the first data product being transmitted to the trusted data space, the data structure information of the first data product, and the file size information of the first data product; generating a transmission watermark corresponding to the first data product based on the data transmission information, and embedding the transmission watermark into the first data product; obtaining data authorization information corresponding to the first data product through the trusted data space, the data authorization information including at least one of the following: authorization circulation scope information, authorization validity date information, and authorization usage scope information; generating an authorization watermark corresponding to the first data product based on the data authorization information, and embedding the authorization watermark into the first data product.

[0011] Another possible implementation, the method further includes: determining a first hash value corresponding to the transmission watermark based on the watermark information of the transmission watermark, determining a second hash value corresponding to the authorization watermark based on the watermark information of the authorization watermark, and determining a third hash value corresponding to the target watermark based on the watermark information of the target watermark; performing notarization processing on the first hash value, the second hash value, and the third hash value, and generating notarization information; wherein, the notarization information is used to obtain the first hash value, the second hash value, or the third hash value from the blockchain; the first hash value, the second hash value, or the third hash value is used to detect whether the first data product has been tampered with.

[0012] Secondly, embodiments of this application provide a data traceability device, comprising: an acquisition module, a determination module, a processing module, and a sending module; the acquisition module is used to acquire order information corresponding to a first data product, the order information including the location information of a first data transfer recipient corresponding to the first data product; the determination module is used to determine the geographical area information of the first data transfer recipient based on the order information and a geographical area mapping table, the geographical area mapping table including at least one mapping relationship between the location information of the data transfer recipient and a geographical area; the acquisition module is further used to acquire tag template information corresponding to the first data transfer recipient based on the geographical area information of the first data transfer recipient, the tag template information being used to indicate the requirements of the geographical area corresponding to the first data transfer recipient for the information contained in the watermark of the data product; the processing module is used to generate a target watermark corresponding to the first data product based on the tag template information and the order information, and embed the target watermark into the first data product; the sending module is used to send the first data product embedded with the target watermark to the first data transfer recipient through a trusted data space, the target watermark being used for data traceability of the first data product.

[0013] One possible implementation is that the acquisition module is specifically used to: acquire tag template information corresponding to the first data transfer recipient based on the geographic area information and target strategy library of the first data transfer recipient; wherein the target strategy library includes at least one mapping relationship between geographic area information and tag templates.

[0014] Another possible implementation, the above processing module is specifically used to: obtain the circulation path information corresponding to the first data product based on the above order information; obtain target metadata based on the above tag template information and the above order information; generate a target watermark corresponding to the first data product based on the above circulation path information and the above target metadata; wherein, the above target metadata represents the information required to be included in the watermark of the data product for the geographical area corresponding to the first data circulation recipient.

[0015] In another possible implementation, the aforementioned acquisition module is further configured to, before acquiring the order information corresponding to the first data product, acquire the data transmission information corresponding to the first data product based on the metadata of the first data product. This data transmission information includes at least one of the following: the identity information of the uploader of the first data product, the time information of the first data product being transmitted to the trusted data space, the data structure information of the first data product, and the file size information of the first data product. The aforementioned processing module is further configured to, based on the data transmission information acquired by the acquisition module, generate a transmission watermark corresponding to the first data product and embed the transmission watermark into the first data product. The aforementioned acquisition module is further configured to, through the trusted data space, acquire the data authorization information corresponding to the first data product. This data authorization information includes at least one of the following: authorization scope information, authorization validity date information, and authorization usage scope information. The aforementioned processing module is further configured to, based on the data authorization information acquired by the acquisition module, generate an authorization watermark corresponding to the first data product and embed the authorization watermark into the first data product.

[0016] In another possible implementation, the determining module is further configured to determine a first hash value corresponding to the transmission watermark based on the watermark information of the transmission watermark, determine a second hash value corresponding to the authorization watermark based on the watermark information of the authorization watermark, and determine a third hash value corresponding to the target watermark based on the watermark information of the target watermark; the processing module is further configured to perform notarization processing on the first hash value, the second hash value, and the third hash value, and generate notarization information; wherein, the notarization information is used to obtain the first hash value, the second hash value, or the third hash value from the blockchain; the first hash value, the second hash value, or the third hash value is used to detect whether the first data product has been tampered with.

[0017] Thirdly, this application provides an electronic device comprising: a processor and a memory; the memory stores a program or instructions executable on the processor, wherein the program or instructions, when executed by the processor, implement the method of the first aspect described above.

[0018] Fourthly, this application provides a readable storage medium on which a program or instructions are stored, which, when executed by a computer, implement the method of the first aspect described above.

[0019] Fifthly, this application provides a computer program product stored in a storage medium, which, when executed by a computer, implements the method described in the first aspect.

[0020] In a sixth aspect, embodiments of this application provide a chip including a processor and a communication interface, wherein the communication interface is coupled to the processor, and the processor is used to run programs or instructions to implement the method described in the first aspect.

[0021] The beneficial effects of the second to sixth aspects mentioned above are described in the corresponding description of the first aspect and will not be repeated here. Attached Figure Description

[0022] Figure 1 A schematic diagram of the network architecture for a data tracing method application provided in this application embodiment;

[0023] Figure 2 A flowchart illustrating a data tracing method provided in an embodiment of this application;

[0024] Figure 3 A flowchart illustrating a data tracing method provided in an embodiment of this application;

[0025] Figure 4 A flowchart illustrating a data tracing method provided in an embodiment of this application;

[0026] Figure 5 A flowchart illustrating a data tracing method provided in an embodiment of this application;

[0027] Figure 6 A flowchart illustrating the implementation process of a data tracing method provided in this application embodiment;

[0028] Figure 7 A flowchart illustrating the implementation process of another data tracing method provided in this application embodiment;

[0029] Figure 8 This is a schematic diagram of the structure of a data traceability device provided in an embodiment of this application;

[0030] Figure 9 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation

[0031] The data traceability method, apparatus, equipment, media, and program products provided in this application will now be described in detail with reference to the accompanying drawings.

[0032] The technical solutions of the embodiments of this application will be clearly described below with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of this application. All other embodiments obtained by those skilled in the art based on the embodiments of this application are within the scope of protection of this application.

[0033] The terms "first," "second," etc., used in the specification and claims of this application are used to distinguish similar objects and not to describe a specific order or sequence. It should be understood that such use of data can be interchanged where appropriate so that embodiments of this application can be implemented in orders other than those illustrated or described herein, and the objects distinguished by "first," "second," etc., are generally of the same class and the number of objects is not limited; for example, a first object can be one or more. Furthermore, in the specification and claims, "and / or" indicates at least one of the connected objects, and the character " / " generally indicates that the preceding and following objects are in an "or" relationship.

[0034] The terms "at least one," "at least one of," etc., used in the specification and claims of this application refer to any one, any two, or a combination of two or more of the included items. For example, at least one of a, b, and c can mean: "a," "b," "c," "a and b," "a and c," "b and c," and "a, b, and c," where a, b, and c can be single or multiple. Similarly, "at least two" refers to two or more items, and its meaning is similar to that of "at least one."

[0035] In the description of this application, unless otherwise stated, "a plurality of" means two or more.

[0036] The data traceability method, apparatus, device, medium, and program product provided in this application embodiment can be applied to scenarios of tracing the flow of data products.

[0037] In a trusted data space, data products (such as statistical reports, large models, and anonymized databases) face significant risks during cross-border transfers: First, the recipient may resell the data products or use them for unauthorized purposes; second, once data products are leaked, it is difficult to trace responsibility. Therefore, how to trace the origin of data products becomes extremely important.

[0038] In related technologies, static watermarking is commonly used for product traceability of data products. However, static watermarking suffers from limited content, and the information contained within may not meet the requirements for traceability. Therefore, related technologies are not flexible enough for tracing the flow of cross-border data products.

[0039] To address the aforementioned technical problems, embodiments of this application provide a data traceability method, apparatus, device, medium, and program product. Based on order information, the recipient's location information for the data product is determined. Then, based on the recipient's location information, the target geographical region to which the recipient belongs is determined. A geographical region mapping table is queried to obtain watermark template information indicating the requirements of the target geographical region for the watermark information contained in the data product. Based on this watermark template information, a target watermark that meets the requirements of the target geographical region for the watermark information contained in the data product is generated. This target watermark is used as the basis for subsequent data traceability, preventing the problem of data traceability being impossible due to a single watermark content, and improving the flexibility of data product circulation traceability.

[0040] The data traceability methods, apparatus, devices, media, and program products provided in the embodiments of this application will be described in detail below with reference to the accompanying drawings.

[0041] Figure 1 This illustration shows a network architecture for a data tracing method application provided in an embodiment of this application. For example... Figure 1 As shown, the network architecture includes a data traceability device 101 and a terminal device 102. The data traceability device 101 and the terminal device 102 are interconnected.

[0042] In some embodiments, the data traceability device 101 may be a server, a computer, or a processor or processing unit within a server or computer. The server may be a single server or a server cluster comprising multiple servers. It should be noted that the embodiments of this application do not limit the specific device form of the data traceability device 101. Figure 1 The data traceability device 101 is shown as a single server as an example.

[0043] In some embodiments, the terminal device may be a mobile phone, tablet computer, laptop computer, handheld computer, in-vehicle electronic device, mobile internet device (MID), augmented reality (AR) / virtual reality (VR) device, robot, wearable device, personal computer (PC), ultra-mobile personal computer (UMPC), netbook, or personal digital assistant (PDA), etc., and the embodiments of this application do not specifically limit it. Figure 1 The example shown is a mobile phone, with terminal device 102 as an example.

[0044] It should be noted that the network architecture described in the embodiments of this application is for the purpose of more clearly illustrating the technical solutions of the embodiments of this application, and does not constitute a limitation on the technical solutions provided in the embodiments of this application. As network architectures evolve, the technical solutions provided in the embodiments of this application are also applicable to similar technical problems.

[0045] See Figure 2 This is a flowchart illustrating a data tracing method provided in an embodiment of this application. Figure 2 As shown, the data traceability method provided in this application embodiment can be implemented by the above-mentioned data traceability device, specifically including the following steps 201 to 205.

[0046] Step 201: The data traceability device obtains the order information corresponding to the first data product.

[0047] In some embodiments, the first data product described above includes at least one of the following: statistical reports, artificial intelligence (AI) models, and databases. Of course, the first data product may also include other data products, which can be determined according to actual needs, and this application does not limit this.

[0048] In some embodiments, the above order information may also be referred to as order request information.

[0049] In some embodiments, the order information mentioned above refers to the order placed by the first data recipient when ordering the first data product through the trusted data space.

[0050] In some embodiments, the order information includes the location information of the first data transfer recipient corresponding to the first data product.

[0051] In some embodiments, the data traceability device can obtain order information corresponding to a first data product from a trusted data space.

[0052] In some embodiments, the aforementioned trusted data space refers to a new type of data collaboration infrastructure built on privacy computing, distributed identification, and trusted governance frameworks. Its core is to achieve secure data sharing and value mining across entities and industries without transferring data ownership or allowing the original data to leave the domain.

[0053] In some embodiments, the order information corresponding to the first data product may also include the circulation path information of the first data product.

[0054] Step 202: Based on the above order information and geographic region mapping table, the data traceability device determines the geographic region information of the first data transfer recipient.

[0055] In some embodiments, the above-mentioned geographic region mapping table includes a mapping relationship between the location information of at least one data transfer recipient and a geographic region.

[0056] In some embodiments, the geographic region mapping table described above may be a preset mapping table stored locally.

[0057] In some embodiments, the above-mentioned geographic region mapping table may also be referred to as a domain mapping table.

[0058] In some embodiments, the aforementioned geographic area information is used to indicate the jurisdiction to which the first data transfer recipient belongs.

[0059] In some embodiments, the data tracing device can retrieve a first mapping relationship related to the location information of the first data transfer recipient from the above-mentioned geographic region mapping table, thereby determining the geographic region information of the first data transfer recipient based on the first mapping relationship.

[0060] Step 203: The data traceability device obtains the tag template information corresponding to the first data transfer recipient based on the geographical area information of the first data transfer recipient.

[0061] In some embodiments, the aforementioned label template information is used to indicate the requirements of the geographic region corresponding to the first data transfer recipient for the information contained in the watermark of the data product.

[0062] In some embodiments, the data tracing device can obtain the tag template information corresponding to the first data transfer recipient based on the geographical area information and target policy library of the first data transfer recipient.

[0063] It should be noted that, for the specific implementation method of the data traceability device obtaining the tag template information corresponding to the first data transfer recipient based on the geographical area information and target strategy library of the first data transfer recipient, please refer to the relevant description in the following embodiments. To avoid repetition, this application will not elaborate further here.

[0064] In some embodiments, combined with Figure 2 ,like Figure 3 As shown, step 203 above can be implemented through step 203a as follows.

[0065] Step 203a: The data traceability device obtains the tag template information corresponding to the first data transfer recipient based on the geographical area information and target strategy library of the first data transfer recipient.

[0066] The aforementioned target strategy library includes at least one mapping relationship between geographic area information and tag templates.

[0067] In some embodiments, the target policy library may be a preset policy library stored locally.

[0068] In some embodiments, the data tracing device can retrieve a second mapping relationship in the target policy library that matches the geographical area information of the first data transfer recipient, and then obtain the tag template information corresponding to the first data transfer recipient based on the second mapping relationship.

[0069] In this way, the data traceability device can determine the watermark template information based on the geographical area information of the data transfer recipient and the target strategy library to indicate the requirements of the target geographical area for the information contained in the watermark of the data product. Subsequently, based on the watermark template information, a target watermark that meets the requirements of the target geographical area for the information contained in the watermark of the data product is generated, and the target watermark is used as the traceability basis for subsequent data traceability. This prevents the problem of data traceability being impossible due to the single watermark content and improves the flexibility of data product transfer traceability.

[0070] Step 204: Based on the above-mentioned label template information and the above-mentioned order information, the data traceability device generates a target watermark corresponding to the first data product and embeds the target watermark into the first data product.

[0071] In some embodiments, the data traceability device can generate a target watermark that conforms to the above-mentioned label template information and embed the generated target watermark.

[0072] It should be noted that the specific implementation process of generating a target watermark that conforms to the above-mentioned label template information for the data traceability device and embedding the generated target watermark can be found in the relevant description in the following embodiments. To avoid repetition, this application will not elaborate on it here.

[0073] In some embodiments, combined with Figure 2 ,like Figure 4 As shown, step 204 above can be implemented through steps 204a to 204c.

[0074] Step 204a: Based on the above order information, the data traceability device obtains the circulation path information corresponding to the first data product.

[0075] In some embodiments, the aforementioned flow path information is used to characterize the entire flow nodes of the data product from the original uploader to the current recipient, including key information such as the identity of the entity, operation time, data authorization scope, and legal jurisdiction flow trajectory of each node, providing core basis for restoring the complete data flow chain and determining the compliance of use during subsequent source tracing.

[0076] In some embodiments, the data traceability device can use text recognition technology to parse the order information to obtain the circulation path information corresponding to the first data product.

[0077] For example, the data traceability device can extract the "recipient address" or "destination" field from the order application using text recognition technology, and read the information under the "recipient address" or "destination" field as the flow data information corresponding to the aforementioned first data product.

[0078] Step 204b: The data traceability device obtains target metadata based on the aforementioned label template information and order information.

[0079] The aforementioned target metadata represents the information required to be included in the watermark of the data product for the geographical region corresponding to the first data transfer recipient.

[0080] In some embodiments, the aforementioned target metadata may also be referred to as compliance metadata.

[0081] Step 204c: Based on the above-mentioned flow path information and the above-mentioned target metadata, the data traceability device generates a target watermark corresponding to the first data product and embeds the target watermark into the first data product.

[0082] In some embodiments, the data traceability device can generate a target watermark corresponding to the first data product based on the above-mentioned flow path information and the above-mentioned target metadata. The watermark information of the target watermark includes the data flow information of the first data product and the information required by the geographical area corresponding to the first data recipient.

[0083] In some embodiments, the data traceability device may perform watermark embedding processing on the first data product based on the aforementioned target watermark.

[0084] Specifically, the data traceability device employs differentiated association strategies for different forms of data products: for structured data with metadata at its core, the watermark information is integrated into its standardized metadata system; for unstructured data that is mainly content-based, the watermark information is integrated into its underlying data encoding logic, ensuring that the watermark will not affect the normal use of the data product, but will be continuously retained throughout the entire lifecycle, forming a complete and tamper-proof watermark association chain, providing a reliable basis for subsequent traceability.

[0085] In this way, the data traceability device can obtain the watermark information required by the target geographic region for the watermark information of the data product from the order information based on the watermark template information used to indicate the requirements of the target geographic region for the watermark information of the data product. Then, it can generate a target watermark that meets the requirements of the target geographic region for the watermark information of the data product, and use the target watermark as the traceability basis for subsequent data traceability. This prevents the problem of data traceability being impossible due to the single watermark content, and improves the flexibility of data product circulation traceability.

[0086] Step 205: The data traceability device sends the first data product embedded with the target watermark to the first data transfer recipient through the trusted data space.

[0087] In some embodiments, the target watermark is used for data traceability of the first data product.

[0088] The data traceability method provided in this application determines the recipient's location information based on order information, then determines the target geographic region to which the recipient belongs based on the recipient's location information, and then queries a geographic region mapping table to obtain watermark template information indicating the requirements of the target geographic region for the watermark information contained in the data product. Based on the watermark template information, a target watermark that meets the requirements of the target geographic region for the watermark information contained in the data product is generated, and the target watermark is used as the traceability basis for subsequent data traceability, preventing the problem of data traceability being impossible due to the single watermark content, and improving the flexibility of data product circulation traceability.

[0089] In some embodiments, combined with Figure 2 ,like Figure 5 As shown, prior to step 201 above, the data tracing method provided in this application may further include steps 101a to 101d.

[0090] Step 101a: The data traceability device obtains the data transmission information corresponding to the first data product based on the metadata of the first data product.

[0091] In some embodiments, the data traceability device can determine the data transmission information corresponding to the first data product during the upload phase of the first data product through a trusted data space.

[0092] In some embodiments, the upload stage of the first data product refers to the entire process covering data format recognition, metadata extraction standardization, data uploader identity verification, and initial identity authentication watermark injection, and is the starting point of the traceability chain for the entire life cycle of cross-border data product transfer.

[0093] In some embodiments, the aforementioned data transmission information may also be referred to as upload phase information.

[0094] In some embodiments, the data transmission information includes at least one of the following: the identity information of the uploader of the first data product, the time information of the first data product being transmitted to the trusted data space, the data structure information of the first data product, and the file size information of the first data product.

[0095] Step 101b: Based on the above data transmission information, the data traceability device generates a transmission watermark corresponding to the first data product and embeds the transmission watermark into the first data product.

[0096] In some embodiments, the above-mentioned transmission watermark may also be referred to as upload watermark.

[0097] In some embodiments, the watermark information for transmitting the watermark includes at least one of the following: the identity identifier of the data uploader, and the time information of the first data product being uploaded to the trusted data space. Of course, the watermark information for transmitting the watermark may also include other information, which can be determined according to actual needs, and this application does not limit this.

[0098] In some embodiments, the data tracing device may embed the aforementioned transmission watermark.

[0099] It should be noted that the specific implementation process of embedding the above-mentioned transmission watermark in the data traceability device can be found in the relevant description in the above embodiments. To avoid repetition, this application will not repeat it here.

[0100] Step 101c: The data traceability device obtains the data authorization information corresponding to the first data product through the aforementioned trusted data space.

[0101] In some embodiments, the data authorization information mentioned above includes at least one of the following: authorization scope information, authorization validity date information, and authorization usage scope information.

[0102] In some embodiments, the data authorization information described above represents the time range and application scope during which the first data product is permitted to be used.

[0103] In some embodiments, the aforementioned data authorization information may also be referred to as data release information.

[0104] In some embodiments, the data traceability device determines the data authorization information during the release phase of the first data product through the aforementioned trusted data space.

[0105] In some embodiments, the release stage of the first data product refers to the process by which the data uploader authorizes the data recipients within a specific range to access the data through a trusted data space after the first data product has completed identity authentication during the upload stage.

[0106] In some embodiments, the above-mentioned authorized transfer scope information represents the geographical boundaries and receiving subject scope of the first data product that are permitted to transfer data.

[0107] In some embodiments, the above-mentioned authorized scope of use information represents the specific use scenarios, operating permissions, and usage boundaries of the first data product.

[0108] In some embodiments, the aforementioned data authorization information may also include other information related to the authorization of the first data product, such as the data product's sensitivity level and the number of times the data product is allowed access. The specific details can be determined according to actual needs, and this application does not impose any limitations on this.

[0109] Step 101d: Based on the above data authorization information, the data traceability device generates an authorization watermark corresponding to the first data product and embeds the authorization watermark into the first data product.

[0110] In some embodiments, the watermark information of the authorized watermark includes at least the data authorization information described above.

[0111] In some embodiments, the data traceability device may embed the first data product based on the aforementioned authorized watermark.

[0112] It should be noted that the specific implementation process of the data traceability device embedding the first data product based on the above-mentioned authorized watermark can be found in the relevant description in the above embodiments. To avoid repetition, this application will not repeat it here.

[0113] In this way, the data traceability device can generate transmission watermarks and authorization watermarks based on the data transmission information during the data transmission phase and the authorization information during the authorization phase of the first data product, respectively. The generated transmission watermarks and authorization watermarks are embedded into the first data product. Subsequently, the data traceability device can determine the information of the first data product during the data transmission phase and the information during the authorization phase based on the transmission watermarks and authorization watermarks of the first data product, and perform data traceability on the first data product according to the determined information, thereby improving the flexibility of data product circulation traceability.

[0114] In some embodiments, the data tracing method provided in this application may further include the following steps 301a and 301b.

[0115] Step 301a: The data traceability device determines the first hash value corresponding to the transmission watermark based on the watermark information of the transmission watermark, determines the second hash value corresponding to the authorized watermark based on the watermark information of the authorized watermark, and determines the third hash value corresponding to the target watermark based on the watermark information of the target watermark.

[0116] In some embodiments, the data tracing device can perform watermark extraction processing on the transmission watermark, the authorization watermark and the target watermark respectively, so as to obtain the transmission hash value, authorization hash value and target hash value corresponding to the transmission watermark, the authorization watermark and the target watermark respectively.

[0117] In some embodiments, the watermark extraction process described above includes at least one of the following: metadata parsing, frequency domain analysis, least significant bit (LSB) reading, and discrete cosine transform (DCT) processing. Of course, the watermark extraction process described above may also include other watermark extraction methods, which can be determined according to actual needs, and this application does not limit them.

[0118] In some embodiments, the data tracing device may determine the watermark extraction process based on the data type of the first data product.

[0119] Specifically, when the first data product is structured data, the watermark extraction process is metadata parsing; when the first data product is image data or video data, the watermark extraction process is DCT processing; and when the first data product is document data, the watermark extraction process is metadata parsing.

[0120] In some embodiments, the data traceability device may also determine the watermark extraction process based on the form classification of the first data product.

[0121] Specifically, when the first data product is classified as primarily data content, the watermark extraction process is metadata parsing; when the first data product is classified as primarily document presentation, the watermark extraction process is LSB reading and metadata parsing.

[0122] In some embodiments, the data tracing device may determine the transmission hash value as the first hash value, determine the arithmetic sum of the transmission hash value and the authorization hash value as the second hash value, and determine the arithmetic sum of the transmission hash value, the authorization hash value and the target hash value as the third hash value.

[0123] Step 301b: The data traceability device performs evidence storage processing on the first hash value, the second hash value, and the third hash value, and generates evidence storage information.

[0124] The aforementioned evidence information is used to obtain the first hash value, the second hash value, or the third hash value from the blockchain; the first hash value, the second hash value, or the third hash value is used to detect whether the first data product has been tampered with.

[0125] In some embodiments, the above-described evidence preservation process may also be referred to as on-chain evidence preservation process.

[0126] In some embodiments, the above-mentioned evidence preservation process refers to generating a complete hash chain by the hash values ​​corresponding to each watermark in a chain structure, and then writing the hash chain and the corresponding watermark metadata into the blockchain distributed ledger by calling the blockchain smart contract.

[0127] In some embodiments, the aforementioned evidence storage information refers to the evidence storage transaction identifier (ID).

[0128] In some embodiments, the data traceability device may invoke the blockchain smart contract notarization module to notarize the first hash value, the second hash value, and the third hash value, and receive the returned notarization transaction ID as the notarization information.

[0129] It should be noted that steps 301a and 301b above can be performed after step 101d above.

[0130] Thus, based on the chain hash mechanism, the hash value of the next watermark contains the hash value of the previous watermark, ensuring that any watermark tampering can be detected, thereby improving the accuracy of detecting whether data products have been tampered with through watermarks.

[0131] The data tracing method of this application will be described below through specific embodiments.

[0132] like Figure 6 As shown, the implementation process of the data tracing method provided in this application embodiment includes the following S1 to S9:

[0133] S1. The data traceability device uploads and recognizes the data format.

[0134] Specifically, step S1 can be implemented through the following process: the data traceability device inputs the original data product (i.e., the aforementioned first data product) into a trusted data space, detects the data format of the original data product (i.e., the aforementioned first data product) through the trusted data space, extracts the metadata of the original data product (i.e., the aforementioned first data product), and generates a unified architecture for the original data product (i.e., the aforementioned first data product). Detecting the data format of the original data product (i.e., the aforementioned first data product) refers to identifying the data type of the original data product (i.e., the aforementioned first data product) through methods such as file extensions, Multipurpose Internet Mail Extensions (MIME) types, and content feature recognition; extracting the metadata of the original data product (i.e., the aforementioned first data product) refers to extracting information such as the filename, size, creation time, author, and data structure of the original data product (i.e., the aforementioned first data product); generating a unified architecture for the original data product (i.e., the aforementioned first data product) refers to mapping metadata of different formats to the same standardized format and standardizing the metadata objects.

[0135] S2, The data traceability device generates watermarks during the upload stage.

[0136] Specifically, step S2 above can be achieved through the following process:

[0137] The data traceability device processes the standardized metadata object to generate a watermark, resulting in the upload stage watermark (i.e., the transmission watermark). This upload stage watermark can also be called a #upload tag watermark. For example, the upload stage watermark can be in the form of {"type":"#upload","uploader":"user_001","timestamp":"2026-03-19T10:00:00+08:00","source":"Company A"}. The watermark level can be L1, the highest level. After generating the upload watermark, the data traceability device can embed it into the first data product.

[0138] S3, Watermark generated and released by the data traceability device.

[0139] Specifically, step S3 above can be achieved through the following process:

[0140] The data traceability device generates the aforementioned publication stage watermark (i.e., the aforementioned authorization watermark) based on order information. This publication stage watermark can also be called a #publish tag watermark. For example, the format of the publication stage watermark can be {"type":"#publish","scope":"cross-border","visible_groups":["medical group","research group"],"expiry":"2026-12-31"}. The watermark level of the publication stage watermark can be L2 level, i.e., the second highest level. After generating the aforementioned publication stage watermark, the data traceability device can embed the aforementioned publication stage watermark into the first data product.

[0141] S4. The data traceability device generates watermarks for the circulation stage.

[0142] Specifically, step S4 above can be implemented through the following process:

[0143] The data traceability device generates the aforementioned circulation stage watermark based on order information. This circulation stage watermark can also be referred to as the #circulation tag watermark. The data traceability device can extract the "recipient address" or "data export destination" field from the order information and automatically match it to the legal jurisdiction of the destination location using a preset legal jurisdiction mapping table. Based on the matching result, it retrieves the corresponding tag template from the compliance policy library. For example, geographical region A requires embedding "processing purpose," while geographical region B requires embedding "data source," etc. The watermark level of the aforementioned circulation stage watermark is L3. After generating the aforementioned circulation stage watermark, the data traceability device can embed it into the first data product.

[0144] S5. The data traceability device generates watermarks during the usage phase.

[0145] Specifically, step S5 above can be achieved through the following process:

[0146] The data traceability device generates the aforementioned usage stage watermark based on order information. This usage stage watermark can also be called a #usage tag watermark. For example, the usage stage watermark can be in the form of {"type":"#usage","access_time":"2026-03-19T14:30:00+08:00","operation":"query","user":"doctor_123"}. The watermark level of the usage stage watermark is L4. After generating the usage stage watermark, the data traceability device can embed it into the first data product.

[0147] S6. The data traceability device generates a watermark in the derivative stage.

[0148] Specifically, step S6 above can be achieved through the following process:

[0149] The data traceability device generates the aforementioned derivative stage watermark through a trusted data space. This derivative stage watermark can also be called a #derivative tag watermark. For example, the derivative stage watermark can be in the form of {"type":"#derivative","deriver":"AI_Lab_02","modification":"de-sensitization processing + aggregation statistics"}. The watermark level of the derivative stage watermark is L5, i.e., the lowest priority. After generating the derivative stage watermark, the data traceability device can embed it into the first data product.

[0150] S7. The data traceability device performs watermark overlay and priority management.

[0151] Specifically, step S7 above can be achieved through the following process:

[0152] The data traceability device arranges the watermarks from the upload stage, release stage, circulation stage, usage stage, and derivative stage in a hierarchical order: L1 > L2 > L3 > L4 > L5, placing them at different levels from top to bottom. Higher-level watermarks cover lower-level watermarks of the same field (coverage refers only to coverage in display or conflict handling logic; at the storage level, "append" rather than "rewrite" should be used to preserve the complete watermark chain). Furthermore, the data traceability device performs watermark merging to generate a complete watermark chain.

[0153] S8, the data traceability device performs intelligent watermark extraction processing.

[0154] Specifically, step S8 above can be achieved through the following process:

[0155] First, the data traceability device detects the product type of the first data product and selects a target algorithm based on the product type. Then, the target algorithm is used to extract the watermarks from each watermark to obtain the watermark information of each watermark.

[0156] S9. The data traceability device uploads the watermark information to the blockchain for evidence storage.

[0157] Specifically, step S9 above can be achieved through the following process:

[0158] First, the data traceability device generates a watermark hash value for each watermark based on the extracted watermark information. Then, it invokes a blockchain smart contract to perform notarization processing on the watermark hash values ​​of each watermark, and receives the notarization transaction ID returned by the blockchain.

[0159] It should be noted that the complete implementation process of each step S1 to S9 above is as follows: Figure 7 As shown, to avoid repetition, this application will not repeat the details here.

[0160] It should be noted that the descriptions of each step S1 to S9 in this embodiment can be found in the descriptions in the above embodiments, and will not be repeated here.

[0161] It should be noted that the above-described method embodiments, or the various possible implementations of the method embodiments, can be executed individually, or, provided there is no conflict, they can be combined with each other. The specific implementation can be determined according to actual usage requirements, and this application embodiment does not impose any restrictions on this.

[0162] As can be seen, the above mainly describes the solutions provided by the embodiments of this application from a methodological perspective. To achieve the above functions, the embodiments of this application provide corresponding hardware structures and / or software modules for executing each function. Those skilled in the art should readily recognize that, in conjunction with the modules and algorithm steps of the various examples described in the embodiments disclosed herein, the embodiments of this application can be implemented in hardware or a combination of hardware and computer software. Whether a function is executed in hardware or by computer software driving hardware depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.

[0163] This application embodiment can divide the data traceability device into functional modules according to the above method example. For example, each function can be divided into its own functional module, or two or more functions can be integrated into one processing module. The integrated module can be implemented in hardware or as a software functional module. Optionally, the module division in this application embodiment is illustrative and only represents one logical functional division; other division methods may be used in actual implementation.

[0164] In some embodiments, this application also provides a data traceability apparatus. The data traceability apparatus may include one or more functional modules for implementing the data traceability method of the above method embodiments.

[0165] For example, Figure 8 This is a schematic diagram of a data traceability device provided in an embodiment of this application. Figure 8As shown, the data traceability device 900 includes: an acquisition module 901, a determination module 902, a processing module 903, and a sending module 904.

[0166] The acquisition module 901 is used to acquire order information corresponding to the first data product, which includes the location information of the first data transfer recipient corresponding to the first data product. The determination module 902 is used to determine the geographical area information of the first data transfer recipient based on the order information and a geographical area mapping table, which includes at least one mapping relationship between the location information of the data transfer recipient and a geographical area. The acquisition module 901 is also used to acquire tag template information corresponding to the first data transfer recipient based on the geographical area information of the first data transfer recipient, which indicates the requirements of the geographical area corresponding to the first data transfer recipient for the information contained in the watermark of the data product. The processing module 903 is used to generate a target watermark corresponding to the first data product based on the tag template information and the order information, and embed the target watermark into the first data product. The sending module 904 is used to send the first data product with the embedded target watermark to the first data transfer recipient through a trusted data space, whereby the target watermark is used for data traceability of the first data product.

[0167] The data traceability device provided in this application determines the recipient's location information of the data product based on order information, then determines the target geographical region to which the recipient belongs based on the recipient's location information, and then queries a geographical region mapping table to obtain watermark template information that indicates the requirements of the target geographical region for the watermark information contained in the data product. Based on the watermark template information, a target watermark that meets the requirements of the target geographical region for the watermark information contained in the data product is generated, and the target watermark is used as the traceability basis for subsequent data traceability, preventing the problem of data traceability being impossible due to the single watermark content, and improving the flexibility of data product circulation traceability.

[0168] In some embodiments, the acquisition module 901 is specifically used to: acquire tag template information corresponding to the first data transfer recipient based on the geographic area information and target policy library of the first data transfer recipient; wherein the target policy library includes at least one mapping relationship between geographic area information and tag template.

[0169] In other embodiments, the processing module 903 is specifically used to: obtain the circulation path information corresponding to the first data product based on the order information; obtain target metadata based on the tag template information and the order information; and generate a target watermark corresponding to the first data product based on the circulation path information and the target metadata; wherein the target metadata represents the information required to be included in the watermark of the data product for the geographical area corresponding to the first data circulation recipient.

[0170] In some other embodiments, the acquisition module 901 is further configured to, before acquiring the order information corresponding to the first data product, acquire data transmission information corresponding to the first data product based on the metadata of the first data product. This data transmission information includes at least one of the following: the identity information of the uploader of the first data product, the time information of the first data product being transmitted to the trusted data space, the data structure information of the first data product, and the file size information of the first data product. The processing module 903 is further configured to, based on the data transmission information acquired by the acquisition module, generate a transmission watermark corresponding to the first data product and embed the transmission watermark into the first data product. The acquisition module 901 is further configured to, through the trusted data space, acquire data authorization information corresponding to the first data product. This data authorization information includes at least one of the following: authorization flow scope information, authorization validity date information, and authorization usage scope information. The processing module 903 is further configured to, based on the data authorization information acquired by the acquisition module, generate an authorization watermark corresponding to the first data product and embed the authorization watermark into the first data product.

[0171] In some other embodiments, the determining module 902 is further configured to determine a first hash value corresponding to the transmission watermark based on the watermark information of the transmission watermark, determine a second hash value corresponding to the authorized watermark based on the watermark information of the authorized watermark, and determine a third hash value corresponding to the target watermark based on the watermark information of the target watermark; the processing module 903 is further configured to perform evidence storage processing on the first hash value, the second hash value, and the third hash value, and generate evidence storage information; wherein, the evidence storage information is used to obtain the first hash value, the second hash value, or the third hash value from the blockchain; the first hash value, the second hash value, or the third hash value is used to detect whether the first data product has been tampered with.

[0172] It should be noted that the data traceability device can implement all the processes implemented in the above method embodiments and achieve the same beneficial effects. To avoid repetition, it will not be described again here.

[0173] In the case where the functions of the integrated modules described above are implemented in hardware, this application provides a possible structural schematic diagram of the electronic device involved in the above embodiments. For example... Figure 9 As shown, the electronic device 90 includes: a processor 92, a communication interface 93, and a bus 94. Optionally, the electronic device 90 may also include a memory 91.

[0174] Processor 92 may implement or execute various exemplary logic blocks, modules, and circuits described in conjunction with the disclosure of this application. Processor 92 may be a central processing unit, a general-purpose processor, a digital signal processor, an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. It may implement or execute various exemplary logic blocks, modules, and circuits described in conjunction with the disclosure of this application. Processor 92 may also be a combination that implements computational functions, such as including one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc.

[0175] Communication interface 93 is used to connect with other devices via a communication network. This communication network can be Ethernet, wireless access network, wireless local area network (WLAN), etc.

[0176] The memory 91 may be a read-only memory (ROM) or other type of static storage device capable of storing static information and instructions, random access memory (RAM) or other type of dynamic storage device capable of storing information and instructions, or electrically erasable programmable read-only memory (EEPROM), disk storage media or other magnetic storage devices, or any other medium capable of carrying or storing desired program code in the form of instructions or data structures and accessible by a computer, but is not limited thereto.

[0177] In one possible implementation, the memory 91 can exist independently of the processor 92. The memory 91 can be connected to the processor 92 via a bus 94 and is used to store instructions or program code. When the processor 92 calls and executes the instructions or program code stored in the memory 91, it can implement the data traceability method provided in the embodiments of this application.

[0178] In another possible implementation, memory 91 can also be integrated with processor 92.

[0179] Bus 94 can be an Extended Industry Standard Architecture (EISA) bus, etc. Bus 94 can be divided into address bus, data bus, control bus, etc. For ease of representation, Figure 9 The bus is represented by a single thick line, but this does not mean that there is only one bus or one type of bus.

[0180] Through the above description of the implementation methods, those skilled in the art can clearly understand that, for the sake of convenience and brevity, only the division of the above functional modules is used as an example. In actual applications, the above functions can be assigned to different functional modules as needed, that is, the internal structure of the service calling device can be divided into different functional modules to complete all or part of the functions described above.

[0181] This application embodiment also provides a chip, which includes a processor and a communication interface. The communication interface is coupled to the processor. The processor is used to run programs or instructions to implement the various processes of the above-described data traceability method embodiments and can achieve the same technical effect. To avoid repetition, it will not be described again here.

[0182] It should be understood that the chip mentioned in the embodiments of this application may also be referred to as a system-on-a-chip, system chip, chip system, or system-on-a-chip, etc.

[0183] This application also provides a readable storage medium storing a program or instructions that, when executed by a computer, implement the data tracing method provided in the above embodiments. It is understood that all or part of the processes in the above method embodiments can be executed by computer instructions instructing related hardware; the readable storage medium can be any of the foregoing embodiments or memory; the readable storage medium can also be an external storage device of the service invocation device, such as a plug-in hard drive, Smart MediaCard (SMC), Secure Digital (SD) card, flash card, etc., equipped on the service invocation device. Further, the readable storage medium can include both internal storage units of the service invocation device and external storage devices. The readable storage medium is used to store the computer program and other programs and data required by the service invocation device. The readable storage medium can also be used to temporarily store data that has been output or will be output.

[0184] This application also provides a computer program product, which is stored in a storage medium and implements the data tracing method provided in the above embodiments when the computer program product is executed by a computer.

[0185] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element. Furthermore, it should be noted that the scope of the methods and apparatuses in the embodiments of this application is not limited to performing functions in the order shown or discussed, but may also include performing functions substantially simultaneously or in the reverse order, depending on the functions involved. For example, the described methods may be performed in a different order than described, and various steps may be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.

[0186] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, can be embodied in the form of a computer software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) and includes several instructions to cause a terminal (which may be a mobile phone, computer, server, or network device, etc.) to execute the methods described in the various embodiments of this application.

[0187] The embodiments of this application have been described above with reference to the accompanying drawings. However, this application is not limited to the specific embodiments described above. The specific embodiments described above are merely illustrative and not restrictive. Those skilled in the art can make many other forms under the guidance of this application without departing from the spirit and scope of the claims, and all of these forms are within the protection scope of this application.

Claims

1. A data tracing method, characterized in that, include: Obtain the order information corresponding to the first data product, wherein the order information includes the location information of the first data transfer recipient corresponding to the first data product; Based on the order information and the geographic region mapping table, the geographic region information of the first data transfer recipient is determined. The geographic region mapping table includes at least one mapping relationship between the location information of the data transfer recipient and the geographic region. Based on the geographical region information of the first data transfer recipient, obtain the tag template information corresponding to the first data transfer recipient. The tag template information is used to indicate the requirements of the geographical region corresponding to the first data transfer recipient for the information contained in the watermark of the data product. Based on the label template information and the order information, a target watermark corresponding to the first data product is generated, and the target watermark is embedded in the first data product. Through a trusted data space, a first data product embedded with a target watermark is sent to the first data transfer recipient, and the target watermark is used to trace the source of the first data product.

2. The data tracing method according to claim 1, characterized in that, The step of obtaining the tag template information corresponding to the first data transfer recipient based on the geographical region information of the first data transfer recipient includes: Based on the geographic region information and target strategy library of the first data transfer recipient, obtain the tag template information corresponding to the first data transfer recipient; The target strategy library includes at least one mapping relationship between geographic area information and tag templates.

3. The data tracing method according to claim 1, characterized in that, The step of generating a target watermark corresponding to the first data product based on the label template information and the order information includes: Based on the order information, obtain the circulation path information corresponding to the first data product; Based on the label template information and the order information, obtain the target metadata; Based on the flow path information and the target metadata, a target watermark corresponding to the first data product is generated; The target metadata represents the information required to be included in the watermark of the data product for the geographical region corresponding to the first data transfer recipient.

4. The data tracing method according to claim 1, characterized in that, Before obtaining the order information corresponding to the first data product, the method further includes: Based on the metadata of the first data product, obtain the data transmission information corresponding to the first data product. The data transmission information includes at least one of the following: the identity information of the uploader of the first data product, the time information of the first data product being transmitted to the trusted data space, the data structure information of the first data product, and the file size information of the first data product. Based on the data transmission information, a transmission watermark corresponding to the first data product is generated, and the transmission watermark is embedded in the first data product. The trusted data space is used to obtain the data authorization information corresponding to the first data product. The data authorization information includes at least one of the following: authorization flow scope information, authorization validity date information, and authorization usage scope information. Based on the data authorization information, an authorization watermark corresponding to the first data product is generated, and the authorization watermark is embedded in the first data product.

5. The data tracing method according to claim 4, characterized in that, The method further includes: Based on the watermark information of the transmission watermark, a first hash value corresponding to the transmission watermark is determined; based on the watermark information of the authorization watermark, a second hash value corresponding to the authorization watermark is determined; and based on the watermark information of the target watermark, a third hash value corresponding to the target watermark is determined. The first hash value, the second hash value, and the third hash value are stored as evidence, and evidence storage information is generated. The evidence storage information is used to obtain the first hash value, the second hash value, or the third hash value from the blockchain; the first hash value, the second hash value, or the third hash value is used to detect whether the first data product has been tampered with.

6. A data traceability device, characterized in that, include: The module includes an acquisition module, a determination module, a processing module, and a sending module. The acquisition module is used to acquire order information corresponding to the first data product, and the order information includes the location information of the first data transfer recipient corresponding to the first data product; The determining module is used to determine the geographical area information of the first data transfer recipient based on the order information and geographical area mapping table obtained by the obtaining module. The geographical area mapping table includes at least one mapping relationship between the location information of the data transfer recipient and the geographical area. The acquisition module is further configured to acquire tag template information corresponding to the first data transfer recipient based on the geographical area information of the first data transfer recipient determined by the determining module. The tag template information is used to indicate the requirements of the geographical area corresponding to the first data transfer recipient for the information contained in the watermark of the data product. The processing module is used to generate a target watermark corresponding to the first data product based on the tag template information obtained by the acquisition module and the order information, and to embed the target watermark into the first data product. The sending module is used to send a first data product embedded with a target watermark to the first data transfer recipient through a trusted data space, wherein the target watermark is used to trace the source of the first data product.

7. The data traceability device according to claim 6, characterized in that, The acquisition module is specifically used for: Based on the geographic region information and target strategy library of the first data transfer recipient, obtain the tag template information corresponding to the first data transfer recipient; The target strategy library includes at least one mapping relationship between geographic area information and tag templates.

8. The data traceability device according to claim 6, characterized in that, The processing module is specifically used for: Based on the order information, obtain the circulation path information corresponding to the first data product; Based on the label template information and the order information, obtain the target metadata; Based on the flow path information and the target metadata, a target watermark corresponding to the first data product is generated; The target metadata represents the information required to be included in the watermark of the data product for the geographical region corresponding to the first data transfer recipient.

9. The data traceability device according to claim 6, characterized in that, The acquisition module is further configured to acquire data transmission information corresponding to the first data product based on the metadata of the first data product before acquiring the order information corresponding to the first data product. The data transmission information includes at least one of the following: the identity information of the uploader of the first data product, the time information of the first data product being transmitted to the trusted data space, the data structure information of the first data product, and the file size information of the first data product. The processing module is further configured to generate a transmission watermark corresponding to the first data product based on the data transmission information obtained by the acquisition module, and embed the transmission watermark into the first data product. The acquisition module is further configured to acquire data authorization information corresponding to the first data product through the trusted data space, wherein the data authorization information includes at least one of the following: authorization flow scope information, authorization validity date information, and authorization usage scope information; The processing module is further configured to generate an authorization watermark corresponding to the first data product based on the data authorization information obtained by the acquisition module, and embed the authorization watermark into the first data product.

10. The data traceability device according to claim 9, characterized in that, The determining module is further configured to determine a first hash value corresponding to the transmission watermark based on the watermark information of the transmission watermark, determine a second hash value corresponding to the authorization watermark based on the watermark information of the authorization watermark, and determine a third hash value corresponding to the target watermark based on the watermark information of the target watermark. The processing module is further configured to perform evidence storage processing on the first hash value, the second hash value and the third hash value determined by the determining module, and generate evidence storage information; The evidence storage information is used to obtain the first hash value, the second hash value, or the third hash value from the blockchain; the first hash value, the second hash value, or the third hash value is used to detect whether the first data product has been tampered with.

11. An electronic device, characterized in that, It includes a processor and a memory, the memory storing a program or instructions that can run on the processor, the program or instructions being executed by the processor to implement the data tracing method as described in any one of claims 1-5.

12. A readable storage medium, characterized in that, The readable storage medium stores a program or instructions that, when executed by a computer, implement the data tracing method as described in any one of claims 1-5.

13. A computer program product, characterized in that, The computer program product is stored in a storage medium, and when executed by a computer, the computer program product implements the data tracing method as described in any one of claims 1-5.