A construction method and system based on trusted data space circulation operation management

By constructing a multi-tenant isolated trusted data space foundation and standardized cataloging, the problems of scattered access methods and insufficient security and compliance capabilities in the circulation and operation of data elements have been solved, realizing unified management and productized output of data resources, and improving data security and operational efficiency.

CN122390422APending Publication Date: 2026-07-14

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Filing Date
2026-04-22
Publication Date
2026-07-14

Smart Images

  • Figure CN122390422A_ABST
    Figure CN122390422A_ABST
Patent Text Reader

Abstract

The application discloses a kind of based on trusted data space circulation operation management construction method and system, it is related to data element circulation, data security operation and data processing technical field, S1: construct multi-source heterogeneous data access and connectivity verification, provide unified trusted basic environment for subsequent whole-process operation;S2: based on the trusted base of S1, according to unified directory template and category system to access data standardization cataloging.This based on trusted data space circulation operation management construction method and system, construct trusted data space base, complete multi-source data access and safety control;Then standardization cataloging is formed into specification metadata;Subsequently, configuration synchronization strategy and resource are put on the shelf;Then order is generated in response to user application, complete approval, desensitization and delivery;Again, based on authorized resource, carry out data processing and product development;Finally realize product on the shelf, service output and regulatory closed loop, each step is mutually dependent, before and after coordination, constitute complete operation system.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the fields of data element circulation, data security operation and data processing technology, specifically a construction method and system based on trusted data space circulation operation. Background Technology

[0002] With the deep development of the digital economy, data has become a key factor of production. At the national level, the market-oriented allocation reform of data elements is being continuously promoted to facilitate the safe and orderly circulation, compliant development and utilization of public and social data. Trusted data space, as a new type of infrastructure for realizing secure sharing and value release of data across entities, levels and domains, has become the mainstream technical route for the circulation of data elements. Its core objective is to achieve data that is usable but not visible, controllable and measurable, under the premise of ensuring data security, privacy protection and controllable ownership.

[0003] Currently, the circulation and market-oriented operation of data elements face prominent problems in practical implementation, including an imperfect technical system, an unsound operational mechanism, insufficient security and compliance capabilities, and a low degree of productization. Specifically, these problems manifest in the following ways: Existing data access methods are mostly decentralized, lacking unified multi-source data access standards. Their adaptability to different types of data sources such as databases, interfaces, and files is limited, making it difficult to guarantee data connectivity, integrity, and consistency. Data cataloging lacks unified templates and category systems, resulting in chaotic information item definitions, non-standardized data classification and grading, and inconsistent rules for sensitive data identification and de-identification. This leads to unreliable data sources, unclear ownership, and uncontrollable quality, making it difficult to form an operational, supervised, and shareable standardized data resource pool, and failing to support the underlying operational requirements of a trusted data space. Under traditional data sharing models… The processes of data access, directory publishing, resource synchronization, permission application, resource delivery, and product development are fragmented and fail to form a closed-loop operation chain. Data synchronization only supports simple full synchronization and lacks flexible strategies such as incremental synchronization, periodic scheduling, and multi-portal distribution. Resource applications rely on offline communication, manual review, and manual delivery. The approval process is rigid and unconfigurable, and there is a lack of batch application and automated fulfillment capabilities. The overall operation process is time-consuming, error-prone, and lacks traceability, failing to meet the needs of large-scale, market-oriented, and high-efficiency data operations. Furthermore, data capabilities cannot be packaged into standardized, sellable, and billable service products, resulting in a severe supply-demand mismatch and making it difficult to monetize data value at scale. At the same time, there is a lack of hierarchical and classified opening, full-process auditing, dynamic permission control, and traceability mechanisms, which fail to meet the requirements of data security, privacy protection, and compliant operation.

[0004] Existing technologies mostly focus on single data sharing, interface management, or storage services, failing to form a complete system covering a trusted foundation, operational hub, order fulfillment, product output, and regulatory closed loop. This makes it impossible to support large-scale, standardized, and compliant data element circulation and operation within a trusted data space. Therefore, there is an urgent need for a construction method and system capable of achieving end-to-end trusted control, order-driven operations, productized output, and comprehensive supervision. Summary of the Invention

[0005] The purpose of this invention is to provide a construction method and system based on trusted data space circulation operation management, in order to solve the problem that the existing technologies mentioned in the background technology focus on single data sharing, interface management or storage services, and have not formed a complete system covering trusted foundation - operation center - order fulfillment - product output - regulatory closed loop, and cannot support the large-scale, standardized and compliant circulation operation of data elements in trusted data space.

[0006] To achieve the above objectives, the present invention provides the following technical solution: a construction method based on trusted data space circulation operation management, comprising the following steps: S1: Construct a trusted data space foundation with multi-tenant isolation, establish identity authentication, fine-grained access control, data desensitization and encryption, and full-process audit and traceability mechanisms, complete the access and connectivity verification of multi-source heterogeneous data, and provide a unified and trusted basic environment for subsequent full-process operation; S2: Based on the trusted foundation of S1, the access data is standardized and cataloged according to a unified directory template and category system. Information items, data types, lengths and desensitization rules are configured, and three levels of open attributes are divided to realize data structuring and standardization, providing standard metadata support for subsequent synchronization and openness. S3: Based on the cataloging results of S2, configure synchronization strategies, scheduling methods and multi-level approval processes for data resources, synchronize compliant resources to the operation portal, realize the trusted release of resources, and form synergy with the open attributes of S2 to limit the scope and permissions of synchronization; S4: Based on the portal resources published by S3, respond to user applications and generate data orders, perform two-level approval and automatic de-identification processing, link the approval process with S3 configuration, coordinate the de-identification rules with S2 cataloging information, and complete order authorization and data preprocessing; S5: Based on the approval and de-identification results of S4, it synchronizes data resources to the development environment and grants access permissions, providing storage, backup and isolation support, forming an approval-delivery collaboration with S4, and providing a secure and usable data supply for data processing and product development; S6: Based on the resources delivered by S5, it performs data processing, interface development and product packaging. After compliance review, asset registration and public announcement, the product is put on the market. It provides order-based data processing and storage support services to the outside world, and works in synergy with the resource put-on of S3 to complete the full-link operation output from data to product.

[0007] In this embodiment, the multi-source heterogeneous data access in S1 includes three types: database, interface, and file. After access, standardized cataloging is performed, and information items, data types, lengths, and desensitization rules are configured. It is also divided into three open attributes: not open, open upon request, and fully open. The identity permissions and encryption mechanism of S1 provide operation authentication and data security protection for the cataloging in S2. The field-level and table-level cataloging information of S2 provides a precise configuration basis for the permission granularity and desensitization rules of S1.

[0008] In this embodiment, the openness attribute of S2 directly determines the scope of the synchronization portal of S3; S3 configures full, incremental, one-time, and periodic scheduling strategies according to the resource type and data level differences of S2.

[0009] In this embodiment, the data resource configuration synchronization strategy in S3 supports full synchronization and timestamp incremental synchronization, the scheduling method supports one-time scheduling and periodic scheduling, the synchronization target supports public data open portal and trusted data space operation portal, and the resource catalog and field range listed in S3 limit the scope of S4 order applications; the approval result of S4 triggers S3 to perform synchronization, withdrawal or cancellation operations, realizing dynamic linkage between release and application.

[0010] In this embodiment, the data order in S4 supports single resource application and batch resource application. The approval process includes approval from the operating company and approval from the data source department. The anonymization process is automatically executed before synchronous delivery. Authorized data is available but not visible. The S4 approval instruction automatically triggers S5 resource synchronization and permission activation. The S5 delivery status is fed back to S4 in real time to update the order fulfillment progress, realizing the automated connection between approval and delivery.

[0011] In this embodiment, the database, interfaces, and storage environment provided by S5 provide data sources and operational support for S6; the development results of S6 are written back to the S5 environment, forming an integrated collaboration of data supply, processing, storage, and development.

[0012] In this embodiment, the order-based data processing and storage support service in S6 includes: data cleaning, format conversion, de-identification and encryption, real-time interface generation, offline model building, hierarchical storage, and backup and recovery. After S6 completes product listing, the order-based data processing and storage support service provided externally includes: data cleaning and conversion, real-time interface publishing, offline model building, hierarchical storage, call control, billing and settlement, and security auditing.

[0013] A construction system based on trusted data space circulation operation management includes a trusted foundation module, a cataloging resource module, a synchronization process module, an order fulfillment module, a development and delivery module, and a product operation module; Trusted Foundation Module: Used to build the secure foundation environment for the entire system, providing multi-tenant isolation, unified identity authentication, fine-grained permission management, data de-identification and encryption, data integrity verification and full-process operation auditing, providing trusted, secure and traceable underlying support for data access, cataloging, synchronization and use; Cataloging Resource Module: Based on a trusted foundation, this module completes standardized cataloging of multi-source data. It manages database tables, interfaces, and file resources in a structured manner according to a unified template and category system. It configures data fields, types, desensitization rules, and open attributes to form an operational, shareable, and controllable standardized data resource catalog. Synchronization Process Module: Based on the cataloging results, configure data synchronization strategies, scheduling rules and multi-level approval processes to synchronize compliant data resources to the operation portal. It supports full, incremental, one-time and periodic synchronization, and controls the synchronization scope in conjunction with open attributes to achieve reliable resource release and dynamic updates. Order fulfillment module: Responds to user resource requests and automatically generates data orders, completes two-level approval by the operator and data source unit, automatically performs data desensitization according to the cataloging preset rules, synchronizes authorized resources to the development environment and opens access permissions, and realizes the fully automated fulfillment of orders from application, approval, desensitization to delivery; Development and delivery module: Based on authorized data resources, it provides data processing, format conversion, interface development and model building capabilities, supports real-time interface and offline model development, provides development environment, storage support, resource isolation and operation guarantee for data productization, and completes the transformation of data into service capabilities; Product Operation Module: Conducts compliance review, asset registration, public disclosure and listing management of completed data products, provides order-based data processing and storage support services, and supports application access control, call rate limiting, security authentication, log auditing and product listing, realizing the market-oriented operation and full lifecycle management of data products.

[0014] In this embodiment, the system supports interface enabling and disabling, resource delisting and relisting, product pinning, call rate limiting, IP blacklists and whitelists, replay protection, and full-process log auditing, thereby achieving secure and controllable order-based service output.

[0015] In this embodiment, the system supports multi-tenant data isolation, visual process orchestration, batch resource application and automatic de-identification, and is suitable for data operation scenarios involving multiple entities such as government, enterprises and data merchants.

[0016] Compared with the prior art, the beneficial effects of the present invention are: This method and system for building a trusted data space circulation and operation management system constructs a trusted data space foundation, completes multi-source data access and security control; then it performs standardized cataloging to form standardized metadata; subsequently, it configures synchronization strategies and puts resources on the shelves; next, it responds to user applications to generate orders, completes approval, de-identification and delivery; then, it carries out data processing and product development based on authorized resources; finally, it realizes product listing, service output and regulatory closed loop, with each step interdependent and coordinated to form a complete operation system.

[0017] 1. Furthermore, through multi-tenant physical isolation, unified identity authentication, fine-grained hybrid access control, field-level de-identification and encryption, automatic identification and processing of sensitive data, and full-process operation auditing and data flow traceability, a full-link trusted system is formed, which is trusted in access, cataloging, synchronization, authorization, and use. Data is traced throughout the entire process from access to use, permissions are minimized, and sensitive information is available but not visible. This can effectively prevent unauthorized access, illegal tampering, leakage, abuse, and unauthorized dissemination of data, significantly improve the strength of data security and privacy protection, meet the high-level security and compliance requirements under the marketization of data elements, and provide a solid and trusted technical guarantee for cross-departmental, cross-entity, and cross-domain data circulation.

[0018] 2. Furthermore, each step is interdependent, dynamically linked, and automatically connected, completing the entire process from data access, cataloging, synchronization, application, approval, desensitization, delivery to development without manual intervention. This completely solves the problems of fragmentation, disconnected links, excessive manual labor, low efficiency, and susceptibility to errors in traditional operation processes. Driven by orders, it enables closed-loop operation of resource application, multi-level approval, desensitization, permission granting, environment synchronization, and fulfillment feedback. It supports batch resource application, automatic scheduling, incremental synchronization, and real-time status feedback, significantly shortening the order fulfillment cycle and improving delivery accuracy. It can support large-scale, high-concurrency, and multi-tenant parallel data operation scenarios, significantly reducing operating costs and management complexity.

[0019] 3. Furthermore, fragmented data capabilities are uniformly packaged into order-based data processing and storage support services, providing standardized output formats such as data cleaning, format conversion, de-identification and encryption, real-time interface publishing, offline model building, tiered storage, call control, and billing settlement. Multiple delivery methods are supported, including APIs, data packages, data models, and dedicated database instances. This enables the productization, service-orientation, commoditization, and billing of data capabilities. Through mechanisms such as product listing, certificate management, application access, call rate limiting, and asset registration, data is transformed from static resources into tradable services, effectively solving problems such as supply-demand mismatch, difficulty in quantifying value, and weak monetization capabilities. This provides a sustainable commercial operation model for data service providers, enterprises, and government agencies.

[0020] 4. Furthermore, through a unified operation and management backend, it enables comprehensive control over resources, including resource delisting and listing, product placement, access deactivation, interface rate limiting, IP blacklists and whitelists, replay attack prevention, failure retries, and log auditing. It supports tiered opening strategies, visual process orchestration, flexible configuration of multi-level approvals, asset registration and disclosure, and enterprise onboarding management. Regulators can monitor core indicators such as order status, resource usage, product calls, and permission changes in real time. It also has the capabilities of risk interception, illegal deactivation, call tracing, and compliance investigation, ensuring that data operation complies with the Data Security Law, the Personal Information Protection Law, and industry regulatory requirements throughout the entire process. The system has high scalability, portability, and cross-industry replication capabilities, and can be widely applied to various scenarios such as government data authorization operation, enterprise data collaboration, industry data space, and public data opening. Attached Figure Description

[0021] Figure 1 This is a schematic diagram of the structure of the present invention; Figure 2 This is a schematic diagram of the structure of the present invention. Detailed Implementation

[0022] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0023] This invention provides a construction method and system for trusted data space circulation operation management. Its core lies in building a trusted data space foundation to complete multi-source data access and security control; then performing standardized cataloging to form standardized metadata; subsequently configuring synchronization strategies and listing resources; then responding to user applications to generate orders, completing approval, de-identification and delivery; then carrying out data processing and product development based on authorized resources; and finally realizing product listing, service output and regulatory closed loop. Each step is interdependent and collaborative, forming a complete operation system.

[0024] Example 1: To better understand the above technical solution, the following will provide a detailed description of the technical solution in conjunction with the accompanying drawings and specific implementation methods. (Refer to...) Figure 1 As shown in the diagram, this is a schematic diagram of the construction method based on trusted data space circulation operation management. The construction method based on trusted data space circulation operation management includes the following steps: S1: Constructing a trusted data space foundation with multi-tenant isolation. Specifically, multi-tenant isolation adopts a combination of logical and physical isolation: within the same hardware infrastructure, the data storage, data connection, interface services, operation permissions, and process configuration of different tenants are independent of each other. Tenants cannot access each other without authorization, cannot penetrate data, and cannot view each other's resources and logs, thus eliminating the risk of data confusion and unauthorized access from the bottom layer; establishing identity authentication, specifically, identity authentication adopts a multi-factor authentication mechanism, including unique tenant identifiers, legal person real-name authentication, operator role binding, and digital signatures of operation behaviors. All operating entities are locatable, traceable, and non-repudiable; fine-grained access control, specifically, fine-grained... Access control employs a six-level permission model: tenant-department-personnel-resource-field-row. It supports setting viewing, application, development, access, and management permissions for individual database tables, interfaces, data fields, and rows of data, achieving minimum permission authorization. Data masking and encryption, along with a full-process audit and traceability mechanism, specifically support dynamic masking at the field level, including name, ID number, mobile phone number, address, and date masking. Masking rules are automatically matched based on field type, eliminating the need for manual field-by-field configuration. Data transmission uses HTTPS encryption throughout, and storage uses the national standard SM4 encryption, achieving dual encryption for both transmission and storage. Multi-source heterogeneous data access and connectivity verification are also implemented. Multi-source heterogeneous data access includes three types: database, interface, and file. Specifically, the access process automatically performs four checks: data source connectivity test, data format verification, data integrity verification, and sensitive field identification. Data sources that fail the checks are rejected from entering the subsequent process. After integration, standardized cataloging is performed. The system automatically extracts metadata such as field names, data types, data lengths, and sensitivity, configures information items, data types, lengths, and desensitization rules, and classifies them into three open attributes: not open, open upon request, and fully open. This provides a unified and trusted basic environment for subsequent full-process operations. S1's identity permissions and encryption mechanisms provide operation authentication and data security protection for S2 cataloging. In turn, S2's field-level and table-level cataloging information provides a precise configuration basis for S1's permission granularity and desensitization rules.

[0025] S2: Based on the trusted foundation of S1, it standardizes the cataloging of accessed data according to a unified directory template and category system. Specifically, the unified directory template is a standardized form pre-built by the system and supports custom editing. It adopts a drag-and-drop control design and includes fixed fields such as information resource name, category, summary, publication date, update frequency, whether it is open to the public, data domain, open type, data source unit, data provider, information item name in Chinese and English, data type, data length, and key fields of desensitization rules. The above key fields cannot be deleted or modified to ensure the consistency of the directory structure across the platform. The category system supports up to 16 levels of tree structure management, provides batch creation capabilities for first-level categories, second-level categories, and multi-level subcategories, and supports two modes: single addition and batch import from Excel. When importing, the levels are separated by English periods "", and the hierarchical association is automatically completed to ensure category consistency and accurate classification. The configuration information items support a combination of automatic extraction and manual supplementation: the system automatically parses field names, types, and lengths from databases, interfaces, and files accessed from S1. Users only need to supplement the Chinese names and bind the desensitization rules, eliminating the need for entry from scratch, reducing cataloging errors and improving efficiency. Data types, lengths, and desensitization rules are divided into three levels of open attributes. Specifically, these three levels of open attributes are strictly divided according to data security levels: non-open attributes, attributes open upon request, and fully open attributes. Different open attributes have fixed and unavoidable permission boundaries, synchronization scopes, and usage strategies within the system, enforced by the system rather than manually controlled. This achieves data structuring and standardization, providing standard metadata support for subsequent synchronization and openness. After cataloging, a globally unique directory code and version number are automatically generated. The same directory supports multiple version management, and a new version is automatically generated after editing. Historical versions are retained and searchable, ensuring that data resources are traceable and rollbackable.

[0026] S2 operates based on the identity permissions and encrypted environment provided by S1. Unauthorized personnel cannot initiate cataloging or modify the directory. The open nature of S2 directly determines the scope of the synchronization portal of S3. If it is not open, it can only synchronize internally. If it is open upon request or fully open, it can synchronize to the public data open portal and the trusted data space operation portal. S3 configures full / incremental synchronization and one-time / periodic scheduling strategies according to the resource types of S2, such as databases, interfaces, files and data levels, to achieve precise matching between cataloging results and synchronization strategies.

[0027] This section, through fixed key fields, unified form structure, and multi-level category management, completely solves the problems of chaotic cataloging, inconsistent formats, and lack of interoperability in traditional data platforms. It ensures that data has a unified standard from the source, which is a prerequisite for reliable circulation. It automatically extracts metadata from the access layer, reduces manual input, and significantly improves cataloging efficiency and accuracy. It enables multi-source heterogeneous data to be quickly transformed into unified, usable, and manageable standard resources. It uses three-level open attributes as the core basis for full-process control, with the system enforcing permissions and synchronization scope. This ensures that data level determines open policy, and open policy determines operational rules, guaranteeing security and compliance from a mechanism perspective. The trusted foundation → standardized cataloging → synchronization scheduling is no longer an isolated step, but an integrated process in which permissions, policies, and configurations are automatically transferred and adapted throughout the entire process. This is a key innovation for achieving automated and reliable operation.

[0028] S3: Based on the cataloging results of S2, the openness attribute determines the synchronization scope. It configures synchronization strategies, scheduling methods, and multi-level approval processes for data resources. Specifically, the data resource synchronization strategy supports full synchronization and timestamp incremental synchronization; the scheduling method supports one-time scheduling and periodic scheduling; and the synchronization target supports the public data open portal and the trusted data space operation portal. Compliant resources are synchronized and uploaded to the operation portal to achieve trusted resource publication. This synergizes with the openness attribute of S2, limiting the synchronization scope and permissions. Specifically, the synchronization strategy is strongly bound to the S2 openness attribute and enforced: non-openness attributes are only allowed to be synchronized to the trusted data space operation portal and are not publicly accessible; openness attributes upon request can be synchronized to the public data open portal and the trusted data space operation portal; fully openness attributes can be synchronized to all portals. The synchronization scope is automatically locked by the system based on the openness attribute and cannot be manually modified beyond authorized limits. The multi-level approval process uses a visual BPMN workflow orchestration, including the target... The system synchronizes approval, catalog release approval, and catalog deletion processes, and by default includes two levels of nodes: platform operator review and data source unit review. Approval nodes, roles, and permissions are automatically associated with the data source unit and data provider in S2, eliminating the need for repeated configuration. After synchronization submission, the system automatically enters the process in progress state, supporting the withdrawal of tasks in the approval process. After withdrawal, the synchronization strategy can be re-edited and resubmitted. Synchronization of completed catalogs can be undone, stopping updates but not affecting authorized users' continued use. After synchronization and listing on the portal, the system automatically generates a resource details page based on the S2 cataloging information, including resource name, field list, sample data, open attributes, update frequency, and data provider, and only displays the fields that can be opened in S2, forming a list of resources that can be applied for externally. The resource catalogs and field ranges listed in S3 limit the scope of S4 orders that can be applied for. The approval results of S4 trigger S3 to perform synchronization, withdrawal, or cancellation operations, realizing dynamic linkage between release and application.

[0029] The innovative role of this part in the overall solution is to use S2 cataloging information as the sole configuration basis for S3. Synchronization scope, scheduling cycle, and approval nodes are all automatically associated, completely eliminating the problems of repetitive manual configuration and mismatch between strategies and data in traditional platforms. This enables a high degree of automation in the operational process. With data security level as the core, the system rigidly constrains synchronization targets, strictly isolating three types of resources: non-open, open upon request, and fully open. This mechanism prevents unauthorized opening and synchronization, and the security and compliance are far superior to traditional manual management platforms. The resource list released by S3 limits the scope that S4 can apply for. The approval result of S4 controls the synchronous execution, withdrawal, or cancellation of S3, forming a closed loop of release-application-approval-synchronization. The status is consistent in real time, avoiding anomalies such as resources not being released but available for application or approval being out of sync. This significantly improves the reliability of order fulfillment. At the same time, it supports full / incremental and one-time / periodic scheduling, automatically identifies incremental fields, automatically recommends scheduling cycles, and is compatible with multiple types of resources such as databases, tables, interfaces, and files. This solves the technical pain points of traditional synchronization mechanisms, such as low efficiency, poor consistency, and inability to adapt to multi-source data.

[0030] S4: Based on the portal resources released by S3, application permissions are further limited by the resource scope. It responds to user applications and generates data orders. Specifically, users must complete onboarding and qualification authentication before they can initiate a resource application. The enterprise identity, role, and permissions are verified by the system. Unauthenticated users cannot enter the application process, ensuring the credibility of the applicant from the source. Data orders support single resource applications and batch resource applications. Specifically, data orders use a globally unique order number and automatically associate the applicant, enterprise, application scenario, resource catalog, resource type, application fields, usage period, data update method, update cycle, and security responsibility information to form a fully traceable order. When applying in batches, all resources in the data vehicle are automatically merged and the usage scenario, application period, update method, and update cycle are uniformly configured, greatly improving application efficiency. The approval process includes approval from the operations company and the data source department. Data anonymization is automatically performed before synchronous delivery. Authorized data is usable but not visible. The process involves two levels of approval and automatic anonymization. The approval process is linked to the S3 configuration, automatically loading the catalog synchronization process and resource application process. The operations company approval and the data source department approval are executed sequentially. If either level rejects the request, the entire order is terminated and cannot proceed to the subsequent delivery stage. The anonymization process fully reuses the field anonymization rules configured in the S2 cataloging stage. It is automatically executed after approval and before synchronous delivery, automatically replacing, masking, or transforming sensitive information such as names, ID cards, mobile phone numbers, and addresses. After processing, the data remains business-usable but cannot identify personal privacy, achieving usability without visibility. The anonymization rules are coordinated with S2 cataloging information to complete order authorization and data preprocessing. The S4 approval command automatically triggers S5 resource synchronization and permission activation. The S5 delivery status is fed back to S4 in real time, updating the order fulfillment progress and achieving automated connection between approval and delivery.

[0031] The innovative role of this part in the overall solution is to transform fragmented and arbitrary data application behaviors into standardized, structured, traceable, and manageable order processes. This enables data resources to be applied for, approved, delivered, and monitored like commodities, representing a key innovation in the market-oriented operation of data elements. The approval process is bound to S3, and the anonymization rules are bound to S2, eliminating the need for repetitive configuration and manual intervention. This fundamentally solves the problems of chaotic processes, inconsistent anonymization, and incorrect permission configuration in traditional data platforms, significantly improving reliability and consistency. By verifying identity first, then restricting resources, then controlling fields, and finally anonymizing and delivering, the system ensures data security throughout the entire chain before, during, and after authorization. It truly achieves data usability without visibility, and controllable and inviolable permissions. The approval and delivery processes are seamlessly connected, and the status is automatically synchronized, enabling fully automated order fulfillment. This significantly improves delivery efficiency, reduces operating costs, and makes order progress visible, traceable, and monitorable, providing a unified basis for subsequent billing, auditing, and supervision.

[0032] S5: Based on the approval and anonymization results of S4, approval triggers delivery, which means synchronizing data resources to the development environment. The development environment is a dedicated data development partition that is physically isolated from the production domain and logically isolated from other tenants. It uses independent computing resources, independent storage buckets, and independent database instances to ensure that data from different orders, different tenants, and different scenarios does not interfere with each other and cannot be accessed without authorization. The data synchronized to the development environment is all anonymized data processed by S4. The original encrypted data does not enter the development domain. Only the anonymized data that can be used for processing, calculation, and modeling is retained, so that the development environment has usable data but no original data that can be leaked. Access permissions are automatically granted based on the minimum necessary permissions principle: read-only or compute permissions are granted to the corresponding database tables only to the tenant, application, and scenario of the current order; modification, deletion, and export permissions are not granted. The permission scope is completely consistent with the fields approved by S4. Storage is provided, including dedicated data storage support, comprising three types of storage units: real-time query database, model processing database, and file storage area. Storage space is automatically allocated, and data backup and recovery mechanisms are automatically enabled. Scheduled snapshots and exception rollbacks are supported to ensure that development data is not lost, and backup and isolation support are provided. After resource synchronization is completed, development environment access credentials, including a token, are automatically generated. Connection strings and resource URIs are strongly bound to credentials, tenants, applications, and validity periods, making them non-transferable, non-authorization-exceeding, and automatically invalidating upon expiration. It forms an approval-delivery collaboration with S4, with a real-time closed-loop delivery status: after successful synchronization, successful permission activation, and successful storage allocation, the system automatically sends the delivery status back to the S4 order center. Orders automatically transition from approval to developability without manual confirmation. It provides a secure and usable data supply for data processing and product development; the databases, interfaces, and storage environment provided by S5 provide data sources and operational support for S6. Development results from S6 are written back to the S5 environment, forming an integrated collaboration of data supply, processing, storage, and development.

[0033] The innovative role of this part in the overall solution is to completely separate raw data from development data at the environmental level. The development domain only processes anonymized results and does not touch the original data, solving the risk of data leakage in the development process from the root of the architecture. It is a key innovation in the secure operation of data elements. No manual synchronization, manual authorization, or backend configuration is required. The entire process is executed automatically after the order is approved, which greatly improves delivery efficiency and reliability. It solves the problems of slow delivery, error-proneness, and difficulty in traceability of traditional platforms. Storage and computing resources are independently allocated by tenant, order, and scenario. Permissions are strictly limited to the approval scope, allowing data development to be carried out in a controllable, manageable, and auditable secure sandbox, meeting compliance and regulatory requirements. This makes the S5 delivery environment and S6 product development form an organic whole with two-way support, data interoperability, and manageable results. It allows data to be fully integrated from authorization to development to management, providing a stable foundation for data productization.

[0034] S6: Based on the resources delivered by S5, it provides development data support, namely, data processing, interface development, and product packaging. After compliance review, asset registration, and public announcement, the product is launched. It provides order-based data processing and storage support services. Specifically, data processing is automatically executed based on the de-identified database tables, interfaces, and dedicated storage environment delivered by S5. This includes missing value filling, outlier filtering, standardized format conversion, field mapping, and data association. The processing does not change the original de-identified data, but only generates intermediate result sets that can be used for productization, ensuring the security of the source data. Interface development supports three modes: RESTful reverse proxy, data table to interface graphical mode, and data table to interface expert mode. The graphical mode can automatically generate query interfaces without writing SQL. The expert mode supports complex logic such as multi-table association and nested queries. The generated interface is automatically registered to the gateway and token authentication is enabled. The order-based data processing and storage support service includes: data cleaning, format conversion, de-identification and encryption, real-time interface generation, offline model building, tiered storage, and backup and recovery. After the S6 product is launched, the order-based data processing and storage support service provided externally includes: data cleaning and conversion, real-time interface publishing, and offline model building. Offline model building uses a drag-and-drop workflow orchestration, supporting the serial configuration of SQL nodes, data cleaning nodes, and result output nodes. After configuration, it can be scheduled for periodic execution. Model output results are automatically written to the S5 model processing library, forming a publishable data model service. During product packaging, it automatically associates with data resources, interface resources, and model resources in S5, forming five standard product types: data packages, data models, data services, data reports, and business services. After product registration is completed, a fixed-duration public notice period begins. Once no objections are raised, the product is automatically listed on the operations portal, sharing a portal display system with S3's resource listing. This enables unified exposure, management, and access for data resources and data products. Product metadata is automatically synchronized from S2 cataloging information, ensuring that resources and products are of the same origin, consistent, and traceable. Hierarchical storage, call control, billing and settlement, and security auditing are implemented. Order-based data processing and storage support services are standardized and billable services: users obtain service permissions by placing orders, and the system automatically bills and settles based on call volume, data volume, validity period, or number of calls. The system also records call logs, operation logs, and service logs throughout the process, supporting security auditing and accountability. It works in unison with S3's resource listing mechanism to complete the entire operational output from data to product.

[0035] The innovative role of this part in the overall solution is to transform fragmented data capabilities into standardized products that are available for listing, querying, access, and billing through standardized processing, interface encapsulation, and model building. This completely solves the industry pain point of having data resources but no products and difficulty in monetizing its value. All products must pass four checkpoints—anonymized development, compliance review, asset registration, and public disclosure—before being listed. This ensures the legality, compliance, credibility, and regulatory oversight of the products from both institutional and technical perspectives, giving data products a foundation for market circulation. It encapsulates complex data capabilities into simple, easy-to-understand, on-demand, and pay-per-use public service products, lowering the threshold for data use and enabling the service, commodification, and marketization of data elements. This significantly improves the data value conversion rate. S6 forms a complete closed loop with S1 to S5: the trusted foundation provides a secure environment, cataloging provides standards, synchronization provides release, orders provide authorization, delivery provides resources, and products realize value output, constituting a complete and highly innovative data element circulation and operation system.

[0036] This invention provides a construction system based on trusted data space circulation operation management. Example 2: To better understand the above technical solution, the following will provide a detailed description of the technical solution in conjunction with the accompanying drawings and specific implementation methods. (Refer to...) Figure 2 As shown in Figure 2, this is a schematic diagram of the construction system based on trusted data space circulation operation management. The construction system based on trusted data space circulation operation management includes the following modules: Trusted Foundation Module: Used to build the secure foundation environment for the entire system, providing security support for the cataloging resource module, synchronization process module, order fulfillment module, development and delivery module, and product operation module. It provides multi-tenant isolation, unified identity authentication, fine-grained permission management, data anonymization and encryption, data integrity verification, and full-process operation auditing, providing trusted, secure, and traceable underlying support for data access, cataloging, synchronization, and use.

[0037] This module, as the core underlying support of the system, pioneers an integrated trusted environment featuring multi-tenant isolation, six-level fine-grained permissions, dynamic de-identification, and end-to-end auditing. Through deep collaboration with method steps S1–S6, it provides a unified security foundation for data access, cataloging, synchronization, order approval, development delivery, and product launch. This module pre-positions, standardizes, and automates identity authentication, access control, encryption de-identification, and operation auditing, enabling the trusted construction of S1, cataloging permissions of S2, synchronization strategies of S3, order approval of S4, environment isolation of S5, and secure development of S6 to form a continuous linkage. From the architectural level, it achieves trusted data access, trusted cataloging, trusted circulation, trusted use, and traceable supervision, which is the most core underlying creative support that distinguishes this invention from traditional data platforms.

[0038] Cataloging Resource Module: Based on a trusted foundation, this module completes standardized cataloging of multi-source data. It manages database tables, interfaces, and file resources in a structured manner according to a unified template and category system. It configures data fields, types, desensitization rules, and open attributes to form a standardized data resource catalog that is operable, shareable, and controllable.

[0039] This module constructs a unified standardized cataloging system across the entire platform. Through automatic metadata extraction, fixed core fields, multi-level category management, and mandatory configuration of open attributes, it achieves the structuring and standardization of multi-source heterogeneous resources. This module works deeply with the method steps, inheriting the permission and security capabilities of the S1 trusted foundation, and outputting a standardized catalog to provide a unique data basis for S3 synchronization strategies, S4 order application scope, and S6 product packaging. It forms a core control mechanism that defines rules, permissions, and open scope through cataloging, and is the key hub for the entire system to achieve operational, shareable, and manageable data.

[0040] Synchronization Process Module: Based on the cataloging results, configure data synchronization strategies, scheduling rules and multi-level approval processes to synchronize compliant data resources to the operation portal. It supports full, incremental, one-time and periodic synchronization, and controls the synchronization scope in conjunction with open attributes to achieve reliable resource publishing and dynamic updates.

[0041] This module implements an intelligent collaborative mechanism that automatically drives synchronization strategies based on cataloging results. It strongly binds and links synchronization methods, scheduling cycles, approval processes, and open attributes, and works closely with method steps S2, S3, and S4. Based on cataloging information, it automatically configures full / incremental synchronization and one-time / periodic scheduling, strictly limits the scope of the synchronization portal, and dynamically links with S4 order applications and approval status in both directions. This enables fully automated and reliable management of the entire process of resource publishing, updating, withdrawal, and revocation, and serves as the core hub connecting data resources and the operations portal.

[0042] Order fulfillment module: Responds to user resource requests and automatically generates data orders, completes two-level approval by the operator and data source unit, automatically performs data anonymization according to the cataloging preset rules, synchronizes authorized resources to the development environment and opens access permissions, and realizes fully automated fulfillment of orders from application, approval, anonymization to delivery.

[0043] This module uses data orders as its core carrier to automate the entire process of application, approval, data anonymization, and delivery. Through deep collaboration with method steps S3, S4, and S5, it strictly follows the resource scope and approval process published by S3, reuses the data anonymization rules preset by S2 cataloging, automatically completes two-level approval and sensitive data processing, and triggers the S5 environment delivery and permission activation in real time with the authorization results. It transforms the traditional manual offline approval into a reliable order process that is rigidly executed by the system, making data authorization manageable, controllable, traceable, and verifiable. It is the core innovative unit of this invention for realizing the marketization and order-based operation of data elements.

[0044] Development and delivery module: Based on authorized data resources, it provides data processing, format conversion, interface development and model building capabilities, supports real-time interface and offline model development, provides development environment, storage support, resource isolation and operation guarantee for data productization, and completes the transformation of data into service capabilities.

[0045] This module, based on authorized data and with secure development as its goal, provides integrated support for data processing, interface generation, and model building, and works in deep collaboration with method steps S5 and S6. Based on the de-identified resources and isolated environment delivered by S5, it provides development and storage support, transforms raw data into publishable interface and model services, and automatically writes the development results back to the controlled environment of S5, forming a closed loop of data supply—development processing—result management. It is the core functional unit of this invention for realizing the transformation of data from resources to product services.

[0046] Product Operation Module: This module performs compliance review, asset registration, public disclosure, and listing management for completed data products. It provides order-based data processing and storage support services, while also supporting application access control, call rate limiting, security authentication, log auditing, and product listing / delisting. This enables market-oriented operation and full lifecycle management of data products. The system also supports interface enabling / disabling, resource listing / delisting, product pinning, call rate limiting, IP blacklists / whitelists, replay protection, and full-process log auditing, achieving secure and controllable order-based service output. The system supports multi-tenant data isolation, visual process orchestration, batch resource application, and automatic data masking, adapting to data operation scenarios for multiple entities such as government, enterprises, and data merchants.

[0047] This module, serving as the core of the system's market-oriented output and full lifecycle management, integrates data products into a standardized operational process encompassing compliance review, asset registration, public disclosure, and product listing, working in tandem with methods and steps S3 and S6. It reuses the portal publishing mechanism of S3 to complete product listing, provides order-based data processing and storage support services based on the product encapsulation results from S6, and ensures service security and reliability through call control, rate limiting, authentication, and auditing capabilities. Ultimately, it achieves a complete closed loop of data from resources to products and then to market-oriented services, serving as a key vehicle for realizing data value monetization and cross-entity large-scale operation in this invention.

[0048] The contents not described in detail in this specification are existing technologies known to those skilled in the art.

[0049] Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art can still modify the technical solutions described in the foregoing embodiments or make equivalent substitutions for some of the technical features. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.

Claims

1. A construction method based on trusted data space circulation operation management, characterized in that: Includes the following steps: S1: Construct a trusted data space foundation with multi-tenant isolation, establish identity authentication, fine-grained access control, data desensitization and encryption, and full-process audit and traceability mechanisms, complete the access and connectivity verification of multi-source heterogeneous data, and provide a unified and trusted basic environment for subsequent full-process operation; S2: Based on the trusted foundation of S1, the access data is standardized and cataloged according to a unified directory template and category system. Information items, data types, lengths and desensitization rules are configured, and three levels of open attributes are divided to realize data structuring and standardization, providing standard metadata support for subsequent synchronization and openness. S3: Based on the cataloging results of S2, configure synchronization strategies, scheduling methods and multi-level approval processes for data resources, synchronize compliant resources to the operation portal, realize the trusted release of resources, and form synergy with the open attributes of S2 to limit the scope and permissions of synchronization; S4: Based on the portal resources published by S3, respond to user applications and generate data orders, perform two-level approval and automatic de-identification processing, link the approval process with S3 configuration, coordinate the de-identification rules with S2 cataloging information, and complete order authorization and data preprocessing; S5: Based on the approval and de-identification results of S4, it synchronizes data resources to the development environment and grants access permissions, providing storage, backup and isolation support, forming an approval-delivery collaboration with S4, and providing a secure and usable data supply for data processing and product development; S6: Based on the resources delivered by S5, it performs data processing, interface development and product packaging. After compliance review, asset registration and public announcement, the product is put on the market. It provides order-based data processing and storage support services to the outside world, and works in synergy with the resource put-on of S3 to complete the full-link operation output from data to product.

2. The construction method based on trusted data space circulation operation management according to claim 1, characterized in that: The multi-source heterogeneous data access in S1 includes three types: database, interface, and file. After access, standardized cataloging is performed, configuring information items, data types, lengths, and desensitization rules, and classifying them into three open attributes: not open, open upon request, and fully open. The identity permissions and encryption mechanism of S1 provide operation authentication and data security protection for S2 cataloging; the field-level and table-level cataloging information of S2, in turn, provides a precise configuration basis for the permission granularity and desensitization rules of S1.

3. The construction method based on trusted data space circulation operation management according to claim 1, characterized in that: The openness attribute of S2 directly determines the scope of the synchronization portal of S3; S3 is configured with full, incremental, one-time, and periodic scheduling strategies according to the resource type and data level of S2.

4. The construction method for trusted data space circulation operation management according to claim 1, characterized in that: The data resource configuration synchronization strategy in S3 supports full synchronization and timestamp incremental synchronization. The scheduling method supports one-time scheduling and periodic scheduling. The synchronization target supports public data open portal and trusted data space operation portal. The resource catalog and field range on S3 limit the scope of S4 order applications. The approval result of S4 triggers S3 to perform synchronization, withdrawal or cancellation operations, realizing dynamic linkage between release and application.

5. The construction method for trusted data space circulation operation management according to claim 1, characterized in that: The S4 data order supports single resource application and batch resource application. The approval process includes approval from the operating company and approval from the data source department. The desensitization process is automatically executed before synchronous delivery. Authorized data is available but not visible. The S4 approval command automatically triggers S5 resource synchronization and permission activation. The S5 delivery status is fed back to the S4 in real time, updating the order fulfillment progress and achieving automated connection between approval and delivery.

6. The construction method for trusted data space circulation operation management according to claim 1, characterized in that: The databases, interfaces, and storage environment provided by S5 provide data sources and operational support for S6; the development results of S6 are written back to the S5 environment, forming an integrated collaboration of data supply, processing, storage, and development.

7. The construction method for trusted data space circulation operation management according to claim 1, characterized in that: The order-based data processing and storage support services in S6 include: data cleaning, format conversion, de-identification and encryption, real-time interface generation, offline model building, hierarchical storage, and backup and recovery. After the product is launched, the order-based data processing and storage support services provided by S6 include: data cleaning and conversion, real-time interface publishing, offline model building, hierarchical storage, call management and control, billing and settlement, and security auditing.

8. A construction system based on trusted data space circulation operation management, applied to the construction method based on trusted data space circulation operation management as described in any one of claims 1-7, characterized in that: It includes a trusted foundation module, a cataloging resource module, a synchronization process module, an order fulfillment module, a development and delivery module, and a product operation module; Trusted Foundation Module: Used to build the secure foundation environment for the entire system, providing multi-tenant isolation, unified identity authentication, fine-grained permission management, data de-identification and encryption, data integrity verification and full-process operation auditing, providing trusted, secure and traceable underlying support for data access, cataloging, synchronization and use; Cataloging Resource Module: Based on a trusted foundation, this module completes standardized cataloging of multi-source data. It manages database tables, interfaces, and file resources in a structured manner according to a unified template and category system. It configures data fields, types, desensitization rules, and open attributes to form an operational, shareable, and controllable standardized data resource catalog. Synchronization Process Module: Based on the cataloging results, configure data synchronization strategies, scheduling rules and multi-level approval processes to synchronize compliant data resources to the operation portal. It supports full, incremental, one-time and periodic synchronization, and controls the synchronization scope in conjunction with open attributes to achieve reliable resource release and dynamic updates. Order fulfillment module: Responds to user resource requests and automatically generates data orders, completes two-level approval by the operator and data source unit, automatically performs data desensitization according to the cataloging preset rules, synchronizes authorized resources to the development environment and opens access permissions, and realizes the fully automated fulfillment of orders from application, approval, desensitization to delivery; Development and delivery module: Based on authorized data resources, it provides data processing, format conversion, interface development and model building capabilities, supports real-time interface and offline model development, provides development environment, storage support, resource isolation and operation guarantee for data productization, and completes the transformation of data into service capabilities; Product Operation Module: Conducts compliance review, asset registration, public disclosure and listing management of completed data products, provides order-based data processing and storage support services, and supports application access control, call rate limiting, security authentication, log auditing and product listing, realizing the market-oriented operation and full lifecycle management of data products.

9. A construction system based on trusted data space circulation operation management according to claim 8, characterized in that: The system supports interface enabling and disabling, resource delisting and relisting, product pinning, call rate limiting, IP blacklists and whitelists, replay protection, and full-process log auditing, enabling secure and controllable order-based service output.

10. A construction system based on trusted data space circulation operation management according to claim 9, characterized in that: The system supports multi-tenant data isolation, visual process orchestration, batch resource application and automatic de-identification, and is suitable for data operation scenarios involving multiple entities such as government, enterprises and data commerce.