CN116523171B - Data asset management method and system based on full life cycle management - Google Patents

Data asset management method and system based on full life cycle management Download PDF

Info

Publication number
CN116523171B
CN116523171B CN202310798796.9A CN202310798796A CN116523171B CN 116523171 B CN116523171 B CN 116523171B CN 202310798796 A CN202310798796 A CN 202310798796A CN 116523171 B CN116523171 B CN 116523171B
Authority
CN
China
Prior art keywords
data
node
transaction
private key
nodes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310798796.9A
Other languages
Chinese (zh)
Other versions
CN116523171A (en
Inventor
郑小华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Smart Enterprise Development Research Institute Co ltd
Original Assignee
Chengdu Smart Enterprise Development Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Smart Enterprise Development Research Institute Co ltd filed Critical Chengdu Smart Enterprise Development Research Institute Co ltd
Priority to CN202310798796.9A priority Critical patent/CN116523171B/en
Publication of CN116523171A publication Critical patent/CN116523171A/en
Application granted granted Critical
Publication of CN116523171B publication Critical patent/CN116523171B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • G06F2211/008Public Key, Asymmetric Key, Asymmetric Encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Strategic Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Economics (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Business, Economics & Management (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Quality & Reliability (AREA)
  • Educational Administration (AREA)
  • Tourism & Hospitality (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A data asset management method and system based on full life cycle management includes: the node roles of the federation chain are separated into, by the full lifecycle of the data assets: the method comprises the steps of collecting nodes, storing nodes, analyzing nodes, using nodes, updating nodes and disposing nodes; when each node needs to use the data, the transaction is carried out based on the alliance chain to acquire a decryption key, and the transaction process is recorded by the alliance chain. The management system accesses the transaction records in the nodes, reads the information of both sides of the transaction and the data identification in each transaction record, reads the transaction records of the same data according to the data identification, generates a flow chart for the transaction of the same data identification, and highlights the flow of changing the digital signature. The invention can realize the data asset management method by using the alliance chain, and avoid the problems in the conventional centralized data management mode.

Description

Data asset management method and system based on full life cycle management
Technical Field
The invention belongs to the field of data processing, and particularly relates to a data asset management method and system based on full life cycle management.
Background
A data asset refers to a valuable data resource owned by an organization or individual. They include various types of data such as customer information, sales data, financial data, product information, market research data, and the like. Data assets have important value to organizations as they can be used to insight business trends, support decision making, improve efficiency, and create business value.
The data asset has the following characteristics: 1. the method has the following value: the data assets contain information useful to an organization or individual, which can be used to insight business operations, market trends, customer behavior, etc., to help make more informed decisions. 2. The method can be used for quantification: the data assets may be quantified, the value of which may be measured by different metrics, such as accuracy, integrity, reliability, etc. of the data. 3. Can circulate: data assets may be shared and circulated within an organization or with external partners. By sharing data, the organization can promote the transmission and cooperation of information, and better business results are realized. 4. The protection can be realized: data assets typically contain sensitive information such as customer personal information, business secrets, and the like. Therefore, it is very important to protect the security and privacy of data assets, and organizations need to take corresponding security measures to prevent unauthorized access, disclosure or abuse. 5. The updating can be realized: data assets are dynamic and require periodic maintenance and updating. Organizations need to ensure accuracy and timeliness of data so that their value can continuously provide support for business and decision making.
Data assets are valuable data resources owned by an organization or individual that can provide support for business decisions and creation of business value. It is critical for an organization to effectively manage and protect data assets.
The lifecycle of a data asset describes the various stages of data from creation to final disposal, including the collection, storage, processing, use, and destruction of the data.
The existing management process of the data asset is generally unified by a central server, and the existing central server is inconvenient to manage due to the fact that a large number of people and long time are involved in the life cycle of the data asset, and safety problems can occur in each process of the data asset, so that the problems of data leakage, malicious tampering and the like are caused, and the traceability is difficult; in addition, portions of the data may involve a number of different departments, institutions, and may result in other users not trusting the centralized server if some of the users have higher rights to the centralized server.
Disclosure of Invention
In order to solve the technical problems mentioned in the background art, the invention provides a data asset management method and system based on full life cycle management.
In one aspect, the present invention provides a data asset management method based on full lifecycle management, the method being based on a federation chain; the node roles of the federation chain are separated into, by the full lifecycle of the data assets: the method comprises the steps of collecting nodes, storing nodes, analyzing nodes, using nodes, updating nodes and disposing nodes; after collecting data, filling data information by the collecting node user, and generating a layout file through an intelligent contract, wherein the layout file at least comprises a data identifier, a storage position and a digital signature; the collection node writes a first storage position of data and a first digital signature into the block according to the format file; encrypting data by a first public key, storing a corresponding first private key in a node, and limiting the access authority of the first private key as an object of successful transaction; the collecting node initiates a transaction to the storage node, and after the transaction is successful, the storage node obtains the access right of the first private key; the storage node acquires a first storage position and a first digital signature of the data through the format file; the storage node acquires the encrypted file through the first storage position, transfers the file to a second position of the storage center, decrypts the file by using a first private key, and verifies the correctness of the data by using a first digital signature; after verification is correct, the storage node generates a second digital signature, encrypts data by using a second public key, stores a corresponding second private key, and sets access rights as an object of successful transaction; the analysis node, the using node, the updating node and the processing node initiate a transaction to the storage node when the data need to be used; after the transaction is successful, the access right of the second private key is obtained, the data is read, and the data is processed; generating a third digital signature for the processed data, encrypting by using a third public key, storing the corresponding third private key in the node, limiting the access control authority of the third private key as an object of successful transaction, and initiating the transaction to the storage node; after the transaction is successful, the storage node obtains the access right of the third private key, decrypts the data by using the third private key, and verifies the correctness of the data through the third digital signature; after verification is successful, the storage node generates a fourth digital signature, encrypts the fourth digital signature by using a fourth public key, stores a corresponding fourth private key in the node, and limits the access control authority of the fourth private key to be an object of successful transaction; the management system accesses the transaction records in the nodes, reads the information of both sides of the transaction and the data identification in each transaction record, reads the transaction records of the same data according to the data identification, generates a flow chart for the transaction of the same data identification, and highlights the flow of changing the digital signature.
Further, the collection node, the storage node, the analysis node, the usage node, the update node, and the disposition node each comprise more than one user; each user may be stored in multiple node types simultaneously.
Further, the storage location is a URL or FTP address.
Further, the transaction is realized by using a UI interface, when data is to be used, one data and a corresponding storage node are selected in the UI interface, clicking extraction is performed, reading transaction is initiated to the storage node, the whole process of reading transaction is automatically performed in the background, and the whole process of reading transaction is invisible to a user; after the data is processed, the submit button is clicked, the management system automatically initiates the transaction to the storage node again, and the data is stored again automatically.
Further, the management system presents different nodes through which the same piece of data passes on the UI interface according to the time sequence, so that a flow chart of the data is formed, and nodes and processing modes of the data are presented in the flow chart.
In another aspect, the present invention further provides a data asset management system based on full lifecycle management, the system being based on a federation chain, including the following modules: the classification module is used for dividing node roles of the alliance chain into the following steps according to the full life cycle of the data asset: the method comprises the steps of collecting nodes, storing nodes, analyzing nodes, using nodes, updating nodes and disposing nodes; the collection module is used for filling data information by the collection node user after the collection node user collects data, and generating a format file through an intelligent contract, wherein the format file at least comprises a data identifier, a storage position and a digital signature; the collection node writes a first storage position of data and a first digital signature into the block according to the format file; encrypting data by a first public key, storing a corresponding first private key in a node, and limiting the access authority of the first private key as an object of successful transaction; the first transaction module is used for enabling the collection node to initiate a transaction to the storage node, and after the transaction is successful, the storage node obtains the access right of the first private key; the storage module is used for storing a first storage position and a first digital signature of the data acquired by the node through the format file; the storage node acquires the encrypted file through the first storage position, transfers the file to a second position of the storage center, decrypts the file by using a first private key, and verifies the correctness of the data by using a first digital signature; after verification is correct, the storage node generates a second digital signature, encrypts data by using a second public key, stores a corresponding second private key, and sets access rights as an object of successful transaction; the second transaction module is used for initiating a transaction to the storage node when the analysis node, the use node, the update node and the disposal node need to use the data; after the transaction is successful, the access right of the second private key is obtained, the data is read, and the data is processed; generating a third digital signature for the processed data, encrypting by using a third public key, storing the corresponding third private key in the node, limiting the access control authority of the third private key as an object of successful transaction, and initiating the transaction to the storage node; after the transaction is successful, the storage node obtains the access right of the third private key, decrypts the data by using the third private key, and verifies the correctness of the data through the third digital signature; after verification is successful, the storage node generates a fourth digital signature, encrypts the fourth digital signature by using a fourth public key, stores a corresponding fourth private key in the node, and limits the access control authority of the fourth private key to be an object of successful transaction; the management module is used for managing transaction records in the system access node, reading information of both transaction sides and data identifiers in each transaction record, reading the transaction records of the same data according to the data identifiers, generating a flow chart for transactions of the same data identifiers, and highlighting the flow of changing digital signatures.
Further, the collection node, the storage node, the analysis node, the usage node, the update node, and the disposition node each comprise more than one user; each user may be stored in multiple node types simultaneously.
Further, the storage location is a URL or FTP address.
Further, the transaction is realized by using a UI interface, when data is to be used, one data and a corresponding storage node are selected in the UI interface, clicking extraction is performed, reading transaction is initiated to the storage node, the whole process of reading transaction is automatically performed in the background, and the whole process of reading transaction is invisible to a user; after the data is processed, the submit button is clicked, the management system automatically initiates the transaction to the storage node again, and the data is stored again automatically.
Further, the management system presents different nodes through which the same piece of data passes on the UI interface according to the time sequence, so that a flow chart of the data is formed, and nodes and processing modes of the data are presented in the flow chart.
The beneficial effects of the invention are as follows: according to the characteristics of roles and blockchain systems in the data asset management of the whole life cycle, users in the system are classified into different roles, all life circulation processes of the data asset are recorded in the block by means of the alliance chains, on one hand, the development amount can be greatly reduced by using the existing blockchain transaction process, and the implementation is convenient. On the other hand, all users can supervise the data circulation, and distrust of one part of users to the other part of users is avoided when the data is stored in a fully centralized mode.
Description of the embodiments
The present invention will be described and illustrated with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. All other embodiments, which can be made by a person of ordinary skill in the art based on the embodiments provided by the present invention without making any inventive effort, are intended to fall within the scope of the present invention.
It is apparent that the examples in the following description are only some examples or embodiments of the present invention, and it is possible for those of ordinary skill in the art to apply the present invention to other similar situations according to these examples without inventive efforts. Moreover, it should be appreciated that while such a development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as having the benefit of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by those of ordinary skill in the art that the described embodiments of the invention can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this invention belongs. The terms "a," "an," "the," and similar referents in the context of the invention are not to be construed as limiting the quantity, but rather as singular or plural.
In one aspect, the present invention provides a data asset management method based on full lifecycle management based on a federation chain.
The federated chain (Consortium Blockchain) is a type of blockchain network that consists of a set of organizations or entities between which an agreement is reached to co-manage and maintain the blockchain network. Alliance chains are more focused on trust and collaboration among members than public blockchains, while providing a degree of privacy and rights control. In a federated chain, participating organizations are typically authorized and approved that together manage blockchain operations and decisions. A federation chain may be formed of enterprises, organizations, government agencies, etc., each member specifying shared rules and rights through an agreement.
Because the data assets are commonly operated by members in one or more organizations, the relationships among the members are closer to those among the members of the alliance chain, the alliance chain is not open to the public, and a certain degree of authority control can be performed, so the embodiment selects the alliance chain as the basis for data processing.
The node roles of the federation chain are separated into, by the full lifecycle of the data assets: collection node, storage node, analysis node, usage node, update node, disposal node.
The full lifecycle process of a typical data asset includes:
and (3) data collection: the lifecycle of the data begins at the collection phase of the data. This includes obtaining data through various channels and methods, such as surveys, sensors, transaction records, and the like. The data may be structured (e.g., tabular data in a database) or unstructured (e.g., text, images, audio, etc.).
And (3) data storage: the collected data needs to be stored for subsequent access and use. The data store may include conventional database systems, data warehouse, cloud storage, and the like. At this stage, the data may undergo cleaning, conversion, integration, etc. to ensure the quality and availability of the data.
Data analysis: once the data is stored, the organization may process and analyze the data. This includes applying various analysis techniques and tools to extract useful information, insight, and patterns. Data processing may include methods of data mining, machine learning, statistical analysis, etc., to find potential value in the data. The results of the data analysis are typically dependent on the data itself and may be stored in the form of attachments with the underlying data.
Data use: the processed and analyzed data may be used for various purposes, such as business decisions, marketing, product development, customer service, and the like. The use of data may be in the form of reports, visualizations, dashboards, etc. to facilitate user understanding and utilization of the results of the data. The use of data requires reading of the underlying data and analysis of the report, in the course of which the correctness of the data needs to be ensured.
Updating data: the data assets need to be regularly maintained and updated. This includes monitoring data quality, cleaning and correcting data errors, updating data records, and the like. Maintaining and updating data can ensure accuracy and timeliness of the data.
Data handling: when data is no longer needed or reaches a legal retention period, the organization needs to securely process the data. Data handling may include data deletion, destruction, or archiving. At the time of data handling, the organization needs to ensure that the data is no longer recoverable to protect the security and privacy of the data.
To cope with the process of each phase, the present embodiment further divides the nodes in the federation chain into collection nodes, storage nodes, analysis nodes, usage nodes, update nodes, and disposal nodes. Because of the large number of users in an organization, and each division of work may be done by multiple people, although multiple nodes may be included in each class of nodes. For example, there may be 20 people responsible for data collection, and there may be 20 collection nodes in the system. Further, the same person or organization may work both, so the same node may belong to different nodes alike at the same time, e.g., the same node may belong to both the collection node and the analysis node.
After the collection node user collects data, the collection node user fills in data information, and generates a layout file through an intelligent contract, wherein the layout file at least comprises a data identifier, a storage position and a digital signature.
After the collection node user collects a data (a data is not a number, but a collection of data, such as the price data of a region collected by the collection node user from the internet, etc.), the life of the data begins, and in order to track the full life cycle of the data, a globally unique and invariable data identifier is firstly assigned to the data, and the whole process related to the data can be uniquely determined by the data identifier system.
After the collection node users collect the data, the data is usually stored in a local hard disk, a network disk and other positions of the users, and in order to enable other node users to obtain the corresponding data, the storage positions related to the data should be stored. The storage location may be any location on the network that can be accessed by a node, and may support any address protocol in the prior art, such as URL address, ftp address, and the like. Further, in order to prevent data from being tampered with or problems occurring in the transmission process, a digital signature of the data needs to be saved. The digital signature may be performed by any method in the prior art, such as MD5, SHA256, etc., and the choice of the signature algorithm may be determined according to the requirement of the security degree, which is not limited in this embodiment.
Layout Files (Layout Files) refer to a file that describes a data structure. It defines the manner and format in which data is stored on the blockchain. The layout file is similar to a Schema (Schema) in a database for specifying information such as fields, types, and arrangements of data. In blockchain applications, the layout file plays an important role because it defines the data structure in the blockchain so that different nodes can understand and interpret the data stored on the blockchain. It ensures consistency and interoperability of data so that different participants can read and update data according to the same rules.
In order to facilitate reading of data by different node users, a layout file is generated through an intelligent contract, and the layout file at least comprises a data identifier, a storage position and a digital signature. Other users can read the information such as the identification, the position, the signature and the like of corresponding data in the block through the format file, and then can acquire the data, perform signature verification and the like.
The collection node writes the data identification, the first storage position and the first digital signature of the data into the block according to the format file; encrypting data with a first public key, storing a corresponding first private key in a node, and limiting the access authority of the first private key as an object of successful transaction.
The data identification, storage location and digital signature are all conventional information that the user can access and identify the process of streaming the data, so these data are written to the block for billing purposes. In order to prevent data leakage, further, an asymmetric encryption algorithm is used for encrypting the data, a corresponding first private key is stored in a node, access authority of the first private key is limited to be an object of successful transaction, and after the data is transacted to other users by the collecting node, the other users can obtain the access authority of the key, so that the key is read, and further the file is decrypted.
The access rights of the nodes may be determined by the design and rules of the federation chain and configured according to particular requirements and security considerations. For example, performing identity verification and authorization, a node may require access rights to verify the identity of other nodes and confirm that it has authorization to perform certain operations. This may be accomplished through the use of digital certificates, identity identifiers, or other verification mechanisms. The specific rights control implementation method is not specifically limited in this embodiment.
The collecting node initiates a transaction to the storage node, and after the transaction is successful, the storage node obtains the access right of the first private key.
The collection node creates a transaction comprising the recipient and the data to be transmitted, and after creating the transaction, signs the transaction using its own private key to ensure the integrity and authenticity of the transaction. This process uses an encryption algorithm to generate a digital signature to ensure that the transaction is not tampered with during transmission. Once the transaction is signed, it may be submitted into the coalition chain network. The specific manner of submission depends on the design and architecture of the federation chain. It may be desirable to send the transaction to a particular authentication node or consensus participant. The submitted transaction may be validated and agreed upon by other nodes in the coalition chain network. The node verifies the validity of the transaction, and the transaction in the embodiment does not relate to specific asset amount, but verifies the authority of the general identity, so that only the node type, the node authority and the like of both sides of the transaction are verified, and the transaction is ensured to accord with the rules and protocols of the alliance chain. Once the transaction is validated, the node may use a consensus mechanism to agree on, for example, a vote or other form of consensus algorithm. Once the transaction is validated and agreed upon, it will be packaged into a block.
The information in the block comprises the storage position of the data and the digital signature, and other uses can read the data, but only the transacted storage node can obtain the access right of the first private key, so that only the transacted storage node can decrypt the data, and the real data information is obtained.
The storage node obtains a first storage location and a first digital signature of the data through the layout file.
The layout file comprises format information such as storage positions, digital signatures and the like, and the storage nodes can read the first storage positions and the first digital signatures at corresponding positions in the blocks according to the layout file.
The storage node obtains the encrypted file through the first storage position, transfers the file to a second position of the storage center, decrypts the file by using the first private key, and verifies the correctness of the data by using the first digital signature.
Because the data obtained by the data collector is usually stored in the private location of the collector, such as a private hard disk, a network disk, etc., the data assets are usually managed in a centralized way, after the storage node being transacted obtains the first storage location and the first digital signature, the file is first moved to the storage center to be stored, and after the movement is completed, the second location of the data in the storage center can be obtained, which can be URL, FTP, etc. address information, similar to the first location. And decrypting the obtained data by the first private key obtained in the previous step, namely the decrypted data, and verifying whether the data is tampered or not by the first digital signature.
After verification is correct, the storage node generates a second digital signature, encrypts data by using the second public key, stores a corresponding second private key, and sets the access right as an object of successful transaction.
If the data is verified to be not tampered, the data can be further stored, and the data center usually processes the data into a format suitable for the data center, and information such as labels, descriptions and the like can be added for facilitating subsequent use, so that the data when the storage node stores the data is basically different from the data collected by the collection node, and thus the digital signature needs to be generated again.
In order to protect the stored data in the storage center, a set of asymmetric encryption keys is used again for encryption, a corresponding second private key is stored, and access rights are set as objects with successful transactions, so that the encryption keys can be obtained in subsequent steps.
The analysis node, the using node, the updating node and the processing node initiate a transaction to the storage node when the data needs to be used.
The functions of the analysis node, the use node, the update node, and the disposal node are different, but the positions of the analysis node, the use node, the update node, and the disposal node are the same in the embodiment, and all the stored data are acquired from the data center and processed. If the analysis point acquires data from the data center, analyzing and processing the data, and attaching the obtained useful information to the original data; the node is used for reading data from the data center and then displaying, and meanwhile, the displaying process may need to be stored together during displaying so as to be inherited for use later; the new node rewrites the data after the data change; when the data is required to be handled, the handling node reads the data from the data center and performs operations such as deleting or overwriting. The operation processes of the analysis node, the using node, the updating node and the disposal node are to read data from the storage node and submit the modified data to the storage node again, so that the nodes need to initiate transaction to the storage node when using the data.
And after the transaction is successful, the access right of the second private key is obtained, the data is read, and the data is processed.
And the analysis node, the using node, the updating node, the disposal node and the like acquire the access right of the second private key after the transaction is successful, so that the second private key is acquired, the data is further read, decrypted and processed. The processing of the data refers to any operation of the data, such as rewriting, adding, deleting, etc., and the analysis point obtains the data from the data center, analyzes and processes the data, and attaches the obtained useful information to the original data.
And generating a third digital signature for the processed data, encrypting by using a third public key, storing the corresponding third private key in the node, limiting the access control authority of the third private key as an object of successful transaction, and initiating the transaction to the storage node.
Analysis nodes, usage nodes, update nodes, disposal nodes, etc. need to save the processed data again to a storage center after processing the data for other nodes to use. Since the data has been altered, a third digital signature is generated for the processed data. Similar to the process of collecting the node storage data, the third public key is used for encryption, the corresponding third private key is stored in the node, the access control authority of the third private key is limited as the object of successful transaction, and the transaction is initiated to the storage node.
After the transaction is successful, the storage node obtains the access right of the third private key, decrypts the data by using the third private key, and verifies the correctness of the data through the third digital signature.
After the verification is successful, the storage node generates a fourth digital signature, encrypts the fourth digital signature by using a fourth public key, stores a corresponding fourth private key in the node, and limits the access control authority of the fourth private key to be an object of successful transaction.
After the storage node is successfully verified, the storage node may modify the data again, such as adding a log, modifying an attachment, reorganizing a format, and the like, and the data may change slightly again, so after the verification is successful, the storage node generates a fourth digital signature, encrypts the fourth digital signature by using a fourth public key, stores a corresponding fourth private key in the node, and limits the access control authority of the fourth private key to be an object of successful transaction, so that the data can be accessed by other nodes continuously.
Further, in order to facilitate operation, the operation may be performed in a UI manner, for example, the management system presents all data in the coalition chain on the interface, each data corresponds to a storage node thereof, when the analysis node is to analyze, one of the data and the corresponding storage node is selected, click extraction is performed, a reading transaction is initiated to the storage node, and the whole process of the reading transaction is automatically performed in the background and is invisible to the user; after analysis processing is carried out on the data, the analysis node user clicks a submit button, the management system automatically initiates a transaction to the storage node again, the data is stored again automatically, and the whole process is also carried out automatically in the background, so that usability is improved.
It will be appreciated by those skilled in the art that the foregoing steps are only a small segment of the data usage process and that other nodes may repeat the transaction steps described above until the end of the data lifecycle after the storage node again stores the fourth private key in the node.
The management system accesses the transaction records in the nodes, reads the information of both transaction sides and the data identification in each transaction record, reads the transaction records of the same data according to the data identification, and generates a flow chart for the transaction of the same data identification.
The management system may be a visual UI, may be implemented through web or other GUI technology, and may be a node in a federation chain to facilitate development of programs, so that the management system may also read the entire transaction process from the area. Because the layout file comprises the identification of the data, the storage position of the data, the signature of the data and the like, the management system can read the information of both transaction sides and the data identification in each transaction record, and read the transaction record of the same data according to the data identification, so that the whole process from collection to storage of the same data can be reflected by the transaction process, the management system presents different nodes which the same data has passed on a UI interface according to the time sequence, thereby forming a flow chart of the data, and the flow chart can present the modes (analysis, use, treatment and the like) of which nodes are processed and the processing is carried out.
In another embodiment, the invention also discloses a data asset management system based on full life cycle management, which is based on a alliance chain and comprises the following modules:
the classification module is used for dividing node roles of the alliance chain into the following steps according to the full life cycle of the data asset: the method comprises the steps of collecting nodes, storing nodes, analyzing nodes, using nodes, updating nodes and disposing nodes;
the collection module is used for filling data information by the collection node user after the collection node user collects data, and generating a format file through an intelligent contract, wherein the format file at least comprises a data identifier, a storage position and a digital signature; the collection node writes a first storage position of data and a first digital signature into the block according to the format file; encrypting data by a first public key, storing a corresponding first private key in a node, and limiting the access authority of the first private key as an object of successful transaction;
the first transaction module is used for enabling the collection node to initiate a transaction to the storage node, and after the transaction is successful, the storage node obtains the access right of the first private key;
the storage module is used for storing a first storage position and a first digital signature of the data acquired by the node through the format file; the storage node acquires the encrypted file through the first storage position, transfers the file to a second position of the storage center, decrypts the file by using a first private key, and verifies the correctness of the data by using a first digital signature; after verification is correct, the storage node generates a second digital signature, encrypts data by using a second public key, stores a corresponding second private key, and sets access rights as an object of successful transaction;
the second transaction module is used for initiating a transaction to the storage node when the analysis node, the use node, the update node and the disposal node need to use the data; after the transaction is successful, the access right of the second private key is obtained, the data is read, and the data is processed; generating a third digital signature for the processed data, encrypting by using a third public key, storing the corresponding third private key in the node, limiting the access control authority of the third private key as an object of successful transaction, and initiating the transaction to the storage node; after the transaction is successful, the storage node obtains the access right of the third private key, decrypts the data by using the third private key, and verifies the correctness of the data through the third digital signature; after verification is successful, the storage node generates a fourth digital signature, encrypts the fourth digital signature by using a fourth public key, stores a corresponding fourth private key in the node, and limits the access control authority of the fourth private key to be an object of successful transaction;
the management module is used for managing transaction records in the system access node, reading information of both transaction sides and data identifiers in each transaction record, reading the transaction records of the same data according to the data identifiers, generating a flow chart for transactions of the same data identifiers, and highlighting the flow of changing digital signatures.
While the system includes modules of the prior art that are capable of performing or assisting in performing all of the methods of the foregoing embodiments, those of skill in the art may implement the system by any means of the prior art as long as the methods of the foregoing embodiments are capable of being performed.
In the description of the present specification, the terms "one embodiment," "some embodiments," "particular embodiments," and the like, mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A data asset management method based on full life cycle management, characterized by:
the method is based on a federation chain;
the node roles of the federation chain are separated into, by the full lifecycle of the data assets: the method comprises the steps of collecting nodes, storing nodes, analyzing nodes, using nodes, updating nodes and disposing nodes;
after collecting data, filling data information by the collecting node user, and generating a layout file through an intelligent contract, wherein the layout file at least comprises a data identifier, a storage position and a digital signature;
the collection node writes a first storage position of data and a first digital signature into the block according to the format file; encrypting data by a first public key, storing a corresponding first private key in a node, and limiting the access authority of the first private key as an object of successful transaction;
the collecting node initiates a transaction to the storage node, and after the transaction is successful, the storage node obtains the access right of the first private key;
the storage node acquires a first storage position and a first digital signature of the data through the format file;
the storage node acquires the encrypted file through the first storage position, transfers the file to a second position of the storage center, decrypts the file by using a first private key, and verifies the correctness of the data by using a first digital signature;
after verification is correct, the storage node generates a second digital signature, encrypts data by using a second public key, stores a corresponding second private key, and sets access rights as an object of successful transaction;
the analysis node, the using node, the updating node and the processing node initiate a transaction to the storage node when the data need to be used;
after the transaction is successful, the access right of the second private key is obtained, the data is read, and the data is processed;
generating a third digital signature for the processed data, encrypting by using a third public key, storing the corresponding third private key in the node, limiting the access control authority of the third private key as an object of successful transaction, and initiating the transaction to the storage node;
after the transaction is successful, the storage node obtains the access right of the third private key, decrypts the data by using the third private key, and verifies the correctness of the data through the third digital signature;
after verification is successful, the storage node generates a fourth digital signature, encrypts the fourth digital signature by using a fourth public key, stores a corresponding fourth private key in the node, and limits the access control authority of the fourth private key to be an object of successful transaction;
the management system accesses the transaction records in the nodes, reads the information of both sides of the transaction and the data identification in each transaction record, reads the transaction records of the same data according to the data identification, generates a flow chart for the transaction of the same data identification, and highlights the flow of changing the digital signature.
2. A method of data asset management based on full lifecycle management as recited in claim 1, wherein: the collecting node, the storing node, the analyzing node, the using node, the updating node and the disposing node comprise more than one user; each user may be stored in multiple node types simultaneously.
3. A method of data asset management based on full lifecycle management as recited in claim 1, wherein: the storage location is a URL or FTP address.
4. A method of data asset management based on full lifecycle management as recited in claim 1, wherein: when data is to be used, selecting one data and a corresponding storage node in the UI interface, clicking and extracting, initiating a reading transaction to the storage node, and automatically performing the whole reading transaction in the background, wherein the whole reading transaction is invisible to a user; after the data is processed, the submit button is clicked, the management system automatically initiates the transaction to the storage node again, and the data is stored again automatically.
5. A method of data asset management based on full lifecycle management as recited in claim 1, wherein: and the management system presents different nodes which the same piece of data passes through on the UI interface according to the time sequence, so that a flow chart of the data is formed, and nodes which the data passes through and a processing mode are presented in the flow chart.
6. A data asset management system based on full lifecycle management, the system being based on a federation chain, comprising:
the classification module is used for dividing node roles of the alliance chain into the following steps according to the full life cycle of the data asset: the method comprises the steps of collecting nodes, storing nodes, analyzing nodes, using nodes, updating nodes and disposing nodes;
the collection module is used for filling data information by the collection node user after the collection node user collects data, and generating a format file through an intelligent contract, wherein the format file at least comprises a data identifier, a storage position and a digital signature; the collection node writes a first storage position of data and a first digital signature into the block according to the format file; encrypting data by a first public key, storing a corresponding first private key in a node, and limiting the access authority of the first private key as an object of successful transaction;
the first transaction module is used for enabling the collection node to initiate a transaction to the storage node, and after the transaction is successful, the storage node obtains the access right of the first private key;
the storage module is used for storing a first storage position and a first digital signature of the data acquired by the node through the format file; the storage node acquires the encrypted file through the first storage position, transfers the file to a second position of the storage center, decrypts the file by using a first private key, and verifies the correctness of the data by using a first digital signature; after verification is correct, the storage node generates a second digital signature, encrypts data by using a second public key, stores a corresponding second private key, and sets access rights as an object of successful transaction;
the second transaction module is used for initiating a transaction to the storage node when the analysis node, the use node, the update node and the disposal node need to use the data; after the transaction is successful, the access right of the second private key is obtained, the data is read, and the data is processed; generating a third digital signature for the processed data, encrypting by using a third public key, storing the corresponding third private key in the node, limiting the access control authority of the third private key as an object of successful transaction, and initiating the transaction to the storage node; after the transaction is successful, the storage node obtains the access right of the third private key, decrypts the data by using the third private key, and verifies the correctness of the data through the third digital signature; after verification is successful, the storage node generates a fourth digital signature, encrypts the fourth digital signature by using a fourth public key, stores a corresponding fourth private key in the node, and limits the access control authority of the fourth private key to be an object of successful transaction;
the management module is used for managing transaction records in the system access node, reading information of both transaction sides and data identifiers in each transaction record, reading the transaction records of the same data according to the data identifiers, generating a flow chart for transactions of the same data identifiers, and highlighting the flow of changing digital signatures.
7. A full lifecycle management based data asset management system as in claim 6, wherein: the collecting node, the storing node, the analyzing node, the using node, the updating node and the disposing node comprise more than one user; each user may be stored in multiple node types simultaneously.
8. A full lifecycle management based data asset management system as in claim 6, wherein: the storage location is a URL or FTP address.
9. A full lifecycle management based data asset management system as in claim 6, wherein: when data is to be used, selecting one data and a corresponding storage node in the UI interface, clicking and extracting, initiating a reading transaction to the storage node, and automatically performing the whole reading transaction in the background, wherein the whole reading transaction is invisible to a user; after the data is processed, the submit button is clicked, the management system automatically initiates the transaction to the storage node again, and the data is stored again automatically.
10. A full lifecycle management based data asset management system as in claim 6, wherein: and the management system presents different nodes which the same piece of data passes through on the UI interface according to the time sequence, so that a flow chart of the data is formed, and nodes which the data passes through and a processing mode are presented in the flow chart.
CN202310798796.9A 2023-07-03 2023-07-03 Data asset management method and system based on full life cycle management Active CN116523171B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310798796.9A CN116523171B (en) 2023-07-03 2023-07-03 Data asset management method and system based on full life cycle management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310798796.9A CN116523171B (en) 2023-07-03 2023-07-03 Data asset management method and system based on full life cycle management

Publications (2)

Publication Number Publication Date
CN116523171A CN116523171A (en) 2023-08-01
CN116523171B true CN116523171B (en) 2023-08-29

Family

ID=87390622

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310798796.9A Active CN116523171B (en) 2023-07-03 2023-07-03 Data asset management method and system based on full life cycle management

Country Status (1)

Country Link
CN (1) CN116523171B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106815764A (en) * 2017-01-18 2017-06-09 中钞***产业发展有限公司北京智能卡技术研究院 A kind of management method and system of the digital asset based on alliance's chain
CN110992068A (en) * 2019-12-17 2020-04-10 浙江大学 Vaccine full life cycle management method and system based on block chain
CN112152778A (en) * 2020-09-22 2020-12-29 腾讯科技(深圳)有限公司 Node management method and device and electronic equipment
CN112395353A (en) * 2020-10-27 2021-02-23 中国电力科学研究院有限公司 Intelligent electric energy meter quality data sharing method and system based on alliance chain
WO2021159606A1 (en) * 2020-02-11 2021-08-19 深圳壹账通智能科技有限公司 Organization node chaining method and system based on blockchain
CN115964730A (en) * 2023-01-09 2023-04-14 广东开放大学(广东理工职业学院) Block chain information storage method based on alliance chain multi-chain
CN116305316A (en) * 2023-02-03 2023-06-23 南京沅宇科技有限公司 Data management method for realizing intelligent construction based on alliance chain

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11055703B2 (en) * 2017-06-19 2021-07-06 Hitachi, Ltd. Smart contract lifecycle management
US10915641B2 (en) * 2017-10-30 2021-02-09 Pricewaterhousecoopers Llp Implementation of continuous real-time validation of distributed data storage systems

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106815764A (en) * 2017-01-18 2017-06-09 中钞***产业发展有限公司北京智能卡技术研究院 A kind of management method and system of the digital asset based on alliance's chain
CN110992068A (en) * 2019-12-17 2020-04-10 浙江大学 Vaccine full life cycle management method and system based on block chain
WO2021159606A1 (en) * 2020-02-11 2021-08-19 深圳壹账通智能科技有限公司 Organization node chaining method and system based on blockchain
CN112152778A (en) * 2020-09-22 2020-12-29 腾讯科技(深圳)有限公司 Node management method and device and electronic equipment
CN112395353A (en) * 2020-10-27 2021-02-23 中国电力科学研究院有限公司 Intelligent electric energy meter quality data sharing method and system based on alliance chain
CN115964730A (en) * 2023-01-09 2023-04-14 广东开放大学(广东理工职业学院) Block chain information storage method based on alliance chain multi-chain
CN116305316A (en) * 2023-02-03 2023-06-23 南京沅宇科技有限公司 Data management method for realizing intelligent construction based on alliance chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种改进的大数据流通共享安全方案;裴超等;《网络空间安全》;第11卷(第10期);1-10 *

Also Published As

Publication number Publication date
CN116523171A (en) 2023-08-01

Similar Documents

Publication Publication Date Title
Lone et al. Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer
US20200311646A1 (en) Blockchain-based system for analyzing and tracking work performance
Khan et al. A blockchain ethereum technology-enabled digital content: Development of trading and sharing economy data
Vincent et al. Blockchain architecture: A design that helps CPA firms leverage the technology
Komalavalli et al. Overview of blockchain technology concepts
US11936716B2 (en) System and method for providing a secure network
Shaikh et al. BIoMT modular infrastructure: the recent challenges, issues, and limitations in blockchain hyperledger‐enabled e‐healthcare application
CN110851865B (en) Resource data processing method, device, system and storage medium
WO2021169767A1 (en) Data processing method and apparatus, device and medium
Shrestha et al. User data sharing frameworks: a blockchain-based incentive solution
Hu et al. A patent registration and trading system based on blockchain
Yadav et al. Evolution of Blockchain and consensus mechanisms & its real-world applications
Shih et al. Design and implementation of distributed traceability system for smart factories based on blockchain technology
Kim et al. Developmental trajectories in blockchain technology using patent-based knowledge network analysis
Al-Sumaidaee et al. A blueprint towards an integrated healthcare information system through blockchain technology
Allam et al. Ledger technology of blockchain and its impact on operational performance of banks: a review
Gao et al. Data right confirmation mechanism based on blockchain and locality sensitive hashing
Ukanah et al. Blockchain application in healthcare
CN116523171B (en) Data asset management method and system based on full life cycle management
Lokshina et al. Revisiting state-of-the-art applications of the blockchain technology: analysis of unresolved issues and potential development
Patel et al. Blockchain technology: An aid to the governance of smart cities
Shaikh Blockchain Based Cloud Storage of Patients Health Records
US20210382865A1 (en) Secure model item tracking system
Deprez et al. A goal-oriented requirements analysis for the collection, use and exchange of electronic evidence across EU countries
Jaskula et al. Blockchain-Based Common Data Environments: Prototype and Validation Through User Study

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant