CN109800596A - A kind of personal data safety management system - Google Patents
A kind of personal data safety management system Download PDFInfo
- Publication number
- CN109800596A CN109800596A CN201811610855.0A CN201811610855A CN109800596A CN 109800596 A CN109800596 A CN 109800596A CN 201811610855 A CN201811610855 A CN 201811610855A CN 109800596 A CN109800596 A CN 109800596A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- user
- application
- labeled
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012545 processing Methods 0.000 claims abstract description 24
- 238000013475 authorization Methods 0.000 claims abstract description 10
- 238000013523 data management Methods 0.000 claims description 52
- 238000007726 management method Methods 0.000 claims description 51
- 238000013075 data extraction Methods 0.000 claims description 25
- 238000004891 communication Methods 0.000 claims description 19
- 238000012544 monitoring process Methods 0.000 claims description 15
- 238000000034 method Methods 0.000 description 13
- 238000005516 engineering process Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 11
- 230000006872 improvement Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 230000006399 behavior Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 5
- 238000012546 transfer Methods 0.000 description 5
- BYACHAOCSIPLCM-UHFFFAOYSA-N 2-[2-[bis(2-hydroxyethyl)amino]ethyl-(2-hydroxyethyl)amino]ethanol Chemical compound OCCN(CCO)CCN(CCO)CCO BYACHAOCSIPLCM-UHFFFAOYSA-N 0.000 description 4
- 241001269238 Data Species 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 238000007630 basic procedure Methods 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000012384 transportation and delivery Methods 0.000 description 2
- 244000097202 Rathbunia alamosensis Species 0.000 description 1
- 235000009776 Rathbunia alamosensis Nutrition 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000002372 labelling Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The present embodiments relate to data safety management technical fields, disclose a kind of personal data safety management system, and all modules operate in credible performing environment;Data acquisition module is for obtaining user data;Application download module is for downloading data processing application;The operation data processing application in credible performing environment is used for using operation module;Data access module handles the data access request of application for receiving data, and after obtaining the authorization of user, and corresponding user data is back in data handling utility;First data trace module tracks labeled user data for the user data for being back to data handling utility to be marked.What is provided in embodiment of the present invention provides a kind of personal data safety management system, so that user can either control the user data of oneself, and can guarantee the safety that user data is shared.
Description
Technical field
The present embodiments relate to data safety management technical fields, in particular to a kind of personal data safety management system
System.
Background technique
In recent years, with the rapid development of big data analysis, depth learning technology, existing algorithm is had been able to from a large amount of
Many significant results are analyzed in user data.Either the shopping hobby of personal user or the economy of whole market
Tendency can be obtained by big data analysis.This is simultaneously but also the value of data itself becomes higher and higher.Currently, big
Amount user data often disperses to rest in different enterprises, among mechanism.As Ali, Jingdone district possess a large number of users purchase data;
Tencent, Sina etc. have grasped a large number of users social data;Each hospital etc. possesses the medical data of user, such.
Sufficiently to excavate the potential value in personal user's data, a kind of method allows personal user itself to manage oneself
All data (transaction data, social data, medical data etc.), so as to which authorization data user uses the number of oneself
According to, while guaranteeing the safety of personal user's data in use, the implementation method provided in the prior art is as follows:
The prior art one: letter data Science and Technology Ltd. is deposited in Hangzhou, and that a personal user's data were proposed in 2016 is paid
Sharing platform public affairs letter is precious.The platform utilize block chain technology, help personal user store its personal data, while allow user to
Data user sells the personal data of oneself.The system utilizes block chain technology, can guarantee the peace during data trade
Quan Xing.However inventor has found: once data trade is completed, user to the control permission of oneself data, not can guarantee forfeiture
Data purchaser only uses data with the purpose of customer acceptance, and purchaser even can carry out secondary dealer to users personal data
It sells.
The Tim Berners-Lee professor of 2: 2018 years MIT of the prior art, proposes a number an of decentralization
According to sharing platform solid.The system is based on existing http protocol, constructs data grant, an application method.On the one hand permit
Perhaps personal user builds the data storage server of oneself, and authorized data user is on the other hand allowed to pass through the language such as JS
Data are obtained from personal user.However inventor has found: completing authentication, authorization and after obtaining data, user
These data can be arbitrarily handled, without the supervision by data owner.
It is to sum up, existing that there is no a safety management systems to enable to user that can either control oneself user data
(such as transaction data, social data, medical data etc.), while can also ensure that the safety that user data is shared.
Summary of the invention
Embodiment of the present invention is designed to provide a kind of personal data safety management system, so that user can either slap
The user data of oneself is controlled, and can guarantee the safety that user data is shared.
In order to solve the above technical problems, embodiments of the present invention provide a kind of personal data safety management system, packet
It includes: data management end;Data management end includes: data acquisition module, the first data trace module, Data access module, application
Download module and application operation module;Data acquisition module, the first data trace module, Data access module, using downloading
Module and application operation module operate in credible performing environment;Data acquisition module is for obtaining user data;Using
Download module is for downloading data processing application;The operation data processing in credible performing environment is used to using operation module answer
With;Data access module handles the data access request of application for receiving data, and after obtaining the authorization of user, will be corresponding
User data be back in data handling utility;First data trace module is used for the user for being back to data handling utility
Data are marked, and track labeled user data.
Embodiment of the present invention in terms of existing technologies, provides a kind of personal data safety management system, owns
Module operates in credible performing environment, ensure that the safety of data handling utility;And Data access module is receiving
When the access request of data handling utility, after the authorization for obtaining user (i.e. data owner), then by corresponding user data
It is back in data handling utility, ensure that data handling utility obtains user data is allowed by user, it is ensured that is used
Family is weighed by the control of data;And the user data for sharing interaction is carried out using data trace module tracking, to guarantee
By the safety of sharing data.
In addition, user data includes: local user data;Personal data safety management system further include: mentioned with data
The user equipment of modulus block;Data extraction module is used to obtain local user data in user equipment, and by local user's number
According to being sent to data acquisition module;Data acquisition module is specifically used for parsing local user data and uses the local after parsing
User data encryption storage.The extracting method of specific local user data is given in the program, and the local after parsing is used
User data encryption storage, ensure that the safety of storage local user data.
In addition, local user data is sent to data acquisition module especially by credible connection by data extraction module.It should
Pass through the safety in credible connection guarantee local user data extraction process in scheme.
In addition, user data includes: cloud user data;Data extraction module accesses cloud server for obtaining user
Authority information, and authority information is sent to data acquisition module;Data acquisition module is also used to utilize authority information from cloud
Cloud user data are acquired in the server of end and encrypt storage.The acquisition side of specific cloud user data is given in the program
Method, and cloud user data encryption is stored, it ensure that the safety of storage cloud user data.
In addition, the first data trace module is specifically used for tracking labeled data in data handling utility, and will be based on
The data that labeled data generate are marked and track.The first data trace module chases after in data handling utility in the program
The labeled data of track and the data that data generation is labeled based on this, to realize that monitoring user data is answered in data processing
With interior behaviour in service.
In addition, the system that the first data trace module is specifically used for intercepted data processing application is called, and judge system tune
Use type;If system call type data call between data handling utility, labeled number is tracked between data handling utility
According to, and the data generated based on labeled data are marked and are tracked.The first data trace module is in data in the program
The use of labeled data and such labeled data is tracked between processing application, so as to monitor user data in data
Behaviour in service between processing application.
In addition, data management end further include: the first I/O examines module;First I/O examines module for chasing after in the first data
When track module decision-making system call type is that file is read, whether the data for detecting reading include labeled data;First data
Tracing module is used to examine that module monitors to when being labeled data, track labeled data in the first I/O.Number is monitored in the program
The labeled data read according to processing application for system file.
In addition, the first I/O examines that module is used in the first data trace module decision-making system call type be network access
When, application server corresponding with data handling utility establishes connection, and between monitoring data management end and application server
Whether include labeled data in communication data;First data trace module is used to examine module monitors to being marked in the first I/O
Numeration according to when, carry out the data tracing across machinery compartment.The first data trace module is for data management end and application in the program
Labeled data in communication data between server are tracked, and ensure that the safety across user data between machine.
In addition, personal data safety management system further include: receive the application server of the communication data at data management end;
Application server includes: that the 2nd I/O operated in credible performing environment examines module;2nd I/O examines module for monitoring
It whether is transferred in the communication data of application server comprising labeled data;It, will and when monitoring comprising labeled data
Labeled data are sent in server application corresponding with data handling utility.The 2nd I/O examines that module only permits in the program
Perhaps communication data is sent in corresponding server application, to ensure that the safety of server application.
In addition, application server further include: operate in the second data trace module in credible performing environment;Second data
Tracing module is used to examine that module monitors to when being labeled data, track labeled data in application server in the 2nd I/O.
The second data trace module tracks labeled data in application server in the program, further monitors labeled data and is answering
With the behaviour in service in server.
In addition, application server includes: using distribution module;Application download module is downloaded request to for sending application and is answered
Use server;Data handling utility using distribution module for application server is digitally signed, and in application service
When device is received using downloading request, the data handling utility with digital signature is sent to application download module.The program
Data handling utility in middle application server has digital signature, prevents data handling utility from being distorted by user.
In addition, whether application download module is also used to verify data processing application comprising digital signature, and number will be included
The data handling utility of signature is stored in data management end.The data handling utility of application download module verifying downloading in the program
It whether include digital signature, to steal user data after avoiding the data handling utility being tampered from being obtained by data management end.
Detailed description of the invention
One or more embodiments are illustrated by the picture in corresponding attached drawing, these exemplary theorys
The bright restriction not constituted to embodiment, the element in attached drawing with same reference numbers label are expressed as similar element, remove
Non- to have special statement, composition does not limit the figure in attached drawing.
Fig. 1 is the structural schematic diagram of the personal data safety management system of first embodiment according to the present invention;
Fig. 2 is the structural schematic diagram of the personal data safety management system of first embodiment according to the present invention;
Fig. 3 is the workflow schematic diagram of the personal data safety management system of second embodiment according to the present invention;
Fig. 4 is the structural schematic diagram of the personal data safety management system of third embodiment according to the present invention;
Fig. 5 is the workflow schematic diagram of the personal data safety management system of third embodiment according to the present invention;
Fig. 6 is the structural schematic diagram of the personal data safety management system of the 4th embodiment according to the present invention;
Fig. 7 is the workflow schematic diagram of the personal data safety management system of the 4th embodiment according to the present invention;
Fig. 8 is the structural schematic diagram of the personal data safety management system of the 5th embodiment according to the present invention;
Fig. 9 is the workflow schematic diagram of the personal data safety management system of the 5th embodiment according to the present invention;
Figure 10 is the basic procedure schematic diagram of the advertising push service of the 5th embodiment according to the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Each embodiment be explained in detail.However, it will be understood by those skilled in the art that in each embodiment party of the present invention
In formula, in order to make the reader understand this application better, many technical details are proposed.But even if without these technical details
And various changes and modifications based on the following respective embodiments, the application technical solution claimed also may be implemented.
The first embodiment of the present invention is related to a kind of personal data safety management systems, as shown in Figure 1, comprising: data
Management end 1;Data management end 1 includes: data acquisition module 10, the first data trace module 11, Data access module 12, application
Download module 13 and application operation module 14.Data acquisition module 10, the first data trace module 11, Data access module
12, application download module 13 and application operation module 14 operate in credible performing environment.
So-called credible performing environment in present embodiment: being a kind of safe application runtime environment, can be by pure soft
The different modes such as part or software and hardware combining realize that credible performing environment can be considered as a black box, operate in the journey in black box
Sequence, data etc. will not be by the applications, also or the operating system of higher permission is attacked outside black box.It is credible in present embodiment
Performing environment can realize based on virtualization technology, the extension of ARM TrustZone hardware security or Intel SGX technology, but
The implementation of credible performing environment is not defined in present embodiment.Credible hold is realized with Intel SGX technology
For row environment, or even the program and data that can guarantee in credible performing environment can resist physical attacks and (be connect by physics
The attack that striking mark running equipment carries out, as read internal storage data in the bus directly between memory and CPU).Present embodiment
The safety of the middle data handling utility for guaranteeing its downloading and operation using credible performing environment.
Data acquisition module 10 is for obtaining user data, and application download module 13 is for downloading data processing application;It answers
The operation data processing application in credible performing environment is used for operation module 14;Data access module 12 is located for receiving data
Ought to data access request corresponding user data is back to data handling utility and after obtaining the authorization of user
In;First data trace module 11 is tracked labeled for the user data for being back to data handling utility to be marked
User data.
Specifically, data acquisition module 10 acquires user data in present embodiment, what data collecting module collected arrived
User data can store be stored at data management end 1 except data management end 1 storage medium (such as: magnetic
Disk) in.All modules operate in credible performing environment in present embodiment, 14 application download module of application download module
The processing application of 13 downloading datas, since application operation module 14 operates in data handling utility in feasible performing environment,
It avoids data handling utility to be stolen by data owner, ensure that the safety of data handling utility.Meanwhile data access mould
Block 12 is in the access request for receiving data handling utility, after the authorization for obtaining user (i.e. data owner), then by phase
The user data answered is back in data handling utility, and ensure that data handling utility obtains user data is allowed by user
, it is ensured that user weighs the control of data.The first data trace module 11 being arranged is answered data processing is back to
Data are marked, and track these labeled data, to monitor the flow direction for the labeled data gone out by sharing
And service condition.
Compared with prior art, embodiment of the present invention provides a kind of personal data safety management system, all modules
It operates in in credible performing environment, ensure that the safety of data handling utility;And Data access module 12 is receiving
To data handling utility access request when, after the authorization for obtaining user (i.e. data owner), then by corresponding number of users
According to being back in data handling utility, ensure that data handling utility obtains user data is allowed by user, it is ensured that
User weighs the control of data;And the user data for sharing interaction is carried out using data trace module tracking, to protect
It has demonstrate,proved by the safety of sharing data.
Second embodiment of the present invention is related to a kind of personal data safety management system.As shown in Fig. 2, the second embodiment party
Formula is the improvement to first embodiment, is mainly theed improvement is that, user data includes: local user data;Personal data
Safety management system further include: the user equipment 2 with data extraction module 20;Data extraction module 20 is set for obtaining user
Local user data in standby 2, and local user data is sent to data acquisition module 10;Data acquisition module 10 is specifically used
Storage is encrypted in parsing local user data and by the local user data after parsing.
Specifically, user equipment 2 is frequently referred to as the personal device of data owner, such as PC, mobile phone.By
A large amount of application program, such as Taobao, Jingdone district, Alipay, the clients such as wechat are operated normally in user equipment 2.These are answered
Store a large amount of data (such as: wechat chat record is resident locally) with program or in itself or can be from corresponding with service
Obtained in device a large number of users data (such as: Taobao's client is able to access that the user that is stored in Taobao's server does shopping record
Deng), therefore, user data is broadly divided into two classes, and one kind is stored in " local user data " of equipment local data base, one
Class is stored in the data " cloud user data " of cloud server.
For " local user data ", the data extraction module 20 operated in user equipment 2 directly acquires user local
The local user data of database, and local user data is sent to the data acquisition module 10 at data management end 1, for number
After being parsed according to acquisition module 10, local user data is encrypted and is stored, to will be dispersed in the local of each application of user equipment 2
User data concentrates storage, and ensure that the safety of local user data storage.
Further, local user data is sent to data acquisition module especially by credible connection by data extraction module 20
Block 10.
Specifically, so-called credible connection refers to active labels' technology or the realization of labeling switching technology, to trading
Transmitting, forwarding, offer credible evidence is provided in journey.Such as: the credible connection of SSL, SSL (Secure can be used in credible connection
Sockets Layer Secure Socket Layer) it is that a kind of security protocol of safety and data integrity is provided for network communication, SSL association
View provides safe support between ICP/IP protocol and various application layer protocols for data communication.Data extraction module 20 is logical
During crossing credible connection transmission local user data to data acquisition module 10, data extraction module 20 can acquire data
Module 10 carries out authentication, to ensure that data are sent in correct opposite end.In addition, data extraction module 20 passes through credible company
It connects and is sent to after local user data encryption, to prevent data midway to be stolen, further maintain the integrality of data, it is ensured that
Data are not changed in transmission process.
For " cloud user data ", data extraction module 20 obtains the authority information that user accesses cloud server, and
The authority information is sent to data acquisition module 10;Data acquisition module 10 is adopted from cloud server using authority information
Collection cloud user data simultaneously encrypt storage.
Specifically, the data extraction module 20 for running on user equipment 2 directly acquires the number of user's server beyond the clouds
According to access authority (such as Taobao's access authority etc.), can be extracted by obtaining user account password or logging in the modes such as cookie
Authority information passes through the credible data acquisition module for connecting the authority information that will acquire and being sent to data management module 1 later
10, guarantee the integrality and privacy of the authority information of transmission.Later, data acquisition module 10 is directly believed using obtained permission
Breath grabs cloud user data from cloud server, and the cloud user data encryption grabbed is stored, and ensure that cloud
The safety of user data storage.
It is noted that after collecting local user data and cloud user data, data acquisition module 10
Also all user data grabbed are standardized, some safety criterions formulated in advance according to user, to one
A little invalid datas are filtered, and then will be stored in data management end 1 or data after filtered ciphering user data
In storage medium (such as: disk) except management end 1, to guarantee the safety and validity of storing data.
The execution process of present embodiment is as shown in figure 3, specific as follows:
Step 101: obtaining the user data that need to be acquired.
Specifically, user can choose the user data for needing to acquire by the display interface in user equipment 2 first, award
Give the permission of platform acquisition data.
Step 102: the type for the user data that judgement need to acquire.If it is determined that user data type is local user data,
Then enter step 103;If it is determined that user data type is cloud user data, then 106 are entered step.
Specifically, entering step 103 if collected data are to be stored in local local user data.Such as
Fruit is collected the cloud user data (such as Taobao's shopping record) that data are stored in cloud server, then entering step 106.
Step 103: local user data is grabbed from application database.
Specifically, the data extraction module 20 in user equipment 2, which can directly read different application, is stored in local
Database, these databases are mainly stored in using among corresponding installation directory.
Step 104: local user data is uploaded to data management end.
Specifically, data extraction module 20 passes through the credible local user's number connected in the application database that will be extracted
According to the data acquisition module 10 being transferred in data management end 1.Guaranteed in present embodiment using credible links such as similar SSL
The privacy and integrality of database in transmission process.
Step 105: parsing and audit local user data.
Specifically, the local user data of 20 pairs of data extraction module uploads parses, useful application data are extracted,
And verify the integrality using data.109 are entered step later.
Step 106: obtaining the authority information of access cloud user data.
Specifically, then data extraction module 20 directly acquires use if it is determined that user data type is cloud user data
The data access rights limit information (such as Taobao's access authority) of family server beyond the clouds.Can by obtain user account password,
Or it logs in the modes such as cookie and extracts access authority information.
Step 107: authority information is uploaded to data management end.
Specifically, data access rights limit information is sent to data management end by credible connection by data extraction module 20
Data acquisition module 10 in 1 guarantees the integrality and privacy of transferring content using the credible connection such as similar SSL.
Step 108: grabbing cloud user data using authority information.
Specifically, data acquisition module 10 directly grabs user using the authority information got from cloud server
Data.109 are entered step later.
Step 109: data filtering, regularization processing.
Specifically, for all collected user data (including: local user data and cloud user data),
It is standardized, some safety criterions formulated in advance according to user are filtered some invalid datas.
Step 110: ciphering user data is stored.
Specifically, the standardized data encryption that will finally acquire, and store and arrive data management end 1 or data pipe
It manages in the storage medium (such as: disk) except end 1.
Compared with prior art, a kind of personal data safety management system proposed in embodiment of the present invention, number of users
According to including: local user data;Personal data safety management system further include: the user equipment 2 with data extraction module 20;
Data extraction module 20 is used to obtain the local user data in user equipment 2, and local user data is sent to data and is adopted
Collect module 10;Data acquisition module 10 is specifically used for parsing local user data and encrypts the local user data after parsing
Storage.And data extraction module 20 obtains user and accesses the authority information of cloud server, and authority information is sent to data
Acquisition module 10;Data acquisition module 10 acquires cloud user data using authority information from cloud server.The embodiment party
This in formula has gone out the specific acquisition modes of local user data and cloud user data, will be dispersed in user equipment 1 and cloud
The user data of server is collected and encrypts storage, realizes the concentration of user data, safe management.
Third embodiment of the present invention is related to a kind of personal data safety management system.As shown in figure 4, third embodiment party
Formula is the further improvement to first embodiment, is mainly theed improvement is that: the first data trace module 11 is specifically used for
Labeled data are tracked in data handling utility, and the data generated based on labeled data are marked and are tracked, and are realized
Behaviour in service of the monitoring user data in data handling utility.
Specifically, the first data trace module 11 can be to being back to number after a certain data handling utility obtains data
It is tracked according to the labeled data of processing application, to guarantee the privacy of user data itself.Specifically, the first data
Tracing module 11 includes two kinds of data tracing modes, " applying interior data tracing " and " data tracing between application ".
For " applying interior data tracing " in present embodiment, the first data trace module 11 analyzes skill using dynamic stain
Art tracks all labeled data, and the data generated based on labeled data is marked and is tracked, so as to supervise
Control the flow direction and behaviour in service of user data.
In addition, the first data trace module 11 will monitor the communication between different application for " data tracing between application ",
Track all user data deliveries across between application.Specifically, the data handling utility in credible performing environment is operated in
It can be called and be carried out across the communication between application by system, the first data trace module 11 calls interception system, to monitor
It is communicated between all such applications.
Data handling utility is roughly divided into two classes, application on site and offline application in present embodiment.Application on site indicates
The application needs to link to the application server of data user, and reliance server is needed to provide some services or return to certain
A little results are to application server;And application indicates that a data handling utility is not necessarily to the support of application server offline, calculates
Result will also be directly returned to data owner.Type according to data handling utility is different, the system of data handling utility
Calling is broadly divided into three kinds, " common to call ", " file reading " and " network access ".
If system call type is " common to call ", the so-called common number called between as common data handling utility
According to transmission, then labeled data are tracked between data handling utility, and the data generated based on labeled data are marked
And track, it is when commonly calling, to realize to labeled user data so as to the alternative type of system in data handling utility
Monitoring.
Data management end 1 further includes that the first I/O examines module 15.If system call type be " file reading ", first
I/O examines that module 15 is used to detect reading when 11 decision-making system call type of the first data trace module is that file is read
Whether data include labeled data;First data trace module 11 is used to examine that module 15 monitors to be labeled in the first I/O
When data, labeled data, when reading so as to the alternative type of system in data handling utility for file, realization pair are tracked
Read the monitoring that user data is labeled in data.
If system call type is " network access ", the first I/O examines that module 15 is corresponding with data handling utility and answers
Connection is established with server 3, and whether comprising being marked in the communication data between monitoring data management end 1 and application server 3
Count evidence;First data trace module 11 is used to carry out when the first I/O examines that module 15 monitors labeled data across machine
Between data tracing, so as to the alternative type of system in data handling utility be network access when, realize to labeled use
The monitoring of user data.
For the case where system call type of data handling utility is " network access ", due to data handling utility
It needs to be attached with application server 3, therefore, also needs to be tracked the labeled data being transferred in application server.
Application server 3 includes: that the 2nd I/O operated in credible performing environment examines module 30 and second in present embodiment
Data trace module 31, using the 2nd I/O examine module 30 monitoring be transferred in the communication data of application server 3 whether include
Labeled data, and when monitoring comprising labeled data, labeled data are sent to corresponding with data handling utility
In server application, labeled data are only allowed to establish connection with corresponding server application, to ensure that labeled user
Data are only capable of being obtained by specific application, further ensure the safety in utilization of labeled user data, avoid labeled user
Data are arbitrarily used by application server 3.
Further, the second data trace module 31 is used for when the 2nd I/O examines that module 30 monitors labeled data,
Labeled data are tracked in application server 3, realize the monitoring to labeled user data in application server 3.
The execution process of present embodiment is as shown in figure 5, specific as follows:
Step 201: data handling utility is initiated system and is called.
Specifically, present embodiment, which allows different data to handle application, carries out message biography in such a way that system is called
It passs, while the first data trace module 11 is called all systems are intercepted and captured, and is judged system call type.
Step 202: whether judging in call parameters comprising labeled data.If it is determined that be it is yes, then enter step 203;If
It is determined as no, then enters step 208.
Specifically, system call type is judged if the call parameters of data handling utility include labeled data,
If not including labeled data, normal processing system is called and is returned.
Step 203: judging system call type.
Specifically, judging this subsystem tune if the call parameters of data handling utility do not include labeled data
Use type.If this system call type is that file is read, then entering step 204;If this system call type is network
Access, then entering step 205;If this system call type is the common calling of non-above-mentioned two class, then entering step
206。
Step 204: encrypting labeled data.
Specifically, for file read type system call, present embodiment can by all labeled data into
Row encryption.206 are entered step later.
Step 205: examining receiving end address.
Specifically, the system for network access type is called, the 2nd IO examines that module is examined first in present embodiment
The IP address of network communication object is looked into, the application server for only allowing data handling utility corresponding carries out network communication.
Step 206: across machinery compartment data tracing.
Specifically, after the corresponding application server of data handling utility carries out network communication, if there is quilt
Flag data is sent to application server 3, then by being tracked to this data transmitting across machinery compartment.Data management end
Data trace module can be communicated with the data trace module at application server end, synchronize labeled data.It enters step later
206。
Step 207: data tracing between application.
Specifically, being called for conventional system, then the tracking of data is grasped between applying to this subsystem calling
Make.
Step 208: being comprising labeled data in the returned data that judgement system is called.If it is determined that be it is yes, then enter step
Rapid 209;If it is determined that be it is no, then be back to step 201.
Specifically, handling in the returned data called to all types system, and judge the return that system is called
It is comprising labeled data in data, if entering step 209 comprising being labeled data, otherwise this tracking is completed, and is returned
Returning step 201 waits lower subsystem to call.
Step 209: the returned data comprising being labeled data is marked and is tracked.
Specifically, being that the value comprising labeled data stamps tracking in the returned data called to all types of systems
Label, it is applied later in data tracing.
Compared with prior art, a kind of personal data safety management system provided in present embodiment, the first data chase after
Track module has 12 bodies and is used to track labeled data in data handling utility, and by the data generated based on labeled data into
Line flag is simultaneously tracked.And first data trace module 11 monitor different application between communication, track it is all across between application
User data delivery.It calls and to realize system between the application for data handling utility using interior system calling
The tracking and monitoring of labeled user data in communication data.
4th embodiment of the invention is related to a kind of personal data safety management system.As shown in fig. 6, the 4th embodiment party
Formula is the further improvement to second embodiment, is mainly theed improvement is that: application server 3 includes: using distribution module
32;Application download module 13 downloads request to application server 3 for sending application;It is used to take application using distribution module 32
The data handling utility of business device 3 is digitally signed, and when application server 3 is received using downloading request, will be with number
The data handling utility of word signature is sent to application download module 13.
Later, whether application download module 13 is also used to verify data processing application comprising digital signature, and will include number
The data handling utility of word signature is stored in data management end, and the application for being destroyed digital signature is avoided to be stored in data management
In end 1, user data is stolen after being obtained so as to avoid the data handling utility being tampered by data management end 1.
The execution process of present embodiment is as shown in fig. 7, specific as follows:
Step 301: server application starting.
Specifically, the developer of application i.e. data consumer need in application server 3 before downloading application
Required server application is applied in operation in end (if there is the server application).
Step 302: being generated according to server application and apply mirror image.
It (is counted specifically, application developer generates at 3 end of application server according to server application using mirror image
Applied according to processing), and being digitally signed using mirror image to generation, and will be committed to using mirror image using distribution module 32,
Data owner is allowed to download this using mirror image.
Step 303: mirror image is applied in downloading.
Specifically, user initiates application downloading request by the application download module 13 at data management end 1, make from data
Mirror image is applied in the downloading of application server 3 of user.
Step 304: mirror image is applied in verifying.
Specifically, the integrality of 13 pairs of the application download module at data management end 1 downloading mirror images checks, and check
Whether the digital signature of mirror image is correct, and will check that the application mirror image encryption after passing through is stored to memory module 11.
Step 305: mirror image is applied in selection starting.
Specifically, user to be started need to apply mirror image in the selection of data management end 1.
Step 306: verifying and load using mirror image.
Specifically, application operation module 14 in data management end 1 will verifying using the digital signature of mirror image and complete
Whole property will be loaded onto operation in credible performing environment using mirror image later.
Compared with prior art, a kind of personal data safety management system that embodiment of the present invention provides, application service
Device 3 includes: using distribution module 32;Application download module 13 downloads request to application server 3 for sending application;Using point
Data handling utility of the hair module 14 for application server 3 is digitally signed, and receives application in application server 3
When downloading request, the data handling utility with digital signature is sent to application download module 13, application service in the program
Data handling utility in device has digital signature, prevents data handling utility from being distorted by user.In addition, application downloading mould
Whether block 13 is also used to verify data processing application comprising digital signature, and the data handling utility comprising digital signature is stored
At data management end 1, application download module 13 verifying downloading data handling utility whether include digital signature, thus avoid by
The data handling utility distorted steals user data after being obtained by data management end 1.
5th embodiment of the invention is related to a kind of personal data safety management system.As shown in figure 8, the 5th embodiment party
Formula is the further improvement to first embodiment, is mainly theed improvement is that: data management end 1 further include: settlement module 16;
Settlement module 16 is used to establish transaction on block chain, and executed in data handling utility in data handling utility operation
Bi Hou completes the settlement of transactions on block chain.
Further, settlement module 16 is specifically used for after data handling utility is finished, and generates according to returning the result
Proof of work is simultaneously uploaded to block chain.
Specifically, in addition to guaranteeing data in entire storage, the shared safety with calculating process in present embodiment
Except, it is also necessary to guarantee the paid utilization that service is calculated for user data and data handling utility.The former " user data
Paid utilization " refer to that data consumer pays to data owner, to use data to obtaining effective information;The latter
" paid utilization that data handling utility calculates service " refers to the data handling utility that data owner's payment uses, to help
Data owner is helped to obtain effective information from data.
In present embodiment settlement module 16 by generating proof of work, in conjunction with block chain technology, guarantee user data/
The use of data handling utility with finally settle accounts atomicity (i.e. that is, once used user data/data processing to answer
With the operation then user must just complete charge).Before data handling utility starting application, settlement module 16 can be helped
User and data consumer establish a transaction on block chain, after data handling utility, which executes, to be completed, settlement module
16 will be automatically performed the settlement of transactions on block chain, and specific settlement process is as follows:
Data handling utility this case is bought for user.Settlement module 16 can execute completion in data handling utility
Afterwards, it firstly generates proof of work and is uploaded to block chain, at this time it is believed that transfer operation has been completed.Settlement module 16 later
The calculated result of data handling utility is back to user.
Data consumer is bought and uses user data this case.Once the first I/O examines that module 15 finds number
Application server is sent to using by labeled user data (data generated including relying on labeled user data) according to using
3, then settlement module 16 i.e. think that data consumer is used for target data, it will be immediately generated proof of work and on
It reaches on block chain, completes transfer operation.
The execution process of present embodiment is as shown in figure 9, specific as follows:
Step 401: establishing task of transferring accounts on chain.
Specifically, data consumer and data owner first can establish task of transferring accounts on a block chain.It is wrapped
It includes and carrys out two kinds of situations, one is the data that data consumer's payment uses data owner, another kind is data owner's payment
Use data handling utility.
Step 402: executing the corresponding application program of task of transferring accounts.
Specifically, starting application program in data management platform, user data is handled.
Step 403: returning the result.
Specifically, obtaining the processing result to user data, and it is back at application server.
Step 404: according to returning the result generation proof of work.
Specifically, data management platform automatically generates proof of work after data processed result returns, it was demonstrated that use
User data has succeeded to be used by data consumer, which will be directly displayed to data owner.Another situation, data
Management platform automatically generates proof of work, it was demonstrated that user has used a certain data handling utility, which can be sent out
It send to application server.
Step 405: completing to transfer accounts on chain according to proof of work.
Specifically, data owner can complete transfer operation using proof of work at any time on chain, obtain
Obtain the data usage charges of data consumer's payment.In another case, data consumer's (i.e. application developer) passes through the work
Amount proves, can complete to transfer accounts on block chain, obtains the expense of data owner's payment.
It is worth noting that in data management end 1 further include: user interactive module 17.User interactive module 17 be responsible for
Data owner interacts, and provides graphic interface to help user's downloading, log-on data processing application, and carry out data
Authorization.
In present embodiment by taking advertisement pushing as an example, a kind of specific example of present embodiment is sketched.
Current online advertisement push can push different advertisements according to the personal characteristics of push object.Such as heat
The push object for liking IT, may push the advertisement of some electronic products;For a sports fan, some sport may be pushed
Articles.This validity that advertisement is substantially increased in a manner of the advertisement pushing that feature is guiding.However, in this kind of advertisement pushing
In system, the most key is exactly the extraction to user characteristics.Using the stitching data safety management system in present embodiment,
Advertising platform can run a Push Service in data management end 1, can be according to user data pair complete in platform
User characteristics extract, and carry out advertisement pushing.
The basic procedure schematic diagram of advertising push service is as shown in Figure 10, specific as follows:
Step 501: user data acquisition.
Specifically, many personal data of user are by complete, safe, believable acquisition into data management end 1.
Step 502: application downloading.
Specifically, the push application of user's downloads ad.
Step 503: calling the application of downloading.
Specifically, advertisement pushing application is called, which can be the other application hair of data management platform
It rises, also can be that the application in user equipment is initiated.This method to it with no restrictions.
Step 504: access user data.
Specifically, advertising push service initiates request, the user data in data management platform is accessed.
Step 505: tracking user data.
Specifically, data management platform is tracked user data, prevent advertising push service from revealing user data
Privacy.
Step 506: feature extraction being carried out to user data and carries out advertisement pushing.
Specifically, advertising push service extracts user characteristics, the ad content for needing to push and return are determined
It is applied to calling.
Personal data safety management system in present embodiment can completely acquire user data, therefore utilize
The advertising push service that personal data safety management system in present embodiment is realized can preferably guarantee user characteristics
Accuracy, to maximize the value of advertisement.Meanwhile the settlement function at data management end 1 also can be realized advertisement pushing platform
Paid utilization to user data.
It is worth noting that an applied field of present embodiment is only sketched in present embodiment by taking advertisement pushing as an example
Scape, actually present embodiment can be applied to it is in need access user data application scenarios among.
Compared with prior art, a kind of personal data safety management system provided in present embodiment, data management end 1
Further include: settlement module 16;Settlement module 16 is used to establish and trade on block chain in data handling utility operation, and
After data handling utility is finished, the settlement of transactions on block chain is completed.And settlement module 16 is specifically used at data
It ought to be generated proof of work according to being returned the result and be uploaded to block chain with after being finished.By in data management end 1
Setting settlement module 16 simultaneously connects technology using block, realizes the paid utilization to user data and data handling utility.
It will be understood by those skilled in the art that the respective embodiments described above are to realize specific embodiments of the present invention,
And in practical applications, can to it, various changes can be made in the form and details, without departing from the spirit and scope of the present invention.
Claims (15)
1. a kind of personal data safety management system characterized by comprising data management end;The data management end includes:
Data acquisition module, the first data trace module, Data access module, application download module and application operation module;It is described
It data acquisition module, first data trace module, the Data access module, the application download module and described answers
It is operated in credible performing environment with operation module;
The data acquisition module is for obtaining user data;
The application download module is for downloading data processing application;
The application operation module is for running the data handling utility in the credible performing environment;
The Data access module is used to receive the data access request of the data handling utility, and in the authorization for obtaining user
Afterwards, corresponding user data is back in the data handling utility;
First data trace module is tracked for the user data for being back to the data handling utility to be marked
Labeled user data.
2. personal data safety management system according to claim 1, which is characterized in that the user data includes: this
Ground user data;
The personal data safety management system further include: the user equipment with data extraction module;
The data extraction module is used to obtain the local user data in user equipment, and the local user data is sent
To the data acquisition module;
The data acquisition module is specifically used for parsing the local user data and by the local user data after parsing
Encryption storage.
3. personal data safety management system according to claim 2, which is characterized in that the data extraction module is specific
The local user data is sent to the data acquisition module by credible connection.
4. personal data safety management system according to claim 1, which is characterized in that the user data includes: cloud
End-user data;
The data extraction module is used to obtain user and accesses the authority information of cloud server, and the authority information is sent
To the data acquisition module;
The data acquisition module is also used to acquire the cloud user data from cloud server using the authority information,
And the cloud user data encryption is stored.
5. personal data safety management system according to claim 4, which is characterized in that the data acquisition module is specific
For verifying the authority information, and after verifying the authority information and passing through, using the authority information from cloud server
The middle acquisition cloud user data.
6. personal data safety management system according to claim 1, which is characterized in that first data trace module
Specifically for tracking the labeled data, and the number that will be generated based on the labeled data in the data handling utility
According to being marked and track.
7. personal data safety management system according to claim 1, which is characterized in that first data trace module
It is called specifically for the system for intercepting and capturing the data handling utility, and judges the system call type;If the system is called
Type data call between data handling utility then tracks the labeled data between data handling utility, and will be based on institute
The data that labeled data generate are stated to be marked and track.
8. personal data safety management system according to claim 7, which is characterized in that also wrap at the data management end
Include: the first I/O examines module;
First I/O examines that module is used to determine the system call type for file reading in first data trace module
When taking, whether the data for detecting reading include labeled data;
First data trace module is used to examine module monitors to when being labeled data, described in tracking in the first I/O
Labeled data.
9. personal data safety management system according to claim 8, which is characterized in that the first I/O examines module
For when first data trace module determines the system call type for network access, with the data handling utility
Corresponding application server establishes connection, and monitors in the communication data between the data management end and the application server
Whether labeled data are included;
First data trace module is used to examine that module monitors to when being labeled data, are carried out across machine in the first I/O
Data tracing between device.
10. personal data safety management system according to claim 9, which is characterized in that the personal data safety pipe
Reason system further include: receive the application server of the communication data at the data management end;The application server includes: operation
The 2nd I/O in credible performing environment examines module;
Whether the 2nd I/O examines module for monitoring in the communication data for being transferred to the application server comprising labeled
Data;And when monitoring comprising the labeled data, the labeled data are sent to and the data handling utility
In corresponding server application.
11. personal data safety management system according to claim 10, which is characterized in that the application server also wraps
It includes: operating in the second data trace module in credible performing environment;
Second data trace module is used for when the 2nd I/O examines module monitors to the labeled data, in institute
State the tracking labeled data in application server.
12. personal data safety management system according to claim 10, which is characterized in that the application server packet
It includes: using distribution module;
The application download module downloads request to the application server for sending application;
It is described to be used to be digitally signed the data handling utility of the application server using distribution module, and answered described
When receiving the application downloading request with server, the data handling utility with digital signature is sent to described answer
Use download module.
13. personal data safety management system according to claim 12, which is characterized in that the application download module is also
For verifying whether the data handling utility includes digital signature, and the data handling utility comprising the digital signature is deposited
Storage is at the data management end.
14. personal data safety management system according to claim 1, which is characterized in that also wrap at the data management end
It includes: settlement module;The settlement module is used to establish and trade on block chain in data handling utility operation, and
After the data handling utility is finished, the settlement of transactions on the block chain is completed.
15. personal data safety management system according to claim 14, which is characterized in that the settlement module is specifically used
In after the data handling utility is finished, generates proof of work according to returning the result and be uploaded to the block chain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811610855.0A CN109800596B (en) | 2018-12-27 | 2018-12-27 | Personal data safety management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811610855.0A CN109800596B (en) | 2018-12-27 | 2018-12-27 | Personal data safety management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109800596A true CN109800596A (en) | 2019-05-24 |
| CN109800596B CN109800596B (en) | 2023-01-31 |
Family
ID=66557732
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811610855.0A Active CN109800596B (en) | 2018-12-27 | 2018-12-27 | Personal data safety management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109800596B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115293885A (en) * | 2022-08-10 | 2022-11-04 | 上海交通大学 | User side loan credit scoring method and system based on trusted execution environment |
| CN115378677A (en) * | 2022-08-16 | 2022-11-22 | 上海交通大学 | Personal data collection method and system suitable for user side and use method and system thereof |
| CN119203168A (en) * | 2024-08-10 | 2024-12-27 | 广州播种网络科技有限公司 | User data security management method and system |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236768A (en) * | 2010-05-05 | 2011-11-09 | 英特尔公司 | Information flow tracking and protection |
| US20150120472A1 (en) * | 2013-10-29 | 2015-04-30 | Christian Aabye | Digital wallet system and method |
| CN104766012A (en) * | 2015-04-09 | 2015-07-08 | 广东电网有限责任公司信息中心 | Method and system for dynamic detection of data safety based on dynamic taint tracking |
| WO2015100496A1 (en) * | 2014-01-03 | 2015-07-09 | Investel Capital Corporation | User content sharing system and method with automated external content integration |
| CN105915547A (en) * | 2016-06-15 | 2016-08-31 | 迅鳐成都科技有限公司 | Method for realizing control and leakage prevention of data out of service system |
| US20160267489A1 (en) * | 2015-03-13 | 2016-09-15 | GeoPRI, LLC | Authentication systems and methods |
| WO2017063905A1 (en) * | 2015-10-15 | 2017-04-20 | Nagravision S.A. | A system for inserting a mark into a video content |
| CN106911814A (en) * | 2017-05-11 | 2017-06-30 | 成都四象联创科技有限公司 | Large-scale data distributed storage method |
| CN107135223A (en) * | 2017-05-11 | 2017-09-05 | 成都四象联创科技有限公司 | The data persistence method of Mass Data Management system |
| CN107257340A (en) * | 2017-06-19 | 2017-10-17 | 阿里巴巴集团控股有限公司 | A kind of authentication method, authentication data processing method and equipment based on block chain |
| CN108027939A (en) * | 2015-07-27 | 2018-05-11 | 万事达卡国际股份有限公司 | The system and method for the data markers tracking data provided using user |
| CN108023894A (en) * | 2017-12-18 | 2018-05-11 | 苏州优千网络科技有限公司 | Visa information system and its processing method based on block chain |
| CN108090371A (en) * | 2016-11-21 | 2018-05-29 | 中国移动通信有限公司研究院 | A kind of processing method of data, method for tracing, processing unit and follow-up mechanism |
| CN108733455A (en) * | 2018-05-31 | 2018-11-02 | 上海交通大学 | Vessel isolation based on ARM TrustZone enhances system |
| CN109040077A (en) * | 2018-08-09 | 2018-12-18 | 清华大学 | The method and system of data sharing and secret protection |
-
2018
- 2018-12-27 CN CN201811610855.0A patent/CN109800596B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236768A (en) * | 2010-05-05 | 2011-11-09 | 英特尔公司 | Information flow tracking and protection |
| US20150120472A1 (en) * | 2013-10-29 | 2015-04-30 | Christian Aabye | Digital wallet system and method |
| WO2015100496A1 (en) * | 2014-01-03 | 2015-07-09 | Investel Capital Corporation | User content sharing system and method with automated external content integration |
| US20160267489A1 (en) * | 2015-03-13 | 2016-09-15 | GeoPRI, LLC | Authentication systems and methods |
| CN104766012A (en) * | 2015-04-09 | 2015-07-08 | 广东电网有限责任公司信息中心 | Method and system for dynamic detection of data safety based on dynamic taint tracking |
| CN108027939A (en) * | 2015-07-27 | 2018-05-11 | 万事达卡国际股份有限公司 | The system and method for the data markers tracking data provided using user |
| WO2017063905A1 (en) * | 2015-10-15 | 2017-04-20 | Nagravision S.A. | A system for inserting a mark into a video content |
| CN105915547A (en) * | 2016-06-15 | 2016-08-31 | 迅鳐成都科技有限公司 | Method for realizing control and leakage prevention of data out of service system |
| CN108090371A (en) * | 2016-11-21 | 2018-05-29 | 中国移动通信有限公司研究院 | A kind of processing method of data, method for tracing, processing unit and follow-up mechanism |
| CN106911814A (en) * | 2017-05-11 | 2017-06-30 | 成都四象联创科技有限公司 | Large-scale data distributed storage method |
| CN107135223A (en) * | 2017-05-11 | 2017-09-05 | 成都四象联创科技有限公司 | The data persistence method of Mass Data Management system |
| CN107257340A (en) * | 2017-06-19 | 2017-10-17 | 阿里巴巴集团控股有限公司 | A kind of authentication method, authentication data processing method and equipment based on block chain |
| CN108023894A (en) * | 2017-12-18 | 2018-05-11 | 苏州优千网络科技有限公司 | Visa information system and its processing method based on block chain |
| CN108733455A (en) * | 2018-05-31 | 2018-11-02 | 上海交通大学 | Vessel isolation based on ARM TrustZone enhances system |
| CN109040077A (en) * | 2018-08-09 | 2018-12-18 | 清华大学 | The method and system of data sharing and secret protection |
Non-Patent Citations (4)
| Title |
|---|
| CHRISTOPHE HAUSER 等: "an approach based on taint marking", 《2013 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC)》 * |
| 冀风宇: "基于信息流的Android应用污点分析技术的研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 刘婷婷: "面向云计算的数据安全保护关键技术研究", 《中国优秀博士学位论文全文数据库》 * |
| 朱勤: "基于数字水印的外包数据库内容保护技术研究", 《中国优秀博士学位论文全文数据库 信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115293885A (en) * | 2022-08-10 | 2022-11-04 | 上海交通大学 | User side loan credit scoring method and system based on trusted execution environment |
| CN115378677A (en) * | 2022-08-16 | 2022-11-22 | 上海交通大学 | Personal data collection method and system suitable for user side and use method and system thereof |
| CN119203168A (en) * | 2024-08-10 | 2024-12-27 | 广州播种网络科技有限公司 | User data security management method and system |
| CN119203168B (en) * | 2024-08-10 | 2025-07-11 | 广州播种网络科技有限公司 | User data security management method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109800596B (en) | 2023-01-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Dai et al. | SDTE: A secure blockchain-based data trading ecosystem | |
| CN111881487B (en) | Data application system and data application method based on block chain | |
| CN107480540B (en) | Data access control system and method | |
| CN111291394B (en) | False information management method, false information management device and storage medium | |
| Vegesna | Analysis of Data Confidentiality Methods in Cloud Computing for Attaining Enhanced Security in Cloud Storage | |
| CN109800596A (en) | A kind of personal data safety management system | |
| Salau et al. | Towards a Threat Model and Security Analysis for Data Cooperatives. | |
| Wilhelm | A technical approach to privacy based on mobile agents protected by tamper-resistant hardware | |
| Chang et al. | Forensic artefact discovery and attribution from Android cryptocurrency wallet applications | |
| Taneja et al. | Information Security in cloud computing: A Systematic Literature Review and analysis | |
| Akram et al. | A blockchain-enhanced framework for privacy and data integrity in crowdsourced drone services | |
| CN113962695B (en) | Data processing method, device and server | |
| Gattoju et al. | Design of ChaApache framework for securing Hadoop application in big data | |
| CN118869237B (en) | Power grid physical asset data protection method and system based on G-AES algorithm | |
| US20220318389A1 (en) | Transforming dataflows into secure dataflows using trusted and isolated computing environments | |
| Patil et al. | A comparative analysis of various techniques of data leakage detection in different domains | |
| CN115529170A (en) | Reputation management method and platform based on block chain and computer readable medium | |
| Prasadreddy et al. | A threat free architecture for privacy assurance in cloud computing | |
| Leila et al. | A new framework of authentication over cloud computing | |
| CN114581027A (en) | A blockchain-based cross-departmental property management system and method | |
| Shehata et al. | Micro Cloud Services Forensics as a Framework. | |
| CN117830005B (en) | Business processing methods, related equipment, computer storage media and program products | |
| Rath et al. | Towards building data trust and transparency in data-driven business applications | |
| Popereshnyak et al. | Microservices architecture for building a crypto freelance exchange | |
| Gunawan et al. | E-commerce Security Issues for SMEs: A Systematic Literature Review |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |