CN118608156A - A data trading method - Google Patents

Abstract

The present application discloses a data transaction method. The method provided by the embodiment of the present application is applied to a data transaction system, which is composed of a data trust agency and a data controller including a TEE. During the transaction process, the data trust agency matches the target user for the data transaction request, and the data controller determines the rationality of the target transaction response time. When the target transaction response time is reasonable, the data controller queries the target data stored by the target user, the TEE obtains the analysis conditions, and extracts the target data within the TEE to generate transaction data, followed by data capacity verification and actual transaction response time verification. If the verification passes, the transaction data will be fed back to the data user. The present application uses TEE to encrypt and isolate data to ensure the security of target data and analysis conditions. At the same time, setting the smart contract on the blockchain can enhance the openness and transparency of transactions, and improve the trust and traceability of transactions.

Description

A data trading method

Technical Field

The present application relates to the field of data processing technology, and in particular to a data transaction method.

Background Art

In the traditional data trading model, transactions are often completed through third-party platforms such as exchanges or cloud platforms. However, this approach has risks and challenges of low security. First, third-party platforms usually need to handle a large number of data flows and transactions, which makes them potential targets for attack. Hackers may try to invade these platforms and steal or tamper with the stored data, causing the risk of data leakage or damage.

Secondly, third-party platforms may have security vulnerabilities or technical defects in the process of data processing and storage. Although these platforms usually take security measures to protect data, such as encryption and access control, technical risks and vulnerabilities still exist. Once these vulnerabilities are exploited, they may lead to illegal access and use of data, posing a serious threat to the security of data transactions.

In addition, third-party platforms play an intermediary role in data transactions, which means that the flow and processing of data need to pass through their systems and networks. This increases the risk of data being eavesdropped or tampered with during transmission. Although encryption and security protocols can partially reduce these risks, it is still very difficult to completely eliminate these threats.

Finally, third-party platforms may face regulatory and compliance issues, especially in terms of data privacy protection. Some platforms may fail to effectively implement data protection measures or fail to comply with relevant laws and regulations, which may lead to data leakage or improper use, thus affecting the legality and security of data transactions.

Therefore, although third-party platforms provide convenient data transaction and processing services, their security is relatively low.

Summary of the invention

Based on the above problems, the present application provides a data transaction method, which can improve the security of data transactions.

The embodiments of the present application disclose the following technical solutions:

A data transaction method is applied to a data transaction system, wherein the data transaction system includes a data trust institution and a data controller, wherein the data controller includes a trusted execution environment TEE, and the data trust institution has built a smart contract with the data controller; the smart contract includes a contract management contract, an identity management contract, and a transaction management contract, and each contract contained in the smart contract is deployed in a blockchain, and the method includes:

When the data trust institution receives a data transaction request sent by a data user to the transaction management contract, the data trust institution matches a target user for the data transaction request based on the contract management contract and the identity management contract, and the data controller determines whether the target transaction response time in the data transaction request is reasonable;

When the data controller determines that the target transaction response time in the data transaction request is reasonable, the data controller queries the target data stored by the target user, and the TEE obtains the analysis condition based on the identity management contract; the target data is obtained by decrypting the target data ciphertext; the target data ciphertext is defined by the data owner; the target data is stored at the data controller by the target user using the target data ciphertext; the analysis condition is obtained by decrypting the analysis condition ciphertext; the analysis condition ciphertext is defined by the data user;

The TEE extracts the target data based on the data transaction request and the analysis condition to obtain transaction data;

The TEE performs data capacity verification on the transaction data;

If the data capacity verification is passed, the TEE will feed back the transaction data to the data user based on the transaction management contract.

In a possible implementation, the data transaction request carries the user deposit, user identity, usage field, usage purpose and data category;

The data trust institution matches a target user for the data transaction request based on the contract management contract and the identity management contract, including:

The decentralized digital identity DID document in the identity management contract of the data trust institution verifies whether the user's identity is authentic and whether the user's deposit is reasonable; the identity of the user is pre-stored in the identity verification certificate corresponding to the DID document;

When the user's identity is authentic and the user's deposit is reasonable, the data trust institution identifies the transaction data required by the data transaction request and queries one or more data owners who have the transaction data;

The data trust institution obtains the transaction strategy of the data owner based on the contract management agreement; the transaction strategy includes an identity qualification set, a data application field set, a data usage purpose set, and a data category set;

The data trust institution determines the transaction strategy including the user identity, the usage field, the usage purpose and the data category in the transaction strategy as the target strategy;

The data owner corresponding to the target policy is determined as the target user.

In a possible implementation, the transaction strategy includes the user identity including the identity qualification set including the user identity;

The usage domain included in the transaction strategy includes the usage domain included in the data application domain set;

The transaction strategy includes the usage purpose, including the data usage purpose set including the usage purpose;

The data category is included in the transaction strategy including the data category is included in the data category set.

In a possible implementation, the method further includes:

The data trust institution obtains the controller deposit amount paid by the data controller;

The data trust institution verifies whether the controller's deposit amount is reasonable based on the transaction management contract;

When the data trust institution verifies that the controller's deposit amount is reasonable, the data trust institution notifies the data owner to store the data at the data controller using data ciphertext.

In a possible implementation, the TEE extracts the desensitized data based on the data transaction request and the analysis condition to obtain transaction data, including:

The TEE uses data desensitization technology to desensitize the target data to obtain desensitized data;

The TEE filters the desensitized data based on the data category carried in the data transaction request to obtain filtered data;

The TEE filters the filter data based on the analysis condition to obtain the transaction data.

In a possible implementation, the data capacity verification includes:

The TEE calculates the capacity of the transaction data and the capacity of the filtered data;

The TEE obtains the transaction data constraint set by the data owner; the transaction data constraint is greater than 0 and less than or equal to 1;

If the capacity of the transaction data is less than or equal to the product of the transaction data constraint and the capacity of the filter data, the TEE determines that the data capacity verification is successful.

In a possible implementation, the method further includes: performing actual transaction response time verification:

Obtain all the time from when the TEE obtains the analysis condition to when the TEE feeds back the transaction data to the data user based on the transaction management contract as the actual transaction response time;

If the actual transaction response time is less than or equal to the target transaction response time, the TEE determines that the actual transaction response time verification is successful;

The actual transaction response time verification is performed after the data capacity verification is passed.

In a possible implementation, the method further includes:

Obtaining the profit distribution coefficient defined by the data owner; the profit distribution coefficient includes the distribution ratio of the data trust institution, the distribution ratio of the data controller and the distribution ratio of the data owner; the sum of the distribution ratio of the data trust institution, the distribution ratio of the data controller and the distribution ratio of the data owner is 1;

If both the data capacity verification and the actual transaction response time verification are passed, the user deposit paid by the data user is distributed to the data trust institution, the data controller and the data owner according to the profit distribution coefficient, and the controller deposit paid by the data controller is returned to the data controller;

If the data capacity verification passes but the actual transaction response time verification fails, the controller deposit paid by the data controller shall be distributed to the data trust institution, the data user and the data owner according to the profit distribution coefficient, and the user deposit paid by the data user shall be returned to the data controller, wherein the controller deposit obtained by the data user is distributed according to the distribution ratio of the data controller;

If the data capacity verification fails, the controller deposit paid by the data controller will be returned to the data controller, and a new data controller will be replaced to conduct data transactions.

In a possible implementation, the analysis condition ciphertext is obtained by the data user through encryption based on the transaction management contract and the identity management contract;

Among them, when the data user verifies that the user signature is authentic based on the identity management contract, the data user uses the analysis condition private key sk _DU pre-stored in the transaction management contract to decrypt the analysis condition symmetric key k _enc to obtain the analysis condition encryption key k, and the data user uses the analysis condition encryption key k to encrypt the analysis condition to obtain the analysis condition ciphertext; the user signature of the data user is pre-stored in the identity management contract; the user signature of the data user is used to verify whether the user signature is authentic.

In a possible implementation, the method further includes:

When the data transaction request is not matched to the target user, the request state of the data transaction request is set to waiting.

In a possible implementation, the method further includes:

When the data controller determines that the target transaction response time in the data transaction request is reasonable, the request status of the data transaction request is set to response.

In a possible implementation, the method further includes:

When the data capacity verification fails, the request status of the data transaction request is changed from response to waiting.

Compared with the prior art, this application has the following beneficial effects:

The present application provides a data transaction method. Specifically, the method provided in the embodiment of the present application is applied to a data transaction system composed of a data trust institution and a data controller including a TEE. First, when the data trust institution receives a data transaction request sent by a data user, the data trust institution automatically matches the target user for the data transaction request, and the data controller determines whether the target transaction response time in the data transaction request is reasonable. When the target transaction response time in the data transaction request is reasonable, the data controller queries the target data stored by the target user, and the TEE obtains the analysis condition. The TEE then extracts the target data based on the data transaction request and the analysis condition to obtain the transaction data, so that the TEE verifies the data capacity of the transaction data. If the data capacity verification passes the TEE, the transaction data is fed back to the data user through the transaction management contract. TEE is used in the data transaction process of the present application, so that the data is effectively encrypted and isolated during the processing and exchange process, ensuring the security of the target data ciphertext defined by the data owner and the analysis condition ciphertext defined by the data user. At the same time, through the smart contract, the transparency of the data transaction request is ensured, and automated transaction process management is provided, reducing potential human errors or improper intervention. In addition, blockchain technology provides openness and transparency of transactions, and all transaction participants can view the occurrence and execution process of the transaction. This enhances the trust and traceability of the transaction and reduces the risk of information asymmetry in the transaction.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the technical solutions in this embodiment or the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without creative work.

FIG1 is a flow chart of a data transaction method provided by an embodiment of the present application;

FIG2 is a method flow chart of a method for matching target users for data transaction requests provided by an embodiment of the present application;

FIG3 is a flow chart of a method for acquiring target data provided by an embodiment of the present application;

FIG4 is a flow chart of a method for extracting transaction data provided by an embodiment of the present application;

FIG5 is a method flow chart of a deposit return and allocation method provided in an embodiment of the present application.

DETAILED DESCRIPTION

To facilitate understanding of the technical solutions provided by the embodiments of the present application, the background technology involved in the embodiments of the present application will be described below.

In traditional data transactions, data is usually traded on third-party platforms (such as exchanges, cloud platforms, etc.). This method has the following main reasons for the low security risk:

Single point failure risk: As an intermediary for data transactions, once a third-party platform is attacked by hackers or data is leaked, a large amount of user data may be stolen or tampered with, posing a serious security threat.

Data privacy issues: Data transactions on third-party platforms mean exposing data to additional intermediaries, which poses a potential risk of privacy leakage. These platforms may collect user data for other purposes, increasing the possibility of personal data being abused.

Trust issues: Users need to entrust their data to third-party platforms for transactions, but this will cause trust issues. Users cannot fully control the flow and use of data and are vulnerable to the threat of improper data processing or abuse.

Data tampering risk: When data is traded on a third-party platform, the authenticity and integrity of the data is difficult to guarantee due to the lack of transparency and traceability. Data may be tampered with, modified or deleted without detection.

Overall, the security of traditional data transactions on third-party platforms is relatively low due to challenges such as single point failure risks, data privacy issues, trust issues, and data tampering risks.

In order to solve this problem, a data transaction method is provided in an embodiment of the present application. The method proposed in the present application is applied to a data transaction system composed of a data trust agency and a data controller including a TEE. After receiving the transaction request from the data user, the data trust agency automatically matches the target user, and the data controller evaluates the rationality of the transaction response time. Under reasonable circumstances, the data controller queries the target data stored by the target user, and the TEE obtains the analysis conditions from the data user, and then extracts and verifies the target data, and the data verification includes data capacity verification. The security of data ciphertext and analysis conditions is ensured through the encryption and isolation protection of TEE. Smart contracts ensure the legality and transparency of transactions. Blockchain technology provides openness and transparency, enhances the trust and traceability of transactions, and reduces the risk of information asymmetry.

The following will be combined with the drawings in the embodiments of the present invention to clearly and completely describe the technical solutions in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of this application.

Refer to Figure 1, which is a method flow chart of a data transaction method provided in an embodiment of the present application.

It should be noted that each step in the method flow chart of FIG. 1 is implemented by relying on a data transaction system, and the data transaction system is composed of a data trust institution (DTI) and a data controller (DC).

Among them, the data controller includes the Trusted Execution Environment (TEE). The data trust institution DTI has built a smart contract with the data controller DC. The smart contract includes the Contract Management Contract (CMC), the Identity Management Contract (IMC) and the Transaction Management Contract (TMC). Each contract in the smart contract is a node on the Blockchain Platform (BP).

The Data Trust Institution (DTI) is a data trading service organization with sufficient expert knowledge. It is entrusted by the data owner (DO) to sell the data stored in the data controller DC to the data user (DU).

The data controller DC is used to collect the data of the data owner DO, store the data using cloud storage services, and process data-based businesses using cloud computing services supported by TEE. The data controller DC can cooperate with the data trust institution DTI for its commercial interests and sell the data owner's data to the data user DU with the permission of the data owner DO.

TEE is a secure computing area provided by special computer hardware. The code and data running in this area cannot be stolen by software outside this area. The code and data inside the TEE can only be safely accessed through the pre-defined interface in the TEE. Therefore, TEE computing can achieve privacy protection functions similar to cryptographic computing. At the same time, since the TEE uses plain text computing, the efficiency is almost the same as the efficiency of processing data in plain text outside. In this application, TEE can ensure the confidentiality and integrity of its internal program execution process.

Blockchain BP is a technical solution that does not rely on a third party and uses its own distributed nodes to store, verify, transmit and communicate network data. It has the characteristics of decentralization, openness, transparency and non-tamperability. It can be regarded as a "world computer" with limited computing power, which can solve the trust problem of participants by automatically executing smart contracts.

The contract management contract CMC records the contract between the data owner DO, the data controller DC and the data trust institution DTI regarding the data owner DO entrusting the data trust institution to sell the data stored at the data controller DC, including information such as the identity of each role, the profit distribution coefficient, and the transaction data category. This contract contains four basic functions: create, read, update, and delete. For the create, update, and delete functions, the contract management contract can only perform the above functions if the data owner, the data controller, and the data trust institution submit digital signatures in the transaction at the same time.

The identity management contract IMC records the decentralized identity (DID) identifier and DID document in plain text. This contract contains four basic functions: create, read, update, and delete. Only the DID owner can create, update, and delete his or her DID document. The rest of the roles can only perform the read function.

The transaction management contract TMC records the data transaction request of the data user DU in ciphertext. This contract contains eight functions: add, read, respond, record, submit, deny, abort and terminate. Only data users can perform the add, record, abort and terminate functions on their own data transaction requests, and only data controllers can perform the respond, reject and submit functions. All roles can perform the read function.

As shown in FIG1 , the data transaction method may include steps S101-S105:

S101: When the data trust institution receives a data transaction request sent by a data user to the transaction management contract, the data trust institution matches a target user for the data transaction request based on the contract management contract and the identity management contract, and the data controller determines whether the target transaction response time in the data transaction request is reasonable.

When the data trust receives a data transaction request from a data user to the transaction management contract (which is deployed in the blockchain), it will automatically find a suitable target user for the request based on the pre-agreed contract stored in the contract management contract. At the same time, the data controller will evaluate whether the target transaction response time specified in the request is reasonable. In addition, the data trust has signed contracts with data users and target users to ensure the legality and standardization of data transactions.

In a possible implementation, the data transaction request carries transaction request data such as user deposit, user identity, field of use, purpose of use, and data category.

User Deposit: This is the funds submitted by the data user DU to ensure the sincerity of the transaction and the legality of the use of data. The deposit is usually returned after the transaction is completed or distributed as transaction fees to the data controller DC, the data owner DO and the data trust institution DTI.

User Identity: This refers to the unique identifier or identity information of the data user DU, which is used to confirm its legitimacy and authorization scope.

Use Domain: refers to the specific field or industry in which the data user DU wants to use the target data, such as the medical field, education field, etc.

Use Purpose: describes the specific purpose or goal of how the data user intends to use the target data, such as for scientific research.

Data Category: the type or category of target data, such as personal health data, financial data, market analysis data, etc.

Referring to FIG. 2 , FIG. 2 is a method flow chart of a method for matching a target user for a data transaction request provided by an embodiment of the present application. Accordingly, the data trust institution can match the target user for the data transaction request based on the contract management contract and the identity management contract through steps A1-A5:

A1: The DID document in the identity management contract of the data trust institution verifies whether the user's identity is authentic and whether the user's deposit is reasonable.

The data trust institution DTI obtains the DID of the data user DU, queries the DID document corresponding to the DID in the identity management contract, reads the identity from the queried DID document, finds the identity authentication certificate corresponding to the identity, and obtains the pre-stored user identity from the identity authentication certificate. The pre-stored user identity is compared with the user identity carried in the data transaction request. If they are consistent, it means that the user identity carried in the data transaction request is authentic.

For example, assume that the user identity carried in the data transaction request is qua1, and the DID identifier of the data user DU is did1. The DID document corresponding to did1 is queried from the identity management contract as did _doc1 , and the identity identifier in did _doc1 is also did1. The identity authentication credential corresponding to did1 is found in the identity management contract as VCdid1, and the user identity in VCdid1 is qua1, which means that the pre-stored user identity qua1 is consistent with the user identity qua1 carried in the data transaction request.

In addition, the data controller DC will also use expert knowledge to verify the rationality of the user deposit carried in the data transaction request to ensure that the data user DU has appropriate economic motivation and sense of responsibility to use the data.

It should be noted that a DID document storing the user’s identity will be pre-built in the identity management contract.

A2: When the user identity is authentic and the user deposit is reasonable, the data trust institution identifies the transaction data required for the data transaction request and queries one or more data owners who have the transaction data.

When the data trust institution verifies that the user's identity is authentic and the deposit paid by the user is reasonable, the data trust institution will determine the required transaction data and query one or more data owners who have this data. This approach ensures the security and compliance of data, while also providing an effective mechanism to manage access rights and data flow during data transactions.

A3: The data trust agency obtains the transaction strategy of the data owner based on the contract management agreement.

Since the contract in the contract management contract records the transaction strategy of the data owner, the data trust agency calls the read in the contract management contract to obtain the transaction strategy of the data owner from the contract management contract. These strategies include identity qualification set, data application field set, data usage purpose set, and data category set. Through these strategies, the data trust agency can understand the data owner's access requirements and restrictions on its data, so as to effectively manage the data transaction process and ensure data security and privacy protection.

Identity qualification set: refers to the identity authentication information and permissions that determine who has access to the data. This includes verifying the user's identity, permission level, and related credentials to ensure that only the right people can access the data.

Data application domain set: refers to the specific fields or industries in which data can be used. By defining data application domains, data owners can limit the scope of data use and ensure that data is reasonably used in appropriate fields.

Data usage purpose set: covers the specific purpose or use of the data. Data owners can clearly define the purpose of data use to ensure that the data is only used for authorized and legitimate purposes and to prevent the data from being abused or improperly used.

Data category set: refers to the classification and categorization of different types of data in order to better manage and control the access and use of data. Classifying data into different categories based on characteristics such as sensitivity and confidentiality of the data will help implement corresponding security measures and access rights control.

A4: The data trust institution determines the transaction strategy that includes the user identity, the usage field, the usage purpose and the data category as the target strategy.

The data trust agency takes the transaction strategy whose identity qualification set includes the user identity carried in the data transaction request, the data application field set includes the usage field carried in the data transaction request, the data usage purpose set includes the usage purpose carried in the data transaction request, and the data category set includes the data category carried in the data transaction request as the target strategy.

A5: Determine the data owner corresponding to the target policy as the target user.

After the target policy is found, the data owner of the target policy is queried and identified as the target user of the data transaction request.

S102: When the data controller determines that the target transaction response time in the data transaction request is reasonable, the data controller queries the target data stored by the target user, and the TEE obtains analysis conditions based on the identity management contract.

When the data controller DC believes that the response time of the data transaction request from the target user is reasonable, the data controller DC will call the response function in the transaction management contract to set the transaction status to response, submit the data controller's deposit and the encrypted symmetric key, and wait to obtain the analysis conditions of the data user. The data controller will obtain the analysis conditions through the identity management contract. After obtaining the analysis conditions, the data controller will send the analysis conditions to TEE. These analysis conditions also exist in the form of ciphertext and are defined by the data user. Before performing the analysis, the target data needs to obtain its original content by decrypting the target data ciphertext. Among them, the encrypted symmetric key k _enc is obtained by TEE using the analysis condition public key pk _DU pre-set by the data user to encrypt the analysis condition encryption key k. The data user pre-sets the analysis condition private key sk _DU and the analysis condition public key pk _DU , and stores the analysis condition public key pk _DU in the identity management contract.

Specifically, when the data user finds that the transaction status has changed to response, the analysis condition is encrypted and sent to the transaction management contract to call the record function to store the encrypted analysis condition. At this time, the transaction management contract records the start time node of the actual transaction response time. Similarly, the analysis condition needs to be decrypted to obtain its original content. Such a process ensures the security and confidentiality of data during the transaction and analysis process, while allowing data controllers and data users to conduct legal data transactions and analysis activities in accordance with pre-defined rules and conditions.

In a possible implementation, the analysis condition ciphertext is encrypted by the data user based on the transaction management contract and the identity management contract.

Specifically, first, the data user DU uses the analysis condition private key sk _DU to decrypt the analysis condition symmetric key k _enc to obtain the analysis condition encryption key k. Then, the data user DU verifies whether the TEE signature is authentic based on the TEE public key in the identity management contract. If it is authentic, the data user DU uses the analysis condition encryption key k to encrypt the analysis condition to obtain the analysis condition ciphertext. The data user DU will call the record function of the transaction management contract and record the analysis condition ciphertext in the transaction management contract.

It should be noted that the TEE public key of the TEE is pre-stored in the identity management contract, and the TEE public key of the TEE is used to verify whether the TEE signature is authentic.

In a possible implementation, the TEE obtains the analysis condition based on the identity management contract, including: the data controller calls the read function of the transaction management contract to obtain the encrypted analysis condition from the transaction management contract and sends it to the TEE. The TEE pre-stores the analysis condition symmetric key k, and then the TEE uses the key k to decrypt the analysis condition ciphertext to obtain the analysis condition.

Referring to FIG. 3 , FIG. 3 is a flow chart of a method for obtaining target data provided in an embodiment of the present application. Accordingly, the data controller may obtain the target data required for the data transaction request from the target user based on the transaction management contract through steps B1-B3:

B1: The data trust institution obtains the controller deposit amount paid by the data controller.

The data trust agency obtains the deposit amount paid by the data controller, and the deposit is kept in the transaction management contract. This deposit is usually used to ensure that the data controller complies with relevant regulations and contract terms in data transactions to ensure the security, transparency and compliance of data transactions. By requiring data controllers to pay deposits, data trust agencies can encourage them to be responsible for data usage behavior and use them to compensate for possible breach of contract losses when necessary. This practice helps to establish a trust mechanism for data transactions, safeguard the interests of data participants, and ensure the stability and reliability of the data transaction process.

In order to obtain the target data, the data trust agency will first obtain the controller deposit amount paid by the data controller.

B2: The data trust institution verifies whether the controller's deposit amount is reasonable based on the transaction management contract.

Through the rules and conditions set in the transaction management contract, the data trust institution can review and evaluate the amount of security deposit provided by the controller to ensure that it meets the established standards and requirements. This verification process helps to ensure the fairness and compliance of data transactions, prevent misconduct or breach of contract, and ensure that the data controller can fulfill its obligations in accordance with regulations, promoting the stability and sustainable development of the data trading environment.

B3: When the data trust institution verifies that the controller's deposit amount is reasonable, the data trust institution notifies the data owner to store the data at the data controller using data ciphertext.

When the data trust institution verifies that the amount of security deposit paid by the controller is reasonable, the data trust institution will notify the data owner to store the data in the corresponding data controller in the form of data encryption. This means that after verification, the data owner can use encrypted data to transmit the data to the data controller for storage.

S103: The TEE extracts the target data based on the data transaction request and the analysis condition to obtain transaction data.

TEE will process and screen the target data according to the data transaction request and the preset analysis conditions, and finally generate the transaction data that meets the conditions. This method ensures that the extraction and processing of data are based on pre-determined rules and conditions, protects the privacy and security of data, and makes the use and processing of data more transparent and reliable. Data extraction through TEE helps to ensure the compliance and confidentiality of data transactions.

Referring to FIG. 4 , FIG. 4 is a flow chart of a method for extracting transaction data provided in an embodiment of the present application. Accordingly, the TEE extracts the desensitized data based on the data transaction request and the analysis condition to obtain the transaction data, which can be achieved through steps C1-C3:

C1: The TEE uses data desensitization technology to desensitize the target data to obtain desensitized data.

In order to obtain transaction data, TEE will first use data desensitization technology to desensitize the target data to generate desensitized data.

In one possible implementation, during the data desensitization process, TEE can apply methods such as generalization and suppression in k-anonymity technology to appropriately transform and modify the data so that each record has at least k-1 similar other records in the data set, thereby achieving a certain level of anonymity. This is intended to prevent individual data records from being identified and protect the privacy of the data.

It should be noted that k-anonymity technology is a privacy protection technology that aims to protect the privacy information of individuals in a data set. In k-anonymity technology, a data set is called k-anonymity when each data record in it has at least k-1 other records with the same attribute values. This means that in the data set after k-anonymity processing, each individual represented by a data record has at least k-1 other similar records, making it impossible to distinguish a specific individual through a single record.

k-anonymity technology ensures a certain degree of anonymity protection when data is published or shared by performing operations such as generalization and suppression on the data.

C2: The TEE filters the desensitized data based on the data category carried in the data transaction request to obtain filtered data.

After obtaining the desensitized data, TEE will filter the desensitized data according to the data category information contained in the data transaction request, retaining only the data related to the request and filtering out unnecessary or irrelevant information.

For example, suppose there is a data transaction request involving medical data and requesting specific diagnostic information. In this case, the trusted execution environment will filter the desensitized data set according to the data category (medical data) provided in the data transaction request. It will only select the diagnostic information related to the request and filter out other irrelevant medical data, thereby generating filtered data that meets the request requirements.

In this way, TEE can ensure that only necessary and relevant information is provided during data transactions, avoiding the disclosure of excessive data or private information. This helps protect the privacy of data subjects while ensuring that data usage meets user needs and prescribed conditions.

C3: The TEE filters the filtering data based on the analysis condition to obtain the transaction data.

TEE also needs to perform further screening operations on the filtered and selected data according to predetermined analysis conditions to generate qualified transaction data.

For example, suppose a financial institution is conducting a data transaction and needs to provide data on customer loan credit scores. In this case, the TEE will filter the filtered data related to loan credit scores according to pre-set analysis conditions (such as only taking data corresponding to the lowest credit score). Only the customer data with the lowest credit score will be included in the final transaction data.

In this way, TEE can ensure that the transaction data generated finally meets the specific analysis conditions and requirements, ensuring the accuracy and applicability of the data. Such a processing flow helps to improve the efficiency and accuracy of data transactions while ensuring the compliance and security of data transactions.

S104: The TEE performs data capacity verification on the transaction data.

TEE also needs to perform data capacity verification on the generated transaction data. This means that TEE will check whether the capacity of the transaction data meets the expected range or limit. Through data capacity verification, TEE can ensure that the transaction data is within a reasonable range, avoid data anomalies or exceed the system processing capacity, and ensure the effectiveness of data transmission and processing.

In addition, if the data capacity verification passes TEE, the actual transaction response time verification of the transaction data is also required. This includes measuring and verifying the actual time used for the entire transaction process, from receiving the transaction request to feeding back the transaction data.

In a possible implementation, the data capacity verification includes:

First, TEE calculates the capacity of transaction data and the capacity of filtered data. Then TEE obtains the transaction data capacity constraint set by the data owner. If the transaction data capacity is less than or equal to the product of the transaction data capacity constraint and the filtered data capacity, TEE determines that the data capacity verification has passed. Among them, the transaction data capacity constraint is greater than 0 and less than or equal to 1.

For example, suppose a data owner sets a transaction data capacity constraint of 0.8, and according to calculation, the transaction data capacity is 20KB and the filter data capacity is 50KB. According to the rule, the product of the transaction data capacity constraint and the filter data capacity is 0.8*50KB=40KB. Because the transaction data capacity (20KB) is less than the product of the transaction data capacity constraint and the filter data capacity (40KB), the data capacity verification passes.

In a possible implementation, the actual transaction response time verification includes:

First, the time from when TEE obtains the analysis conditions until TEE feeds back the transaction data to the data user based on the transaction management contract is recorded as the actual transaction response time. Then, if the recorded actual transaction response time is less than or equal to the target transaction response time, TEE will determine that the actual transaction response time verification has passed.

Specifically, when the data user finds that the transaction status has changed to response, the analysis conditions are encrypted and sent to the transaction management contract to call the record function to store the encrypted analysis conditions. At this time, the transaction management contract records the start time node of the actual transaction response time. When the transaction management contract receives the transaction in which the data controller calls the submit function, it records the end time node of the actual transaction response time. At this time, the transaction management contract determines whether the target transaction response time is met through the start time node and the end time node. The actual transaction response time is obtained by calculating the difference between the end time node and the start time node. If the actual transaction response time is less than or equal to the target transaction response time, it can be determined that the actual transaction response time has passed the verification.

For example, assume that the target transaction response time set when the data user sends a request is 10 hours. The start time node recorded when the data user calls the record function is 10:0:00 on June 10, 2024. The end time node recorded when the data controller calls the submit function is 12:0:00 on June 10, 2024. The time interval between the latter two is 2 hours of the actual transaction response time, which is less than the target transaction response time (10 hours), so the requirements of the data user are met, and it can be determined that the actual transaction response time has passed the verification.

S105: If the data capacity verification is passed, the TEE feeds back the transaction data to the data user based on the transaction management contract.

After data capacity verification, the system determines that the generated transaction data meets the expected size standard and does not exceed the limit or exception. The data controller will call the submit function in the transaction management contract to enable the TEE to feedback the transaction data to the data user. This means that the data controller believes that the generated transaction data has met the requirements and can be provided to the data user for further processing or analysis.

See FIG. 5 , which is a flow chart of a method for returning and allocating a deposit provided in an embodiment of the present application, which can be implemented by the following steps:

D1: Obtain the profit distribution coefficient defined by the data owner.

During the data transaction process, a defined benefit distribution coefficient is obtained from the data owner to determine the benefit distribution ratio of each party in the data transaction. The benefit distribution coefficient consists of three parts, namely the data trust agency distribution ratio, the data controller distribution ratio and the data owner distribution ratio. These ratios determine the equity shares of different participants in the data transaction. The sum of the distribution ratios of the data trust agency, the data controller and the data owner should be equal to 1. This ensures that the total benefit distribution complies with the proportional distribution regulations and each participant has a clear distribution share.

D21: If both the data capacity verification and the actual transaction response time verification are passed, the user deposit paid by the data user shall be distributed to the data trust institution, the data controller and the data owner according to the profit distribution coefficient, and the controller deposit paid by the data controller shall be returned to the data controller.

If it is verified that the data capacity meets the requirements and the transaction response time meets the set standards, the deposit paid by the data user will be distributed to the data trust institution, data controller and data owner according to the pre-defined profit distribution coefficient. This means that the deposit is distributed according to the equity ratio of each party in the transaction.

The deposit paid by the data controller will be fully refunded to the data controller himself. This is because the transaction verification has passed, indicating that the data controller has complied with the regulations and has not caused any violations or non-compliance with regulations.

Through this process, the rights and interests of all parties in data transactions are fairly distributed and protected. The data user's deposit is distributed to all parties according to the equity distribution coefficient, and the data controller receives the return of the deposit paid, which helps maintain a good cooperative relationship and promote the smooth progress of data transactions.

D22: If the data capacity verification passes but the actual transaction response time verification fails, the controller deposit paid by the data controller shall be distributed to the data trust institution, the data user and the data owner according to the profit distribution coefficient, and the user deposit paid by the data user shall be returned to the data controller.

If during the data transaction, the data capacity verification is passed, but the actual transaction response time verification is not passed and does not meet the set standards, then the security deposit paid by the data controller will be distributed to the data trust institution, data user and data owner according to the predefined profit distribution coefficient. This means that the security deposit is distributed according to the equity ratio of each party in the transaction. And the data user will receive part of the controller's security deposit as compensation or according to the established agreement according to the distribution ratio of the data controller. At the same time, the security deposit paid by the data user will be fully returned to the data user. This is because the agreed time verification failed, resulting in economic losses to the data user.

D23: If the data capacity verification fails, the controller deposit paid by the data controller will be returned to the data controller, and a new data controller will be replaced to conduct data transactions.

If the data capacity verification fails, that is, the data controller fails to provide the correct data capacity information as required, the system will return the deposit paid by the data controller and choose to replace a new data controller to conduct data transactions. This is to ensure that the data controller complies with regulations and provides accurate data information, otherwise a new data controller will take over the transaction.

The above process ensures fairness and transparency in data transactions. If the verification fails, the corresponding deposit will be redistributed to the relevant participants according to the profit distribution coefficient to safeguard the rights and interests of all parties and promote the legality of data transactions.

In a possible implementation, the method further includes:

When the data transaction request does not match a target user, the request status of the data transaction request is set to waiting to indicate that the data transaction request is still valid but currently has not matched a suitable target user.

In a possible implementation, the method further includes:

When the data controller determines that the target transaction response time in the data transaction request is reasonable, the response function of the transaction management contract is called to set the request status of the data transaction request to response, so as to indicate that transaction data can be fed back for the data transaction request.

In a possible implementation, the method further includes:

When the request status of the data transaction request is response, the data capacity verification fails, and the deny function of the transaction management contract is called to set the request status of the data transaction request to waiting, so as to indicate that the data transaction request has been restored to waiting and needs to be re-matched with a suitable target user.

In a possible implementation, the method further includes:

When the data transaction request does not match the target user and needs to be aborted, the abort function of the transaction management contract is called to set the request status of the data transaction request to abort, so as to indicate that the data transaction request is invalid and does not need to match the appropriate target user.

Based on the contents of S101-S105, it can be known that the data transaction method of the present application relies on a data transaction system to be implemented, and the data transaction system is composed of a data trust agency and a data controller (including TEE). The data trust agency has established a contract management contract, an identity management contract and a transaction management contract with the data controller. After the data trust agency receives the transaction request from the data user, it will automatically match the appropriate target user, and the data controller will evaluate the rationality of the transaction response time. If the response time is reasonable, the data controller will obtain the target data and enable the TEE to extract the data based on the transaction request and analysis conditions. The TEE verifies the capacity of the extracted data, and after verification, the transaction data is verified through the transaction management contract for the actual transaction time and fed back to the data user. In this process, TEE provides encryption and isolation protection to ensure the security of the target data ciphertext defined by the data owner and the analysis condition ciphertext defined by the data user. Smart contracts ensure the transparency of transaction requests and realize automated transaction process management, thereby reducing potential human errors and improper intervention. In addition, blockchain technology provides openness and transparency of transactions, allowing all participants to view the occurrence and execution process of transactions, enhancing the trust and traceability of transactions and reducing the risk of information asymmetry.

The above is a detailed introduction to a data transaction method provided by the present application. The various embodiments in the specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments. The same and similar parts between the embodiments can refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant parts can refer to the method part description. It should be pointed out that for ordinary technicians in this technical field, without departing from the principles of the present application, several improvements and modifications can be made to the present application, and these improvements and modifications also fall within the scope of protection of the claims of the present application.

It should be understood that in the present application, "at least one (item)" means one or more, and "plurality" means two or more. "And/or" is used to describe the association relationship of associated objects, indicating that three relationships may exist. For example, "A and/or B" can mean: only A exists, only B exists, and A and B exist at the same time, where A and B can be singular or plural. The character "/" generally indicates that the objects associated before and after are in an "or" relationship. "At least one of the following" or similar expressions refers to any combination of these items, including any combination of single or plural items. For example, at least one of a, b or c can mean: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", where a, b, c can be single or multiple.

It should also be noted that, in this article, relational terms such as first and second, etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Moreover, the terms "include", "comprise" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, the elements defined by the statement "comprise a ..." do not exclude the presence of other identical elements in the process, method, article or device including the elements.

Claims (12)

1. A data transaction method, characterized in that it is applied to a data transaction system, wherein the data transaction system includes a data trust institution and a data controller, wherein the data controller includes a trusted execution environment TEE, and the data trust institution has built a smart contract with the data controller; the smart contract includes a contract management contract, an identity management contract, and a transaction management contract, and each contract contained in the smart contract is deployed in a blockchain, and the method includes: When the data trust institution receives a data transaction request sent by a data user to the transaction management contract, the data trust institution matches a target user for the data transaction request based on the contract management contract and the identity management contract, and the data controller determines whether the target transaction response time in the data transaction request is reasonable; When the data controller determines that the target transaction response time in the data transaction request is reasonable, the data controller queries the target data stored by the target user, and the TEE obtains the analysis condition based on the identity management contract; the target data is obtained by decrypting the target data ciphertext; the target data ciphertext is defined by the data owner; the target data is stored at the data controller by the target user using the target data ciphertext; the analysis condition is obtained by decrypting the analysis condition ciphertext; the analysis condition ciphertext is defined by the data user; The TEE extracts the target data based on the data transaction request and the analysis condition to obtain transaction data; The TEE performs data capacity verification on the transaction data; If the data capacity verification is passed, the TEE will feed back the transaction data to the data user based on the transaction management contract. 2. The method according to claim 1, characterized in that the data transaction request carries the user's deposit, user identity, field of use, purpose of use and data category; The data trust institution matches a target user for the data transaction request based on the contract management contract and the identity management contract, including: The decentralized digital identity DID document in the identity management contract of the data trust institution verifies whether the user's identity is authentic and whether the user's deposit is reasonable; the identity of the user is pre-stored in the identity verification certificate corresponding to the DID document; When the user's identity is authentic and the user's deposit is reasonable, the data trust institution identifies the transaction data required by the data transaction request and queries one or more data owners who have the transaction data; The data trust institution obtains the transaction strategy of the data owner based on the contract management agreement; the transaction strategy includes an identity qualification set, a data application field set, a data usage purpose set, and a data category set; The data trust institution determines the transaction strategy including the user identity, the usage field, the usage purpose and the data category in the transaction strategy as the target strategy; The data owner corresponding to the target policy is determined as the target user. 3. The method according to claim 2, characterized in that The transaction strategy includes the user identity, including the identity qualification set including the user identity; The usage domain included in the transaction strategy includes the usage domain included in the data application domain set; The transaction strategy includes the usage purpose, including the data usage purpose set including the usage purpose; The data category is included in the transaction strategy including the data category is included in the data category set. 4. The method according to claim 1, characterized in that the method further comprises: The data trust institution obtains the controller deposit amount paid by the data controller; The data trust institution verifies whether the controller's deposit amount is reasonable based on the transaction management contract; When the data trust institution verifies that the controller's deposit amount is reasonable, the data trust institution notifies the data owner to store the data at the data controller using data ciphertext. 5. The method according to claim 1 is characterized in that the TEE extracts the desensitized data based on the data transaction request and the analysis condition to obtain transaction data, including: The TEE uses data desensitization technology to desensitize the target data to obtain desensitized data; The TEE filters the desensitized data based on the data category carried in the data transaction request to obtain filtered data; The TEE filters the filter data based on the analysis condition to obtain the transaction data. 6. The method according to claim 5, characterized in that the data capacity verification comprises: The TEE calculates the capacity of the transaction data and the capacity of the filtered data; The TEE obtains the transaction data constraint set by the data owner; the transaction data constraint is greater than 0 and less than or equal to 1; If the capacity of the transaction data is less than or equal to the product of the transaction data constraint and the capacity of the filter data, the TEE determines that the data capacity verification is successful. 7. The method according to claim 1, characterized in that the method further comprises: performing actual transaction response time verification: Obtain all the time from when the TEE obtains the analysis condition to when the TEE feeds back the transaction data to the data user based on the transaction management contract as the actual transaction response time; If the actual transaction response time is less than or equal to the target transaction response time, the TEE determines that the actual transaction response time verification is successful; The actual transaction response time verification is performed after the data capacity verification is passed. 8. The method according to claim 7, characterized in that the method further comprises: Obtaining the profit distribution coefficient defined by the data owner; the profit distribution coefficient includes the distribution ratio of the data trust institution, the distribution ratio of the data controller and the distribution ratio of the data owner; the sum of the distribution ratio of the data trust institution, the distribution ratio of the data controller and the distribution ratio of the data owner is 1; If both the data capacity verification and the actual transaction response time verification are passed, the user deposit paid by the data user is distributed to the data trust institution, the data controller and the data owner according to the profit distribution coefficient, and the controller deposit paid by the data controller is returned to the data controller; If the data capacity verification passes but the actual transaction response time verification fails, the controller deposit paid by the data controller shall be distributed to the data trust institution, the data user and the data owner according to the profit distribution coefficient, and the user deposit paid by the data user shall be returned to the data controller, wherein the controller deposit obtained by the data user is distributed according to the distribution ratio of the data controller; If the data capacity verification fails, the controller deposit paid by the data controller will be returned to the data controller, and a new data controller will be replaced to conduct data transactions. 9. The method according to claim 1, characterized in that the analysis condition ciphertext is obtained by the data user through encryption based on the transaction management contract and the identity management contract; Among them, when the data user verifies that the user signature is authentic based on the identity management contract, the data user uses the analysis condition private key sk _DU pre-stored in the transaction management contract to decrypt the analysis condition symmetric key k _enc to obtain the analysis condition encryption key k, and the data user uses the analysis condition encryption key k to encrypt the analysis condition to obtain the analysis condition ciphertext; the user signature of the data user is pre-stored in the identity management contract; the user signature of the data user is used to verify whether the user signature is authentic. 10. The method according to claim 1, characterized in that the method further comprises: When the data transaction request is not matched to the target user, the request state of the data transaction request is set to waiting. 11. The method according to claim 1 or 10, characterized in that the method further comprises: When the data controller determines that the target transaction response time in the data transaction request is reasonable, the request status of the data transaction request is set to response. 12. The method according to claim 1 or 8, characterized in that the method further comprises: When the data capacity verification fails, the request status of the data transaction request is changed from response to waiting.