CN-121615184-B - Enterprise-level user data full life cycle desensitization verification method based on blockchain

Abstract

The invention relates to the field of data processing, in particular to a block chain-based enterprise-level user data full life cycle desensitization verification method. The method comprises the steps of obtaining qualification information corresponding to user nodes to be uplinked, checking the qualification information to obtain checking results, judging whether the user nodes to be uplinked meet the requirement of uplinking or not based on the checking results, carrying out data acquisition on the user nodes meeting the requirement of uplinking, carrying out life cycle stage division on the data to obtain a data storage stage and a data circulation stage, calculating a sensitivity coefficient of the data in the current life cycle stage, determining a desensitization algorithm of the current life cycle stage based on the sensitivity coefficient of the data in the current life cycle stage, carrying out desensitization processing on the data based on the desensitization algorithm, carrying out blockchain storage and verification certificate generation on the data, carrying out overall process integrity and compliance verification, and reducing sensitive data leakage risk of enterprise-level users and improving data management efficiency.

Inventors

• ZHAO NING
• LAN CHUNJIA
• WANG LEI

Assignees

• 上海零数众合信息科技有限公司

Dates

Publication Date

20260505

Application Date

20260202

Claims (6)

1. 1. The block chain-based enterprise-level user data full life cycle desensitization verification method is characterized by comprising the following steps of: Step one, acquiring qualification information corresponding to a user node to be uplink, checking the qualification information to obtain a checking result, and judging whether the user node to be uplink meets the uplink requirement or not based on the checking result; Step two, data acquisition is carried out on the user nodes meeting the uplink requirements, the data are subjected to life cycle stage division to obtain a data storage stage and a data circulation stage, the sensitivity coefficient of the data in the current life cycle stage is calculated, a desensitization algorithm of the current life cycle stage is determined based on the sensitivity coefficient of the data in the current life cycle stage, and desensitization processing is carried out on the data based on the desensitization algorithm; the method specifically comprises the following steps of: analyzing the data to obtain an inherent sensitive attribute index of the data; obtaining a storage period risk coefficient based on the data storage time length; Marking the sum of the inherent sensitivity attribute index of the data and the risk coefficient of the storage period as the sensitivity coefficient of the data in the data storage stage; The specific process of analyzing the data to obtain the inherent sensitive attribute index of the data is as follows: Extracting entity names of sensitive information in the data by using a CRF model, and converting the entity names into vector matrixes based on a word bag model, wherein the sensitive information comprises a bank card number, medical record core information, a mobile phone number, an identity card number, a consumption record and a public service consultation record; calculating a modularity vector between the vector matrix and a preset sensitive information vector matrix : ; Wherein, the For the number of vectors in the vector matrix, A contiguous matrix representing a vector matrix and a preset sensitive information vector matrix, , The node numbers representing the adjacency matrix, Representing adjacency matrix The sum of all the edge numbers of the two edges, Representation of Is used for the degree of (3), Representation of Is used for the degree of (3), Representing nodes The presence of a community of people, Representing nodes The presence of a community of people, The method is characterized by comprising the steps of obtaining a condition limiting coefficient, wherein a preset sensitive information vector matrix is obtained by extracting entity names from sensitive information and converting the entity names based on a word bag model, and if the sensitive information corresponding to the vector matrix exists, obtaining a word bag model by using the condition limiting coefficient 1, If the sensitive information corresponding to the vector matrix does not exist, then Is 0; Vector the modularity The modulus of (2) is recorded as a data intrinsic sensitivity attribute index; step three, generating a blockchain certificate and a verification certificate: S31, calculating a joint hash value of desensitization data, desensitization rule parameters, an operation main body and a timestamp in a life cycle stage, and generating a data fingerprint by adopting an SHA-384 algorithm; S32, generating a key pair through an SM2 algorithm, holding a private key by a data management node, signing a data fingerprint and a desensitization rule, and uploading the public key to a alliance chain for disclosure; s33, writing the unique data ID, the desensitization rule set, the data fingerprint, the signature information, the stage identifier and the operation log into the alliance chain through the intelligent contract to form a full life cycle certificate storage chain; And step four, verifying the integrity and compliance of the whole process.
2. 2. The full lifecycle desensitization verification method for blockchain-based enterprise-level user data according to claim 1, wherein the step of inspecting qualification information to obtain inspection results comprises the steps of: Acquiring node types of user nodes to be uplinked, the quantity of qualification contracts which the nodes should upload, the quality of qualification contracts which the nodes should upload, the quantity of qualification contracts which the nodes actually upload and the quality of qualification contracts which the nodes actually upload based on the qualification information; inquiring the data sharing qualification weight coefficient corresponding to the node type based on the node type corresponding to the node Wherein the node types are a common node type, an advanced node type and a trusted node type, and different node types correspond to different data sharing qualification weight coefficients ; Substituting the quantity of the qualification contracts which the node should upload and the quality of the qualification contracts which the node should upload into a node qualification basic value calculation formula to calculate and obtain a node sharing basic value of the user node to be uplinked The calculation formula is as follows: , ; Wherein, the Indicating the number of qualifying contracts that a node should upload, Represent the first The quality of the qualification contracts corresponding to the qualification contracts to be uploaded; The data sharing qualification weight coefficient corresponding to the quantity of the qualification contracts actually uploaded by the nodes, the quality of the qualification contracts actually uploaded by the nodes and the node types is carried out Sharing base values with nodes Substituting a data sharing qualification index calculation formula to calculate to obtain a data sharing qualification index TC, wherein the data sharing qualification index calculation formula is as follows: , ; Wherein, the Indicating the number of qualifying contracts that the node actually uploaded, Represent the first The quality of the qualification contract corresponding to the individual actually uploaded qualification contract, The time interval from the latest uploaded qualification contract time to the current time of the node is represented, The value is 2.72; sharing data with qualification index And recording as the examination result.
3. 3. The blockchain-based enterprise-level user data full lifecycle desensitization verification method according to claim 2, wherein determining whether the user node to be uplinked meets the uplink requirements based on the examination result specifically comprises the following procedures: Loading a data sharing qualification index threshold value and judging the data sharing qualification index Whether the data sharing qualification index is larger than a data sharing qualification index threshold value or not, if yes, judging that the user node to be uplinked meets the uplink requirement, and if not, judging that the user node to be uplinked does not meet the uplink requirement.
4. 4. The full lifecycle desensitization verification method for blockchain-based enterprise-level user data according to claim 1, wherein the performing lifecycle phase division on the data to obtain a data storage phase and a data circulation phase specifically comprises the following processes: s1, constructing a three-dimensional stage feature library, and defining core feature dimensions of a data storage stage and a data circulation stage; S2, multi-feature threshold triggering type stage judgment.
5. 5. The blockchain-based enterprise-level user data full lifecycle desensitization verification method of claim 1, wherein the step of obtaining the storage cycle risk coefficient based on the data storage duration is as follows: Wherein, the method comprises the steps of, In order to store the period risk factor, The time duration coefficients are stored for the data, For the duration of the data storage.
6. 6. The blockchain-based enterprise-level user data full lifecycle desensitization verification method of claim 1, wherein calculating the sensitivity coefficient of the data at the data transfer stage specifically comprises the following processes: step one, determining the core evaluation dimension of the sensitivity coefficient of the data streaming stage; Step two, determining the weight of each evaluation dimension; and thirdly, calculating the sensitivity coefficient of the data flow stage.

Description

Enterprise-level user data full life cycle desensitization verification method based on blockchain Technical Field The invention relates to the field of data processing, in particular to a block chain-based enterprise-level user data full life cycle desensitization verification method. Background At the moment of digital transformation acceleration, enterprise-level user data has become a core production factor, however, enterprise-level user data contains a large amount of sensitive information, such as bank card numbers, identification card numbers, medical record core information, etc., which face serious security and compliance challenges in the full life cycle circulation process. Currently, enterprise-level user data management presents a number of pain points. On the one hand, the data life cycle covers a plurality of stages such as storage, circulation and the like, the data exposure risk, the access subject and the use scene of different stages have obvious differences, the traditional desensitization method mostly adopts a fixed mode, the pertinence is lacked, the security requirement of each stage is difficult to adapt, and the sensitive data leakage risk is higher. The scheme of applying the blockchain to enterprise-level user data full life cycle desensitization verification is not mature at present, and the problems of non-uniform qualification inspection standard, single sensitivity coefficient evaluation dimension, non-tight combination of desensitization rules and blockchain storage certificate and the like exist, so that the advantages of the blockchain technology in data security and compliance verification can not be fully exerted, and the security and compliance pain points in enterprise-level user data full life cycle management can not be effectively solved. Therefore, there is a need for a block chain-based enterprise-level user data full lifecycle desensitization verification method to achieve secure and controllable and compliance traceability of the data full lifecycle. Disclosure of Invention The invention aims to provide a block chain-based enterprise-level user data full life cycle desensitization verification method, which solves the technical problems of high risk of sensitive data leakage and low data management efficiency in the existing enterprise-level user data management. The block chain-based enterprise-level user data full life cycle desensitization verification method comprises the following steps: Step one, acquiring qualification information corresponding to a user node to be uplink, checking the qualification information to obtain a checking result, and judging whether the user node to be uplink meets the uplink requirement or not based on the checking result; Step two, data acquisition is carried out on the user nodes meeting the uplink requirements, the data are subjected to life cycle stage division to obtain a data storage stage and a data circulation stage, the sensitivity coefficient of the data in the current life cycle stage is calculated, a desensitization algorithm of the current life cycle stage is determined based on the sensitivity coefficient of the data in the current life cycle stage, and desensitization processing is carried out on the data based on the desensitization algorithm; step three, generating a blockchain certificate and a verification certificate: S31, calculating a joint hash value of desensitization data, desensitization rule parameters, an operation main body and a timestamp in a life cycle stage, and generating a data fingerprint by adopting an SHA-384 algorithm; S32, generating a key pair through an SM2 algorithm, holding a private key by a data management node, signing a data fingerprint and a desensitization rule, and uploading the public key to a alliance chain for disclosure; s33, writing the unique data ID, the desensitization rule set, the data fingerprint, the signature information, the stage identifier and the operation log into the alliance chain through the intelligent contract to form a full life cycle certificate storage chain; And step four, verifying the integrity and compliance of the whole process. Further, the qualification information is inspected, and the inspection result is obtained specifically by the following steps: Acquiring node types of user nodes to be uplinked, the quantity of qualification contracts which the nodes should upload, the quality of qualification contracts which the nodes should upload, the quantity of qualification contracts which the nodes actually upload and the quality of qualification contracts which the nodes actually upload based on the qualification information; inquiring the data sharing qualification weight coefficient corresponding to the node type based on the node type corresponding to the node Wherein the node types are a common node type, an advanced node type and a trusted node type, and different node types correspond to different data sharing qualification weight coefficie