CN-122001681-A - Method, device and system for realizing data access control based on digital contract

Abstract

The invention discloses a method, a device and a system for realizing data access control based on digital contracts, which relate to the field of data security and solve the problem of insufficient security of the prior data access, and comprise the following steps of S1, acquiring an electronic contract, generating a digital contract element list and checking; the method comprises the steps of S2, generating contracts according to consistency verification results to obtain digital contracts, deploying the digital contracts by combining a data circulation alliance chain, S3, extracting data connection nodes to verify and judge data requests, and controlling data according to the verification judgment results, S4, controlling authority of a data user, outputting data according to the authority control, collecting whole flow information of the data output, and uploading the whole flow information to the alliance chain for verification, S5, monitoring the digital contracts, and controlling the digital contracts in real time.

Inventors

• ZHANG YADONG
• YAN HUI
• LUO LI
• Zhu jianuo

Assignees

• 北京腾云天下科技有限公司

Dates

Publication Date

20260508

Application Date

20260407

Claims (10)

1. 1. A method for implementing data access control based on digital contracts, comprising: step S1, acquiring an electronic contract which is signed and validated by both data supply and demand parties, extracting core terms based on the electronic contract, and mapping and integrating the core terms to generate a digital contract element list; s2, carrying out contract generation on the digital contract element list according to the consistency check result to obtain a digital contract, and carrying out endorsement on the digital contract by a data supply and demand party and deploying the digital contract by combining a data flow alliance chain; step S3, based on the deployment of digital contracts, extracting data connection nodes, performing verification judgment on the data request according to the data connection nodes, and controlling the data according to a verification judgment result; Step S4, performing authority control on the data user according to the data control result, performing data output on the data user based on the authority control, collecting the whole flow information of the data output, and uploading the whole flow information to a alliance chain for certification; And S5, acquiring the life cycle of the digital contract, monitoring the digital contract based on the life cycle of the digital contract, and controlling contract change of the digital contract in real time.
2. 2. The method for implementing data access control based on digital contracts according to claim 1, wherein said step S1 is specifically implemented as follows: Step 11, inputting the electronic contract signed by the data supply and demand parties into a clause identification model, and extracting the entity of the core clause; Step S12, a standardized digital contract strategy template is obtained, strategy items in the template are extracted, the strategy items are matched with the categories of the core clauses in the clause dictionary, detailed information corresponding to the categories of the core clauses is extracted according to the matching result of the strategy items and the core clauses, and the detailed information is mapped to the strategy items to generate a digital contract element list; and step S13, performing bidirectional verification on the digital contract element list and the electronic contract signed by both data supply and demand parties, traversing the digital contract element list, extracting strategy items in the digital contract element list, reversely converting the strategy items into readable clauses, performing consistency verification on the readable clauses and the electronic contract, recording a consistency verification result if the readable clauses are consistent with the electronic contract, transmitting the corresponding readable clauses and the electronic contract to staff for performing manual verification if the readable clauses are inconsistent with the electronic contract, modifying the readable clauses and the electronic contract according to the verification result, and repeating the consistency verification.
3. 3. The method for implementing data access control based on digital contracts according to claim 1, wherein said step S2 is specifically implemented as follows: S21, reading a consistency check result of readable clauses and electronic contracts, extracting a digital contract element list with consistent check results to obtain a digital contract template, fitting the digital contract element list to the digital contract template to generate a digital contract; Step S22, the hash value of the digital contract is collected, the digital contract and the hash value are fed back and transmitted to a data provider and a data user, the digital contract and the hash value are confirmed by the data provider and the data user, and the digital signature is completed; And step S23, generating a contract certificate based on the certificate storing completion result of the data flow alliance chain, and controlling a contract execution engine by the contract certificate storing certificate to complete effective deployment of the digital contract.
4. 4. The method for implementing data access control based on digital contracts according to claim 1, wherein said step S3 is specifically implemented as follows: Step S31, acquiring a contract execution engine according to the deployment result of the digital contract, acquiring data connection nodes by the contract execution engine, recording control information of each data connection node according to the data transmission direction, and constructing a data check set; Step S32, obtaining a data check set when a data user performs data request to obtain a request check set, checking each data connection node based on the request check set to finish the data request, receiving the data request by a data provider, obtaining the data check set when the data is provided to obtain a provided check set, checking the data connection node when the data is provided to finish the data provision.
5. 5. The method for implementing data access control based on digital contract according to claim 4, wherein the specific steps of step S32 are as follows: Step S321, collecting each data connection node based on a request check set, marking the data connection node as a request node, extracting the identity information of the current data user by the data request node, comparing the identity information with the identity information in the digital contract, and recording access parameters after the comparison is passed; Step S322, acquiring specific use data of a data user, checking the specific use data with a data providing range in a digital contract, judging the range compliance of the specific use data, if the specific use data belongs to the data providing range in the digital contract, finishing checking the data user, storing the access parameters and the specific use data transmission to obtain a request memory card, transmitting the request memory card to a data provider, and finishing the data request.
6. 6. The method of claim 5, wherein the following steps of step S322 are as follows: Step S323, the data provider receives the data request of the data user, and loads the corresponding digital contract from the data circulation alliance chain based on the data request; Step S324, counting check items of the multi-dimensional check, sequentially checking the data users according to the check items of the multi-dimensional check, ending the check when the check result of the check items is abnormal, transmitting the abnormal result to the data users, judging that the check items are compliance requests when all the check items are checked, authorizing data access to the data users, providing corresponding data to the data users, completing data providing, and recording the check process and the data providing process to obtain the providing and storing certificate.
7. 7. The method for implementing data access control based on digital contract according to claim 1, wherein the specific steps of step S4 are as follows: step S41, acquiring data access rights of a data user, providing data for the data user based on the data access rights, recording the data accessed by the data user to obtain an access storage certificate, acquiring a request storage certificate and a provision storage certificate, and counting the accessed whole-flow information by combining the access storage certificate to generate an access behavior log; and S42, carrying out hash value acquisition on the access behavior log, uploading the access behavior log and the corresponding hash value to a data flow alliance chain for certification, and completing the whole-flow closed loop of the access.
8. 8. The method for implementing data access control based on digital contract according to claim 1, wherein the specific steps of step S5 are as follows: Step S51, monitoring the validity period of the digital contract in real time according to the digital contract, automatically stopping the corresponding data access right when the digital contract expires, closing the data access channel and sending a contract expiration notice to both suppliers and consumers; Step S52, monitoring the use state of the digital contract in real time, regenerating and deploying the digital contract when the supply and demand parties sign the supplement agreement or change contract clauses, completing the change and the re-certification of the digital contract, synchronously updating the contract contents of all nodes, automatically invalidating the old version contract and keeping a certification record; and step S53, recording contract certificate data and access behavior logs on the existing data circulation alliance chain, and summarizing the recorded contract certificate data and access behavior logs to a data element circulation service platform to generate a compliance audit report.
9. 9. A system for implementing data access control based on digital contracts, adapted to a method for implementing data access control based on digital contracts according to any of claims 1 to 8, wherein the control system comprises: The contract generation module is used for acquiring an electronic contract which is signed and validated by both data supply and demand parties, extracting core terms based on the electronic contract, and mapping and integrating the core terms to generate a digital contract element list; The contract deployment module is used for carrying out contract generation on the digital contract element list according to the consistency check result to obtain a digital contract, and carrying out endorsement on the digital contract by a data supply and demand party and deploying the digital contract by combining a data flow alliance chain; The verification control module is used for extracting data connection nodes based on the deployment of digital contracts, carrying out verification judgment on the data request according to the data connection nodes, and controlling the data according to the verification judgment result; The certificate storing and recording module is used for controlling the authority of the data user according to the data control result, outputting the data of the data user based on the authority control, collecting the whole flow information of the data output, and uploading the whole flow information to the alliance chain for certificate storing; And the full cycle control module is used for acquiring the life cycle of the digital contract, monitoring the digital contract based on the life cycle of the digital contract and controlling contract change of the digital contract in real time.
10. 10. An apparatus for implementing data access control based on a digital contract, the apparatus comprising a memory and a processor coupled to the memory, wherein the memory is configured to store a set of program code, and wherein the processor is configured to invoke the stored program code to perform the method of any of claims 1-8.

Description

Method, device and system for realizing data access control based on digital contract Technical Field The invention belongs to the field of data security, and particularly relates to a data access control technology, in particular to a method, a device and a system for realizing data access control based on a digital contract. Background When the existing data supply and demand parties perform data access, the following defects exist: 1. A privacy data access control method based on a alliance chain intelligent contract with the publication number of CN115580431A mainly focuses on authority control, authority judgment is carried out on a data demand party through a secret key, security guarantee of the data access is insufficient in the mode, meanwhile, effective management and control cannot be carried out on data use of a user demand party, and core requirements of controllable and quantifiable data are difficult to realize. 2. In the existing data circulation, the supply and demand parties agree on a data use rule through an electronic contract, but contract terms are only restricted by a legal layer, and cannot be automatically converted into an access control strategy executable by a technical layer, so that contract agreements and technical executions are different, and when out-of-range use and illegal call frequently occur, the difficulty of tracing and evidence-lifting is extremely high. 3. The patent publication No. CN111127206 discloses a block chain data access control method and device based on intelligent contracts, which mainly focuses on analyzing hash changes of data, is difficult to directly reflect abnormal conditions of the data when the data is used, and aims at an access control scene of data element circulation, the lack of standardized terms, which are usually generated independently based on specific conditions, cannot convert unstructured electronic contract terms into standardized and executable digital contracts, has poor suitability across a main heterogeneous system, has high docking cost, and cannot be popularized in a large scale. 4. The existing intelligent contract-based data sharing method mainly focuses on data sharing based on analysis of various request data of a user demand party, judges whether the user is subjected to data sharing, and has the defects of lack of non-tamperable full-flow records of data access behaviors, large supervision audit difficulty and incapability of meeting the traceable compliance requirements of the full flow of data circulation by laws and regulations. For this reason, we propose a method, apparatus and system for implementing data access control based on digital contracts. Disclosure of Invention Aiming at the defects existing in the prior art, the invention aims to provide a method, a device and a system for realizing data access control based on digital contracts, and aims to improve the safety and stability of data access. In order to achieve the purpose, the invention adopts the following technical scheme that a method for realizing data access control based on digital contracts comprises the following specific working processes: step S1, acquiring an electronic contract which is signed and validated by both data supply and demand parties, extracting core terms based on the electronic contract, and mapping and integrating the core terms to generate a digital contract element list; s2, carrying out contract generation on the digital contract element list according to the consistency check result to obtain a digital contract, and carrying out endorsement on the digital contract by a data supply and demand party and deploying the digital contract by combining a data flow alliance chain; step S3, based on the deployment of digital contracts, extracting data connection nodes, performing verification judgment on the data request according to the data connection nodes, and controlling the data according to a verification judgment result; Step S4, performing authority control on the data user according to the data control result, performing data output on the data user based on the authority control, collecting the whole flow information of the data output, and uploading the whole flow information to a alliance chain for certification; And S5, acquiring the life cycle of the digital contract, monitoring the digital contract based on the life cycle of the digital contract, and controlling contract change of the digital contract in real time. Further, the specific steps of the step S1 are as follows: Step 11, inputting the electronic contract signed by the data supply and demand parties into a clause identification model, and extracting the entity of the core clause; Step S12, a standardized digital contract strategy template is obtained, strategy items in the template are extracted, the strategy items are matched with the categories of the core clauses in the clause dictionary, detailed information corresponding to the categories of the core c