CN112785202A - Asset management method, device and system - Google Patents
Asset management method, device and system Download PDFInfo
- Publication number
- CN112785202A CN112785202A CN202110194354.4A CN202110194354A CN112785202A CN 112785202 A CN112785202 A CN 112785202A CN 202110194354 A CN202110194354 A CN 202110194354A CN 112785202 A CN112785202 A CN 112785202A
- Authority
- CN
- China
- Prior art keywords
- asset
- data
- wind control
- wind
- computing platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 90
- 238000000034 method Methods 0.000 claims abstract description 56
- 238000011156 evaluation Methods 0.000 claims abstract description 32
- 238000013507 mapping Methods 0.000 claims abstract description 11
- 230000007246 mechanism Effects 0.000 claims description 18
- 230000006870 function Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 description 20
- 230000005540 biological transmission Effects 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 8
- 230000008520 organization Effects 0.000 description 8
- 238000004364 calculation method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000012546 transfer Methods 0.000 description 6
- 238000000586 desensitisation Methods 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 230000000670 limiting effect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000002829 reductive effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 235000000332 black box Nutrition 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013175 transesophageal echocardiography Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Economics (AREA)
- Human Resources & Organizations (AREA)
- General Engineering & Computer Science (AREA)
- Marketing (AREA)
- Databases & Information Systems (AREA)
- Development Economics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- General Business, Economics & Management (AREA)
- Technology Law (AREA)
- Entrepreneurship & Innovation (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Tourism & Hospitality (AREA)
- Game Theory and Decision Science (AREA)
- Educational Administration (AREA)
- Quality & Reliability (AREA)
- Medical Informatics (AREA)
- Operations Research (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
One or more embodiments of the present specification provide an asset management method, apparatus and system. The method can comprise the following steps: receiving asset data, wherein the asset data comprises asset description information and encrypted target user privacy information; transmitting the asset data into the trusted execution environment for decryption, and matching the obtained target user privacy information with an asset wind control data set, wherein the asset wind control data set comprises a plurality of data records for recording the mapping relation between the user privacy information and the corresponding wind control evaluation data; and if the target user privacy information is recorded in the asset wind control data set, feeding back an obtained matching result to an asset management platform, wherein the matching result comprises wind control evaluation data corresponding to the target user privacy information and at least part of the asset description information.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of security technologies, and in particular, to an asset management method, apparatus, and system.
Background
With the rapid development of financial businesses, property owners typically transfer or re-fund owned properties, and the like. Before the assets are transferred or re-financed, intermediate service organizations such as an asset service organization, an asset rating organization or a law firm and the like often need to acquire real and credible wind control evaluation data corresponding to the assets, so that the assets are comprehensively evaluated.
In the related art, the asset management platform generally acquires the wind control evaluation data corresponding to the user privacy information according to the plaintext user privacy information provided by the asset owner, and provides the wind control evaluation data after desensitization of sensitive data such as the user privacy information to the intermediate service organization. At this time, clear text user privacy information is maintained in the asset management platform, so that the requirement on desensitization operation of the asset management platform is high, the safety of the user privacy information is difficult to guarantee, and the leakage of the user privacy information is easily caused.
Disclosure of Invention
In view of this, one or more embodiments of the present disclosure provide an asset management method, apparatus, and system.
To achieve the above object, one or more embodiments of the present disclosure provide the following technical solutions:
according to a first aspect of one or more embodiments of the present specification, there is provided an asset management system comprising:
the asset management platform is used for acquiring asset data transmitted by an asset owner, and the asset data comprises asset description information and encrypted target user privacy information;
the system comprises a user wind control data source, a plurality of data records and a plurality of data processing units, wherein the user wind control data source is used for maintaining a plurality of encrypted data records used for recording the mapping relation between user privacy information and corresponding wind control evaluation data;
the system comprises a wind control computing platform, a trusted execution environment and a control unit, wherein the wind control computing platform is provided with the trusted execution environment; the wind control computing platform is used for respectively transmitting the asset data and the data records into the trusted execution environment for decryption to obtain target user privacy information and an asset wind control data set, wherein the asset wind control data set comprises a plurality of data records from the user wind control data source; and matching the target user privacy information with the asset wind control data set, and feeding back an obtained matching result to the asset management platform, wherein the matching result comprises wind control evaluation data corresponding to the target user privacy information and at least part of the asset description information.
According to a second aspect of one or more embodiments of the present specification, there is provided an asset management method, the wind-controlled computing platform deploying a trusted execution environment; the method comprises the following steps:
receiving asset data, wherein the asset data comprises asset description information and encrypted target user privacy information;
transmitting the asset data into the trusted execution environment for decryption, and matching the obtained target user privacy information with an asset wind control data set, wherein the asset wind control data set comprises a plurality of data records for recording the mapping relation between the user privacy information and the corresponding wind control evaluation data;
and if the target user privacy information is recorded in the asset wind control data set, feeding back an obtained matching result to an asset management platform, wherein the matching result comprises wind control evaluation data corresponding to the target user privacy information and at least part of the asset description information.
According to a third aspect of one or more embodiments of the present specification, an asset management apparatus is provided, which is applied to a wind-controlled computing platform, where the wind-controlled computing platform deploys a trusted execution environment; the device comprises:
the first receiving unit is used for receiving asset data, and the asset data comprises asset description information and encrypted target user privacy information;
the matching unit is used for transmitting the asset data into the trusted execution environment for decryption and matching the obtained target user privacy information with an asset wind control data set, wherein the asset wind control data set comprises a plurality of data records for recording the mapping relation between the user privacy information and the corresponding wind control evaluation data;
and the feedback unit is used for feeding back an obtained matching result to an asset management platform if the target user privacy information is recorded in the asset wind control data set, wherein the matching result comprises wind control evaluation data corresponding to the target user privacy information and at least part of the asset description information.
According to a fourth aspect of one or more embodiments of the present specification, there is provided an electronic apparatus comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method according to the second aspect by executing the executable instructions.
According to a fifth aspect of one or more embodiments of the present description, a computer-readable storage medium is presented, on which computer instructions are stored, which instructions, when executed by a processor, carry out the steps of the method according to the second aspect.
Drawings
Fig. 1 is a schematic diagram of an architecture of an asset management system according to an exemplary embodiment of the present disclosure.
Fig. 2 is an architectural diagram of another asset management system provided in an exemplary embodiment of the present description.
Fig. 3 is a schematic view of a scenario for asset management using an asset management system according to an exemplary embodiment of the present specification.
FIG. 4 is a flowchart of a method for asset management provided by an exemplary embodiment of the present description.
Fig. 5 is a schematic structural diagram of an electronic device according to an exemplary embodiment of the present disclosure.
Fig. 6 is a block diagram of an asset management device according to an exemplary embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
With the rapid development of financial businesses, property owners typically transfer or re-fund owned properties, and the like. Before the assets are transferred or re-financed, intermediate service organizations such as an asset service organization, an asset rating organization or a law firm and the like often need to acquire real and credible wind control evaluation data corresponding to the assets, so that the assets are comprehensively evaluated.
In the related art, the asset management platform generally acquires the wind control evaluation data corresponding to the user privacy information according to the plaintext user privacy information provided by the asset owner, and provides the wind control evaluation data after desensitization of sensitive data such as the user privacy information to the intermediate service organization. At this time, the asset management platform maintains the plaintext user privacy information, the requirement on desensitization operation of the asset management platform is high, the security of the user privacy information is difficult to guarantee, and the user privacy information is easy to leak.
The method and the system can combine the asset management process with the trusted execution environment, and can ensure the safety of the user privacy information and the reliability of the obtained wind control evaluation data. The following examples are given for illustrative purposes.
FIG. 1 is an architectural diagram of an asset management system shown herein. As shown in FIG. 1, the system may include an asset management platform 11, a user wind-controlled data source 12, and a wind-controlled computing platform 13. A trusted execution environment may be deployed in the wind control computing platform 13, and any one or more wind control data demanders may interact with the asset management platform 11.
The asset owner may transmit asset data, which may include asset description information and encrypted target user privacy information, to the asset management platform 11. The asset owned by the asset owner may be a tangible physical object such as real estate, or may be an asset certificate such as a debt, a contract, or a transaction record, which is not limited in this specification. The asset description information may include asset identification information, such as asset ID, etc., and may also include data information of equity, debt, ticket, etc., and may also include contract content related to the asset, such as buying and selling contract content or leasing contract content, etc. The asset description information may be transmitted after being encrypted, or may be directly transmitted without being encrypted, which is not limited in this specification. And the user privacy information may include: name, identification card, bank card number or telephone number, etc.
For the encrypted transmission of the target user privacy information, a symmetric encryption mode, an asymmetric encryption mode or a combination mode of the symmetric encryption mode and the asymmetric encryption mode can be adopted, the specification does not limit the encrypted transmission mode, and the content leakage of the target user privacy information can be avoided in the transmission process. When asymmetric encryption is used, the wind-controlled computing platform 13 may maintain a private key for computing an asymmetric key pair, for example, referred to as a computing private key, and a client corresponding to the asset owner may obtain a public key of the computing asymmetric key pair, that is, a computing public key. The asymmetric Key pair may be generated by the wind-driven computing platform 13 in a trusted execution environment, or distributed to the wind-driven computing platform 13 by a KMS (Key Management Service) server, and the source of the Key is not limited in this specification. The client corresponding to the asset owner can encrypt the target user privacy information by using the obtained computing public key, and the wind control computing platform 13 can maintain the computing private key in the trusted execution environment, so that the encrypted target user privacy information needs to be read into the trusted execution environment, decryption operation can be performed by the computing private key to obtain plaintext target user privacy information, and the security of the target user privacy information can be ensured. Asymmetric encryption algorithms used for asymmetric encryption may include, for example, RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), and the like.
For the encrypted transmission of the privacy information of the target user, a mode of combining symmetric encryption and asymmetric encryption can be adopted. The client corresponding to the asset owner may maintain a symmetric key, for example, the symmetric key may be randomly generated by the client, and the client may obtain the computed public key in the computed asymmetric key pair. The client can encrypt the target user privacy information through the symmetric key to obtain the encrypted target user privacy information, encrypt the symmetric key through the calculation public key to obtain the encrypted symmetric key, and transmit the encrypted target user privacy information and the encrypted symmetric key to the wind control computing platform 13. Correspondingly, the wind control computing platform 13 may read the encrypted target user privacy information and the encrypted symmetric key into the trusted execution environment, first decrypt the encrypted symmetric key by computing the private key to obtain the symmetric key, and then decrypt the encrypted target user privacy information by using the symmetric key. In comparison, the encryption and decryption efficiency of the symmetric encryption is relatively higher but the security is relatively lower, while the encryption and decryption efficiency of the asymmetric encryption is relatively lower but the security is relatively higher, so that the encryption and decryption efficiency and the security can be both considered based on a form of combining the symmetric encryption and the asymmetric encryption.
The user wind-control data source 12 may maintain several encrypted data records for recording mapping relationships between the user privacy information and the corresponding wind-control evaluation data, and the user wind-control data source 12 may ensure the security of the maintained data records. The wind control evaluation data may include, but is not limited to, a user credit rating, whether a user has fraud, user loan information, and user credit card information. The user-controlled data source 12 may comprise a bank or other third party wind-controlled data provider, or the like.
The wind-controlled computing platform 13 may be deployed with a Trusted Execution Environment (TEE), so as to ensure security of the target user privacy information transmitted into the Trusted Execution Environment. The wind-controlled computing platform 13 may transmit the asset data and the data records to the trusted execution environment for decryption, so as to obtain the target user privacy information containing the plaintext content and an asset wind-controlled data set, where the asset wind-controlled data set may contain several data records from the user wind-controlled data source 12.
The wind control computing platform 13 may match the target user privacy information with the asset wind control data set in the trusted execution environment, and if the target user privacy information is recorded in the asset wind control data set, may determine wind control evaluation data corresponding to the target user privacy information, so that a matching result including the wind control evaluation data corresponding to the target user privacy information and at least a part of asset description information may be fed back to the asset management platform 11; if the target user privacy information is not recorded in the asset wind control data set, a matching result may not be returned to the asset management platform 11, or a matching result including contents such as "unsuccessful matching" may be returned to the asset management platform 11, or the target user privacy information may be matched with the asset wind control data set again after waiting for a preset time period, which is not limited in this specification.
In an embodiment, the encrypted data records may be transmitted from the user wind control data source 12 to the wind control computing platform 13, and then the wind control computing platform 13 may transmit the encrypted data records into the trusted execution environment for decryption, and add the decrypted data records to the asset wind control data set.
For the encrypted transmission of a plurality of data records, when an asymmetric encryption mode is adopted, the user wind control data source 12 can encrypt the plurality of data records by adopting the obtained public calculation key pair maintained by the wind control calculation platform 13, and the wind control calculation platform 13 can maintain the private calculation key in the trusted execution environment, so that the plurality of encrypted data records need to be read into the trusted execution environment, the decryption operation can be executed by the private calculation key to obtain a plurality of data records of a plaintext, and the plurality of data records of the plaintext are added into the asset wind control data set, so that the content contained in the data records can be prevented from being leaked, and the security of the user privacy information can be ensured. Of course, a combination of symmetric encryption and asymmetric encryption may be used to encrypt the data records, and so on, which is not described herein again.
A TEE can be created on the wind control computing platform 13, the TEE can play a role of a black box in hardware, codes and a data operating system layer executed in the TEE cannot be peeped, and the code and the data operating system layer can be operated only through a predefined interface in the codes. In terms of efficiency, due to the black-box nature of the TEE, plaintext data is operated on in the TEE, rather than complex cryptographic operations in homomorphic encryption, and computational process efficiency is not lost. TEE was originally proposed by Global Platform to address the secure isolation of resources on mobile devices, providing a trusted and secure execution environment for applications parallel to the operating system. The industry is concerned with TEE solutions, and almost all mainstream chip and Software consortiums have their own TEE solutions, such as TPM (Trusted Platform Module) in Software, and Intel SGX (Software Guard Extensions) in hardware, ARM Trustzone, and AMD PSP (Platform Security Processor).
The Intel SGX (hereinafter referred to as SGX) technology is taken as an example. The wind-controlled computing platform 13 may create enclaves (enclosures or enclaves) based on SGX technology as TEEs for matching the decrypted user privacy information with the asset wind-controlled data sets. The wind control computing platform 13 may use a processor instruction newly added in the CPU, and may allocate a partial area EPC (enclosure Page Cache, Enclave Page Cache, or Enclave Page Cache) in the memory, so as to reside the above enclosure. The memory area corresponding to the EPC is encrypted by a memory Encryption engine mee (memory Encryption engine) inside the CPU, the contents (code and data in the enclave) in the memory area can be decrypted only in the CPU core, and a key for Encryption and decryption is generated and stored in the CPU only when the EPC is started. Therefore, the security boundary of enclave only contains the security boundary and the CPU, and no matter privileged or non-privileged software can not access the enclave, even an operating system administrator and a VMM (virtual machine monitor, or called Hypervisor) can not affect codes and data in the enclave, so that the enclave has extremely high security, and on the premise of the security guarantee, the CPU can process user privacy information and wind control evaluation data in a plaintext form in the enclave, so that the enclave has extremely high operational efficiency, and data security and computational efficiency are both considered.
In one embodiment, as shown in FIG. 2, the asset management system may further include a blockchain system 14, and the blockchain system 14 may be used to certify the asset data from the asset management platform 11, and the asset data may be tampered with during transmission.
The blockchain technique (also known as the distributed ledger technique) is a decentralized distributed database technique. Due to the adoption of a decentralized network structure, a consensus mechanism and a chain block structure, the block chain technology has the characteristics of decentralized, public transparency, no tampering, trustiness and the like, and is suitable for a plurality of application scenes with high requirements on data reliability. Block chain systems (block chains for short) are generally divided into three types: public chain (Public block chain), Private chain (Private block chain) and alliance chain (Consortium block chain), and there are various combinations, such as Private chain + alliance chain, alliance chain + Public chain, and so on.
In the block chain, the corresponding block chain transaction (transaction for short) is submitted to the block chain link point, and the block chain transaction is executed by the block chain link point, so that the corresponding operation purpose is realized. Based on the decentralized architecture of the blockchain, each blockchain transaction on the blockchain needs to be executed on all blockchain nodes of the blockchain, so as to ensure that the blockchain account book data maintained by each blockchain node is consistent. If the transaction logic is simple, such as bitcoin for example, the blockchain transaction is only used for implementing the transfer operation, and this will not cause excessive resource consumption even if the blockchain transaction needs to be executed at all blockchain nodes. However, if the blockchain provides the functionality of an intelligent contract and the blockchain transaction invokes the intelligent contract, the situation may be quite different. The intelligent contracts on the blockchain are contracts which can be triggered to be executed by transactions on a blockchain system, and the intelligent contracts can be defined by the form of codes.
In the blockchain, corresponding blockchain transactions are submitted to blockchain link points, corresponding intelligent contracts can be triggered and executed by the blockchain transactions, and complex functions can be realized by calling the intelligent contracts. While smart contracts are pre-deployed executable code on a blockchain, smart contracts allow for trusted transactions to be conducted without third parties, and which transactions are traceable and irreversible. One or more interfaces may be defined in the smart contract, each interface for implementing a corresponding function. When an intelligent contract is invoked via a blockchain transaction, it may be declared which interface or interfaces defined in the intelligent contract to invoke to implement the corresponding functionality.
In one embodiment, where the asset management system includes a blockchain system 14, the process of the blockchain system 14 to certify asset data may include: the asset management platform 11 may send a transaction for storing certified asset data to the blockchain nodes within the blockchain system 14, and then the blockchain nodes may store the corresponding asset data onto the blockchain by performing the transaction for storing certified asset data, which may prevent the asset data from being tampered during transmission, and the blockchain system 14 may further generate corresponding first identification information for the asset data and return the first identification information to the asset management platform 11, which may be transmitted by the asset management platform 11 to the wind control computing platform 13.
Then the wind-controlled computing platform 13 may send a data query transaction containing the first identification information to the blockchain system 14, the blockchain system 14 may execute an intelligent contract with a query function according to the data query transaction, so as to query the asset data corresponding to the first identification information, and the wind-controlled computing platform 12 may receive the asset data corresponding to the first identification information returned by the blockchain system 14.
In an embodiment, the wind-controlled computing platform 13 may receive asset data transmitted by the blockchain system 14 through a predictive engine mechanism. The coordination mechanism between the presidenter contract and the presidenter server is referred to as a presidenter mechanism in this specification, and the contract of a blockchain node deployed within the blockchain system 14 is referred to as an on-chain contract, and the contract deployed on the wind-controlled computing platform 13 or the asset management platform 11 is referred to as an off-chain contract. Where transactions submitted by the asset management platform 11 to blockchain nodes within the blockchain system 14 for crediting asset data may directly or indirectly invoke a prolog contract to trigger a prolog mechanism. If the contract address of the predictive machine contract is filled into the to field of the transaction, indicating that the transaction directly calls the predictive machine contract; if the contract address of a contract on a chain is filled into the to field of the transaction and the contract on the chain invokes the president contract, it indicates that the transaction indirectly invokes the president contract. The contract on the chain calls the president contract, in one case, the contract address of the president contract is written in the byte code of the contract on the chain in advance, and in another case, the contract address of the president contract is used as an input parameter when the contract on the chain is called, and the input parameter is filled in the data field of the transaction. In addition to transferring data from the chain to the chain, the predictive machine mechanism may also transfer data from the chain to the chain, specifically, the predictive machine server may transfer data from the chain to the predictive machine contract, and then transfer data from the chain to the chain by the predictive machine contract, where the data from the chain may include a matching result obtained by the wind-controlled computing platform 13, for example.
In an embodiment, the wind-controlled computing platform 13 may initiate a credit transaction to any blockchain node in the blockchain system 14, where the credit transaction may include a matching result, so that the blockchain node performs a chain link after the credit transaction submitted by the wind-controlled computing platform 13 is identified with other nodes. Of course, the wind control computing platform 13 may also store the matching result in the blockchain system 14 through a predictive engine mechanism, and the process is similar to the process of the wind control computing platform 13 receiving the asset data transmitted by the blockchain system 14, and is not described here again.
In an embodiment, the wind-controlled computing platform 13 may be deployed with one or more under-link contracts. For convenience of management and subsequent call of the contract under the chain, the wind-controlled computing platform 13 may generate corresponding second identification information for the contract under the chain for deployment, where the contract under the chain corresponds to the second identification information one to one, and the second identification information may include a contract ID, and the like, for example, the wind-controlled computing platform 13 may perform hash operation on a bytecode of the contract under the chain to obtain a corresponding hash value, and use the obtained hash value as the contract ID of the contract under the chain. Of course, the wind-controlled computing platform 13 may generate the contract ID in other manners, which is not limited in this specification.
The asset management platform 11 may invoke the linked contract deployed on the wind-controlled computing platform 13 by generating an invocation request, where the invocation request may include second identification information of the linked contract. For example, the asset management platform 11 may send the call request to the wind-driven computing platform 13 directly through the downlink channel, that is, the process of sending the call request is independent of the blockchain system 14, so that the process of consensus among blockchain nodes may be skipped, and the interaction operations on the uplink and downlink may be reduced, so that the process of sending the call request to the wind-driven computing platform 13 by the asset management platform 11 has higher operation efficiency. For another example, the asset management platform 11 may be in a chain form, for example, the asset management platform 11 may submit a transaction to a blockchain node within the blockchain system 14, and a call request included in the transaction may be transmitted from the blockchain node to the wind control computing platform 13 through a prediction mechanism, which is not limited in this specification.
The wind-controlled computing platform 13 may invoke the bytecode of the pre-deployed under-link contract according to the second identification information included in the invocation request, where the under-link contract may be used to match the target user privacy information with the asset wind-controlled data set, and then the bytecode of the under-link contract may be executed by a virtual machine deployed in the trusted execution environment, so that the target user privacy information may be matched with the asset wind-controlled data set. One or more virtual machines for executing the under-chain contract, for example, one or more of an EVM, a WASM virtual machine, and the like, may be deployed in the wind-controlled computing platform 13, and this description does not limit this.
In an embodiment, the asset data may further include information of an identity public key of a wind control data demander, and then the wind control computing platform 13 may further encrypt the obtained matching result by using the identity public key, so that only the wind control data demander that maintains the corresponding identity private key can decrypt the matching result, thereby limiting users that can view the matching result, and other users can only obtain the encrypted matching result from the asset management platform 11, thereby further ensuring security of the wind control evaluation data.
In an embodiment, the encrypted data records transmitted by the user wind control data source 12 further include a digital signature generated by the user wind control data source 12 by signing with an identity private key, so that after the wind control computing platform 13 decrypts the received data records in the trusted execution environment, the digital signature can be verified by using an identity public key corresponding to the user wind control data source 12, and in a case that the digital signature is verified according to the identity public key, the wind control computing platform 13 adds the data records decrypted in the trusted execution environment to the asset wind control data set, so as to ensure that the data records in the asset wind control data set are provided by the reliable user wind control data source 12. That is, the precondition that the wind control computing platform 13 adds the obtained several data records to the asset wind control data set may include: the digital signature is verified.
In an embodiment, a client corresponding to any wind control data demander may verify whether the wind control computing platform 13 is trusted, specifically, whether the trusted execution environment deployed on the wind control computing platform 13 is trusted by obtaining a remote attestation report for the trusted execution environment created on the wind control computing platform 13, so as to verify whether an execution logic in the trusted execution environment meets expectations. The wind control data demander may include one or more of an asset owner, a fund provider, an asset service organization, an asset rating organization, or a law firm, which is not limited in this specification.
The remote attestation report results from a remote attestation process directed to a trusted execution environment on the wind-controlled computing platform 13. The remote attestation report provided by the wind-controlled computing platform 13 is generated by the authentication server after verifying the self-referral information generated by the wind-controlled computing platform, the self-referral information being related to the trusted execution environment created on the wind-controlled computing platform 13. The wind control computing platform 13 generates a remote attestation report by generating self-referral information related to the down-link TEE and verifying the self-referral information by the authentication server, so that the remote attestation report can be used to indicate that the down-link TEE on the wind control computing platform 13 can be trusted. The self-referral information may include hash values of all codes deployed in the chain TEE, a public key maintained in the chain TEE, and the like. For example, taking an Intel SGX technology as an example, the offline TEE is enclave created on the wind-controlled computing platform 13 to match target user private information with an asset wind-controlled data set, and the remote attestation process further involves another special enclave on the wind-controlled computing platform 13, namely, Quoting Enclave (QE), which is an architectural enclave (architectural enclave) provided and signed by Intel. The enclave first needs to generate a REPORT structure for local authentication, and the QE verifies whether the enclave is on the same platform as itself based on the REPORT structure, and then the QE encapsulates the REPORT structure into a structure body quite (i.e. self-recommendation information), and uses an epid (enhanced private identification) key for signature. The EPID key not only represents the platform of the wind control computing platform 13, but also represents the reliability of the underlying hardware of the wind control computing platform 13, and can bind information such as the version of processor firmware, and only QE can access the EPID key for signing the structure quantity. In the SGX technology, the authentication server may be an IAS (intel authentication service) server provided by intel corporation, and the wind-controlled computing platform 13 sends the signed structural body quite to the IAS server, so that the IAS server can verify the signature and return a corresponding remote Attestation report to the wind-controlled computing platform 13.
Any client may initiate a challenge to the wind-controlled computing platform 13 and receive a remote attestation report back from the wind-controlled computing platform 13, so that it may be determined whether the wind-controlled computing platform 13 is trusted according to the remote attestation report. For example, the client may initiate a down-chain challenge to the wind-powered computing platform 13, i.e., the process of initiating the challenge is independent of the blockchain system, so that the consensus process between blockchain nodes may be skipped and the interactions in the up-chain may be reduced, so that the challenge of the client to the wind-powered computing platform 13 has higher operation efficiency. For another example, the client may take the form of an on-chain challenge, such as the client may submit a challenge transaction to the tile-linked node, the challenge transaction may include challenge information that is transmitted by the tile-linked node to the wind-controlled computing platform 13 through the predictive engine mechanism, and the challenge information is used to initiate a challenge to the wind-controlled computing platform 13.
Whether it is a down-link challenge or an up-link challenge, upon receiving the client-initiated challenge, the wind-controlled computing platform 13 may temporarily trigger the remote attestation process as described above and generate a corresponding remote attestation report, which is then fed back to the client. Alternatively, upon receiving the client-initiated challenge, if a pre-generated remote attestation report already exists locally, the wind-controlled computing platform 13 provides the remote attestation report to the client without temporarily triggering the remote attestation process. The remote attestation report locally existing in the wind-controlled computing platform 13 may be generated by the wind-controlled computing platform 13 in response to a challenge of another challenger other than the client, for example, the other challenger may include another client, a KMS server, and the like, which is not limited in this specification. Thus, the wind-controlled computing platform 13, upon receiving the client-initiated challenge, may first look to see if there is a previously generated remote attestation report locally, and if so, feed back the remote attestation report to the client, otherwise temporarily trigger the remote attestation process. The remote attestation report may have a certain time limit, such as 30 minutes or other duration, the remote attestation report that is out of time may be considered as invalid by the client, and the wind control computing platform 13 may also actively clear the invalid remote attestation report to avoid feedback to the client.
The technical solution of the present specification is further explained by taking the scenario of fig. 3 as an example. Assuming that the merchant A and the buyer B carry out transaction by making a commodity buying and selling contract for installment, the commodity value is 3000 yuan, and the merchant A has a corresponding asset certificate of 3000 yuan. At this point, the asset owner 31, merchant A, wishes to re-fund the asset credential. The process of the asset management platform 32 obtaining the wind control valuation data corresponding to the asset credential may include: step (i) the asset owner 31 may submit asset data X corresponding to the asset credential to the asset management platform 32, where the asset data X may include: asset ID, commodity sales contract content, and user privacy information such as buyer B's identification number and mobile phone number encrypted using the public key of the asymmetric key pair maintained by the wind-controlled computing platform 34. The wind control computing platform 34 maintains the private key of the asymmetric key pair in the trusted execution environment, so that it can be ensured that the user privacy information of the buyer B is not leaked in the transmission process, and meanwhile, the asset management platform 32 receives the encrypted user privacy information of the buyer B, so that the asset management platform 32 can be prevented from leaking the user privacy information of the buyer B; the asset management platform 32 may submit a deposit transaction to the blockchain system 33, where the deposit transaction may include the asset data X, and the transaction may be received by a blockchain node 33n in the blockchain system 33 and linked after being identified with other blockchain nodes; the block link point 33n may call a pre-deployed intelligent contract of the predictive machine, and the intelligent contract of the predictive machine may transmit the asset data X to the wind-controlled computing platform 34 under the chain, for example, the intelligent contract of the predictive machine may generate an event including the asset data X, and the corresponding server of the predictive machine may monitor the event generated by the intelligent contract of the predictive machine and transmit the monitored event to the wind-controlled computing platform 34 under the chain; the user wind control data source 35 may transmit the encrypted data records to the wind control computing platform 34 in batches, and the number of the data records transmitted in each batch may be set according to actual requirements, so that it may be avoided that each batch consumes a long time to transmit the data records, and processing efficiency may be improved. The mapping relationship between the user privacy information and the corresponding wind control evaluation data is recorded in the data records, and the data records transmitted by the user wind control data source 35 can also be encrypted by using a public key of an asymmetric key pair maintained by the wind control computing platform 34, so that the content of the data records cannot be leaked in the transmission process. Assuming that the wind control assessment data is the credit score of the user, the plaintext contents of several data records provided by the user wind control data source 35 are shown in table 1 below; the wind control computing platform 34 may decrypt the asset data X obtained in the third step and the data record obtained in the fourth step in the trusted execution environment, so as to obtain the asset data X and the data record in the plaintext, where the asset data in the plaintext includes an asset ID, commodity sales contract content, an identification number of the buyer B, and a mobile phone number of the buyer B. Then, the wind control computing platform 34 may sequentially query, in each batch of data records, whether the identification number of the buyer B and the mobile phone number of the buyer B are recorded, until a certain batch of data records record the identification number of the buyer B and the mobile phone number of the buyer B, the wind control computing platform 34 may obtain a matching result, where the matching result may include the asset ID and the credit score corresponding to the buyer B, and the wind control computing platform 34 may transmit the obtained matching result to the asset management platform 32. Of course, the matching result may also include the content of the product purchase and sale contract, which is not limited in this specification.
In addition, after the wind-control computing platform 34 matches the user privacy information of the buyer B with the data records of each batch, the data records of the batch can be actively deleted from the wind-control computing platform 34, so that a large number of data records can be prevented from occupying a storage space, meanwhile, the data records can be effectively prevented from being leaked on the wind-control computing platform 34, and certainly, the wind-control computing platform 34 can also store data records which are not successfully matched, and repeated receiving of data records from the user wind-control data source 35 can be avoided, which is not limited in this specification.
TABLE 1
Identity card number | Mobile phone number | Credit scoring |
110001 | 12345 | 66 |
120002 | 12356 | 78 |
210003 | 12378 | 88 |
…… | …… | …… |
As shown in fig. 3, the wind control computing platform 34 may directly feed back the obtained matching result to the asset management platform 32 through a downlink channel, and the asset management platform 32 feeds back the matching result to the corresponding wind control data demander, such as a fund provider, etc.; the wind-controlled computing platform 34 may also upload the matching result to the blockchain system 33 through a prediction engine mechanism, and the blockchain system 33 transmits the matching result to the asset management platform 32, which is not limited in this specification.
The asset management platform 32 may provide the obtained matching results to a wind-controlled data demander, such as a fund provider or an intermediate service such as a law firm. Before providing the matching result, the asset management platform 32 may verify the identity information of the wind control data demander, and provide the matching result to the wind control data demander only when verifying that the wind control data demander has been authorized by the asset owner, so as to prevent the matching result from being transmitted at will. For example, the asset management platform 32 may maintain an authorized list of the wind control data demanders authorized by the asset owner, and then may determine whether the wind control data demanders allow to obtain the matching result by matching the identity information of any wind control data demander with the authorized list.
Corresponding to the above embodiment of the asset management system, the present specification also provides an embodiment of a wind control computing platform side, and the description related to the above embodiment of the asset management system may also be applied to the embodiment of the wind control computing platform side, which is not described in detail below.
FIG. 4 is a flowchart of a method for asset management on the wind-controlled computing platform side according to an exemplary embodiment. As shown in fig. 4, the method may include the steps of:
As previously described, obtaining the asset data from the asset management platform, the asset data being transmitted to the asset management platform by an asset owner; or acquiring the asset data from the blockchain system, wherein the asset data is stored into the blockchain system by the asset management platform.
As described above, by sending a data query transaction containing first identification information to the blockchain system, the blockchain system executes an intelligent contract with a query function to query asset data corresponding to the first identification information, and receives the asset data returned by the blockchain system;
alternatively, the asset data transmitted by the blockchain system through a predictive engine mechanism is received.
Receiving a call request from the asset management platform, the call request including second identification information corresponding to a linked contract, as previously described;
and calling a pre-deployed down-link contract according to the second identification information, and executing the down-link contract through a virtual machine deployed in the trusted execution environment to match the target user privacy information with the asset wind control data set.
As mentioned above, the asset data further includes information of the public identity key of the wind control data demander; and the matching result is encrypted by adopting the identity public key and then fed back.
As mentioned above, sending a credit transaction to a blockchain system, wherein the credit transaction includes the matching result; or storing the matching result into the block chain system through a prediction machine mechanism.
As previously described, receiving a plurality of encrypted data records transmitted by a user-programmed data source;
and decrypting in a trusted execution environment to obtain a plurality of data records, and adding the data records to the asset wind control data set.
As mentioned above, the data records further include a digital signature generated by the user wind control data source by signing with an identity private key, where the precondition for adding the data records to the asset wind control data set includes: the digital signature is verified.
As previously described, a remote attestation report is provided that is generated by an authentication server after verification of self-referral information generated by the wind-controlled computing platform, the self-referral information relating to a trusted execution environment in the wind-controlled computing platform.
Fig. 5 shows a schematic structural diagram of an electronic device according to an exemplary embodiment of the present description. Referring to fig. 5, at the hardware level, the electronic device includes a processor 502, an internal bus 504, a network interface 506, a memory 508 and a non-volatile memory 510, but may also include hardware required for other services. The processor 502 reads a corresponding computer program from the non-volatile memory 510 into the memory 508 and then runs, forming an asset management device on a logical level. Of course, besides the software implementation, the present specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may be hardware or logic devices.
Referring to fig. 6, in a software implementation, the asset management apparatus may be applied to a wind-controlled computing platform deploying a trusted execution environment, and may include a first receiving unit 602, a matching unit 604, and a feedback unit 606. Wherein:
a first receiving unit 602, configured to receive asset data, where the asset data includes asset description information and encrypted target user privacy information;
a matching unit 604, configured to transmit the asset data to the trusted execution environment for decryption, and match the obtained target user privacy information with an asset wind control data set, where the asset wind control data set includes a plurality of data records for recording mapping relationships between the user privacy information and corresponding wind control evaluation data;
a feedback unit 606, configured to feed back, to an asset management platform, an obtained matching result if the target user privacy information is recorded in the asset wind control data set, where the matching result includes wind control evaluation data corresponding to the target user privacy information and at least a part of the asset description information.
Optionally, the first receiving unit 602 is specifically configured to:
obtaining the asset data from the asset management platform, the asset data being transmitted to the asset management platform by an asset owner;
or acquiring the asset data from the blockchain system, wherein the asset data is stored into the blockchain system by the asset management platform.
Optionally, the first receiving unit 602 is specifically configured to:
the method comprises the steps that a data query transaction containing first identification information is sent to a blockchain system, so that the blockchain system executes an intelligent contract with a query function to query asset data corresponding to the first identification information, and the asset data returned by the blockchain system are received;
alternatively, the asset data transmitted by the blockchain system through a predictive engine mechanism is received.
Optionally, the matching unit 604 is specifically configured to:
receiving a call request from the asset management platform, the call request including second identification information corresponding to a linked contract;
and calling a pre-deployed down-link contract according to the second identification information, and executing the down-link contract through a virtual machine deployed in the trusted execution environment to match the target user privacy information with the asset wind control data set.
Optionally, the asset data further includes information of an identity public key of a wind control data demander; and the matching result is encrypted by adopting the identity public key and then fed back.
Optionally, the method further includes:
a sending unit 608, configured to send a credit transaction to a blockchain system, where the credit transaction includes the matching result;
and a storing unit 610, configured to store the matching result in the blockchain system through a prediction machine mechanism.
Optionally, the method further includes:
a second receiving unit 612, configured to receive a plurality of encrypted data records transmitted by the user-controlled data source;
and the adding unit 614 is configured to decrypt the data records in the trusted execution environment to obtain a plurality of data records, and add the data records to the asset wind control data set.
Optionally, the data records further include a digital signature generated by signing the user wind control data source with an identity private key, where the precondition for adding the data records to the asset wind control data set includes: the digital signature is verified.
Optionally, the method further includes:
a remote attestation unit 616 configured to provide a remote attestation report generated by an authentication server after verifying self-referral information generated by the wind-controlled computing platform, the self-referral information being related to a trusted execution environment in the wind-controlled computing platform.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (20)
1. An asset management system comprising:
the asset management platform is used for acquiring asset data transmitted by an asset owner, and the asset data comprises asset description information and encrypted target user privacy information;
the system comprises a user wind control data source, a plurality of data records and a plurality of data processing units, wherein the user wind control data source is used for maintaining a plurality of encrypted data records used for recording the mapping relation between user privacy information and corresponding wind control evaluation data;
the system comprises a wind control computing platform, a trusted execution environment and a control unit, wherein the wind control computing platform is provided with the trusted execution environment; the wind control computing platform is used for respectively transmitting the asset data and the data records into the trusted execution environment for decryption to obtain target user privacy information and an asset wind control data set, wherein the asset wind control data set comprises a plurality of data records from the user wind control data source; and matching the target user privacy information with the asset wind control data set, and feeding back an obtained matching result to the asset management platform, wherein the matching result comprises wind control evaluation data corresponding to the target user privacy information and at least part of the asset description information.
2. The system of claim 1, the asset management system further comprising a blockchain system for crediting asset data from the asset management platform; the wind-controlled computing platform is further to:
the method comprises the steps that a data query transaction containing first identification information is sent to a blockchain system, so that the blockchain system executes an intelligent contract with a query function to query asset data corresponding to the first identification information, and the asset data returned by the blockchain system are received;
alternatively, the asset data transmitted by the blockchain system through a predictive engine mechanism is received.
3. The system of claim 2, the wind-controlled computing platform further to:
sending a deposit transaction to the blockchain system, wherein the deposit transaction comprises the matching result;
or storing the matching result into the block chain system through a prediction machine mechanism.
4. The system of claim 1, the wind-controlled computing platform matching the target user privacy information with the asset wind-controlled data set, comprising:
the wind control computing platform receives a calling request from the asset management platform, wherein the calling request comprises second identification information corresponding to the linked contract;
and the wind control computing platform calls a pre-deployed under-link contract according to the second identification information, and executes the under-link contract through a virtual machine deployed in the trusted execution environment to match the target user privacy information with the asset wind control data set.
5. The system of claim 1, wherein the asset data further comprises information of an identity public key of a wind control data demander, and the matching result is fed back after being encrypted by the identity public key.
6. The system of claim 1, the user-gated data source to:
and transmitting the encrypted data records to the wind control computing platform, so that the wind control computing platform transmits the data records to the trusted execution environment for decryption, and adds the obtained data records to the asset wind control data set.
7. The system of claim 6, the data records further comprising a digital signature generated by the user-managed data source signed with an identity private key, wherein the precondition for the wind-controlled computing platform to add the obtained pieces of data records to the asset-managed data set comprises: the digital signature is verified.
8. The system of claim 1, the wind-controlled computing platform further to:
providing a remote attestation report generated by an authentication server after verifying self-referral information generated by the wind-controlled computing platform, the self-referral information relating to a trusted execution environment in the wind-controlled computing platform.
9. An asset management method is applied to a wind-controlled computing platform, wherein the wind-controlled computing platform is provided with a trusted execution environment; the method comprises the following steps:
receiving asset data, wherein the asset data comprises asset description information and encrypted target user privacy information;
transmitting the asset data into the trusted execution environment for decryption, and matching the obtained target user privacy information with an asset wind control data set, wherein the asset wind control data set comprises a plurality of data records for recording the mapping relation between the user privacy information and the corresponding wind control evaluation data;
and if the target user privacy information is recorded in the asset wind control data set, feeding back an obtained matching result to an asset management platform, wherein the matching result comprises wind control evaluation data corresponding to the target user privacy information and at least part of the asset description information.
10. The method of claim 9, the receiving asset data comprising:
obtaining the asset data from the asset management platform, the asset data being transmitted to the asset management platform by an asset owner;
or acquiring the asset data from the blockchain system, wherein the asset data is stored into the blockchain system by the asset management platform.
11. The method of claim 10, obtaining the asset data from a blockchain system, comprising:
the method comprises the steps that a data query transaction containing first identification information is sent to a blockchain system, so that the blockchain system executes an intelligent contract with a query function to query asset data corresponding to the first identification information, and the asset data returned by the blockchain system are received;
alternatively, the asset data transmitted by the blockchain system through a predictive engine mechanism is received.
12. The method of claim 9, matching the obtained target user privacy information with an asset wind control data set, comprising:
receiving a call request from the asset management platform, the call request including second identification information corresponding to a linked contract;
and calling a pre-deployed down-link contract according to the second identification information, and executing the down-link contract through a virtual machine deployed in the trusted execution environment to match the target user privacy information with the asset wind control data set.
13. The method of claim 9, wherein the asset data further comprises information of an identity public key of a wind control data demander, and the matching result is fed back after being encrypted by the identity public key.
14. The method of claim 9, further comprising:
sending a deposit transaction to a blockchain system, wherein the deposit transaction comprises the matching result;
or storing the matching result into the block chain system through a prediction machine mechanism.
15. The method of claim 9, further comprising:
receiving a plurality of encrypted data records transmitted by a user wind control data source;
and decrypting in a trusted execution environment to obtain a plurality of data records, and adding the data records to the asset wind control data set.
16. The method of claim 15, wherein the plurality of data records further includes a digital signature generated by the user source of the wind control data signed with a private identity key, and wherein the precondition for adding the plurality of data records to the asset wind control data set comprises: the digital signature is verified.
17. The method of claim 9, further comprising:
providing a remote attestation report generated by an authentication server after verifying self-referral information generated by the wind-controlled computing platform, the self-referral information relating to a trusted execution environment in the wind-controlled computing platform.
18. An asset management device is applied to a wind-controlled computing platform, and the wind-controlled computing platform is provided with a trusted execution environment; the device comprises:
the first receiving unit is used for receiving asset data, and the asset data comprises asset description information and encrypted target user privacy information;
the matching unit is used for transmitting the asset data into the trusted execution environment for decryption and matching the obtained target user privacy information with an asset wind control data set, wherein the asset wind control data set comprises a plurality of data records for recording the mapping relation between the user privacy information and the corresponding wind control evaluation data;
and the feedback unit is used for feeding back an obtained matching result to an asset management platform if the target user privacy information is recorded in the asset wind control data set, wherein the matching result comprises wind control evaluation data corresponding to the target user privacy information and at least part of the asset description information.
19. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 9-17 by executing the executable instructions.
20. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 9-17.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110194354.4A CN112785202A (en) | 2021-02-20 | 2021-02-20 | Asset management method, device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110194354.4A CN112785202A (en) | 2021-02-20 | 2021-02-20 | Asset management method, device and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112785202A true CN112785202A (en) | 2021-05-11 |
Family
ID=75761747
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110194354.4A Pending CN112785202A (en) | 2021-02-20 | 2021-02-20 | Asset management method, device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112785202A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113282959A (en) * | 2021-06-09 | 2021-08-20 | 支付宝(杭州)信息技术有限公司 | Service data processing method and device and electronic equipment |
CN113301163A (en) * | 2021-06-02 | 2021-08-24 | 网易(杭州)网络有限公司 | Service processing method, system, electronic device and storage medium |
CN113706060A (en) * | 2021-10-29 | 2021-11-26 | 中国电力科学研究院有限公司 | Power grid regulation and control data asset processing method, system, equipment and storage medium |
CN113781245A (en) * | 2021-09-10 | 2021-12-10 | 杭州宇链科技有限公司 | Privacy computing system and method enabling safe production insurance |
CN114255074A (en) * | 2021-12-06 | 2022-03-29 | 蚂蚁区块链科技(上海)有限公司 | Block chain based method and system for evaluating product value |
CN114298711A (en) * | 2021-12-21 | 2022-04-08 | 蚂蚁区块链科技(上海)有限公司 | Industrial control equipment control method, device and system based on block chain |
CN114297689A (en) * | 2021-12-29 | 2022-04-08 | 鲁信科技股份有限公司 | Financial wind control method and device based on privacy calculation and storage medium |
CN115118438A (en) * | 2022-08-29 | 2022-09-27 | 北京智芯微电子科技有限公司 | Block chain-based terminal digital identity management method and system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110766550A (en) * | 2019-09-05 | 2020-02-07 | 阿里巴巴集团控股有限公司 | Asset query method and device based on block chain and electronic equipment |
CN111047443A (en) * | 2019-11-29 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | User scoring method and device, electronic equipment and computer readable storage medium |
CN111090875A (en) * | 2020-03-18 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Contract deployment method and device |
CN111415158A (en) * | 2020-03-31 | 2020-07-14 | 支付宝(杭州)信息技术有限公司 | Wind control method and system based on block chain |
CN111818186A (en) * | 2020-08-31 | 2020-10-23 | 支付宝(杭州)信息技术有限公司 | Information sharing method and system |
CN112069528A (en) * | 2020-11-10 | 2020-12-11 | 支付宝(杭州)信息技术有限公司 | Financing transaction processing method and system based on block chain |
JP6810490B1 (en) * | 2020-04-06 | 2021-01-06 | 玲於奈 日置 | Loan support system, loan support method, and loan support program |
-
2021
- 2021-02-20 CN CN202110194354.4A patent/CN112785202A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110766550A (en) * | 2019-09-05 | 2020-02-07 | 阿里巴巴集团控股有限公司 | Asset query method and device based on block chain and electronic equipment |
CN111047443A (en) * | 2019-11-29 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | User scoring method and device, electronic equipment and computer readable storage medium |
CN111090875A (en) * | 2020-03-18 | 2020-05-01 | 支付宝(杭州)信息技术有限公司 | Contract deployment method and device |
CN111415158A (en) * | 2020-03-31 | 2020-07-14 | 支付宝(杭州)信息技术有限公司 | Wind control method and system based on block chain |
JP6810490B1 (en) * | 2020-04-06 | 2021-01-06 | 玲於奈 日置 | Loan support system, loan support method, and loan support program |
CN111818186A (en) * | 2020-08-31 | 2020-10-23 | 支付宝(杭州)信息技术有限公司 | Information sharing method and system |
CN112069528A (en) * | 2020-11-10 | 2020-12-11 | 支付宝(杭州)信息技术有限公司 | Financing transaction processing method and system based on block chain |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113301163A (en) * | 2021-06-02 | 2021-08-24 | 网易(杭州)网络有限公司 | Service processing method, system, electronic device and storage medium |
CN113282959A (en) * | 2021-06-09 | 2021-08-20 | 支付宝(杭州)信息技术有限公司 | Service data processing method and device and electronic equipment |
CN113781245A (en) * | 2021-09-10 | 2021-12-10 | 杭州宇链科技有限公司 | Privacy computing system and method enabling safe production insurance |
CN113781245B (en) * | 2021-09-10 | 2023-10-13 | 杭州宇链科技有限公司 | Privacy computing system and method for enabling safe production insurance |
CN113706060A (en) * | 2021-10-29 | 2021-11-26 | 中国电力科学研究院有限公司 | Power grid regulation and control data asset processing method, system, equipment and storage medium |
CN113706060B (en) * | 2021-10-29 | 2022-02-11 | 中国电力科学研究院有限公司 | Power grid regulation and control data asset processing method, system, equipment and storage medium |
CN114255074A (en) * | 2021-12-06 | 2022-03-29 | 蚂蚁区块链科技(上海)有限公司 | Block chain based method and system for evaluating product value |
CN114298711A (en) * | 2021-12-21 | 2022-04-08 | 蚂蚁区块链科技(上海)有限公司 | Industrial control equipment control method, device and system based on block chain |
CN114297689A (en) * | 2021-12-29 | 2022-04-08 | 鲁信科技股份有限公司 | Financial wind control method and device based on privacy calculation and storage medium |
CN114297689B (en) * | 2021-12-29 | 2022-09-20 | 鲁信科技股份有限公司 | Financial wind control method and device based on privacy calculation and storage medium |
CN115118438A (en) * | 2022-08-29 | 2022-09-27 | 北京智芯微电子科技有限公司 | Block chain-based terminal digital identity management method and system |
CN115118438B (en) * | 2022-08-29 | 2023-01-20 | 北京智芯微电子科技有限公司 | Block chain-based terminal digital identity management method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111475849B (en) | Private data query method and device based on blockchain account | |
CN112785202A (en) | Asset management method, device and system | |
US11048825B2 (en) | Managing a smart contract on a blockchain | |
CN111770200B (en) | Information sharing method and system | |
EP3961455B1 (en) | Data verification methods, apparatuses, and devices | |
EP3961974A1 (en) | Block content editing methods and apparatuses | |
CN111770199B (en) | Information sharing method, device and equipment | |
CN110580412B (en) | Permission query configuration method and device based on chain codes | |
CN111475850B (en) | Intelligent contract-based privacy data query method and device | |
CN111770198B (en) | Information sharing method, device and equipment | |
US11310244B2 (en) | Information sharing methods, apparatuses, and devices | |
EP3961546B1 (en) | Information sharing methods, apparatuses, and devices | |
CN111818186B (en) | Information sharing method and system | |
CN113343234A (en) | Method and device for carrying out credible check on code security | |
CN113704211B (en) | Data query method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210511 |