Recently, the "Research Report on Key Technologies for Trusted Industrial Data Circulation" (hereinafter referred to as the "Report") edited by Impulse Online was officially released. The report was jointly compiled by the China Academy of Information and Communications Technology and a number of enterprises, universities and scientific research institutes. It aims to adapt to the new development situation, clarify a series of technologies that meet the functional requirements of a trusted industrial data space, and jointly build a trusted industrial data space for the industry. Provide technical reference.
With the deep integration and development of new generation information technology and manufacturing industry, global industrial data applications have entered a new stage of in-depth development. As a new production factor and important strategic resource, data is playing a greater role in the digital transformation process of manufacturing industry. In this process, the circulation and sharing of industrial data has received widespread attention.
At present, industrial data is multi-modal and massive, ubiquitous exchange is frequent, and system protection capabilities are poor, making it difficult to manage and control the entire process.
At present, industrial data has diverse industrial applications and different privacy needs, which require high stability of the privacy protection system.
At present, it has become the norm for industrial data to be frequently exchanged and circulated across terminals, systems, and ecosystems, and privacy leaks occur one after another.
Under the guidance of privacy computing theory, a unified description of private information, constraints, circulation control, audit supervision, tracking and traceability, authentication, etc. in the industrial data space is provided to support the full life cycle process of private information in the trusted industrial data space. systematic protection. The main goal of the trusted execution environment route is to ensure that shared data or programs that use shared data execute as expected, and to ensure the confidentiality and integrity of the initial state and the confidentiality and integrity of the runtime state in the trusted execution environment.
Data protection during computing: Different computing participants transmit their encrypted data to the TEE computing environment through secure links, where the data is decrypted and joint calculations are performed in the TEE, such as joint user profiling, financial risk control prediction, and social risk Recognition etc. After the calculation is completed, the calculation results are returned to each participant through a secure link, and the original data is destroyed in the TEE environment.
Key Protection: Key management is key to data security. TEE technology can be used to generate, store and manage keys in a hardware-isolated TEE, simplifying the complexity of traditional key management and ensuring the security of key use. Implement key life cycle management in TEE, including key generation, key delivery, key usage and key destruction. TEE technology protects key security, supports various encryption algorithms, and can be used to encrypt sensitive data and results. TEE technology enhances the security and convenience of key management.
Computational model protection: Multiple companies use data accumulated during the production process to conduct joint modeling analysis. In order to obtain more accurate results, these companies can introduce partners with mature algorithm models. Under the requirements of this scenario, the TEE computing environment is used to ensure the security of the algorithm model.
Data encryption storage: Data encryption is an important part of enterprise asset security management. TEE technology can be used to encrypt and save critical data such as operating, financial, and production data to prevent data leakage. Remotely verify the security of the TEE environment, generate a key inside the TEE, use the key to encrypt sensitive data, and the encrypted data can be stored in the TEE or in an external storage system. TEE technology enhances the security and confidentiality of data storage.
Privacy query: TEE technology can be applied to multi-party data query scenarios that need to protect user privacy, such as identity authentication and disease query in finance, medical and other fields. All parties upload the encrypted data to TEE for summary; the querying party performs authorized query through the interface provided by TEE, and TEE returns the results according to the permissions. The TEE hardware isolation environment makes data available and invisible, which not only achieves effective aggregation and utilization of data, but also reduces the risk of data leakage. It can also be combined with technologies such as blockchain to save query evidence. TEE technology enhances the security of multi-party data privacy queries.
In building a trusted data space, Impulse Online insists on leveraging its own trusted execution environment technology advantages to ensure data security and trusted circulation of data, thereby achieving data interconnection and interoperability. Empower existing data infrastructure and connect various existing platform facilities, such as cloud platforms, data exchanges, industrial Internet platforms, big data platforms, industry and local data spaces, and various distributed terminals, thereby forming multiple entities , a data element infrastructure system in which multiple circulation modes coexist.