Implementation of the Infrastructure Architecture and Key Technologies for Data Circulation and Utilization

doi:10.11871/jfdc.issn.2096-742X.2026.03.012

Abstract

Abstract:

[Objective] In the context of the development of the digital economy, data have become a key factor of production. To promote the construction of national data infrastructure and address the cognitive discrepancies in architecture design and key technology application, research is conducted on the infrastructure architecture and key technologies aimed at facilitating data circulation and utilization. [Method] This paper analyzes the problems existing in the current infrastructure system, proposes an infrastructure architecture oriented to data circulation and utilization, and explores the supporting key technologies. [Results] Through analyzing construction needs, a centralized and distributed architecture has been developed that includes a role system, system architecture, and business models, along with a discussion of the practical applications of key technologies such as identity authentication and intelligent compliance review. [Conclusions] This research offers practical guidance for the construction of data infrastructure, fills the research gap in implementation pathways, and points out that the security protection system needs improvement.

Key words: data element, data infrastructure, system architecture, big data

PEI Chao,NI Mingjian,ZHAO Lili,FENG Jin. Implementation of the Infrastructure Architecture and Key Technologies for Data Circulation and Utilization[J]. Frontiers of Data and Computing, 2026, 8(3): 137-154.

Figures/Tables 14

Fig.1

Fig.2

Fig.3

Fig.4

Fig.5

Fig.6

Fig.7

Fig.8

Fig.9

Fig.10

Table 1

Fig.11

Fig.12

Table 2

References 62

[1]	张利娟, 王钧莳. 《国家数据基础设施建设指引》正式发布[J]. 中国报道, 2025(2):78-81.
[2]	中共中央国务院关于构建数据基础制度更好发挥数据要素作用的意见[J]. 中华人民共和国国务院公报, 2023(1): 28-33.
[3]	国家数据局. 关于完善数据流通安全治理更好促进数据要素市场化价值化的实施方案[J]. 中小企业管理与科技, 2025(2): 2-3.
[4]	刘知贵, 杨立春, 蒲洁, 等. 基于PKI技术的数字签名身份认证系统[J]. 计算机应用研究, 2004, 21(9): 158-160.
[5]	AVELLANEDA O, BACHMANN A, BARBIR A, et al. Decentralized identity: Where did it come from and where is it going?[J]. IEEE Communications Standards Magazine, 2019, 3(4): 10-13.
[6]	MAZZOCCA C, ACAR A, ULUAGAC S, et al. A survey on decentralized identifiers and verifiable credentials[J]. arXiv preprint arXiv:2402.02455, 2024.
[7]	贺兴, 陈旻昱, 唐跃中, 等. 基于数字孪生与元宇宙技术的能源互联网态势感知系统论方法研究 (一): 概念, 挑战与研究框架[J]. 中国电机工程学报, 2022, 44(2): 547-560.
[8]	陆艺仁, 朱友文. 基于中继链的联盟链跨链监管机制[J]. 计算机工程与应用, 2023, 59(22): 268-275. doi: 10.3778/j.issn.1002-8331.2206-0466
[9]	王群, 李馥娟, 倪雪莉, 等. 区块链共识算法及应用研究[J]. 计算机科学与探索, 2022, 16(6): 1214-1242.
[10]	邓小鸿, 王智强, 李娟, 等. 主流区块链共识算法对比研究[J]. 计算机应用研究, 2022, 39(1): 1-8.
[11]	刘琴, 王德军, 王潇潇, 等. 法律合约与智能合约一致性综述[J]. 计算机应用研究, 2021, 38(1): 1-8
[12]	郎芳. 区块链技术下智能合约之于合同的新诠释[J]. 重庆大学学报 (社会科学版), 2021, 27(5): 169-182.
[13]	KUZNETSOV O, RUSNAK A, YEZHOV A, et al. Merkle trees in blockchain: A study of collision probability and security implications[J]. Internet of Things, 2024, 26: 1-17
[14]	DE OCáRIZ BORDE H S. An overview of trees in blockchain technology: merkle trees and merkle patricia tries[J]. University of Cambridge: Cambridge, UK, 2022.
[15]	DANIEL E, TSCHORSCH F. IPFS and friends: A qualitative comparison of next generation peer-to-peer data networks[J]. IEEE Communications Surveys & Tutorials, 2022, 24(1): 31-52.
[16]	DOAN T V, PSARAS Y, OTT J, et al. Toward decentralized cloud storage with IPFS: opportunities, challenges, and future considerations[J]. IEEE Internet Computing, 2022, 26(6): 7-15.
[17]	BIERI C. An overview into the InterPlanetary File System (IPFS): use cases, advantages, and drawbacks[J]. Communication Systems XIV, 2021, 28.
[18]	倪雪莉, 马卓, 王群. 区块链P2P网络及安全研究[J]. 计算机工程与应用, 2024, 60(5): 17-29. doi: 10.3778/j.issn.1002-8331.2307-0218
[19]	PERLMAN R. An overview of PKI trust models[J]. IEEE Network, 1999, 13(6): 38-43. doi: 10.1109/65.806987
[20]	HUNT R. PKI and digital certification infrastructure[C]// Proceedings. Ninth IEEE International Conference on Networks, ICON 2001. IEEE, 2001: 234-239.
[21]	FDHILA W, STIFTER N, KOSTAL K, et al. Methods for decentralized identities: Evaluation and insights[C]// Business Process Management: Blockchain and Robotic Process Automation Forum: Business Process Management: Blockchain and Robotic Process Automation Forum: BPM 2021 Blockchain and RPA Forum, Rome, Italy, September 6-10, 2021, Proceedings 19. Springer International Publishing, 2021: 119-135.
[22]	ALIZADEH M, ANDERSSON K, SCHELÉN O. Comparative analysis of decentralized identity approaches[J]. IEEE Access, 2022, 10: 92273-92283.
[23]	KASNECI E, SEßLER K, KÜCHEMANN S, et al. ChatGPT for good? On opportunities and challenges of large language models for education[J]. Learning and Individual Differences, 2023, 103: 102274.
[24]	NAVEED H, KHAN A U, QIU S, et al. A comprehensive overview of large language models[J]. ACM Transactions on Intelligent Systems and Technology, 2023.
[25]	刘雪颖, 云静, 李博, 等. 基于大型语言模型的检索增强生成综述[J]. 计算机工程与应用, 2025, 61(13):1-25. doi: 10.3778/j.issn.1002-8331.2410-0088
[26]	王帅, 何文春, 王甫棣, 等. 大语言模型融合知识图谱与向量检索的问答系统[J]. 科学技术与工程, 2024, 24(32): 13902-13910.
[27]	李冬梅, 罗斯斯, 张小平, 等. 命名实体识别方法研究综述[J]. 计算机科学与探索, 2022, 16(9): 1954-1968.
[28]	赵山, 罗睿, 蔡志平. 中文命名实体识别综述[J]. 计算机科学与探索, 2022, 16(2): 296-304. doi: 10.3778/j.issn.1673-9418.2107031
[29]	杨振宇, 张登辉. 一种结合BERT与双层LSTM的复杂长句意图分类方法[J]. 计算机应用与软件, 2021, 38(12): 207-212.
[30]	CHANDRASEKARAN D, MAGO V. Evolution of semantic similarity—a survey[J]. Acm Computing Surveys (Csur), 2021, 54(2): 1-37.
[31]	林诗意, 张磊, 刘德胜. 基于区块链智能合约的应用研究综述[J]. 计算机应用研究, 2021, 38(9): 2570-2581.
[32]	KHAN S N, LOUKIL F, GHEDIRA-GUEGAN C, et al. Blockchain smart contracts: Applications, challenges, and future trends[J]. Peer-to-peer Networking and Applications, 2021, 14: 2901-2925.
[33]	MERLEC M M, LEE Y K, HONG S P, et al. A smart contract-based dynamic consent management system for personal data usage under GDPR[J]. Sensors, 2021, 21(23): 7994. doi: 10.3390/s21237994
[34]	CHIU W Y, MENG W, JENSEN C D. My data, my control: a secure data sharing and access scheme over blockchain[J]. Journal of Information Security and Applications, 2021, 63: 103020.
[35]	VON DER ASSEN J, CELDRáN A H, ZERMIN A, et al. SecBox: a lightweight container-based sandbox for dynamic malware analysis[C]// NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium. IEEE, 2023: 1-3.
[36]	BRäNNVALL R, SVENSSON H, KALIYAPERUMAL K, et al. A sandbox study proposal for private and distributed health data analysis[J]. arXiv preprint arXiv:2501.14556, 2025.
[37]	BRASSER F, JAUERNIG P, PUSTELNIK F, et al. Trusted container extensions for container-based confidential computing[J]. arXiv preprint arXiv:2205. 05747, 2022.
[38]	AYER A. KVMSandbox: Application-Level Sandboxing with x86 Hardware Virtualization and KVM[D]. Providence: Brown University, 2012.
[39]	ZHANG C, PRIOLKAR R, JIANG Y, et al. Erebor: A Drop-In Sandbox Solution for Private Data Processing in Untrusted Confidential Virtual Machines[C]// Proceedings of the Twentieth European Conference on Computer Systems. 2025: 1210-1228.
[40]	PARK J. Trusted execution environment for multi-level security and hardware sandbox[D]. Daejeon: Korea Advanced Institute of Science and Technology (KAIST), 2023.
[41]	PARK J, KANG S, LEE S, et al. Hardware-hardened sandbox enclaves for trusted serverless computing[J]. ACM Transactions on Architecture and Code Optimization, 2024, 21(1): 1-25.
[42]	HURTUK J, BALáž A, ÁDáM N. Security sandbox based on RBAC model[C]// 2016 IEEE 11th International Symposium on Applied Computational Intelligence and Informatics (SACI). IEEE, 2016: 75-80.
[43]	LI Z, TIAN J F, WANG F X. Sandbox system based on role and virtualization[C]// 2009 International Symposium on Information Engineering and Electronic Commerce. IEEE, 2009: 342-346.
[44]	HERZOG A, SHAHMEHRI N. Using the Java sandbox for resource control[J]. NORDSEC, 2002, 2002: 13.
[45]	PENG L. The sandbox: Improving file access security in the internet age[D]. Providence: Brown University, 2006.
[46]	ABBADINI M. Sandboxing and Data Protection in Cloud Computing Environments[D]. Bergamo: University of Bergamo, 2024.
[47]	OLSON L E, POWER J, HILL M D, et al. Border control: Sandboxing accelerators[C]// Proceedings of the 48th International Symposium on Microarchitecture, 2015: 470-481.
[48]	KNIGHT B R, MITCHELL T E. The sandbox paradox: Balancing the need to facilitate innovation with the risk of regulatory privilege[J]. South Carolina Law Review, 2020, 72: 445-476.
[49]	蔡志勇, 王昊, 金明, 等. 混合办公数据安全保护研究与实践[J]. 计算机应用文摘, 2024, 40(12): 132-134.
[50]	RAHO M, SPYRIDAKIS A, PAOLINO M, et al. KVM, Xen and Docker: A performance analysis for ARM based NFV and cloud computing[C]// 2015 IEEE 3rd Workshop on Advances in Information, Electronic and Electrical Engineering (AIEEE). IEEE, 2015: 1-8.
[51]	MENG Y, QIN Y, SUN L, et al. Design and research on KVM-based cloud desktop solution for VDI converged architecture[C]// International Conference on Mechatronics and Intelligent Control (ICMIC 2024). SPIE, 2025, 13447: 831-845.
[52]	石屹嵘, 龚德志. 基于SPICE开源协议的云桌面技术架构研究[J]. 电信科学, 2013, 29(8): 162-169. doi: 10.3969/j.issn.1000-0801.2013.08.028
[53]	李承东. 云桌面远程传输协议综述[J]. 现代电信科技, 2014, 44(8): 23-26.
[54]	KERSCHBAUM F. Privacy-Preserving Computation: (Position Paper)[C]// Annual privacy forum. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012: 41-54.
[55]	LI L, FAN Y, TSE M, et al. A review of applications in federated learning[J]. Computers & Industrial Engineering, 2020, 149: 106854.
[56]	周传鑫, 孙奕, 汪德刚, 等. 联邦学习研究综述[J]. 网络与信息安全学报, 2021, 7(5): 77-92.
[57]	GOLDREICH O. Secure multi-party computation[J]. Manuscript. Preliminary version, 1998, 78(110): 1-108.
[58]	苏冠通, 徐茂桐. 安全多方计算技术与应用综述[J]. 信息通信技术与政策, 2019, 45(5): 19-22.
[59]	DWORK C. Differential privacy[C]// International colloquium on automata, languages, and programming. Berlin, Heidelberg: Springer Berlin Heidelberg, 2006: 1-12.
[60]	张啸剑, 孟小峰. 面向数据发布和分析的差分隐私保护[J]. 计算机学报, 2014, 37(4): 927-949.
[61]	ACAR A, AKSU H, ULUAGAC A S, et al. A survey on homomorphic encryption schemes: Theory and implementation[J]. ACM Computing Surveys (Csur), 2018, 51(4): 1-35.
[62]	钱萍, 吴蒙. 同态加密隐私保护数据挖掘方法综述[J]. 计算机应用研究, 2011, 28(5): 1614-1617.

安全维度	数据沙箱技术	云桌面技术	协同效应
数据隔离	容器/虚拟化/硬件隔离，防止数据泄露	终端无数据落地，传输加密	双重隔离，数据全生命周期不外露
权限控制	细粒度字段级权限管理	设备/网络/会话级访问控制	策略联动，更好实现“最小权限原则”
操作审计	可结合区块链进行存证，日志不可篡改	能够进行会话录制与实时监控	全流程可追溯，满足等保和相关法律要求
合规支持	自动脱敏，满足隐私法规	动态合规策略注入	动静防护策略相结合，实现一体化合规解决方案

技术组件	数据交易合约	数据交付合约	数据沙箱	云桌面	区块链
与隐私保护计算技术的交互方式	交易合约定义隐私计算任务的商业规则，如计算费用、数据使用期限、数据使用方式等；交易合约生效后触发隐私保护计算技术的初始化	交付合约配置隐私保护技术参数，如差分隐私噪声强度、联邦学习参与方权限、不可区分度等；通过交付合约控制隐私保护计算结果的访问权限	提供隐私计算引擎的运行环境；隔离原始数据与计算任务，防止数据泄露	为需求方提供隐私计算结果的可视化界面；限制结果导出权限，仅允许在线查看或脱敏下载	记录隐私计算任务的全流程日志；存储隐私保护技术的参数配置与执行证明
安全保障作用	确保隐私计算符合商业与合规要求，避免技术滥用	实现细粒度的数据控制，确保结果仅用于合约指定场景	物理隔离保障数据存储安全，结合沙箱权限控制限制计算任务对数据的访问范围	控制需求方对结果的使用方式，避免原始计算结果被非法传播	提供不可篡改的审计轨迹，便于事后追溯数据使用是否符合隐私保护要求