CN109145630A - Sensitive data method for deleting, device, equipment and computer readable storage medium - Google Patents
Sensitive data method for deleting, device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN109145630A CN109145630A CN201710463588.8A CN201710463588A CN109145630A CN 109145630 A CN109145630 A CN 109145630A CN 201710463588 A CN201710463588 A CN 201710463588A CN 109145630 A CN109145630 A CN 109145630A
- Authority
- CN
- China
- Prior art keywords
- sensitive data
- data
- scanned
- class
- sensitive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a kind of sensitive data method for deleting, device, equipment and computer readable storage mediums.This method comprises: being scanned based on default sensitive data feature database for the data in cloud resource pond;When scanning is to sensitive data and sensitive data meets erased conditions, preassembled sensitive data erasing program is called, sensitive data is wiped.Sensitive data method for deleting, device, equipment and the computer readable storage medium of the embodiment of the present invention, can be improved the safety of data.
Description
Technical field
The present invention relates to data protection technical field more particularly to a kind of sensitive data method for deleting, device, equipment and meters
Calculation machine readable storage medium storing program for executing.
Background technique
Sensitive data refers to the data including client's individual privacy information or Enterprise business value information.
Data in cloud resource pond use storage area network (Storage Area Network, SAN) virtual memory skill
Art is shared.Currently, mainly pass through for the data protection in cloud resource pond physics fire wall equipment, software firewall and
The modes such as anti-virus software are protected.
But fictitious host computer uses the shared resource dynamic generation in cloud resource pond.Before resource-sharing, there are shared moneys
The case where sensitive data in source is not wiped.This results in the sensitive data in cloud resource pond to there is the risk leaked, data peace
Full property is poor.
Summary of the invention
The embodiment of the present invention provides a kind of sensitive data method for deleting, device, equipment and computer readable storage medium, energy
Enough improve the safety of data.
On the one hand, the embodiment of the invention provides a kind of sensitive data method for deleting, method includes:
Based on default sensitive data feature database, it is scanned for the data in cloud resource pond;
When scanning is to sensitive data and sensitive data meets erased conditions, preassembled sensitive data erasing journey is called
Sequence wipes sensitive data.
On the other hand, the embodiment of the invention provides a kind of sensitive data erasing apparatus, device includes: scan module and wiping
Except module, wherein
Scan module, for being scanned for the data in cloud resource pond based on default sensitive data feature database;
Module is wiped, for calling preassembled when scanning is to sensitive data and sensitive data meets erased conditions
Sensitive data wipes program, wipes sensitive data.
In another aspect, the embodiment of the invention provides a kind of sensitive data erasing apparatus, the equipment include: processor and
It is stored with the memory of computer program instructions;Processor execution stores real in the computer program instructions on the memory
Any one existing sensitive data method for deleting.
In another aspect, the embodiment of the invention provides a kind of computer readable storage medium, the computer-readable storage medium
Computer program instructions are stored in matter;The computer program instructions realize that any one sensitive data is wiped when being executed by processor
Except method.
Sensitive data method for deleting, device, equipment and the computer readable storage medium of the embodiment of the present invention, can be improved
The safety of data.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, will make below to required in the embodiment of the present invention
Attached drawing is briefly described, for those of ordinary skill in the art, without creative efforts, also
Other drawings may be obtained according to these drawings without any creative labor.
Fig. 1 shows the first flow diagram of sensitive data method for deleting provided in an embodiment of the present invention;
Fig. 2 shows second of flow diagrams of sensitive data method for deleting provided in an embodiment of the present invention;
Fig. 3 shows the third flow diagram of sensitive data method for deleting provided in an embodiment of the present invention;
Fig. 4 shows the first structural schematic diagram of sensitive data erasing apparatus provided in an embodiment of the present invention;
Fig. 5 shows second of structural schematic diagram of sensitive data erasing apparatus provided in an embodiment of the present invention;
Fig. 6 shows the third structural schematic diagram of sensitive data erasing apparatus provided in an embodiment of the present invention;
Fig. 7 shows the hardware structural diagram of sensitive data erasing apparatus provided in an embodiment of the present invention.
Specific embodiment
The feature and exemplary embodiment of various aspects of the invention is described more fully below, in order to make mesh of the invention
, technical solution and advantage be more clearly understood, with reference to the accompanying drawings and embodiments, the present invention is further retouched in detail
It states.It should be understood that specific embodiment described herein is only configured to explain the present invention, it is not configured as limiting the present invention.
To those skilled in the art, the present invention can be real in the case where not needing some details in these details
It applies.Below the description of embodiment is used for the purpose of better understanding the present invention to provide by showing example of the invention.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence " including ... ", it is not excluded that including
There is also other identical elements in the process, method, article or equipment of the element.
In order to solve prior art problem, the embodiment of the invention provides a kind of sensitive data method for deleting, device, equipment
And computer readable storage medium.
It should be noted that sensitive data method for deleting provided in an embodiment of the present invention and device, are preferably applied to super
Overseer (Hypervisor).Wherein, Hypervisor is a kind of centre operated between physical server and operating system
Software layer (operates in the middle layer between physical machine and virtual machine), allows multiple operating systems and a set of base of Application share
Plinth physical hardware, Hypervisor can also be called virtual machine monitor (virtual machine monitor, VMM).
Hypervisor is a kind of " member " operating system in virtual environment, it has access to that including disk and interior presence on server
Interior all physical equipments.Hypervisors not only coordinates the access of these hardware resources, also simultaneously each virtual machine it
Between apply protection.When server is started and carried out Hypervisor, it can load the operating system of all virtual-machine clients
The each suitable memory of virtual machine, CPU, network and disk can be distributed to simultaneously.Hypervisor is all virtualization technologies
Core.Support non-interruptedly multiplexing make load migration ability be Hypervisor basic function.
Sensitive data erasing is provided for the embodiments of the invention first below to be introduced.
Fig. 1 shows the first flow diagram of sensitive data method for deleting provided in an embodiment of the present invention.It can be with
Include:
S101: it based on default sensitive data feature database, is scanned for the data in cloud resource pond.When scanning to sensitivity
Data and when sensitive data meets erased conditions, execute S102.
S102: preassembled sensitive data erasing program is called, sensitive data is wiped.
Being stored in default sensitive data feature database indicates that data are the feature of sensitive data.
With files classes data instance, it is assumed that file format is in picture format and file name comprising keyword " identity card "
Files classes data be sensitive data.Then for files classes tables of data registration according to the feature for being sensitive data are as follows: file format is
It include character " identity card " in picture format and file name.Wherein, picture format includes but is not limited to be listed below
Several frequently seen format: bitmap (BitMaP, BMP) format, GIF(Graphic Interchange format) (Graphics Interchange Format,
GIF), combine photo expert group (Joint Photographic Expert Group, JPEG) format, portable network figure
(Portable Network Graphics, PNG) format.
With the data instance in database, it is assumed that the data length in database is 18 and data format meets regular expressions
Formula: " ^ [1-9] d { 5 } (18 | 19 | ([23] d)) d { 2 } ((0 [1-9]) | (10 | 11 | 12)) (([0-2] [1-9]) | 10 | 20 |
30 | 31) d { 3 } [0-9Xx] $ " data be sensitive data.It can be seen that data length be 18 and data format meet it is above-mentioned just
Then the data of expression formula are identification card number formatted data.Indicate that data are the feature of sensitive data for identification card number formatted data
Are as follows: data length is that 18 and data format meet above-mentioned regular expression.
Certain sensitive data feature can also be for data are in special directory, data belong to special owner etc..
It should be noted that the embodiment of the present invention is with sensitive data feature are as follows: file format is picture format and file
Include in title character " identity card ", data length be 18 and data format meet above-mentioned regular expression for said
Bright, an only of the invention specific example, and do not constitute a limitation of the invention.
In one embodiment of the invention, based on default sensitive data feature database, for the data in cloud resource pond into
Row scanning may include: based on default sensitive data feature database, according to pre-set scan plan, in cloud resource pond
Data be scanned, wherein the scan plan includes starting sweep time point and scan position.
Specifically, when scan position is full cloud resource pond, i.e., based on default sensitive data feature database, using scan full hard disk
Mode is scanned for the data in cloud resource pond.When scan position be in specified cloud resource pond a certain position (such as certain
One disk, a certain subregion, a certain database, critical directories in system) when, i.e., based on default sensitive data feature database, using pumping
Sample scanning mode is scanned for the data in cloud resource pond.
For scan full hard disk and sampling scanning mode, if only do not included comprising starting sweep time point in scan plan
Terminate sweep time point, then when the time, which reaches, starts sweep time point, starts to scan;After the completion of the scanning of designated position, stop
Only scan.If not only including beginning sweep time point in scan plan also includes to terminate sweep time point, reached when the time
When starting sweep time point, start to scan;When the time, which reaches, terminates sweep time point, stop scanning.
When being based on default sensitive data feature database, it is scanned for the data in cloud resource pond;Scan sensitive data
And sensitive data calls preassembled sensitive data erasing program, wipes sensitive data when meeting erased conditions.
Specifically, the sensitive data in the embodiment of the present invention meets erased conditions, it can be to receive for sensitive data
Erasing instruction;It can also be to monitor that the virtual machine for generating the sensitive data is destroyed;It can also be to monitor sensitive data
Corresponding user is deleted etc..
Below to monitor sensitive data correspond to user be deleted be described in detail.
Illustratively, it is assumed that certain user has submitted sensitive data " identity card scanning during certain bank handles bank card
Part ".But bank card that the user handles in the row and the bank card handled in other banks do not have in longer period of time
Income record (deposit, Internetbank gathering etc.) and expenditure record (withdrawing the money, Internetbank is transferred accounts).Then bank can delete the user at this time
It removes, while the identity card scanned copy of the user being deleted.
Assuming that certain user has handled phonecard in certain communication common carrier, and has submitted sensitive data " identification card number ", by identity
A card number telephone number corresponding with phonecard is bound.The communication common carrier detects that the telephone number arrearage is more than one section longer
Time can recycle the telephone number at this time, the identification card number with telephone number binding be deleted, by identification card number and phone number
Code is unbinded.
Specifically, can first be backed up to sensitive data before deleting sensitive data.Band after preventing sensitive data to be deleted
The loss come.
In one embodiment of the invention, preassembled sensitive data erasing program is called, sensitive data is wiped, it can
To include: to call preassembled sensitive data erasing program, sensitive data is crushed.
Wherein, crushing sensitive data is by sensitive data region using other rewriting datas, so that sensitive data is thorough
Bottom is deleted, and can not be resumed.
In one embodiment of the invention, access of the user to sensitive data can also be controlled.Specifically, can be set
For the various permissions of sensitive data, such as: read right, write permission execute permission, call permission, duplication permission, delete permission
Deng.The protection of Life cycle is carried out to sensitive data by the setting of above-mentioned permission.And it is also based on log access note
Record monitors access of the user to sensitive data.
In one embodiment of the invention, it is calling preassembled sensitive data to wipe program, is wiping sensitive data
Before, the sensitive data scanned can also be marked.Protection is carried out to sensitive data by label and erasing is handled
Deng.
Fig. 2 shows second of flow diagrams of sensitive data method for deleting provided in an embodiment of the present invention.The present invention
On the basis of embodiment illustrated in fig. 2 embodiment shown in Fig. 1, increase S103 before S102: according to pre-set classification gauge
Then, classify to the sensitive data scanned.
Illustratively, pre-set classifying rules is as follows:
The first kind: user identity and authentication information class (hereinafter referred to as A class).
Wherein, A class includes two subclasses: user identity and identification information class (hereinafter referred to as A1 class) and user network identity
Authentication information class (hereinafter referred to as A2 class).
A1 class includes five subclasses again: natural person's identity class (hereinafter referred to as A1-1 class), network identity mark class (with
Lower abbreviation A1-2 class), user's basic document class (hereinafter referred to as A1-3 class), entity identities prove class (hereinafter referred to as A1-4 class) and
User's secret data class (hereinafter referred to as A1-5 class).A2 class includes a subclass again: user password and related information are (hereinafter referred to as
A2-1 class).
Second class: user data and service content information class (hereinafter referred to as B class).
Wherein, B class includes a subclass: service content and data (hereinafter referred to as B1 class).
B1 class includes two subclasses again: service content data class (hereinafter referred to as B1-1 class) and contact information class are (following
Abbreviation B1-2 class).
Third class: user service relevant information class (hereinafter referred to as C class).
Wherein, C class includes two subclasses: user service using data class (hereinafter referred to as C1 class) and facility information class (with
Lower abbreviation C2 class).
C1 class includes five subclasses again: service order relation object (hereinafter referred to as C1-1 class), service log and log class (with
Lower abbreviation C1-2 class), consumption information and bill class (hereinafter referred to as C1-3 class), position data class (hereinafter referred to as C1-4 class) and disobey
Rule record data class (hereinafter referred to as C1-5 class).C2 class includes two subclasses again: Terminal Equipment Identifier class (hereinafter referred to as C2-1
Class) and terminal device data class (hereinafter referred to as C2-2 class).
Wherein, A1-1 class corresponding data are as follows: customer name, type of credential and number, driving license number, bank account, client
Entity number, group customer numbering, group customer title, group customer Fu Zeren contact information etc. can be fixed with precise marking
The information of the specific entity client in position.
A1-2 class corresponding data are as follows: telephone number, email address, network client number, instant messaging account, network social intercourse
User account etc. can be with the precise marking network user or the information of communication user.
A1-3 class corresponding data are as follows: client occupation, work unit, age, gender, native place, hobby etc.;Group customer
Place provinces and cities, place industry, group contract time and agreement expiration time, unit member individual's basic document etc..
A1-4 class corresponding data are as follows: certificates photostat such as identity card, passport, driving license, business license etc.;Fingerprint, vocal print, rainbow
Film etc..
A1-5 class corresponding data are as follows: the personal race of announcement, family members' information, inhabitation address, religious belief, gene, individual are strong
(laws, the administrative regulation such as " reference industry management rules " provide against disclosed related user's private information such as health, private life
User's other information).
A2-1 class corresponding data are as follows: user network identification cipher and related information, such as: mobile phone customer service password, mailbox password,
Mobile wireless local network (Wireless Local Area Network, WLAN) password etc. and various trading passwords and this
The cryptoguard answer etc. of a little cryptographic associations.
B1-1 class corresponding data are as follows: telecommunications network service content data: the Content of Communication such as short message, multimedia message, speech;Mobile interchange
Net service content information, comprising: dialog context involved by the mobile internet services such as Fetion, converged communication, 139 mailboxes, in time
Content, data file, Mail Contents, user's online access content etc. are issued in Content of Communication, group;User's cloud storage, software are fixed
Adopted network (Software Defined Network, SDN), Internet data center (Internet Data Center, IDC)
Deng datas information such as the private privately owned text of storage or caching, multimedias.
B1-2 class corresponding data are as follows: the subscriber datas data such as user communication record, buddy list, group list.
C1-1 class corresponding data are as follows: basic service order relations: situations such as brand, set meal customize;Value added service ordering closes
System: 139 mailboxes, Fetion and address list, come show, registration, modification, the cancellation of the value-added services such as CRBT and packet.
C1-2 class corresponding data are as follows: service detailed list and signaling: the single in detail, 2G/ including voice, short message, multimedia message and internet log
3G/ long term evolution (Long Term Evolution, LTE) user face exernal data representation (External Data
Representation, XDR) and signaling plane XDR etc., with including calling number, master home, called number, when starting communication
Between, the information such as duration, flow;Mobile internet service record: including Cookie content, internet log, connection application program
(Application, APP) etc. includes calling number, network address, online shopping record etc..
C1-3 class corresponding data are as follows: consumption information: machine, network entry time are stopped, in net time, integral, advance deposit, credit etc.
Grade, credit line, payment situation, way of paying and packet remaining sum, transactions history record;Bill: the constant expense monthly entered an item of expenditure in the accounts,
Communication cost, arrearage information, data expense, charge.
C1-4 class corresponding data are as follows: precise position information (such as cell code, base station number, latitude and longitude of base station coordinate) and big
It causes location information (such as area code).
C1-5 class corresponding data are as follows: User Violations record, including the records such as refuse messages, harassing call, blacklist, grey name
It is single etc.;Business records in violation of rules and regulations, including records, blacklist, the gray list such as port abuse, violation channel, objectionable website domain name etc..
C2-1 class corresponding data are as follows: International Mobile Station Equipment Identification (International Mobile Equipment
Identity, IMEI), the address, client identification module equipment media access control (Media Access Control, MAC)
(Subscriber Identification Module, SIM) card international mobile subscriber identity (International
Mobile Subscriber Identification Number, IMSI) information etc. can position specific equipment with precise marking
Information.
C2-2 class corresponding data are as follows: terminal models, brand, manufacturer, OS Type, it is preset installation software application, make
With duration etc..
Illustratively, with sensitive data are as follows: file format is the file in picture format and file name comprising identity card
For.Identify that the sensitive data is identity card photostat.According to above-mentioned classifying rules, which can be divided into
A1-4 class.
Classified based on classifying rules to sensitive data, can be convenient the management to sensitive data.
Fig. 3 shows the third flow diagram of sensitive data method for deleting provided in an embodiment of the present invention.The present invention
On the basis of embodiment illustrated in fig. 3 embodiment shown in Fig. 1, increase S104 before S102: according to pre-set classifier
Then, the sensitive data scanned is classified.
It should be noted that S104 shown in the embodiment of the present invention can also be to increase on the basis of embodiment shown in Fig. 2.
Illustratively, pre-set classification rule includes four ranks, is respectively as follows: pole sensitivity level, sensitivity level, more sensitive
Grade and low sensitivity level.
Wherein, sensitivity level data in pole may include: above-mentioned to belong to A1-4 class data, A1-5 class data and A2-1 class number
According to.
Sensitivity level data may include: above-mentioned to belong to A1-1 class data, A1-2 class data, A1-3 class data, B1-1 class number
According to, B1-2 class data, C1-2 class data and C1-4 class data.
It may include: above-mentioned to belong to C1-3 class data, C2-1 class data and C2-2 class data compared with sensitivity level data.
Muting sensitive sense grade data may include: above-mentioned to belong to C1-1 class data and C1-5 class data.
Sensitive data is classified based on classification rule, can be convenient the management to sensitive data.
The sensitive data method for deleting of the embodiment of the present invention, sensitive data is wiped.Avoid the sensitivity in cloud resource pond
The leakage of data, can be improved Information Security.
Corresponding with above-mentioned embodiment of the method, the embodiment of the present invention also provides a kind of sensitive data erasing apparatus.
Fig. 4 shows the first structural schematic diagram of sensitive data erasing apparatus provided in an embodiment of the present invention.It can be with
It include: scan module 401 and erasing module 402, wherein
Scan module 401, for being scanned for the data in cloud resource pond based on default sensitive data feature database;
Module 402 is wiped, for when scanning is to sensitive data and sensitive data meets erased conditions, calling installation in advance
Sensitive data wipe program, wipe sensitive data.
Being stored in default sensitive data feature database indicates that data are the feature of sensitive data.
With files classes data instance, it is assumed that file format is in picture format and file name comprising keyword " identity card "
Files classes data be sensitive data.Then for files classes tables of data registration according to the feature for being sensitive data are as follows: file format is
It include character " identity card " in picture format and file name.Wherein, picture format includes but is not limited to be listed below
Several frequently seen format: BMP format, GIF format, jpeg format, PNG format.
With the data instance in database, it is assumed that the data length in database is 18 and data format meets regular expressions
Formula: " ^ [1-9] d { 5 } (18 | 19 | ([23] d)) d { 2 } ((0 [1-9]) | (10 | 11 | 12)) (([0-2] [1-9]) | 10 | 20 |
30 | 31) d { 3 } [0-9Xx] $ " data be sensitive data.It can be seen that data length be 18 and data format meet it is above-mentioned just
Then the data of expression formula are identification card number formatted data.Indicate that data are the feature of sensitive data for identification card number formatted data
Are as follows: data length is that 18 and data format meet above-mentioned regular expression.
Certain sensitive data feature can also be for data are in special directory, data belong to special owner etc..
It should be noted that the embodiment of the present invention is with sensitive data feature are as follows: file format is picture format and file
Include in title character " identity card ", data length be 18 and data format meet above-mentioned regular expression for said
Bright, an only of the invention specific example, and do not constitute a limitation of the invention.
The scan module 401 of the embodiment of the present invention, specifically can be used for: based on default sensitive data feature database, according to pre-
The scan plan being first arranged is scanned for the data in cloud resource pond, wherein the scan plan includes when starting scanning
Between put and scan position.
Specifically, when scan position is full cloud resource pond, i.e., based on default sensitive data feature database, using scan full hard disk
Mode is scanned for the data in cloud resource pond.When scan position be in specified cloud resource pond a certain position (such as certain
One disk, a certain subregion, a certain database, critical directories in system) when, i.e., based on default sensitive data feature database, using pumping
Sample scanning mode is scanned for the data in cloud resource pond.
For scan full hard disk and sampling scanning mode, if only do not included comprising starting sweep time point in scan plan
Terminate sweep time point, then when the time, which reaches, starts sweep time point, starts to scan;After the completion of the scanning of designated position, stop
Only scan.If not only including beginning sweep time point in scan plan also includes to terminate sweep time point, reached when the time
When starting sweep time point, start to scan;When the time, which reaches, terminates sweep time point, stop scanning.
When being based on default sensitive data feature database, it is scanned for the data in cloud resource pond;Scan sensitive data
And sensitive data calls preassembled sensitive data erasing program, wipes sensitive data when meeting erased conditions.
Specifically, the sensitive data in the embodiment of the present invention meets erased conditions, it can be to receive for sensitive data
Erasing instruction;It can also be to monitor that the virtual machine for generating the sensitive data is destroyed;It can also be to monitor sensitive data
Corresponding user is deleted etc..
Below to monitor sensitive data correspond to user be deleted be described in detail.
Illustratively, it is assumed that certain user has submitted sensitive data " identity card scanning during certain bank handles bank card
Part ".But bank card that the user handles in the row and the bank card handled in other banks do not have in longer period of time
Income record (deposit, Internetbank gathering etc.) and expenditure record (withdrawing the money, Internetbank is transferred accounts).Then bank can delete the user at this time
It removes, while the identity card scanned copy of the user being deleted.
Assuming that certain user has handled phonecard in certain communication common carrier, and has submitted sensitive data " identification card number ", by identity
A card number telephone number corresponding with phonecard is bound.The communication common carrier detects that the telephone number arrearage is more than one section longer
Time can recycle the telephone number at this time, the identification card number with telephone number binding be deleted, by identification card number and phone number
Code is unbinded.
Specifically, can first be backed up to sensitive data before deleting sensitive data.Band after preventing sensitive data to be deleted
The loss come.
The erasing module 402 of the embodiment of the present invention, specifically can be used for: call preassembled sensitive data erasing journey
Sequence crushes sensitive data.Wherein, crushing sensitive data is by sensitive data region using other rewriting datas, so that quick
Sense data are thoroughly deleted, and can not be resumed.
In one embodiment of the invention, access of the user to sensitive data can also be controlled.Specifically, can be set
For the various permissions of sensitive data, such as: read right, write permission execute permission, call permission, duplication permission, delete permission
Deng.The protection of Life cycle is carried out to sensitive data by the setting of above-mentioned permission.And it is also based on log access note
Record monitors access of the user to sensitive data.
Fig. 5 shows second of structural schematic diagram of sensitive data erasing apparatus provided in an embodiment of the present invention.The present invention
Embodiment illustrated in fig. 5 on the basis of the embodiment shown in fig. 4, increases categorization module 403, for according to pre-set classification gauge
Then, classify to the sensitive data scanned.
Pre-set classifying rules can refer to the classifying rules in embodiment illustrated in fig. 2.
Classified based on classifying rules to sensitive data, can be convenient the management to sensitive data.
Fig. 6 shows the third structural schematic diagram of sensitive data erasing apparatus provided in an embodiment of the present invention.The present invention
Embodiment illustrated in fig. 6 on the basis of the embodiment shown in fig. 4, increases diversity module 404, for according to pre-set classifier
Then, the sensitive data scanned is classified.
It should be noted that diversity module 404 shown in the embodiment of the present invention can also be with the basis of embodiment shown in Fig. 5
Upper increase.
Pre-set classification rule can refer to the rule of the classification in embodiment illustrated in fig. 3.
Sensitive data is classified based on classification rule, can be convenient the management to sensitive data.
The sensitive data erasing apparatus of the embodiment of the present invention, sensitive data is wiped.Avoid the sensitivity in cloud resource pond
The leakage of data, can be improved Information Security.
In addition, the sensitive data method for deleting and device in conjunction with Fig. 1 to Fig. 6 embodiment of the present invention described can be by sensitivities
Data erasing apparatus is realized.Fig. 7 shows the hardware configuration signal of sensitive data erasing apparatus provided in an embodiment of the present invention
Figure.
Sensitive data erasing apparatus may include processor 701 and the memory 702 for being stored with computer program instructions.
Specifically, above-mentioned processor 701 may include central processing unit (CPU) or specific integrated circuit
(Application Specific Integrated Circuit, ASIC), or may be configured to implement implementation of the present invention
One or more integrated circuits of example.
Memory 702 may include the mass storage for data or instruction.For example it rather than limits, memory
702 may include hard disk drive (Hard Disk Drive, HDD), floppy disk drive, flash memory, CD, magneto-optic disk, tape or logical
With the combination of universal serial bus (Universal Serial Bus, USB) driver or two or more the above.It is closing
In the case where suitable, memory 702 may include the medium of removable or non-removable (or fixed).In a suitable case, it stores
Device 702 can be inside or outside synthesized gateway disaster tolerance equipment.In a particular embodiment, memory 702 is nonvolatile solid state
Memory.In a particular embodiment, memory 702 includes read-only memory (ROM).In a suitable case, which can be
ROM, programming ROM (PROM), erasable PROM (EPROM), the electric erasable PROM (EEPROM), electrically rewritable of masked edit program
The combination of ROM (EAROM) or flash memory or two or more the above.
Processor 701 is by reading and executing the computer program instructions stored in memory 702, to realize above-mentioned implementation
Any one sensitive data method for deleting in example.
In one example, sensitive data erasing apparatus may also include communication interface 703 and bus 710.Wherein, such as Fig. 7
Shown, processor 701, memory 702, communication interface 703 connect by bus 710 and complete mutual communication.
Communication interface 703 is mainly used for realizing in the embodiment of the present invention between each module, device, unit and/or equipment
Communication.
Bus 710 includes hardware, software or both, and the component of sensitive data erasing apparatus is coupled to each other together.It lifts
It for example rather than limits, bus may include accelerated graphics port (AGP) or other graphics bus, enhancing Industry Standard Architecture
(EISA) bus, front side bus (FSB), super transmission (HT) interconnection, Industry Standard Architecture (ISA) bus, infinite bandwidth interconnect, are low
Number of pins (LPC) bus, memory bus, micro- channel architecture (MCA) bus, peripheral component interconnection (PCI) bus, PCI-
Express (PCI-X) bus, Serial Advanced Technology Attachment (SATA) bus, Video Electronics Standards Association part (VLB) bus or
The combination of other suitable buses or two or more the above.In a suitable case, bus 710 may include one
Or multiple buses.Although specific bus has been described and illustrated in the embodiment of the present invention, the present invention considers any suitable bus
Or interconnection.
The sensitive data erasing apparatus can be based in the relevant information in the cloud resource pond execution embodiment of the present invention
Sensitive data method for deleting, to realize in conjunction with Fig. 1 to Fig. 6 sensitive data method for deleting described and device.
In addition, in conjunction with the sensitive data method for deleting in above-described embodiment, the embodiment of the present invention can provide a kind of computer
Readable storage medium storing program for executing is realized.Computer program instructions are stored on the computer readable storage medium;The computer program refers to
Enable any one the sensitive data method for deleting realized in above-described embodiment when being executed by processor.
It should be clear that the invention is not limited to specific configuration described above and shown in figure and processing.
For brevity, it is omitted here the detailed description to known method.In the above-described embodiments, several tools have been described and illustrated
The step of body, is as example.But method process of the invention is not limited to described and illustrated specific steps, this field
Technical staff can be variously modified, modification and addition after understanding spirit of the invention, or suitable between changing the step
Sequence.
Functional block shown in structures described above block diagram can be implemented as hardware, software, firmware or their group
It closes.When realizing in hardware, it may, for example, be electronic circuit, specific integrated circuit (ASIC), firmware appropriate, insert
Part, function card etc..When being realized with software mode, element of the invention is used to execute program or the generation of required task
Code section.Perhaps code segment can store in machine readable media program or the data-signal by carrying in carrier wave is passing
Defeated medium or communication links are sent." machine readable media " may include any medium for capableing of storage or transmission information.
The example of machine readable media includes electronic circuit, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), soft
Disk, CD-ROM, CD, hard disk, fiber medium, radio frequency (RF) link, etc..Code segment can be via such as internet, inline
The computer network of net etc. is downloaded.
It should also be noted that, the exemplary embodiment referred in the present invention, is retouched based on a series of step or device
State certain methods or system.But the present invention is not limited to the sequence of above-mentioned steps, that is to say, that can be according in embodiment
The sequence referred to executes step, may also be distinct from that the sequence in embodiment or several steps are performed simultaneously.
The above description is merely a specific embodiment, it is apparent to those skilled in the art that,
For convenience of description and succinctly, the system, module of foregoing description and the specific work process of unit can refer to preceding method
Corresponding process in embodiment, details are not described herein.It should be understood that scope of protection of the present invention is not limited thereto, it is any to be familiar with
Those skilled in the art in the technical scope disclosed by the present invention, can readily occur in various equivalent modifications or substitutions,
These modifications or substitutions should be covered by the protection scope of the present invention.
Claims (10)
1. a kind of sensitive data method for deleting, which is characterized in that the described method includes:
Based on default sensitive data feature database, it is scanned for the data in cloud resource pond;
When scanning is to sensitive data and the sensitive data meets erased conditions, preassembled sensitive data erasing journey is called
Sequence wipes the sensitive data.
2. being provided the method according to claim 1, wherein described be based on default sensitive data feature database for cloud
Data in the pond of source are scanned, comprising:
It is scanned using scan full hard disk mode for the data in cloud resource pond based on default sensitive data feature database.
3. being provided the method according to claim 1, wherein described be based on default sensitive data feature database for cloud
Data in the pond of source are scanned, comprising:
It is swept according to pre-set scan plan for the data in cloud resource pond based on default sensitive data feature database
It retouches, wherein the scan plan includes starting sweep time point and scan position.
4. the method according to claim 1, wherein calling preassembled sensitive data to wipe journey described
Sequence, before wiping the sensitive data, the method also includes:
According to pre-set classifying rules, classify to the sensitive data scanned.
5. the method according to claim 1, wherein calling preassembled sensitive data to wipe journey described
Sequence, before wiping the sensitive data, the method also includes:
According to pre-set classification rule, the sensitive data scanned is classified.
6. the method according to claim 1, wherein calling preassembled sensitive data to wipe journey described
Sequence, before wiping the sensitive data, the method also includes:
The sensitive data scanned is marked.
7. the method according to claim 1, wherein described call preassembled sensitive data to wipe program,
Wipe the sensitive data, comprising:
Preassembled sensitive data erasing program is called, the sensitive data is crushed.
8. a kind of sensitive data erasing apparatus, which is characterized in that described device includes: scan module and erasing module, wherein
The scan module, for being scanned for the data in cloud resource pond based on default sensitive data feature database;
The erasing module, for when scanning is to sensitive data and the sensitive data meets erased conditions, calling peace in advance
The sensitive data of dress wipes program, wipes the sensitive data.
9. a kind of sensitive data erasing apparatus, which is characterized in that the equipment includes: processor and is stored with computer program
The memory of instruction;
The processor realizes the sensitive data as described in claim 1-7 any one when executing the computer program instructions
Method for deleting.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program instruction;
Realize that the sensitive data as described in claim 1-7 any one is wiped when the computer program instructions are executed by processor
Except method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710463588.8A CN109145630A (en) | 2017-06-19 | 2017-06-19 | Sensitive data method for deleting, device, equipment and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710463588.8A CN109145630A (en) | 2017-06-19 | 2017-06-19 | Sensitive data method for deleting, device, equipment and computer readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109145630A true CN109145630A (en) | 2019-01-04 |
Family
ID=64804297
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710463588.8A Pending CN109145630A (en) | 2017-06-19 | 2017-06-19 | Sensitive data method for deleting, device, equipment and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109145630A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102763098A (en) * | 2009-12-14 | 2012-10-31 | 思杰系统有限公司 | Methods and systems for communicating between trusted and non-trusted virtual machines |
CN104205115A (en) * | 2012-03-26 | 2014-12-10 | 国际商业机器公司 | Using different secure erase algorithms to erase chunks from file associated with different security levels |
US20150033221A1 (en) * | 2013-07-24 | 2015-01-29 | International Business Machines Corporation | Sanitization of virtual machine images |
CN106789964A (en) * | 2016-12-02 | 2017-05-31 | 中国移动通信集团新疆有限公司 | Cloud resource pool data safety detection method and system |
-
2017
- 2017-06-19 CN CN201710463588.8A patent/CN109145630A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102763098A (en) * | 2009-12-14 | 2012-10-31 | 思杰系统有限公司 | Methods and systems for communicating between trusted and non-trusted virtual machines |
CN104205115A (en) * | 2012-03-26 | 2014-12-10 | 国际商业机器公司 | Using different secure erase algorithms to erase chunks from file associated with different security levels |
US20150033221A1 (en) * | 2013-07-24 | 2015-01-29 | International Business Machines Corporation | Sanitization of virtual machine images |
CN106789964A (en) * | 2016-12-02 | 2017-05-31 | 中国移动通信集团新疆有限公司 | Cloud resource pool data safety detection method and system |
Non-Patent Citations (1)
Title |
---|
刘明辉 等: ""云环境下的敏感数据保护技术研究"", 《电信科学》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20190236289A1 (en) | System and method to reduce inappropriate email and online behavior | |
WO2015096695A1 (en) | Installation control method, system and device for application program | |
CN108763921B (en) | A kind of method of application software and SDK control | |
CN104376266B (en) | The determination method and device of application software level of security | |
US20110119730A1 (en) | Enforcing Centralized Communication Policies | |
EP1422646A2 (en) | System and Method for Electronic Purchase | |
US10142494B2 (en) | Enforcement of compliance rules | |
CN105263119A (en) | Geographical position information-based mobile intelligent terminal communication encryption method | |
CN111797418A (en) | Control method and device of online service, service terminal, server and storage medium | |
Liccardi et al. | Improving mobile app selection through transparency and better permission analysis | |
CN109150864B (en) | Anti-cheating method and device based on secondary authentication | |
KR20080072873A (en) | Anti-spam application storage system | |
US11956384B2 (en) | Intelligent attestation of traffic using a routing engine | |
CN109145630A (en) | Sensitive data method for deleting, device, equipment and computer readable storage medium | |
CN117035391A (en) | Risk identification method and risk identification device | |
CN107679871B (en) | List management method, device, system and computer readable storage medium | |
CN104021351A (en) | Method and device for data resource access | |
CN111988473B (en) | Voice communication call control method and device based on intelligent contract | |
CN108924270B (en) | Method for updating terminal contact information, server and storage medium | |
CN107809758B (en) | SIM card information protection method and device | |
CN106446717A (en) | Information processing method, device and terminal | |
CN112995999B (en) | Fraud location identification method and device and computing equipment | |
US20130117374A1 (en) | Social Network with Blocked Network Users and Accessible Network Users | |
Cheng et al. | Characterizing the Security Threats of Disposable Phone Numbers | |
CN115243246B (en) | Safety alarm system based on big data informatization |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190104 |