CN110049021A - Data of information system safety protecting method and system - Google Patents
Data of information system safety protecting method and system Download PDFInfo
- Publication number
- CN110049021A CN110049021A CN201910238005.0A CN201910238005A CN110049021A CN 110049021 A CN110049021 A CN 110049021A CN 201910238005 A CN201910238005 A CN 201910238005A CN 110049021 A CN110049021 A CN 110049021A
- Authority
- CN
- China
- Prior art keywords
- data
- sensitive
- checked
- request
- protecting method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Medical Informatics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a kind of data of information system safety protecting method and systems, including measurement information to be checked is obtained from examining system to be checked;Classify to the measurement information to be checked of acquisition, and all kinds of sensitive datas are marked;When using sorted data, all kinds of sensitive datas occur to using terminal and transmission are monitored, block, and in data sharing and transmission, every request that user is issued or is submitted by authentication rules judge user department rank and requested data content identity authority whether real-time matching, if matching, allow to request, and to allow by it is rear response return data equally carry out matching discrimination by authentication rules, if mismatching, refuse to request.The present invention effectively prevent leaking data, advantageously ensures that data safety.
Description
Technical field
The present invention relates to the technical field of information retrieval, refers in particular to a kind of data of information system safety protecting method and be
System.
Background technique
With the extensive use of cyberspace being surging forward with information technology, it is being greatly facilitated economy and society development
Meanwhile ongoing Security risk and challenge complicated and changeable are brought to us.In recent years, data theft, information leakage event layers
It is not poor out.The global common data issued in the recent period according to Gemalto is revealed severity index and is shown, 945 since 2018
Secondary event leads to 4,500,000,000 information leakages, causes economic loss multi-million dollar.To find out its cause, " IBM X-Force prestige in 2018
Side of body information index " survey report shows that having 2/3rds in the event of 2017 annual datas leakage is that organization internal personnel are unintentional
Stolen or inside threat causes network attack to cause.
Data resource interconnects, shares opening, so that preventing based on boundary, for the traditional human system of outside invasion
I be unequal to it is anti-because these defense systems can not protect the internal leaking data of the formation such as stealing, abuse, neglecting.In addition, with data
Encryption and decryption is that the security protection of means can not cope with the mass data processing in explosive growth.Meanwhile simple data are leakage-preventing
(DLP) do not accomplish data safety yet, because needing to protect which data on earth, how to accomplish full protection, technology and strategy, system
How degree, mechanism cooperate, and these problems solve not yet.
In order to overcome the above problem, Chinese invention patent (CN105516141A) discloses a kind of peace based on operation system
Full control platform, the safety control platform include authentication module, access control module, security audit module, have communicated
Whole property module, communication security module and data security module.Although the above-mentioned safety that can make operating information system enhances,
But the events such as still there is leaking data, distort, seriously affect the privacy and reliability of data.
Summary of the invention
For this purpose, technical problem to be solved by the present invention lies in overcome the problems, such as it is existing there are leaking data, distort, thus
One kind is provided and effectively prevent leaking data, data tampering, realizes data safety, controllable data of information system safety protecting method
And system.
In order to solve the above technical problems, a kind of data of information system safety protecting method of the invention, includes the following steps:
Measurement information to be checked is obtained from examining system to be checked;Classify to the measurement information to be checked of acquisition, and sensitive data is marked;
To sorted data in use, all kinds of sensitive datas occur to using terminal and transmission are monitored, block;?
When data sharing and transmission, the every request for issuing or submitting to user judges user department rank and institute by authentication rules
The identity authority of the data content of request whether real-time matching, if matching, allow to request, and to allow by rear response return
Data equally carry out matching discrimination by authentication rules, if mismatch, refuse to request.
In one embodiment of the invention, the data are before use, store sorted data, and store
When data are monitored.
In one embodiment of the invention, the data encrypt data, including and be not limited in storage
Bright encryption and decryption, dynamic encryption and decryption, fine granularity control extension, ciphertext index, Encryption Algorithm and cipher key technique.
In one embodiment of the invention, the data carry out desensitization process to sensitive data when sharing.
In one embodiment of the invention, after the data are transmitted, data are destroyed, and to destruction data
Carry out sensitive data inspection.
In one embodiment of the invention, the data are in use, sharing and transmission link, number leakage-preventing to data
It traces to the source according to tracking and the data of every sensitive data inspection acquisition is analyzed, summarize abnormal phenomenon, abnormal behaviour is carried out
Monitoring.
In one embodiment of the invention, described when all kinds of sensitive datas are marked, including to structural data
Watermark and watermark to unstructured data.
It in one embodiment of the invention, further include that credible tracking, distribution circulation are carried out to marked sensitive data
Monitoring and leakage are traced to the source, the embeddable multiple network equipment of sensitivity label means of identification.
In one embodiment of the invention, when the measurement information to be checked of described pair of acquisition is classified, according to the more of data
Dimensional feature and its logic association of mutual objective reality are classified.
The invention also discloses a kind of data of information system security protection systems, including data capture unit, data classification
Hierarchical policy unit and anti-data-leakage unit, wherein the data capture unit with examining system to be checked for connecting and from institute
It states and obtains measurement information to be checked at examining system to be checked;The data classification hierarchical policy unit be used for the measurement information to be checked of acquisition into
Row classification, and all kinds of sensitive datas are marked;The anti-data-leakage unit is included in and uses sorted data
When, all kinds of sensitive datas occur to using terminal and transmission are monitored, block;It is right in data sharing and transmission
Every request that user issues or submits is judged the body of user department rank Yu requested data content by authentication rules
Part permission whether real-time matching, if matching, allows to request, and to allowing the data returned by rear response equally to advise by authentication
Matching discrimination is then carried out, if mismatching, refuses to request.
The above technical solution of the present invention has the following advantages over the prior art:
Data of information system safety protecting method of the present invention and system, to sorted data in use, to using
All kinds of sensitive datas that terminal occurs and transmission are monitored, block;In data sharing and transmission, user is issued
Or the every request submitted by authentication rules judge user department rank and requested data content identity authority whether
Real-time matching, to realize that the fine granularity permission for accessing data to each user of service of information system controls, due to from acquisition, converging
Always, it in the landing safeguard procedures on each node such as use, sharing, transmission, realizes to sensitivity numbers all kinds of in data Life cycle
According to it is comprehensive control, it is leakage-preventing, thus formed a closed-loop data security protection system, effectively prevent leaking data, data to usurp
The events such as change to occur, realizes the safely controllable of data.
Detailed description of the invention
In order to make the content of the present invention more clearly understood, it below according to specific embodiments of the present invention and combines
Attached drawing, the present invention is described in further detail, wherein
Fig. 1 is the flow chart of data of information system safety protecting method of the present invention;
Fig. 2 is the schematic diagram of data of information system security protection system of the present invention.
Figure of description description of symbols: 11- data capture unit, 12- data classification hierarchical policy unit, 13- data are anti-
Leakage unit.
Specific embodiment
Embodiment one
As shown in Figure 1, including the following steps: step S1 the present embodiment provides a kind of data of information system safety protecting method: from
Measurement information to be checked is obtained at examining system to be checked;Step S2: classifying to the measurement information to be checked of acquisition, and carries out to sensitive data
Label;Step S3: to sorted data in use, to using terminal occur and transmission all kinds of sensitive datas carry out
Monitoring blocks;In data sharing and transmission, the every request for issuing or submitting to user judges user by authentication rules
The identity authority of department's rank and requested data content whether real-time matching, if matching, allows to request, and to allowing to lead to
Later the data for responding return equally carry out matching discrimination by authentication rules, if mismatching, refuse to request.
Data of information system safety protecting method described in the present embodiment in the step S1, obtains from examining system to be checked
Measurement information to be checked, to be conducive to collect data;In the step S2, classify to the measurement information to be checked of acquisition, and to quick
Sense data are marked, and are conducive to raising system general safety protective capacities, guarantee electric power monitoring system, personal sensitive data etc.
The safety of significant data;In the step S3, to sorted data in use, occur to using terminal and transmission
All kinds of sensitive datas are monitored, block;In data sharing and transmission, the every request for issuing or submitting to user is by mirror
Power rule judge whether real-time matching is permitted if matching for the identity authority of user department rank and requested data content
Perhaps it requests, and to allowing the data returned by rear response equally to carry out matching discrimination by authentication rules, further determines that data
The permission of access is refused to request if mismatching, to realize that the fine granularity for accessing data to each user of service of information system is weighed
Limit control, due to from acquiring, summarize, use, sharing, in the landing safeguard procedures on each node such as transmission, realize complete to data
The comprehensive of all kinds of sensitive datas manages, is leakage-preventing in life cycle, to form a closed-loop data security protection system, effectively
It prevents the events such as leaking data, data tampering from occurring, realizes the safely controllable of data.
The data need to classify to the measurement information to be checked of acquisition after the completion of acquisition.Specifically, according to data
Multidimensional characteristic and its logic association of mutual objective reality are classified.And data are done classify when, need to be according to data
Principle of classification is cross-border to multi-disciplinary data sharing, data etc. to take the different precautionary measures, the protection of Lai Tigao system general safety
Ability guarantees the safety of the significant datas such as electric power monitoring system, personal sensitive data.In addition, in the measurement information to be checked to acquisition
When being classified, need that all kinds of sensitive datas are marked.Specifically, described when all kinds of sensitive datas are marked, packet
The watermark to structural data and the watermark to unstructured data are included, to track and to trace to the source.The data are anti-
Leakage unit further includes carrying out credible tracking, distribution circulation monitoring and leakage to marked sensitive data to trace to the source, sensitivity label
The embeddable multiple network equipment of means of identification, including each DLP equipment and all kinds of checking tools.
The data are before use, also need to store sorted data, and while storing is monitored data,
To it is advantageously ensured that all kinds of sensitive informations store compliance.Specifically, link is stored in data, to database, application service
The content stored in the equipment such as device, big data storage, cloud storage is monitored.The sorted data are stored in network data
Leakage protective net is shut (abbreviation network DLP), and the network DLP is mainly used for bypass (or concatenation) and is mounted on network exit,
Pass through and monitor Email (smtp protocol, IMAP protocol), WEB(HTTP agreement), file transmission (File Transfer Protocol) and network share
It transmitting (SMB agreement), monitoring network, identification sensitive data forms risk case and is uploaded to uniform data management platform,
And leaking data is operated and implements to block, to be conducive to ensure data storage security.
In addition, sensitive data transmits in a network, the security threats such as man-in-the-middle attack, data eavesdropping, identity forgery are faced.
In order to guarantee transmission safety of the data on network, between large data center and I and II system pushing system, enlarging system, region
To guarantee secure communication between the difference security domain of inside and outside.Data are transmitted using special line, external network portion core application can be with
It is accessed using VPN, https agreement is supported in WEB access.
In order to prevent leakage of data caused by stored in clear, break through Border Protection external hackers attack, from inside
The data theft and bypass valid application system of high permission user directly accesses the database, and solves the leakage of database sensitive data
Problem, the data encrypt data in storage, including and are not limited to transparent encryption and decryption, dynamic encryption and decryption, fine granularity
Control extension, ciphertext index, Encryption Algorithm and cipher key technique, the control of flexible permission and decentralized management.It is wherein described transparent
Encryption means that encryption does not need too many additional management, is mainly reflected in two aspects: firstly, application program is transparent, user
Or developer does not need to do application program any transformation;Followed by encryption and decryption is transparent, for having ciphertext access authority
User carries out encryption and decryption automatically, for lacking user's denied access of ciphertext access authority;The dynamic encryption and decryption is to being stored in
Data in database carry out flexible automation dynamic encryption decryption in real time, do not need artificially to interfere, fully achieve to data
Secure storage, safe handling, prevent information concerning security matters.User time is both saved in this way, has also achieved the purpose that protect file.Only
User is wanted to have the operation to encryption data, then encryption data will be automatically encrypted or decrypt, user is imperceptible plus solves
The presence of close process;In the fine granularity control extension, data base encryption rank flexibly configurable encrypts for whole library, table encrypts,
Row encryption, is based on the various ways such as specified conditions encryption at column encryption.User can flexible choice encryption side according to actual needs
Formula, system find optimal balance point between the safety and database performance of data, while guaranteeing that sensitive data is safe,
It ensure that the performance of database to the greatest extent;In the ciphertext index, index will be ineffective in plain text after data encryption, causes
Even if only inquiring a data to be also required to once be decrypted all data, this undoubtedly increases the time of inquiry.System is adopted
With ciphertext index, inquiry operation be decrypted, which may not necessarily to all data, can inquire corresponding data, greatly improve
Cryptogram search speed;It, can flexible choice 3DES, AES, SM4 scheduling algorithm in the Encryption Algorithm and cipher key technique.System is using more
Grade cipher key technique.Each field possesses different, independent, unique column keys, carries out encrypting and decrypting control to field.Institute
Column key be to be generated by master key, control column key encrypting and decrypting.Master key is stored within hardware, and guarantee will not be stolen
It takes and destroys, column key is stored in encrypted database.Guarantee that encryption data will not be broken by double secret key technology
Solution increases safety.
To sorted data in use, occur to the using terminal and all kinds of sensitive datas of transmission are monitored,
Including entering mail transmission/reception and various external equipments such as USB flash disk, CD, printer, camera, screenshotss etc. channel to sensitive data
Monitoring and blocking.In addition, the target of security protection is to ensure that data are being accessed within the scope of authority, are handling, prevent data from meeting with
It steals, leak, damage.To realize this target, specifically, for database access: database account management is database peace
The wide-scale distribution of one of full greateset risk, database account password can bring high security risk.Database must use
Complicated password and regular Change Password strategy reinforce database access safety comprehensively.For not entering for the first time or for a long time
The Association Identity feature of database carries out risk alarm, the Database Intrusion behavior having found that it is likely that at the first time.For sensitive number
According to can also be with automatic sensing and covering: using all kinds of sensitive informations rules, (passing through scanning number in such a way that automatically scanning is found
According to field, obtain field contents sampling matching sensitive information Rule sensitive information) efficiently, conveniently, comprehensively obtain it is sensitive
Information.
The data also need to carry out desensitization process to sensitive data when sharing.When carrying out desensitization process to sensitive data:
When carrying out electric network data displaying, application system needs to carry out Fuzzy processing to sensitive data, especially to name, cell-phone number
The individual subscribers sensitive information such as code, identification card number is needed when needing to inquire original sensitive information using the secondary mirror of progress
Power.Operation system or background management system need to have data desensitization function in display data, or the special data of insertion take off
Quick technical tool.When exploitation, test, training or the data mining algorithm that quasi- production district carries out system are verified, need to production
Data carry out batch desensitization, import quasi- production district environment.The data desensitization of logarithm and text type is realized by desensitization technology,
Support a variety of desensitization modes, including irreversible encryption, random, the mask replacement in section etc..Desensitization technology needs can automatically scanning hair
Existing sensitive information realizes that efficiently, conveniently, accurately information desensitizes.
In addition, in data sharing link, establishes complete data authentication rule and advantageously form information safety defense, and institute
Authentication rules are stated to belong on data authentication mechanism framework.Specifically, data authentication mechanism framework setting each application server it
Between data safety network gateway on, control the mutual access between each application.The user identity and facility information for issuing request can bands
Application server where crossing enters the data authentication mechanism on data safety network gateway, cooperates the data classification mark being embedded in advance
Library, data automatic grading rule base, system identity authority library and authentication rules library, with user right and place equipment, using and
The security level classification of Service Privileges real-time matching requested data content is made by authentication rules and being sentenced to the response of user's request
And guide gateway to execute determined response, and to allowing the data returned by rear response equally to carry out by authentication rules surely
With discrimination, realize that the accurate permission to each user of service of information system, equipment, application access in data content granularity controls.
Response judgement in authentication rules includes: complete opening, fractional open, desensitizing opens, decrypt open, encryption, do not open and (refuse
Absolutely) etc., response execution mechanism is directed toward corresponding association handling device.
It is described in data sharing, it is also necessary to guarantee data integrity and trackability, electronic signature and time can be used
The relevant technologies such as stamp are realized.Generally acknowledged reliable electronic signature is realized based on PKI and eap-message digest technology at present, passes through number
Word signature and the service for checking credentials can ensure the integrality of data itself, realize the resisting denying of related service operation.
The data are in use, sharing and transmission link, and, data tracing leakage-preventing to data is traced to the source and every sensitive data
It checks that the data obtained are analyzed, summarizes abnormal phenomenon, abnormal behaviour is monitored, to be conducive to find peace in time
Full hidden danger.After the data are transmitted, data are destroyed, and carry out sensitive data inspection to data are destroyed, is realized thorough
It destroys without hidden danger at bottom.
Embodiment two
As shown in Fig. 2, the present embodiment provides a kind of data of information system security protection system, including data capture unit 11, number
According to classification hierarchical policy unit 12 and anti-data-leakage unit 13, wherein the data capture unit 11 is used for and system to be detected
System connection simultaneously obtains measurement information to be checked from the examining system to be checked;The data classification hierarchical policy unit 12 is used for acquisition
Measurement information to be checked classify, and all kinds of sensitive datas are marked;The anti-data-leakage unit 13, be included in point
Data after class are in use, all kinds of sensitive datas occur to using terminal and transmission are monitored, block, and in number
When according to sharing and transmission, the every request for issuing or submitting to user is judged user department rank and is asked by authentication rules
The identity authority for the data content asked whether real-time matching, if matching, allow to request, and to allow by it is rear response return
Data equally carry out matching discrimination by authentication rules, if mismatching, refuse to request.
Data of information system security protection system described in the present embodiment, including the classification of data capture unit 11, data classification
Policy unit 12 and anti-data-leakage unit 13, wherein the data capture unit 11 for connect with examining system to be checked and from
Measurement information to be checked is obtained at the examining system to be checked, to be conducive to collect data;The data classification hierarchical policy unit 12
For classifying to the measurement information to be checked of acquisition, and all kinds of sensitive datas are marked, are conducive to raising system and integrally pacify
Full protection ability guarantees the safety of the significant datas such as electric power monitoring system, personal sensitive data;The anti-data-leakage unit
13, including to sorted data in use, to using terminal occur and transmission all kinds of sensitive datas be monitored,
It blocks, and in data sharing and transmission, the every request for issuing or submitting to user judges user by authentication rules
Whether real-time matching allows to ask identity authority between department's rank and requested data content classification if matching
It asks, and to allowing the data returned by rear response equally to carry out matching discrimination by authentication rules, if mismatching, refusal is asked
Ask, to realize that the fine granularity permission for accessing data to each user of service of information system controls, due to from acquire, summarize, using,
Share, in the landing safeguard procedures on each node such as transmission, realize in data Life cycle all kinds of sensitive datas it is comprehensive
It manages, is leakage-preventing, to form a closed-loop data security protection system, effectivelying prevent the events such as leaking data, data tampering
Occur, realizes the safely controllable of data.
The data capture unit 11 is mainly used for being acquired data, can be computer or server.
Obviously, the above embodiments are merely examples for clarifying the description, does not limit the embodiments.For
For those of ordinary skill in the art, other different form variations can also be made on the basis of the above description or are become
It is dynamic.There is no necessity and possibility to exhaust all the enbodiments.And obvious variation extended from this or change
It moves still within the protection scope of the invention.
Claims (10)
1. a kind of data of information system safety protecting method, which comprises the steps of:
Step S1: measurement information to be checked is obtained from examining system to be checked;
Step S2: classify to the measurement information to be checked of acquisition, and sensitive data is marked;
Step S3: to sorted data in use, to using terminal occur and transmission all kinds of sensitive datas carry out
Monitoring blocks;In data sharing and transmission, the every request for issuing or submitting to user judges user by authentication rules
The identity authority of department's rank and requested data content whether real-time matching, if matching, allows to request, and to allowing to lead to
Later the data for responding return equally carry out matching discrimination by authentication rules, if mismatching, refuse to request.
2. data of information system safety protecting method according to claim 1, it is characterised in that: the data are using
Before, data are monitored when storing, and storing to sorted data.
3. data of information system safety protecting method according to claim 2, it is characterised in that: the data are storing
When, data are encrypted, including and be not limited to transparent encryption and decryption, dynamic encryption and decryption, fine granularity control extension, ciphertext index,
Encryption Algorithm and cipher key technique.
4. data of information system safety protecting method according to claim 1, it is characterised in that: the data are being shared
When, desensitization process is carried out to sensitive data.
5. data of information system safety protecting method according to claim 1, it is characterised in that: the data are transmitted
Afterwards, data are destroyed, and carry out sensitive data inspection to data are destroyed.
6. data of information system safety protecting method according to claim 1, it is characterised in that: the data use,
Share and transmission link, the data that, data tracing leakage-preventing to data is traced to the source and every sensitive data inspection obtains analyzed,
Abnormal phenomenon is summarized, abnormal behaviour is monitored.
7. data of information system safety protecting method according to claim 1, it is characterised in that: described to all kinds of sensitive numbers
When according to being marked, including the watermark to structural data and to the watermark of unstructured data.
8. data of information system safety protecting method according to claim 1, it is characterised in that: further include to marked
Sensitive data carries out credible tracking, distribution circulation monitoring and leakage and traces to the source, and the embeddable multiple network of sensitivity label means of identification is set
It is standby.
9. data of information system safety protecting method according to claim 1, it is characterised in that: described pair acquisition it is to be checked
When measurement information is classified, classify according to the multidimensional characteristic of data and its logic association of mutual objective reality.
10. a kind of data of information system security protection system, it is characterised in that: be classified including data capture unit, data classification
Policy unit and anti-data-leakage unit, wherein the data capture unit for connect with examining system to be checked and from it is described to
Measurement information to be checked is obtained at detection system;The data classification hierarchical policy unit is for dividing the measurement information to be checked of acquisition
Class, and all kinds of sensitive datas are marked;The anti-data-leakage unit, is included in sorted data in use, right
All kinds of sensitive datas that using terminal occurs and transmission are monitored, block;In data sharing and transmission, to user
The every request for issuing or submitting is judged the identity authority of user department rank Yu requested data content by authentication rules
Whether real-time matching, if matching, allow to request, and to allow by it is rear response return data equally carried out by authentication rules
Matching distinguishes, if mismatching, refuses to request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910238005.0A CN110049021A (en) | 2019-03-27 | 2019-03-27 | Data of information system safety protecting method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910238005.0A CN110049021A (en) | 2019-03-27 | 2019-03-27 | Data of information system safety protecting method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110049021A true CN110049021A (en) | 2019-07-23 |
Family
ID=67275402
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910238005.0A Pending CN110049021A (en) | 2019-03-27 | 2019-03-27 | Data of information system safety protecting method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110049021A (en) |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110851864A (en) * | 2019-11-08 | 2020-02-28 | 国网浙江省电力有限公司信息通信分公司 | Sensitive data automatic identification and processing method and system |
| CN111046405A (en) * | 2019-12-12 | 2020-04-21 | 国家电网有限公司大数据中心 | Data processing method, device, equipment and storage medium |
| CN111079174A (en) * | 2019-11-21 | 2020-04-28 | 中国电力科学研究院有限公司 | Power consumption data desensitization method and system based on anonymization and differential privacy technology |
| CN111083135A (en) * | 2019-12-12 | 2020-04-28 | 深圳天源迪科信息技术股份有限公司 | Method for processing data by gateway and security gateway |
| CN111191231A (en) * | 2019-12-30 | 2020-05-22 | 绵阳师范学院 | Safety protection method and system for sensitive information |
| CN111756732A (en) * | 2020-06-23 | 2020-10-09 | 北京明朝万达科技股份有限公司 | Data scanning and control method and device, electronic equipment and readable storage medium |
| CN111787029A (en) * | 2020-07-29 | 2020-10-16 | 浙江德迅网络安全技术有限公司 | Advanced network security threat mitigation for https protocol deep monitoring |
| CN111914300A (en) * | 2020-09-21 | 2020-11-10 | 安徽长泰信息安全服务有限公司 | Document encryption device and method for preventing file leakage |
| CN111914035A (en) * | 2020-09-21 | 2020-11-10 | 安徽长泰信息安全服务有限公司 | Data interaction encryption system of distributed database |
| CN112115438A (en) * | 2020-09-15 | 2020-12-22 | 安徽长泰信息安全服务有限公司 | Data security protection device for data dynamic fuzzification server |
| CN112115493A (en) * | 2020-09-16 | 2020-12-22 | 安徽长泰信息安全服务有限公司 | Data leakage protection system based on data acquisition |
| CN112231715A (en) * | 2020-11-11 | 2021-01-15 | 福建有度网络安全技术有限公司 | Data leakage warning method and related device |
| CN112487458A (en) * | 2020-12-09 | 2021-03-12 | 浪潮云信息技术股份公司 | Implementation method and system using government affair open sensitive data |
| CN112560027A (en) * | 2020-12-18 | 2021-03-26 | 福建中信网安信息科技有限公司 | Data safety monitoring system |
| CN112580110A (en) * | 2020-12-23 | 2021-03-30 | 国家电网有限公司大数据中心 | Data resource sharing safety method based on watermark technology |
| CN112613069A (en) * | 2020-12-23 | 2021-04-06 | 国家电网有限公司大数据中心 | Automatic desensitization method based on negative list data resources |
| CN112637142A (en) * | 2020-12-08 | 2021-04-09 | 中国南方电网有限责任公司超高压输电公司 | Security threat tracing method and system based on power network environment |
| CN113095234A (en) * | 2021-04-15 | 2021-07-09 | 泉州文学士信息科技有限公司 | Safety technology prevention monitoring identification information system and method thereof |
| CN113727345A (en) * | 2021-08-30 | 2021-11-30 | 展讯半导体(成都)有限公司 | Wireless network connection access control method, device, storage medium and terminal |
| CN113988753A (en) * | 2021-10-27 | 2022-01-28 | 中国人民解放军国防大学联合勤务学院联合勤务管理系 | Cross-network data exchange system and method based on network isolation state |
| CN115001856A (en) * | 2022-07-18 | 2022-09-02 | 国网浙江省电力有限公司杭州供电公司 | Network security portrait and attack prediction method based on data processing |
| WO2023279837A1 (en) * | 2021-07-09 | 2023-01-12 | 华为云计算技术有限公司 | Method and apparatus for adding watermark in data, and related device |
| CN116257862A (en) * | 2022-12-21 | 2023-06-13 | 上海云砺信息科技有限公司 | Data storage system based on data hierarchical classification and database transparent encryption and decryption method |
| CN116796335A (en) * | 2023-06-20 | 2023-09-22 | 广东网安科技有限公司 | Intelligent protection method for network security |
| CN113988753B (en) * | 2021-10-27 | 2024-05-17 | 中国人民解放军国防大学联合勤务学院联合勤务管理系 | Cross-network data exchange system and method based on network isolation state |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104796290A (en) * | 2015-04-24 | 2015-07-22 | 广东电网有限责任公司信息中心 | Data security control method and data security control platform |
| CN104809405A (en) * | 2015-04-24 | 2015-07-29 | 广东电网有限责任公司信息中心 | Structural data asset leakage prevention method based on hierarchical classification |
| CN105681276A (en) * | 2015-12-25 | 2016-06-15 | 亿阳安全技术有限公司 | Sensitive information leakage active monitoring and responsibility confirmation method and device |
| CN107577939A (en) * | 2017-09-12 | 2018-01-12 | 中国石油集团川庆钻探工程有限公司 | A kind of data leakage prevention method based on key technology |
| US20180343257A1 (en) * | 2017-05-25 | 2018-11-29 | Bank Of America Coporation | Data Leakage and Information Security Using Access Control |
-
2019
- 2019-03-27 CN CN201910238005.0A patent/CN110049021A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104796290A (en) * | 2015-04-24 | 2015-07-22 | 广东电网有限责任公司信息中心 | Data security control method and data security control platform |
| CN104809405A (en) * | 2015-04-24 | 2015-07-29 | 广东电网有限责任公司信息中心 | Structural data asset leakage prevention method based on hierarchical classification |
| CN105681276A (en) * | 2015-12-25 | 2016-06-15 | 亿阳安全技术有限公司 | Sensitive information leakage active monitoring and responsibility confirmation method and device |
| US20180343257A1 (en) * | 2017-05-25 | 2018-11-29 | Bank Of America Coporation | Data Leakage and Information Security Using Access Control |
| CN107577939A (en) * | 2017-09-12 | 2018-01-12 | 中国石油集团川庆钻探工程有限公司 | A kind of data leakage prevention method based on key technology |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110851864A (en) * | 2019-11-08 | 2020-02-28 | 国网浙江省电力有限公司信息通信分公司 | Sensitive data automatic identification and processing method and system |
| CN111079174A (en) * | 2019-11-21 | 2020-04-28 | 中国电力科学研究院有限公司 | Power consumption data desensitization method and system based on anonymization and differential privacy technology |
| CN111046405B (en) * | 2019-12-12 | 2023-07-07 | 国家电网有限公司大数据中心 | Data processing method, device, equipment and storage medium |
| CN111046405A (en) * | 2019-12-12 | 2020-04-21 | 国家电网有限公司大数据中心 | Data processing method, device, equipment and storage medium |
| CN111083135A (en) * | 2019-12-12 | 2020-04-28 | 深圳天源迪科信息技术股份有限公司 | Method for processing data by gateway and security gateway |
| CN111191231A (en) * | 2019-12-30 | 2020-05-22 | 绵阳师范学院 | Safety protection method and system for sensitive information |
| CN111756732A (en) * | 2020-06-23 | 2020-10-09 | 北京明朝万达科技股份有限公司 | Data scanning and control method and device, electronic equipment and readable storage medium |
| CN111756732B (en) * | 2020-06-23 | 2022-07-12 | 北京明朝万达科技股份有限公司 | Data scanning and control method and device, electronic equipment and readable storage medium |
| CN111787029A (en) * | 2020-07-29 | 2020-10-16 | 浙江德迅网络安全技术有限公司 | Advanced network security threat mitigation for https protocol deep monitoring |
| CN111787029B (en) * | 2020-07-29 | 2023-03-17 | 浙江德迅网络安全技术有限公司 | Advanced network security threat mitigation for https protocol deep monitoring |
| CN112115438A (en) * | 2020-09-15 | 2020-12-22 | 安徽长泰信息安全服务有限公司 | Data security protection device for data dynamic fuzzification server |
| CN112115493A (en) * | 2020-09-16 | 2020-12-22 | 安徽长泰信息安全服务有限公司 | Data leakage protection system based on data acquisition |
| CN111914035A (en) * | 2020-09-21 | 2020-11-10 | 安徽长泰信息安全服务有限公司 | Data interaction encryption system of distributed database |
| CN111914300A (en) * | 2020-09-21 | 2020-11-10 | 安徽长泰信息安全服务有限公司 | Document encryption device and method for preventing file leakage |
| CN112231715A (en) * | 2020-11-11 | 2021-01-15 | 福建有度网络安全技术有限公司 | Data leakage warning method and related device |
| CN112637142A (en) * | 2020-12-08 | 2021-04-09 | 中国南方电网有限责任公司超高压输电公司 | Security threat tracing method and system based on power network environment |
| CN112487458B (en) * | 2020-12-09 | 2023-01-20 | 浪潮云信息技术股份公司 | Implementation method and system using government affair open sensitive data |
| CN112487458A (en) * | 2020-12-09 | 2021-03-12 | 浪潮云信息技术股份公司 | Implementation method and system using government affair open sensitive data |
| CN112560027A (en) * | 2020-12-18 | 2021-03-26 | 福建中信网安信息科技有限公司 | Data safety monitoring system |
| CN112580110A (en) * | 2020-12-23 | 2021-03-30 | 国家电网有限公司大数据中心 | Data resource sharing safety method based on watermark technology |
| CN112613069A (en) * | 2020-12-23 | 2021-04-06 | 国家电网有限公司大数据中心 | Automatic desensitization method based on negative list data resources |
| CN113095234A (en) * | 2021-04-15 | 2021-07-09 | 泉州文学士信息科技有限公司 | Safety technology prevention monitoring identification information system and method thereof |
| WO2023279837A1 (en) * | 2021-07-09 | 2023-01-12 | 华为云计算技术有限公司 | Method and apparatus for adding watermark in data, and related device |
| CN113727345A (en) * | 2021-08-30 | 2021-11-30 | 展讯半导体(成都)有限公司 | Wireless network connection access control method, device, storage medium and terminal |
| CN113988753A (en) * | 2021-10-27 | 2022-01-28 | 中国人民解放军国防大学联合勤务学院联合勤务管理系 | Cross-network data exchange system and method based on network isolation state |
| CN113988753B (en) * | 2021-10-27 | 2024-05-17 | 中国人民解放军国防大学联合勤务学院联合勤务管理系 | Cross-network data exchange system and method based on network isolation state |
| CN115001856A (en) * | 2022-07-18 | 2022-09-02 | 国网浙江省电力有限公司杭州供电公司 | Network security portrait and attack prediction method based on data processing |
| CN115001856B (en) * | 2022-07-18 | 2022-10-21 | 国网浙江省电力有限公司杭州供电公司 | Network security portrait and attack prediction method based on data processing |
| CN116257862A (en) * | 2022-12-21 | 2023-06-13 | 上海云砺信息科技有限公司 | Data storage system based on data hierarchical classification and database transparent encryption and decryption method |
| CN116257862B (en) * | 2022-12-21 | 2023-10-20 | 上海云砺信息科技有限公司 | Data storage system based on data hierarchical classification and database transparent encryption and decryption method |
| CN116796335A (en) * | 2023-06-20 | 2023-09-22 | 广东网安科技有限公司 | Intelligent protection method for network security |
| CN116796335B (en) * | 2023-06-20 | 2024-02-13 | 广东网安科技有限公司 | Intelligent protection method for network security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110049021A (en) | Data of information system safety protecting method and system | |
| US20210328969A1 (en) | Systems and methods to secure api platforms | |
| CN112560027A (en) | Data safety monitoring system | |
| CN115733681A (en) | Data security management platform for preventing data loss | |
| CN103310161A (en) | Protection method and system for database system | |
| CN112905965B (en) | Financial big data processing system based on block chain | |
| CN106982204A (en) | Credible and secure platform | |
| CN112329042A (en) | Big data secure storage system and method | |
| CN111046405B (en) | Data processing method, device, equipment and storage medium | |
| CN112100662A (en) | Regional data safety monitoring system | |
| CN114218194A (en) | Data bank safety system | |
| CN117333026A (en) | Risk identification method based on energy big data | |
| CN201805447U (en) | Electronic information management platform system of Intranet | |
| CN115643573A (en) | Privileged account authentication method and system based on dynamic security environment | |
| CN112380544A (en) | Data security protection method of software system | |
| Pan et al. | PLC Protection System Based on Verification Separation. | |
| CN112000953A (en) | Big data terminal safety protection system | |
| CN113839922B (en) | Information safety protection system and method for video monitoring system | |
| CN108134781A (en) | A kind of important information data confidentiality monitoring system | |
| National Computer Security Center (US) | Glossary of Computer Security Terms | |
| Periasamy et al. | Guarding Against Data Breach | |
| CN117272349A (en) | Method, system and storage medium for protecting security of relational database | |
| Yao | How is Big Data related to information security-A literature review | |
| Kangwa | Prevention of personally identifiable information leakage in ecommerce using offline data minimization and online pseudonymisation. | |
| CN116861411A (en) | Secure sandbox data protection method and system based on Seccomp mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190723 |