CN110390209A - Creation data access method and device - Google Patents
Creation data access method and device Download PDFInfo
- Publication number
- CN110390209A CN110390209A CN201910675270.5A CN201910675270A CN110390209A CN 110390209 A CN110390209 A CN 110390209A CN 201910675270 A CN201910675270 A CN 201910675270A CN 110390209 A CN110390209 A CN 110390209A
- Authority
- CN
- China
- Prior art keywords
- creation data
- data
- target
- sensitive
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the present application provides a kind of creation data access method and device, and method therein includes: the creation data access request for target application for receiving user and sending, wherein includes the unique identification of target creation data in the creation data access request;Corresponding pre-stored target creation data is obtained according to the unique identification of the target creation data;Quick rule is related to based on the preset target application is corresponding, judge in the target creation data whether to include sensitive data, if so, will include that the target creation data of the sensitive data is sent to preset virtual desktop so that user accesses the target creation data in the virtual desktop.The application can effectively improve include sensitive data creation data access security, and access process is high-efficient and high degree of automation.
Description
Technical field
This application involves technical field of data processing, and in particular to creation data access method and device.
Background technique
Current all kinds of sensitive informations, significant data leakage event take place frequently, and protecting information safety situation is increasingly serious.To meet
Regulatory requirements and prevention Information Security Risk need accordingly to protect production sensitive information, to meet production sensitive data
It does not reveal, the demands such as data access operation can monitor.
The hundreds of application systems of large bank's data center deployment, O&M or developer are in performance test, production problem
Need largely to inquire or export the creation data of each application system when analysis, if associated production data are related to business sensitivity letter
Breath (client identity information, bank card information, payment sensitive information), is supplied directly to O&M or research staff, may exist
Sensitive data leakage, and then lead to related reputation or supervision risk.But it is limited to solve the needs of problem analysis, it cannot be to correlation
Business sensitive information carries out deformation process.Therefore a kind of automatical and efficient data access system is needed, facilitates access to give birth in satisfaction
While producing data, production sensitive data is protected, leaking data is prevented.
Existing creation data inquiry and guard method have following deficiency:
1, full dose exports data, does not carry out sensitivity classification protection to creation data information, will lead to sensitive information leakage
Risk.
2, related variation or filtration treatment are carried out to the sensitive data accessed, is unable to satisfy user's actual need, such as become
Inconvenient positioning analysis produces problem after shape.
3, existing certain methods access different application systems, different types of creation data and protection, shortage are general
Property, scalability is poor.
Summary of the invention
For the problems of the prior art, the application provides a kind of creation data access method and device, can effectively mention
Height includes the access security of the creation data of sensitive data, and access process is high-efficient and high degree of automation.
In order to solve the above technical problems, the application the following technical schemes are provided:
In a first aspect, the application provides a kind of creation data access method, comprising:
Receive the creation data access request for target application that user sends, wherein the creation data access request
In include target creation data unique identification;
Corresponding pre-stored target creation data is obtained according to the unique identification of the target creation data;
Quick rule is related to based on the preset target application is corresponding, judge in the target creation data whether include
Sensitive data, if so, will include that the target creation data of the sensitive data is sent to preset virtual desktop to use
Family accesses the target creation data in the virtual desktop.
Further, further includes:
If knowing in the target creation data do not include the sensitive data through judgement, directly sent not to user
It include the target creation data of the sensitive data so that user accesses the target creation data.
Further, further includes:
If knowing in the target creation data do not include the sensitive data through judgement, and receive for the mesh
The completion instruction for marking creation data, then relate to the sensitive data of the missing of target creation data described in quick Rule described in application;
The sensitive data is filled into the target creation data;
It will include that the target creation data of the sensitive data is sent to preset virtual desktop so that user is in the void
The target creation data is accessed in quasi- desktop.
Further, it before the creation data access request for target application that the reception user sends, also wraps
It includes:
Corresponding sensitive pattern dictionary is established according to the sensitive information obtained in advance, wherein the sensitive pattern dictionary is used
Unique corresponding relation between each sensitive information of storage and each different rule numbers;
According to each corresponding attribute information of application obtained in advance, by each application and the sensitivity
In regular dictionary at least one of described sensitive information be associated, generate and corresponding described relate to quick rule, wherein it is described relate to it is quick
Rule is for storing each corresponding relationship using between corresponding unique identification and each sensitive information.
Further, further includes:
Change information according to the application state received, relates to quick rule described in corresponding update.
Further, it is described by include the sensitive data target creation data be sent to preset virtual desktop with
User is set to access the target creation data in the virtual desktop, comprising:
It will include that the target creation data of the sensitive data is sent to preset secure cloud desktop pool device, so that should
The quantity for the target creation data that secure cloud desktop pool device receives, the virtual desktop of the identical quantity of dynamic generation, and
Corresponding target creation data is shown in each virtual desktop.
Further, further includes:
If through detect know user complete in the virtual desktop include the sensitive data target produce number
According to access, then nullify the target creation data that the virtual desktop includes the sensitive data with automatic cleaning.
Further, further includes:
Receive acess control request, wherein include the object statistics period in the acess control request;
According in the object statistics period each user issue the creation data access request for target application,
And the corresponding target creation data of each creation data access request generates corresponding statistical report form;
Export the statistical report form.
Further, the sensitive data includes: subscriber identity information, financial asset information and Transaction Information.
Second aspect, the application provide a kind of creation data access mechanism, comprising:
Access request receiving module, for receiving the creation data access request for target application of user's transmission,
In, it include the unique identification of target creation data in the creation data access request;
Creation data obtains module, corresponding pre-stored for being obtained according to the unique identification of the target creation data
Target creation data;
First sensitive data sending module judges institute for relating to quick rule based on the preset target application is corresponding
Whether state in target creation data includes sensitive data, if so, by include the sensitive data target creation data
Preset virtual desktop is sent to so that user accesses the target creation data in the virtual desktop.
Further, further includes:
Nonsensitive data sending module, if for knowing in the target creation data do not include the sensitivity through judgement
Data, then directly sending to user does not include the target creation data of the sensitive data so that user accesses target production
Data.
Further, further includes:
Sensitive data obtains module, if not including the sensitive number for knowing in the target creation data through judgement
According to, and receive the completion instruction for the target creation data, then the production of target described in quick Rule is related to described in application
The sensitive data of shortage of data;
Supplementing Data module, for filling into the sensitive data in the target creation data;
Second sensitive data sending module, for by include the sensitive data target creation data be sent to it is default
Virtual desktop so that user accesses the target creation data in the virtual desktop.
Further, further includes:
Dictionary establishes module, for establishing corresponding sensitive pattern dictionary according to the sensitive information obtained in advance, wherein institute
Sensitive pattern dictionary is stated for storing the unique corresponding relation between each sensitive information and each different rule numbers;
It relates to quick rule and establishes module, it, will for each corresponding attribute information of application that basis obtains in advance
Each application is associated at least one described sensitive information in the sensitive pattern dictionary, is generated corresponding described
Relate to quick rule, wherein it is described relate to quick rule for store the corresponding unique identification of each application with it is each described quick
Feel the corresponding relationship between information.
Further, further includes:
Quick Policy Updates module is related to, for changing information according to the application state received, relates to quick rule described in corresponding update
Then.
Further, the first sensitive data sending module includes:
Desktop dynamic generation submodule, for by include the sensitive data target creation data be sent to it is preset
Secure cloud desktop pool device, so that the quantity for the target creation data that the secure cloud desktop pool device receives, dynamic is raw
At the virtual desktop of identical quantity, and corresponding target creation data is shown in each virtual desktop.
Further, further includes:
Desktop cancellation module, if knowing that user completes in the virtual desktop including the sensitivity for being detected
The target that the virtual desktop includes the sensitive data with automatic cleaning is then nullified in the access of the target creation data of data
Creation data.
Further, further includes:
Request receiving module is counted, for receiving acess control request, wherein include mesh in the acess control request
Mark statistical time range;
Statistical report form generation module is answered for what is issued according to each user in the object statistics period for target
Creation data access request, and, the corresponding target creation data of each creation data access request generates
Corresponding statistical report form;
Statistical report form output module, for exporting the statistical report form.
Further, the sensitive data includes: subscriber identity information, financial asset information and Transaction Information.
The third aspect, the application provides a kind of electronic equipment, including memory, processor and storage are on a memory and can
The computer program run on a processor, the processor realize the creation data access method when executing described program
The step of.
Fourth aspect, the application provide a kind of computer readable storage medium, are stored thereon with computer program, the calculating
The step of creation data access method is realized when machine program is executed by processor.
As shown from the above technical solution, creation data access method provided by the present application and device, method therein include:
Receive the creation data access request for target application that user sends, wherein include in the creation data access request
The unique identification of target creation data;It is raw that corresponding pre-stored target is obtained according to the unique identification of the target creation data
Produce data;Quick rule is related to based on the preset target application is corresponding, judge in the target creation data whether include
Sensitive data, if so, will include that the target creation data of the sensitive data is sent to preset virtual desktop to use
Family accesses the target creation data in the virtual desktop, being capable of production sensitive data to the application system of large-scale data center
Access request carry out automation parsing, differentiation relates to quick information and carries out classification processing, and correlation procedure is automatical and efficient, related
Treatment process can monitor audit, prevent human factor from sensitive data being caused to be revealed, protection produce sensitive data while, can expire
Demand of the sufficient a large number of users to the creation data queried access of multiple application systems improves the efficiency of access creation data.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the application
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is the configuration diagram of the creation data access mechanism of the application.
Fig. 2 is the flow diagram of the creation data access method in the embodiment of the present application.
Fig. 3 be the embodiment of the present application in include step 400 creation data access method process signal.
Fig. 4 be the embodiment of the present application in creation data access method in step 500 to step 700 flow diagram.
Fig. 5 be the embodiment of the present application in creation data access method in step 010 and step 020 flow diagram.
Fig. 6 be the embodiment of the present application in creation data access method in step 800 to step 1000 flow diagram.
Fig. 7 is the structural schematic diagram of the creation data access system in the application application example.
Fig. 8 is the structural schematic diagram for relating to quick rules device in the application application example.
Fig. 9 is the flow diagram for relating to quick rules device relevant treatment process in the application application example.
Figure 10 is the structural schematic diagram of the data query device in the application application example.
Figure 11 is the flow diagram of the data query device relevant treatment process in the application application example.
Figure 12 is the structural schematic diagram of the secure cloud desktop pool device in the application application example.
Figure 13 is the flow diagram of the secure cloud desktop pool device relevant treatment process in the application application example.
Figure 14 is the structural schematic diagram of the Supplementing Data device in the application application example.
Figure 15 is the flow diagram of the Supplementing Data device relevant treatment process in the application application example.
Figure 16 is that the application creation data in the application application example accesses the system realization creation data access method
Overall process flow schematic diagram.
Figure 17 is the structural schematic diagram of the creation data access mechanism in the embodiment of the present application.
Figure 18 is the structural schematic diagram of the electronic equipment in the embodiment of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In attached drawing, technical solutions in the embodiments of the present application carries out clear, complete description, it is clear that described embodiment is
Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall in the protection scope of this application.
, needs more for large-scale data center application system often access the creation data of application system but cannot be right
The case where sensitive data is deformed, this application provides a kind of creation data access methods, creation data access mechanism, electronics
Equipment and computer readable storage medium, the creation data access request for target application sent by receiving user,
In, it include the unique identification of target creation data in the creation data access request;Only according to the target creation data
One mark obtains corresponding pre-stored target creation data;Quick rule is related to based on the preset target application is corresponding, is sentenced
Whether include sensitive data, if so, will include that the target of the sensitive data produces if breaking in the target creation data
Data are sent to preset virtual desktop so that user accesses the target creation data in the virtual desktop, by can flexibly expand
Exhibition relates to quick parameter of regularityization configuration, automatically parses data access request and distinguishes sensitive data, sensitive data is isolated from void
It accesses in quasi- cloud desktop, strengthens the security management and control to sensitive data access.For nonsensitive data, after user can obtain
Completion can be carried out by rule for the sensitive data wherein lacked, generate complete full dose data, to facilitate user in research and development ring
Border real simulation produces situation, promotes research and development test effect.It, can be to large data by the access control platform in Unified Set
The access request of the production sensitive data of the application system at center carries out automation parsing, and differentiation relates to quick information and carries out at classification
Reason, correlation procedure is automatical and efficient, correlation procedure can monitor audit, prevent human factor from sensitive data being caused to be revealed,
While protection produces sensitive data, it is able to satisfy the need of creation data queried access of a large number of users to multiple application systems
It asks, improves the efficiency of access creation data.
For above content, the embodiment of the present application provides a kind of creation data visit for realizing creation data access method
Ask device, the creation data access mechanism can be a kind of server 01, and referring to Fig. 1, the server 01 can be at least one
It communicates to connect, can also be communicated between at least one client device 03 between a database 02 for providing related data
Connection.
Based on above content, the server 01 can include online target creation data from the reception of client device 03
Unique identification the creation data access request for target application, then the server 01 can be raw according to the target
The unique identification for producing data obtains corresponding pre-stored target creation data from database 02 online, is based on the preset mesh
Whether mark application is corresponding relates to quick rule, judge in the target creation data to include sensitive data, if so, will include
The target creation data of the sensitive data is sent to preset virtual desktop so that user accesses the mesh in the virtual desktop
Creation data is marked, the access request for capableing of production sensitive data to the application system of large-scale data center is dissolved automatically
Analysis, differentiation relate to quick information and carry out classification processing, correlation procedure is automatical and efficient, correlation procedure can monitor audit, prevent
Only human factor causes sensitive data to be revealed, and while protection produces sensitive data, is able to satisfy a large number of users to multiple applications
The demand of the creation data queried access of system improves the efficiency of access creation data.
It is understood that the client device may include smart phone, Flat electronic equipment, network machine top box,
Portable computer, desktop computer, personal digital assistant (PDA), mobile unit, intelligent wearable device etc..Wherein, the intelligence
Wearable device may include smart glasses, smart watches, Intelligent bracelet etc..
In practical applications, the part of creation data access can be executed in the server side as described in above content,
Operation that can be all is all completed in the client device.Specifically can according to the processing capacity of the client device,
And limitation of user's usage scenario etc. selects.The application is not construed as limiting this.If all operations are all in the client
It is completed in end equipment, the client device can also include processor.
Above-mentioned client device can have communication module (i.e. communication unit), can be led to long-range server
Letter connection, realizes and transmits with the data of the server.The server may include the server of task schedule center side,
It also may include the server of halfpace in other implement scenes, such as have communication linkage with task schedule central server
Third-party server platform server.The server may include single computer unit, also may include multiple
The server cluster of server composition or the server architecture of distributed devices.
Any suitable network protocol can be used between the server and the client device to be communicated, including
In the network protocol that the application submitting day is not yet developed.The network protocol for example may include ICP/IP protocol, UDP/IP
Agreement, http protocol, HTTPS agreement etc..Certainly, the network protocol for example can also include using on above-mentioned agreement
RPC agreement (Remote Procedure Call Protocol, remote procedure call protocol), REST agreement
(Representational State Transfer, declarative state transfer protocol) etc..
In order to effectively improve include sensitive data creation data access security, and improve access process
Efficiency and the degree of automation, the application, which provides a kind of executing subject, to be server above-mentioned or the creation data of client
The embodiment of access method, referring to fig. 2, the creation data access method specifically includes following content:
Step 100: receiving the creation data access request for target application that user sends, wherein the creation data
It include the unique identification of target creation data in access request.
Step 200: corresponding pre-stored target creation data is obtained according to the unique identification of the target creation data.
Step 300: relate to quick rule based on the preset target application is corresponding, judge be in the target creation data
No includes sensitive data, if so, will include that the target creation data of the sensitive data is sent to preset virtual table
Face is so that user accesses the target creation data in the virtual desktop.
In order to effectively improve the comprehensive of creation data access, and then further increase the life for including sensitive data
The access security of data is produced, and improves the efficiency and the degree of automation of access process, in the creation data access side of the application
In one embodiment of method, referring to Fig. 3, the creation data access method also specifically includes following content:
Step 400: if through judgement know in the target creation data do not include the sensitive data, directly to
Family transmission does not include the target creation data of the sensitive data so that user accesses the target creation data.
In order to effectively improve the completion reliability of creation data access, and then further increasing includes sensitive data
Creation data access security, and improve the efficiency and the degree of automation of access process, visited in the creation data of the application
It asks in one embodiment of method, referring to fig. 4, the creation data access method also specifically includes following content:
Step 500: if knowing that in the target creation data do not include the sensitive data through judgement, and receiving needle
Completion instruction to the target creation data, then relate to the sensitivity of the missing of target creation data described in quick Rule described in application
Data;
Step 600: the sensitive data is filled into the target creation data.
Step 700: will include that the target creation data of the sensitive data is sent to preset virtual desktop to use
Family accesses the target creation data in the virtual desktop.
In order to effectively improve the application reliability for relating to quick rule, and then further increase the life for including sensitive data
The access security of data is produced, and improves the efficiency and the degree of automation of access process, in the creation data access side of the application
In one embodiment of method, referring to Fig. 5, the creation data access method also specifically includes following content:
Step 010: corresponding sensitive pattern dictionary is established according to the sensitive information obtained in advance, wherein the sensitive rule
Then dictionary is used to store the unique corresponding relation between each sensitive information and each different rule numbers.
Step 020: according to the corresponding attribute information of each application obtained in advance, will it is each it is described apply with
In the sensitive pattern dictionary at least one of described sensitive information be associated, generate and corresponding described relate to quick rule, wherein
It is described to relate to quick rule for storing each pair using between corresponding unique identification and each sensitive information
It should be related to.
In order to further increase the application reliability for relating to quick rule, and then further increase the production for including sensitive data
The access security of data, and the efficiency and the degree of automation of access process are improved, in the creation data access method of the application
One embodiment in, also specifically include following content in the creation data access method:
Change information according to the application state received, relates to quick rule described in corresponding update.
In order to further increase include sensitive data creation data access security, and improve the effect of access process
Rate and the degree of automation, in one embodiment of the creation data access method of the application, the creation data access method
In step 300 specifically include following content:
It will include that the target creation data of the sensitive data is sent to preset secure cloud desktop pool device, so that should
The quantity for the target creation data that secure cloud desktop pool device receives, the virtual desktop of the identical quantity of dynamic generation, and
Corresponding target creation data is shown in each virtual desktop.
In order to further increase include sensitive data creation data access security, and improve the effect of access process
Rate and the degree of automation, in one embodiment of the creation data access method of the application, in the creation data access side
Method also specifically includes following content:
If through detect know user complete in the virtual desktop include the sensitive data target produce number
According to access, then nullify the target creation data that the virtual desktop includes the sensitive data with automatic cleaning.
In order to improve the accuracy and reliability of acess control, further increase include sensitive data creation data
Access security, and the efficiency and the degree of automation of access process are improved, referring to Fig. 6, in the creation data access side of the application
Also specifically include following content in the creation data access method in one embodiment of method:
Step 800: receiving acess control request, wherein include the object statistics period in the acess control request.
Step 900: the creation data for target application issued according to each user in the object statistics period
Access request, and, the corresponding target creation data of each creation data access request generates corresponding statistics and reports
Table.
Step 1000: exporting the statistical report form.
It is understood that the sensitive data specifically includes following content: subscriber identity information, financial asset information
And Transaction Information.
To further illustrate this programme, the application also provides a kind of specific application example of creation data access method, tool
Body includes following content:
Referring to Fig. 7, the overall structure of creation data access system includes: access request device 101, relates to quick rules device
102, data query device 103, query result buffer storage 104, secure cloud desktop pool device 105,106 groups of Supplementing Data device
At.
(1) access request device 101:
Access request device 101 is system input and output device, provides system manager and the user man-machine friendship used
Mutual interface.As input unit, this system user initiates each application system creation data access by the access request device 101
Request, result data are checked, relate to the operations such as quick rule maintenance.As output device, for not relating to quick creation data, Yong Huke
Directly processing result is checked in the access request device 101;For relating to quick creation data, user can be filled by the access request
101 access safety cloud desktop pool devices 105 are set, check processing result in secure cloud desktop pond.
(2) quick rules device 102 is related to:
Referring to Fig. 8, relates to quick rules device 102 and closed by sensitive dictionary information maintenance unit 201, sensitive dictionary and association
Be that maintenance unit 202 and sensitive inventory's storage unit 203 form, for safeguard sensitive dictionary information and its with association relationship.
Wherein, sensitive dictionary information maintenance unit 201, for safeguarding sensitive pattern dictionary information.
Sensitive dictionary and association relationship safeguard unit 202, for safeguarding pair of sensitive pattern dictionary and application system
It should be related to.The initial sensitive pattern dictionary information that system is defaulted to each application distribution, each application system can extend existing rule,
Increase special sensitive pattern newly.
Sensitive inventory's storage unit 203, for saving associated maintenance information, so as to data query device, Supplementing Data device
Access.
It is that the corresponding detailed process steps of quick rules device relevant treatment process are related in the present invention is as follows referring to Fig. 9:
S301: administrator safeguards sensitive pattern dictionary, and rule can be increased newly, modifies, be deleted.
S302: system automatically generated rule numbers, rule numbers are unique, the corresponding volumes of each sensitive pattern item
Number.
S303: administrator safeguards sensitive dictionary regularization term and application system incidence relation, and an application system can correspond to more
Sensitive pattern item, incidence relation can be increased newly, modify, be deleted.
S304: system automatically generated applies association number corresponding with sensitive pattern, each application system and a parsing
Regularization term determines a unique association number.
S305: after the completion of above step maintenance of information, system saves relevant information to sensitive inventory's storage unit.
(3) data query device 103:
Referring to Figure 10, data query device 103 by access request receiving unit 401, relate to quick regular reading unit 402, look into
Resolution unit 403, query execution unit 404 and inquiry output unit 405 is ask to form.
Access request receiving unit 401 is used for access request receiving unit, interacts with access request device, receives user
The creation data access request to each application system initiated.
Quick regular reading unit 402 is related to, for relating to quick regular reading unit, interacts, reads sensitive with quick rules device is related to
This in inventory's storage unit applies associated sensitive pattern information.
Resolution unit 403 is inquired, for inquiring resolution unit, by parsing the received access request of institute and sensitive pattern,
Generate detailed creation data access request.
Query execution unit 404 is used for query execution unit, executes the creation data access generated of inquiry resolution unit
Request, and generates final access result data, data by whether relate to it is quick distinguish, be divided into sensitive data and non-sensitive number
According to.
Output unit 405 is inquired, for the final result data of query execution unit to be output to query result caching dress
It sets.
Referring to Figure 11, the corresponding detailed process steps of data query device relevant treatment process are as follows in the present invention:
S501: user submits by access request device and applies creation data access request.
S502: access request receiving unit receives Client-initiated access request in S501.
S503: it relates to quick regular reading unit and accesses the sensitive inventory's storage unit related in quick rules device, with obtaining step
User applies for sensitive pattern information corresponding to the application system of access in S501.
S504: inquiry resolution unit to the accessing request information received in S502, it is accessed quick in step S503
Sense Rule Information is parsed, and final creation data access request is generated.
S505: according to resolution unit creation data access request generated is inquired in S504, query execution unit is called
Application system is accessed, obtains and generate final result data, and be made whether to relate to quick mark to result data.
S506: by the result data obtained in step S505 storage into query result buffer storage.
(4) query result buffer storage 104:
Application system of the query result buffer storage 104 for each user request generated to data query device 103
Classification query result data are cached, and the present apparatus exports final result, directly returns for not relating to quick result data
To access request unit so that user is directly handled, secure cloud desktop Chi Zhongcun is transferred data to for relating to quick result data
Storage, is accessed by security isolation, sensitive data is prevented to be supplied directly to user.
(5) secure cloud desktop pool device 105:
Referring to Figure 12, secure cloud desktop pool device 105 is tied by dynamic allocating unit 601, security protection unit 602, inquiry
Fruit storage unit 603 and query result show the composition of unit 604.
Dynamic allocating unit 601 is used for the available cloud desktop operating system virtual environment of dynamic generation, so as to individual
Show access result information in virtual cloud desktop environment.After user, which accesses, to complete to exit, system is automatically logged out cloud desktop, recycling
The resource distributed, clears up result data, and subsequent other users dynamically distribute new virtual again when requesting access to sensitive data
Cloud desktop.
Security protection unit 602, for accessing protection in virtual cloud desktop to the sensitive data in query result,
Using network firewall isolation method, the production sensitive data in cloud desktop is prevented to be leaked.All result texts for looking into several users
Part cannot pass to other targets all in the range of cloud desktop pond outside cloud desktop.Pass through the associated safety to virtual cloud desktop pond
Control reaches the requirement that production sensitive data does not land, cloud desktop strategy setting:
1, when user exits or disconnects with regard to automatic shutdown also original system, guarantee user makes after logging in virtual cloud desktop every time
With completely new desktop, system does not retain historical data.
2, network-control, Data Transmission Controlling: to cloud desktop only import but no export, data file can only from user terminal uploads to
Cloud desktop, the data file in virtual cloud desktop cannot be transferred to other terminals, cannot be otherwise by file from cloud table
Outflow (such as FTP, Telnet, shared copy, mail, database write-in, UC mode will look into several destination file unofficial biography) is faced out,
Virtual cloud desktop pond is all forbidden by other network access authoritys.
3, popular software such as WPS, UltraEdit be installed, anti-virus software etc., it is convenient in virtual cloud desktop to data into
Row relevant treatment.
Query result storage unit 603: query result storage unit, for saving the quick of query result buffer storage output
Feel result data.
Show unit 604 with query result: query result shows unit under security protection unit control, reads inquiry knot
The data of fruit storage unit are presented to user query use.
Referring to Figure 13, the corresponding detailed process steps of secure cloud desktop pool device relevant treatment process are as follows in the present invention:
S701: according to the number of requests in query result buffer storage, system dynamic generation available cloud desktop operation system
System virtual environment.
S702: it in the cloud desktop operating system virtual environment of generation, enables cloud desktop security and protects process, formed related
Network and data access protection.
S703: the sensitive creation data that query result buffer storage is generated is saved in cloud desktop, so as to user's access.
S704: user shows unit by query result, accesses the sensitive data query result of each application.
S705: it after user completes access, logs off and is automatically logged out cloud desktop, relevant sensitization data are cleared up automatically.
(6) Supplementing Data device 106:
Referring to Figure 14, Supplementing Data device 106 by relate to quick regular reading unit 801, nonsensitive data reading unit 802,
Sensitive data deforms completion unit 803 and full dose data outputting unit 804 forms.
Referring to Figure 15, the corresponding detailed process steps of Supplementing Data device relevant treatment process are as follows in the application:
S901: nonsensitive data reading unit access queries result cache device, it will be therein each using nonsensitive data
It reads in Supplementing Data device.
S902: it relates to quick regular reading unit and accesses the sensitive inventory's storage unit related in quick rules device, with obtaining step
Sensitive pattern information corresponding to application system in S901.
S903: sensitive data deformation completion unit parses the quick rule that relates to of reading, analyzes sensitive pattern information.
S904: sensitive data deforms completion unit and carries out sensitive data completion according to sensitive pattern, and carries out at deformation
Reason.
S905: sensitive data deformation completion unit merges the deformed sensitive data of completion with nonsensitive data, generates
Full dose result data.
S906: the result data generated in S905 is output in access request device by full dose data outputting unit, so as to
User further uses.
The application also provide it is a kind of using creation data access system realize the creation data access method totality at
Process is managed, referring to Figure 16, operating procedure is as follows:
S1001: user issues creation data access request by access request device, and request content includes that this needs to visit
The application system and corresponding creation data detail content asked.
S1002: calling the correlation unit in data query device to be parsed, query processing, obtains access result data,
And result data is saved in query result buffer storage.Processing reference data inquiry unit relevant treatment process in detail.
S1003: to the result data of query result buffer storage, judge that it has identified whether to relate to quick information, if there is quick
Feel data, then turns S1004;If turning S1006 comprising sensitive data.
S1004: result data is output to the query result storage unit of secure cloud desktop pool device.
S1005: user shows unit, In by access request device, the query result of access safety cloud desktop pool device
Checking and handling for sensitive data is carried out in cloud desktop.
S1006: autocomplete query data whether are needed.Judge whether user has completion demand, if you do not need to completion, then turn
Step S1007;If necessary to completion, then turn S1008.
S1007: non-sensitive result data is returned into user access request device, so that user directly handles non-sensitive number
According to.
S1008: calling Supplementing Data device to carry out deformation completion processing to sensitive data, and merge with nonsensitive data,
Generate the full dose creation data of final access request.Supplementing Data apparatus structure and process flow are seen in detail.
S1009: the result data of completion is returned directly to access request device, so that user is further processed.
This system groundwork process is as follows:
1) system manager's use relates to quick rules device and initiates associated maintenance request, safeguards the sensitive dictionary letter of this system
Breath, the sensitive information such as dictionary and association relationship, associated maintenance information preservation is in sensitive inventory's storage unit.
2) it initiates creation data using access request device using user to request, data query device receives the request, adjusts
With the sensitive pattern information for relating to quick rules device and reading the application, data access request is parsed, and is held by query execution unit
Row inquiry, is saved in query result buffer storage for result data.Secure cloud table is transferred data to for relating to quick result data
Face stores in pond.Secure cloud desktop pool device is according to the number of requests in query result buffer storage, the available cloud of dynamic generation
Desktop operating system virtual environment.User's access queries result presentation unit, shows the sensitive data query result of each application.With
After access is completed at family, logs off and be automatically logged out cloud desktop, relevant sensitization data are cleaned automatically.For not relating to quick number of results
According to first judging whether user has completion demand, if you do not need to completion, then non-sensitive result data is returned to user's access by system
Request unit, so that user directly handles nonsensitive data;If necessary to completion, then by Supplementing Data device to sensitive data
Deformation completion processing is carried out, and is merged with nonsensitive data, the full dose creation data of final access request is generated.
3) system maintenance personnel initiate monitoring and statistics request using access request device, can check each user, each application
The data access application statistical forms of system, to carry out correlation log audit and Analysis of Policy Making.
In order to effectively improve include sensitive data creation data access security, and improve access process
Efficiency and the degree of automation, the application provide one kind for realizing all or part of the content in creation data access method above-mentioned
Creation data access mechanism embodiment, referring to Figure 17, the creation data access mechanism specifically includes following content:
Access request receiving module 10, for receiving the creation data access request for target application of user's transmission,
It wherein, include the unique identification of target creation data in the creation data access request.
Creation data obtains module 20, corresponding pre-stored for being obtained according to the unique identification of the target creation data
Target creation data.
First sensitive data sending module 30, for being based on, the preset target application is corresponding to relate to quick rule, judgement
Whether include sensitive data in the target creation data, if so, by include the sensitive data target produce number
According to being sent to preset virtual desktop so that user accesses the target creation data in the virtual desktop.
In order to effectively improve the comprehensive of creation data access, and then further increase the life for including sensitive data
The access security of data is produced, and improves the efficiency and the degree of automation of access process, accesses dress in the creation data of the application
In the one embodiment set, the creation data access mechanism also specifically includes following content:
Nonsensitive data sending module, if for knowing in the target creation data do not include the sensitivity through judgement
Data, then directly sending to user does not include the target creation data of the sensitive data so that user accesses target production
Data.
In order to effectively improve the completion reliability of creation data access, and then further increasing includes sensitive data
Creation data access security, and improve the efficiency and the degree of automation of access process, visited in the creation data of the application
It asks in one embodiment of device, the creation data access mechanism also specifically includes following content:
Sensitive data obtains module, if not including the sensitive number for knowing in the target creation data through judgement
According to, and receive the completion instruction for the target creation data, then the production of target described in quick Rule is related to described in application
The sensitive data of shortage of data.
Supplementing Data module, for filling into the sensitive data in the target creation data.
Second sensitive data sending module, for by include the sensitive data target creation data be sent to it is default
Virtual desktop so that user accesses the target creation data in the virtual desktop.
In order to effectively improve the application reliability for relating to quick rule, and then further increase the life for including sensitive data
The access security of data is produced, and improves the efficiency and the degree of automation of access process, accesses dress in the creation data of the application
In the one embodiment set, the creation data access mechanism also specifically includes following content:
Dictionary establishes module, for establishing corresponding sensitive pattern dictionary according to the sensitive information obtained in advance, wherein institute
Sensitive pattern dictionary is stated for storing the unique corresponding relation between each sensitive information and each different rule numbers.
It relates to quick rule and establishes module, it, will for each corresponding attribute information of application that basis obtains in advance
Each application is associated at least one described sensitive information in the sensitive pattern dictionary, is generated corresponding described
Relate to quick rule, wherein it is described relate to quick rule for store the corresponding unique identification of each application with it is each described quick
Feel the corresponding relationship between information.
In order to further increase the application reliability for relating to quick rule, and then further increase the production for including sensitive data
The access security of data, and the efficiency and the degree of automation of access process are improved, in the creation data access mechanism of the application
One embodiment in, also specifically include following content in the creation data access mechanism:
Quick Policy Updates module is related to, for changing information according to the application state received, relates to quick rule described in corresponding update
Then.
In order to further increase include sensitive data creation data access security, and improve the effect of access process
Rate and the degree of automation, in one embodiment of the creation data access mechanism of the application, the creation data access mechanism
In the first sensitive data sending module 30 specifically include following content:
Desktop dynamic generation submodule, for by include the sensitive data target creation data be sent to it is preset
Secure cloud desktop pool device, so that the quantity for the target creation data that the secure cloud desktop pool device receives, dynamic is raw
At the virtual desktop of identical quantity, and corresponding target creation data is shown in each virtual desktop.
In order to further increase include sensitive data creation data access security, and improve the effect of access process
Rate and the degree of automation are accessed in the creation data and are filled in one embodiment of the creation data access mechanism of the application
Set also specifically includes following content:
Desktop cancellation module, if knowing that user completes in the virtual desktop including the sensitivity for being detected
The target that the virtual desktop includes the sensitive data with automatic cleaning is then nullified in the access of the target creation data of data
Creation data.
In order to improve the accuracy and reliability of acess control, further increase include sensitive data creation data
Access security, and the efficiency and the degree of automation of access process are improved, at one of the creation data access mechanism of the application
Also specifically include following content in the creation data access mechanism in embodiment:
Request receiving module is counted, for receiving acess control request, wherein include mesh in the acess control request
Mark statistical time range;
Statistical report form generation module is answered for what is issued according to each user in the object statistics period for target
Creation data access request, and, the corresponding target creation data of each creation data access request generates
Corresponding statistical report form;
It is understood that the sensitive data specifically includes following content: subscriber identity information, financial asset information
And Transaction Information.
For hardware view, in order to effectively improve include sensitive data creation data access security,
And access process is high-efficient and high degree of automation, the application provide a kind of for realizing in the creation data access method
The embodiment of the electronic equipment of all or part of the content, the electronic equipment specifically includes following content:
Processor (processor), memory (memory), communication interface (Communications Interface) and
Bus;Wherein, the processor, memory, communication interface complete mutual communication by the bus;The communication interface
For realizing the information transmission between the relevant devices such as creation data access mechanism, types of databases and user terminal;The electricity
Sub- equipment can be desktop computer, tablet computer and mobile terminal etc., and the present embodiment is without being limited thereto.In the present embodiment, should
Electronic equipment is referred to the embodiment of the creation data access method in embodiment, and, the reality of creation data access mechanism
It applies example to be implemented, content is incorporated in this, and overlaps will not be repeated.
Figure 18 is the schematic block diagram that the system of the electronic equipment 9600 of the embodiment of the present application is constituted.As shown in figure 18, the electricity
Sub- equipment 9600 may include central processing unit 9100 and memory 9140;Memory 9140 is coupled to central processing unit 9100.
It is worth noting that, the Figure 18 is exemplary;Other kinds of structure can also be used, to supplement or replace the structure, with
Realize telecommunications functions or other function.
In one embodiment, creation data access function can be integrated into central processing unit 9100.Wherein, central processing
It is control as follows that device 9100 can be configured as progress:
Step 100: receiving the creation data access request for target application that user sends, wherein the creation data
It include the unique identification of target creation data in access request.
Step 200: corresponding pre-stored target creation data is obtained according to the unique identification of the target creation data.
Step 300: relate to quick rule based on the preset target application is corresponding, judge be in the target creation data
No includes sensitive data, if so, will include that the target creation data of the sensitive data is sent to preset virtual table
Face is so that user accesses the target creation data in the virtual desktop.
As can be seen from the above description, the electronic equipment that embodiments herein provides, it can be to the application of large-scale data center
The access request of the production sensitive data of system carries out automation parsing, and differentiation relates to quick information and carries out classification processing, at correlation
Reason process is automatical and efficient, correlation procedure can monitor audit, prevent human factor from sensitive data being caused to be revealed, protection produce
While sensitive data, it is able to satisfy the demand of creation data queried access of a large number of users to multiple application systems, improves visit
Ask the efficiency of creation data.
In another embodiment, creation data access mechanism can with 9100 separate configuration of central processing unit, such as
Creation data can be accessed into the chip for being configured to connect with central processing unit 9100, be realized by the control of central processing unit
Creation data access function.
As shown in figure 18, which can also include: communication module 9110, input unit 9120, at audio
Manage device 9130, display 9160, power supply 9170.It is worth noting that, electronic equipment 9600 is also not necessary to include Figure 18
Shown in all components;In addition, electronic equipment 9600 can also include the component being not shown in Figure 18, can refer to existing
Technology.
As shown in figure 18, central processing unit 9100 is otherwise referred to as controller or operational controls, may include microprocessor
Or other processor devices and/or logic device, the central processing unit 9100 receive each of input and controlling electronic devices 9600
The operation of a component.
Wherein, memory 9140, such as can be buffer, flash memory, hard disk driver, removable medium, volatile memory, non-
One of volatile memory or other appropriate devices or more.Above-mentioned information related with failure can be stored, additionally
The program executed for information about can be stored.And the program of the memory 9140 storage can be performed in central processing unit 9100, with
Realize information storage or processing etc..
Input unit 9120 provides input to central processing unit 9100.The input unit 9120 is, for example, key or touches defeated
Enter device.Power supply 9170 is used to provide electric power to electronic equipment 9600.Display 9160 is for carrying out the display such as image and text
The display of object.The display may be, for example, LCD display, and but it is not limited to this.
The memory 9140 can be solid-state memory, for example, read-only memory (ROM), random access memory
(RAM), SIM card etc..The memory that may also is that, saves information when power is off, can be selectively erased
And more data are equipped with, the example of the memory is sometimes referred to as EPROM etc..Memory 9140 can also be some other type
Device.Memory 9140 includes buffer storage 9141 (sometimes referred to as buffer).Memory 9140 may include using/
Function storage unit 9142, the applications/functions storage unit 9142 is for storing application program and function program or for passing through center
Processor 9100 executes the process of the operation of electronic equipment 9600.
Memory 9140 can also include data store 9143, the data store 9143 for storing data, such as
Contact person, numerical data, picture, sound and/or any other data used by electronic equipment.The driving journey of memory 9140
Sequence storage unit 9144 may include electronic equipment for communication function and/or other function for executing electronic equipment (such as
Messaging application, address list application etc.) various drivers.
Communication module 9110 is the transmitter receiver 9110 sent and received signal via antenna 9111.Communicate mould
Block (transmitter receiver) 9110 is coupled to central processing unit 9100, and to provide input signal and receive output signal, this can be with
The case where with normal mobile communication terminal, is identical.
Based on the different communication technologys, in same electronic equipment, multiple communication modules 9110 can be set, such as honeycomb
Network module, bluetooth module and/or Wireless LAN module etc..Communication module (transmitter receiver) 9110 is also via audio
Processor 9130 is coupled to loudspeaker 9131 and microphone 9132, to provide audio output via loudspeaker 9131, and receives and
From the audio input of microphone 9132, to realize common telecommunications functions.Audio processor 9130 may include any suitable
Buffer, decoder, amplifier etc..In addition, audio processor 9130 is additionally coupled to central processing unit 9100, so that can
Can record in the machine by microphone 9132, and allow to play the sound stored in the machine by loudspeaker 9131
Sound.
It is server or client that embodiments herein, which also provides and can be realized the executing subject in above-described embodiment,
A kind of computer readable storage medium of Overall Steps in creation data access method is deposited on the computer readable storage medium
Contain computer program, the computer program realized when being executed by processor the executing subject in above-described embodiment be server or
The Overall Steps of the creation data access method of client, for example, under the processor is realized when executing the computer program
State step:
Step 100: receiving the creation data access request for target application that user sends, wherein the creation data
It include the unique identification of target creation data in access request.
Step 200: corresponding pre-stored target creation data is obtained according to the unique identification of the target creation data.
Step 300: relate to quick rule based on the preset target application is corresponding, judge be in the target creation data
No includes sensitive data, if so, will include that the target creation data of the sensitive data is sent to preset virtual table
Face is so that user accesses the target creation data in the virtual desktop.
As can be seen from the above description, the computer readable storage medium that embodiments herein provides, it can be to large data
The access request of the production sensitive data of the application system at center carries out automation parsing, and differentiation relates to quick information and carries out at classification
Reason, correlation procedure is automatical and efficient, correlation procedure can monitor audit, prevent human factor from sensitive data being caused to be revealed,
While protection produces sensitive data, it is able to satisfy the need of creation data queried access of a large number of users to multiple application systems
It asks, improves the efficiency of access creation data.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, apparatus or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (device) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Specific embodiment is applied in the present invention, and principle and implementation of the present invention are described, above embodiments
Explanation be merely used to help understand method and its core concept of the invention;At the same time, for those skilled in the art,
According to the thought of the present invention, there will be changes in the specific implementation manner and application range, in conclusion in this specification
Appearance should not be construed as limiting the invention.
Claims (20)
1. a kind of creation data access method characterized by comprising
Receive the creation data access request for target application that user sends, wherein wrap in the creation data access request
Unique identification containing target creation data;
Corresponding pre-stored target creation data is obtained according to the unique identification of the target creation data;
Quick rule is related to based on the preset target application is corresponding, judges in the target creation data whether to include sensitivity
Data, if so, will include that the target creation data of the sensitive data is sent to preset virtual desktop so that user exists
The target creation data is accessed in the virtual desktop.
2. creation data access method according to claim 1, which is characterized in that further include:
If knowing in the target creation data do not include the sensitive data through judgement, directly do not include to user's transmission
There is the target creation data of the sensitive data so that user accesses the target creation data.
3. creation data access method according to claim 1, which is characterized in that further include:
If knowing in the target creation data do not include the sensitive data through judgement, and receive raw for the target
The completion instruction for producing data, then relate to the sensitive data of the missing of target creation data described in quick Rule described in application;
The sensitive data is filled into the target creation data;
It will include that the target creation data of the sensitive data is sent to preset virtual desktop so that user is in the virtual table
The target creation data is accessed in face.
4. creation data access method according to claim 1, which is characterized in that be directed to what the reception user sent
Before the creation data access request of target application, further includes:
Corresponding sensitive pattern dictionary is established according to the sensitive information obtained in advance, wherein the sensitive pattern dictionary is for depositing
Store up the unique corresponding relation between each sensitive information and each different rule numbers;
According to each corresponding attribute information of application obtained in advance, by each application and the sensitive pattern
In dictionary at least one of described sensitive information be associated, generate and corresponding described relate to quick rule, wherein is described to relate to quick rule
For storing each corresponding relationship using between corresponding unique identification and each sensitive information.
5. creation data access method according to claim 4, which is characterized in that further include:
Change information according to the application state received, relates to quick rule described in corresponding update.
6. creation data access method according to claim 1, which is characterized in that described will include the sensitive data
Target creation data be sent to preset virtual desktop so that user accesses the target creation data in the virtual desktop, packet
It includes:
It will include that the target creation data of the sensitive data is sent to preset secure cloud desktop pool device, so that the safety
The quantity for the target creation data that cloud desktop pool device receives, the virtual desktop of the identical quantity of dynamic generation, and each
Corresponding target creation data is shown in a virtual desktop.
7. creation data access method according to claim 1, which is characterized in that further include:
If through detect know user complete in the virtual desktop include the sensitive data target creation data
The target creation data that the virtual desktop includes the sensitive data with automatic cleaning is then nullified in access.
8. creation data access method according to claim 1, which is characterized in that further include:
Receive acess control request, wherein include the object statistics period in the acess control request;
According in the object statistics period each user issue the creation data access request for target application, with
And the corresponding target creation data of each creation data access request generates corresponding statistical report form;
Export the statistical report form.
9. creation data access method according to any one of claims 1 to 8, which is characterized in that the sensitive data packet
It includes: subscriber identity information, financial asset information and Transaction Information.
10. a kind of creation data access mechanism characterized by comprising
Access request receiving module, for receiving the creation data access request for target application of user's transmission, wherein should
It include the unique identification of target creation data in creation data access request;
Creation data obtains module, for obtaining corresponding pre-stored target according to the unique identification of the target creation data
Creation data;
First sensitive data sending module judges the mesh for relating to quick rule based on the preset target application is corresponding
Mark creation data in whether include sensitive data, if so, by include the sensitive data target creation data send
To preset virtual desktop so that user accesses the target creation data in the virtual desktop.
11. creation data access mechanism according to claim 10, which is characterized in that further include:
Nonsensitive data sending module, if not including the sensitive number for knowing in the target creation data through judgement
According to then directly sending to user does not include the target creation data of the sensitive data so that user accesses target production number
According to.
12. creation data access mechanism according to claim 10, which is characterized in that further include:
Sensitive data obtains module, if for knowing in the target creation data do not include the sensitive data through judgement,
And receive for the target creation data completion instruction, then application described in relate to target creation data described in quick Rule
The sensitive data of missing;
Supplementing Data module, for filling into the sensitive data in the target creation data;
Second sensitive data sending module, for will include that the target creation data of the sensitive data is sent to preset void
Intend desktop so that user accesses the target creation data in the virtual desktop.
13. creation data access mechanism according to claim 10, which is characterized in that further include:
Dictionary establishes module, for establishing corresponding sensitive pattern dictionary according to the sensitive information obtained in advance, wherein described quick
Feel regular dictionary to be used to store the unique corresponding relation between each sensitive information and each different rule numbers;
It relates to quick rule and establishes module, it, will be each for each corresponding attribute information of application that basis obtains in advance
The application in the sensitive pattern dictionary at least one of described sensitive information be associated, generate it is corresponding it is described relate to it is quick
Rule, wherein described to relate to quick rule for storing the corresponding unique identification of each application and each described sensitive believing
Corresponding relationship between breath.
14. creation data access mechanism according to claim 13, which is characterized in that further include:
Quick Policy Updates module is related to, for changing information according to the application state received, relates to quick rule described in corresponding update.
15. creation data access mechanism according to claim 10, which is characterized in that first sensitive data sends mould
Block includes:
Desktop dynamic generation submodule, for will include that the target creation data of the sensitive data is sent to preset safety
Cloud desktop pool device, so that the quantity for the target creation data that the secure cloud desktop pool device receives, dynamic generation phase
With the virtual desktop of quantity, and corresponding target creation data is shown in each virtual desktop.
16. creation data access mechanism according to claim 10, which is characterized in that further include:
Desktop cancellation module, if knowing that user completes in the virtual desktop including the sensitive data for being detected
Target creation data access, then nullify the virtual desktop with automatic cleaning include the sensitive data target production
Data.
17. creation data access mechanism according to claim 10, which is characterized in that further include:
Request receiving module is counted, for receiving acess control request, wherein include target system in the acess control request
Timing section;
Statistical report form generation module, for according to each user in the object statistics period issue for target application
Creation data access request, and, the corresponding target creation data of each creation data access request, which generates, to be corresponded to
Statistical report form;
Statistical report form output module, for exporting the statistical report form.
18. creation data access mechanism according to any one of claims 10 to 17, which is characterized in that the sensitive data
It include: subscriber identity information, financial asset information and Transaction Information.
19. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that the processor realizes the described in any item production numbers of claim 1 to 9 when executing described program
The step of according to access method.
20. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program quilt
The step of claim 1 to 9 described in any item creation data access methods are realized when processor executes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910675270.5A CN110390209A (en) | 2019-07-25 | 2019-07-25 | Creation data access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910675270.5A CN110390209A (en) | 2019-07-25 | 2019-07-25 | Creation data access method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110390209A true CN110390209A (en) | 2019-10-29 |
Family
ID=68287308
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910675270.5A Pending CN110390209A (en) | 2019-07-25 | 2019-07-25 | Creation data access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110390209A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112182581A (en) * | 2020-09-24 | 2021-01-05 | 百度在线网络技术(北京)有限公司 | Application testing method and device, application testing equipment and storage medium |
| CN112800369A (en) * | 2021-01-27 | 2021-05-14 | 海尔数字科技(青岛)有限公司 | Data access method based on industrial internet and industrial internet integrated system |
| CN113762871A (en) * | 2021-02-25 | 2021-12-07 | 北京京东振世信息技术有限公司 | Production data control method, device, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102004886A (en) * | 2010-11-15 | 2011-04-06 | 上海安纵信息科技有限公司 | Data anti-leakage method based on operating system virtualization principle |
| CN105389520A (en) * | 2015-11-11 | 2016-03-09 | 中国建设银行股份有限公司 | Data access control method and apparatus and mobile storage medium |
| CN107659565A (en) * | 2017-09-19 | 2018-02-02 | 北京计算机技术及应用研究所 | Sensitive data processing system and method for the mobile office environment based on virtualization technology |
| CN108154047A (en) * | 2017-12-25 | 2018-06-12 | 网智天元科技集团股份有限公司 | A kind of data desensitization method and device |
| CN109766485A (en) * | 2018-12-07 | 2019-05-17 | 中国电力科学研究院有限公司 | A kind of sensitive information inspection method and system |
-
2019
- 2019-07-25 CN CN201910675270.5A patent/CN110390209A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102004886A (en) * | 2010-11-15 | 2011-04-06 | 上海安纵信息科技有限公司 | Data anti-leakage method based on operating system virtualization principle |
| CN105389520A (en) * | 2015-11-11 | 2016-03-09 | 中国建设银行股份有限公司 | Data access control method and apparatus and mobile storage medium |
| CN107659565A (en) * | 2017-09-19 | 2018-02-02 | 北京计算机技术及应用研究所 | Sensitive data processing system and method for the mobile office environment based on virtualization technology |
| CN108154047A (en) * | 2017-12-25 | 2018-06-12 | 网智天元科技集团股份有限公司 | A kind of data desensitization method and device |
| CN109766485A (en) * | 2018-12-07 | 2019-05-17 | 中国电力科学研究院有限公司 | A kind of sensitive information inspection method and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112182581A (en) * | 2020-09-24 | 2021-01-05 | 百度在线网络技术(北京)有限公司 | Application testing method and device, application testing equipment and storage medium |
| CN112182581B (en) * | 2020-09-24 | 2023-10-13 | 百度在线网络技术(北京)有限公司 | Application testing method, device, application testing equipment and storage medium |
| CN112800369A (en) * | 2021-01-27 | 2021-05-14 | 海尔数字科技(青岛)有限公司 | Data access method based on industrial internet and industrial internet integrated system |
| CN113762871A (en) * | 2021-02-25 | 2021-12-07 | 北京京东振世信息技术有限公司 | Production data control method, device, equipment and storage medium |
| CN113762871B (en) * | 2021-02-25 | 2024-03-01 | 北京京东振世信息技术有限公司 | Production data control method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105471823B (en) | A kind of sensitive information processing method, device, server and safe decision-making system | |
| CN110390209A (en) | Creation data access method and device | |
| KR20200081422A (en) | Asset management method and apparatus, and electronic device | |
| CN107241360A (en) | A kind of data safety shares exchange method and data safety shares switching plane system | |
| KR20200084009A (en) | Asset management method and apparatus, and electronic device | |
| CN107767265A (en) | A kind of data sharing method and server | |
| CN107257340A (en) | A kind of authentication method, authentication data processing method and equipment based on block chain | |
| CN107392051A (en) | A kind of big data processing method and system | |
| CN110401655A (en) | Access control right management system based on user and role | |
| CN107111519A (en) | For managing the system with scheduling container | |
| CN106850589A (en) | A kind of management and control cloud computing terminal and the method and apparatus of Cloud Server running | |
| CN105095103B (en) | For the storage device management method and apparatus under cloud environment | |
| CN109155758A (en) | Virtual base framework | |
| CN108604278A (en) | Self-described configuration with the support to shared data table | |
| CN107241416A (en) | The management method and terminal device in shared cabin | |
| CN110266872A (en) | Management-control method, device and the cloud address book system of address book data | |
| CN110162407A (en) | A kind of method for managing resource and device | |
| CN106034112A (en) | Access control, policy obtaining, attribute obtaining methods and correlated device | |
| CN106921721A (en) | A kind of server, conversation managing method and system | |
| CN110278255A (en) | A kind of method and device of the Internet of Things IOT communication between devices based on block chain | |
| CN110287266A (en) | A kind of distributed system and data processing method | |
| CN106888264A (en) | A kind of method for interchanging data and device | |
| CN108805587A (en) | A kind of customer information processing method, device, medium and electronic equipment | |
| CN108646577A (en) | A kind of client operation management method and client | |
| CN109804599A (en) | Service is provided according to user right |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191029 |