CN111859430A - Enterprise data security management method and system and electronic equipment - Google Patents
Enterprise data security management method and system and electronic equipment Download PDFInfo
- Publication number
- CN111859430A CN111859430A CN202010716967.5A CN202010716967A CN111859430A CN 111859430 A CN111859430 A CN 111859430A CN 202010716967 A CN202010716967 A CN 202010716967A CN 111859430 A CN111859430 A CN 111859430A
- Authority
- CN
- China
- Prior art keywords
- user
- password
- key
- behavior
- enterprise data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 43
- 238000000034 method Methods 0.000 claims abstract description 51
- 230000008569 process Effects 0.000 claims abstract description 18
- 230000003213 activating effect Effects 0.000 claims abstract description 11
- 230000006399 behavior Effects 0.000 claims description 56
- 230000008520 organization Effects 0.000 claims description 11
- 230000003252 repetitive effect Effects 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 7
- 239000000126 substance Substances 0.000 claims 1
- 238000012423 maintenance Methods 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 210000001747 pupil Anatomy 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of data security, in particular to an enterprise data security management method, an enterprise data security management system and electronic equipment. The method comprises the following steps: activating the key when detecting that the user logs in the system; acquiring the opportunity and behavior of the user when logging in the system; and managing the enterprise data according to the activated key, the opportunity and the behavior. The enterprise data security management method, the system and the electronic equipment provided by the embodiment of the invention can realize seamless encryption of data in the whole process from generation to application, and can realize distributed data security management; the method has the advantages of low investment, simple maintenance, convenient use and the like, and is particularly suitable for medium and small enterprises.
Description
Technical Field
The invention relates to the technical field of data security, in particular to an enterprise data security management method, an enterprise data security management system and electronic equipment.
Background
With the continuous development of internet technology, it has become a necessary trend to use network technology or cloud storage as a collaborative office tool of a company to improve work efficiency and reduce operation cost. Because network equipment and software are expensive and complex to set, professional network engineers are required to install and maintain, and the threshold is very high for many small and medium-sized enterprises. Meanwhile, some enterprises have problems of internal data leakage, client data leakage and the like due to network security problems and data security problems of cloud storage, and the security and survival of the enterprises are threatened more and more seriously.
In order to solve the above problems, software is mostly adopted to encrypt data, and a scheme of managing data by using a server is used, and the scheme needs the support of server hardware and microsoft server software, and needs special network engineer setting and maintenance.
The inventor finds that the related art at least has the following problems in the process of implementing the embodiment of the invention: the maintenance cost is high, the server can not be separated from the network environment, and the applicability is not wide.
Disclosure of Invention
The embodiment of the invention mainly solves the technical problems of providing an enterprise data security management method, an enterprise data security management system and electronic equipment, and solving the technical problems of high maintenance cost and narrow applicability of the related technology.
In order to solve the above technical problem, one technical solution adopted by the embodiment of the present invention is: the method is applied to electronic equipment, wherein the electronic equipment comprises a network box and a key, and the key is in communication connection with the network box, and the method comprises the following steps:
activating the key when detecting that the user logs in the system;
acquiring the opportunity and behavior of the user when logging in the system;
and managing the enterprise data according to the activated key, the opportunity and the behavior.
Optionally, the key is generated according to a non-repetitive organic seed algorithm.
Optionally, the managing the enterprise data according to the activated key, the opportunity and the behavior includes:
generating an independent code for the user logging in the system according to the opportunity and the behavior;
generating an independent password of the user according to the independent code;
respectively converting the independent password into a public password and a private password through the activated key;
based on the behavior, managing the enterprise data according to the public password and the private password.
Optionally, the behavior comprises the user creating or modifying a file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
acquiring the information of the user;
converting the information of the user into an open password based on the network box;
converting the user's information into a private password based on the key;
and implanting the public password and the private password into the file newly built or modified by the user so as to encrypt the file.
Optionally, the behavior comprises the user obtaining an update file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
receiving a file acquisition instruction sent by a user, and analyzing the file acquisition instruction to acquire a file corresponding to the file acquisition instruction;
converting the user information of the user into a public password;
and encrypting the file according to the public password, and sending the encrypted file to the user.
Optionally, the user login system includes a client mode and a web page mode, and the method further includes:
when a user accesses the system through the client mode, encrypting data cached in the client using process;
when a user accesses the system via the web page mode, a secure client portal is generated according to a non-repetitive organic seed algorithm, the secure client portal supporting at least one browser used by the user to access the system.
Optionally, the method further comprises:
acquiring an organization architecture of an enterprise, and setting the access right of a document according to the organization architecture.
In order to solve the above technical problem, another technical solution adopted by the embodiment of the present invention is: there is provided an enterprise data security management system, the system comprising: the network box is in communication connection with the key and the user terminal respectively;
the key is used for providing an independent password for data encryption, and the independent password comprises a public password and a private password;
the network box is used for:
activating the key when detecting that the user logs in the system;
acquiring the opportunity and behavior of the user when logging in the system;
and managing the enterprise data according to the activated key, the opportunity and the behavior.
Optionally, the network box is specifically configured to:
activating the key when detecting that the user logs in the system;
acquiring the opportunity and behavior of the user when logging in the system;
generating an independent code for the user logging in the system according to the opportunity and the behavior;
generating an independent password of the user according to the independent code;
respectively converting the independent password into a public password and a private password through the activated key;
based on the behavior, managing the enterprise data according to the public password and the private password.
In order to solve the above technical problem, another technical solution adopted by the embodiment of the present invention is: provided is an electronic device including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above.
Different from the situation of the related technology, the enterprise data security management method, the system and the electronic device provided by the embodiment of the invention have the advantages that by setting the network box and the key, the network box is in communication connection with the key, wherein the key is activated when a user is detected to log in the system; acquiring the opportunity and behavior of the user when logging in the system; and managing the enterprise data according to the activated key, the opportunity and the behavior. The enterprise data security management method, the system and the electronic equipment provided by the embodiment of the invention can realize seamless encryption of data in the whole process from generation to application, and can realize distributed data security management; the method has the advantages of low investment, simple maintenance, convenient use and the like, and is particularly suitable for medium and small enterprises.
Drawings
One or more embodiments are illustrated in drawings corresponding to, and not limiting to, the embodiments, in which elements having the same reference number designation may be represented as similar elements, unless specifically noted, the drawings in the figures are not to scale.
Fig. 1 is a schematic structural diagram of an enterprise data security management system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a network architecture of the enterprise data security management system;
fig. 3 is a schematic flowchart of encrypting a file newly created or modified by a user in the system according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of sharing an encrypted file for a user in the system according to the embodiment of the present invention;
FIG. 5 is a flowchart of a method for enterprise data security management according to an embodiment of the present invention;
fig. 6 is a flowchart of a method for managing enterprise data according to the activated key and the opportunity and behavior in an enterprise data security management method according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Fig. 1 is a schematic structural diagram of an enterprise data security management system according to an embodiment of the present invention. As shown in fig. 1, the system 100 includes a network box 10, a key 20 and a user terminal 30, wherein the network box 10 is communicatively connected to the key 20 and the user terminal 30, respectively. Wherein, a socket can be arranged on the network box 10, and the key 20 is inserted into the socket so as to be connected with the network box 10.
The network box 10 includes a secure file encryption management platform, which is a file encryption management platform under the control of the network box 10 and the key 20, and the network box 10 functions similarly to a server. The file encryption management platform carries out strict authentication on each user who accesses, and carries out grading and encryption management on each file and directory which accesses. The key 20 may be generated according to a predetermined algorithm, such as a non-repeating organic seed algorithm. The Non-repetitive Organic Seed algorithm (NrOS) is a 128-bit symmetric key block cipher algorithm. The organic seed is an improved encryption algorithm proposed by balancing the standard encryption algorithm and the complex permutations used by the design with current computing technology. The non-repetitive organic seed algorithm has a Feistel cipher structure with 16 rounds of data, and has the advantages of strong direct current resistance (differential) cipher analysis, linear cipher analysis, related key attack, balanced safety/efficiency balance and the like. In the study of cryptography, the Feistel cipher structure is a symmetric structure used in block ciphers. The Feistel cipher structure has the advantages that: because it is a symmetric cryptographic structure, the process of encrypting and decrypting information is very similar, even identical. The basic idea of the non-repetitive seed algorithm is that a number is randomly taken out every time, and then the number is placed at the tail of a set, so that random numbers are only randomly taken out from 1 to-1 of the number of a target set when the random numbers are taken next time, and the process of judging whether conflicting numbers exist in a result set is avoided in such a circulating manner. But the meaning of the organic seed is that the algorithm has anti-cracking capability.
The user terminal 30 may be various intelligent terminals such as a desktop computer, a notebook computer, a smart phone, a tablet computer, and the like. The user terminal 30 may include a plurality of intelligent terminals in an office or a home, and each intelligent terminal may constitute the user terminal 30.
In this embodiment, the user can access the network box 10 and the key 20 through the user terminal 30. As shown in fig. 2, fig. 2 is a schematic diagram of a network structure of the system 100. In fig. 2, the system 100 is applied in a scenario including an indoor environment (such as an office and a home) in which a user terminal 30 accesses the network box 10 and the key 20 through a local area network. The application scenario also includes an outdoor environment, such as going out or going abroad, in which the user terminal 30 may be a user's personal computer or mobile phone, which accesses the network box 10 and the key 20 through the world wide web.
The network box 10 needs to use the key 20 for starting, and if the key 20 is not available, the network box cannot be started, so that the stored data can be effectively protected from problems such as loss, disclosure and the like.
The key 20 can encrypt and decrypt the whole hard disk in the network box 10, and ensure that the data in the hard disk can be used only by authorized personnel. The process of encryption combines symmetric encryption and asymmetric encryption algorithms. In addition, the key 20 can also encrypt the cache data used or generated by the user terminal 30, thereby protecting the data security of the user terminal 30.
In the present embodiment, the key 20 is used to provide independent passwords for data encryption, and the independent passwords include a public password and a private password. The network box 10 is used for activating the key 20 when detecting that a user logs in the system; acquiring the opportunity and behavior of the user when logging in the system; managing the enterprise data based on the activated key 20, and the timing and behavior.
In this embodiment, the network box 10 is specifically configured to: activating the key when detecting that the user logs in the system; acquiring the opportunity and behavior of the user when logging in the system; generating an independent code for the user logging in the system according to the opportunity and the behavior; generating an independent password of the user according to the independent code; respectively converting the independent password into a public password and a private password through the activated key; based on the behavior, managing the enterprise data according to the public password and the private password.
The function of activating the key 20, i.e. starting the key 20, may be to change the key 20 from a dormant state to an active state, in which the independent password is obtained.
The independent password is an independent authentication ID generated by each user on the system, for example, the independent password is similar to human DNA, or similar to human fingerprint or pupil influence.
The independent code may be generated into the independent password of the user according to a preset algorithm, and a process of generating the independent password by the preset algorithm may be understood as a complex encryption process, which may specifically be deep encryption of a group of character strings.
The process of converting the independent password into the public password and the private password respectively through the activated key may be to divide the independent password into two passwords, such as a password a and a password B, where the public password a is input when the user logs in the system and is used when the system authenticates, and the private password B is only mastered by the system. When a user logs in the system, the user can log in the system only after the password A and the password B are encrypted.
The time when the user logs in the system comprises the time when the user logs in the system, the login place, the hardware and software environment of the client used when the user logs in, the hardware and software environment when the user logs in by using a web, the basic information of the user authenticated in advance, and the like. The user login behavior comprises the steps of creating a file, modifying the file, accessing the file, acquiring an updated file and the like.
Wherein the managing the enterprise data is to create a secure encryption environment based on the time of the user logging in the system and the activated key, and implement the behavior of the user logging in the system based on the secure encryption environment.
In this embodiment, the user behavior includes that the user creates or modifies a file, the user obtains an updated file, and the user accesses the file.
When the behavior of the user is to create a new file or modify a file, as shown in fig. 3, the managing the enterprise data according to the public password and the private password based on the behavior includes: acquiring the information of the user; converting the information of the user into an open password based on the network box; converting the user's information into a private password based on the key; and implanting the public password and the private password into the file newly built or modified by the user so as to encrypt the file. Where a user can create or modify files on their personal device.
When the behavior of the user is to acquire an updated file, as shown in fig. 4, the managing the enterprise data according to the public password and the private password based on the behavior includes: receiving a file acquisition instruction sent by a user, and analyzing the file acquisition instruction to acquire a file corresponding to the file acquisition instruction; converting the user information of the user into a public password; and encrypting the file according to the public password, and sending the encrypted file to the user.
When the user accesses the network box 10 and the key 20 through the user terminal 30, two modes, namely a client mode and a web page mode, can be adopted. And when the user accesses the system through the client mode, encrypting the data cached in the client use process. When a user accesses the system via the web page mode, a secure client portal is generated according to a non-repetitive organic seed algorithm, the secure client portal supporting at least one browser used by the user to access the system.
The system 100 provided in the embodiment of the present invention may further implement automatic rights management of data, and specifically, the system 100 sets access rights of a document according to an organization architecture of an enterprise by acquiring the organization architecture. The organization architecture can be set through a simple graphical interface, and the management of the data structure of the document attribute and the interface can be realized based on technologies such as visualization driving of data and the like. The organization structure may specifically be a staff organization structure of an enterprise, such as a board director, a general manager, a group leader of a department, staff of a department, and the like. After the organizational structure is established, the access authority of the file can be automatically set according to the organizational structure, the access authority of the file is strictly defined according to the organizational structure, a superior level can access a subordinate data file, but a subordinate level cannot access an superior data file unless the authority of a superior level leader is obtained.
In this embodiment, when each client accesses the system 100, the physical information of the access terminal provided by the user is automatically collected and authenticated, and the non-repetitive organic seed password generated by the system is bound, so that seamless authentication and encryption management are performed, and the documents of the enterprise are protected in the closed multi-layer encryption environment. Clients are strictly protected from access to enterprise data and documents anywhere and under any circumstances.
The embodiment of the invention provides an enterprise data security management system, which is characterized in that a network box, a key and a user terminal are arranged, wherein the network box is in communication connection with the key, and the key is activated when a user is detected to log in the system through the user terminal; acquiring the opportunity and behavior of the user when logging in the system; and managing the enterprise data according to the activated key, the opportunity and the behavior. The enterprise data security management system provided by the embodiment of the invention can realize seamless encryption of the whole process from generation to application of data and can realize distributed data security management; the method has the advantages of low investment, simple maintenance, convenient use and the like, and is particularly suitable for medium and small enterprises.
Fig. 5 is a flowchart of an enterprise data security management method provided in an embodiment of the present invention, where the method may be applied to a network box and a key in the above system embodiment, and the network box and the key may together form an electronic device, as shown in fig. 5, where the method includes:
s11, when detecting that the user logs in the system, activating the key;
s12, acquiring the time and behavior of the user when logging in the system;
s13, managing the enterprise data according to the activated key, the opportunity and the behavior.
Wherein the key is generated according to a non-repetitive organic seed algorithm.
As shown in fig. 6, the managing the enterprise data according to the activated key, the opportunity and the behavior includes:
s131, generating an independent code for the user logging in the system according to the opportunity and the behavior;
s132, generating an independent password of the user according to the independent code;
s133, converting the independent password into a public password and a private password respectively through the activated key;
and S134, managing the enterprise data according to the public password and the private password based on the behavior.
Wherein the behavior comprises the user creating or modifying a file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
acquiring the information of the user;
converting the information of the user into an open password based on the network box;
converting the user's information into a private password based on the key;
and implanting the public password and the private password into the file newly built or modified by the user so as to encrypt the file.
Wherein the behavior comprises the user obtaining an update file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
receiving a file acquisition instruction sent by a user, and analyzing the file acquisition instruction to acquire a file corresponding to the file acquisition instruction;
converting the user information of the user into a public password;
and encrypting the file according to the public password, and sending the encrypted file to the user.
In some embodiments, the user login system comprises a client mode and a web page mode, the method further comprising:
when a user accesses the system through the client mode, encrypting data cached in the client using process;
when a user accesses the system via the web page mode, a secure client portal is generated according to a non-repetitive organic seed algorithm, the secure client portal supporting at least one browser used by the user to access the system.
In some embodiments, the method further comprises: acquiring an organization architecture of an enterprise, and setting the access right of a document according to the organization architecture.
It should be noted that, the enterprise data security management method provided by the embodiment of the present invention is based on the same inventive concept as the enterprise data security management system, and the detailed process may refer to the system embodiment.
The embodiment of the invention provides an enterprise data security management method, which is applied to a network box and a key, wherein the network box is in communication connection with the key; acquiring the opportunity and behavior of the user when logging in the system; and managing the enterprise data according to the activated key, the opportunity and the behavior. The enterprise data security management method provided by the embodiment of the invention can realize seamless encryption of the whole process from generation to application of data and can realize distributed data security management; the method has the advantages of low investment, simple maintenance, convenient use and the like, and is particularly suitable for medium and small enterprises.
Fig. 7 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention, where the electronic device may be configured to perform the enterprise data security management method described above. The electronic device 40 may specifically be the network box and the key, as shown in fig. 7, the electronic device 40 includes:
one or more processors 41 and memory 42, with one processor 41 being an example in fig. 7.
The processor 41 and the memory 42 may be connected by a bus or other means, and fig. 7 illustrates the connection by a bus as an example.
The memory 42, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions/modules corresponding to the enterprise data security management method in the embodiment of the present invention. The processor 41 implements the enterprise data security management method of the above-described method embodiments by executing non-volatile software programs, instructions, and modules stored in the memory 42.
The memory 42 may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function. Further, the memory 42 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 42 may optionally include memory that is remotely located with respect to processor 41.
The one or more modules are stored in the memory 42 and, when executed by the one or more processors 41, perform the enterprise data security management method of any of the method embodiments described above, e.g., performing the method steps of fig. 5 and 6 described above.
The product can execute the method provided by the embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method. For technical details that are not described in detail in this embodiment, reference may be made to the method provided by the embodiment of the present invention.
Embodiments of the present invention also provide a non-transitory computer-readable storage medium, which stores computer-executable instructions, which are executed by one or more processors shown in fig. 7, for example, to perform the above-mentioned enterprise data security management method.
Embodiments of the present invention further provide a computer program product, where the computer program product includes a computer program stored on a non-volatile computer-readable storage medium, where the computer program includes program instructions, and when the program instructions are executed by the electronic device, the electronic device is caused to execute the enterprise data security management method in the foregoing embodiments.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a general hardware platform, and certainly can also be implemented by hardware. It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a computer readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; within the idea of the invention, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.
Claims (10)
1. An enterprise data security management method is applied to electronic equipment, and is characterized in that the electronic equipment comprises a network box and a key, and the key is in communication connection with the network box, and the method comprises the following steps:
activating the key when detecting that the user logs in the system;
acquiring the opportunity and behavior of the user when logging in the system;
and managing the enterprise data according to the activated key, the opportunity and the behavior.
2. The method of claim 1, wherein the key is generated according to a non-repeating organic seed algorithm.
3. The method of claim 1, wherein managing the enterprise data based on the activated key and the timing and behavior comprises:
generating an independent code for the user logging in the system according to the opportunity and the behavior;
generating an independent password of the user according to the independent code;
respectively converting the independent password into a public password and a private password through the activated key;
based on the behavior, managing the enterprise data according to the public password and the private password.
4. The method of claim 3, wherein the behavior comprises the user creating or modifying a file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
acquiring the information of the user;
converting the information of the user into an open password based on the network box;
converting the user's information into a private password based on the key;
and implanting the public password and the private password into the file newly built or modified by the user so as to encrypt the file.
5. The method of claim 3, wherein the behavior comprises the user obtaining an update file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
receiving a file acquisition instruction sent by a user, and analyzing the file acquisition instruction to acquire a file corresponding to the file acquisition instruction;
converting the user information of the user into a public password;
and encrypting the file according to the public password, and sending the encrypted file to the user.
6. The method of any of claims 1 to 5, wherein the user login system comprises a client mode and a web page mode, the method further comprising:
when a user accesses the system through the client mode, encrypting data cached in the client using process;
when a user accesses the system via the web page mode, a secure client portal is generated according to a non-repetitive organic seed algorithm, the secure client portal supporting at least one browser used by the user to access the system.
7. The method of claim 6, further comprising:
acquiring an organization architecture of an enterprise, and setting the access right of a document according to the organization architecture.
8. An enterprise data security management system, the system comprising: the network box is in communication connection with the key and the user terminal respectively;
the key is used for providing an independent password for data encryption, and the independent password comprises a public password and a private password;
the network box is used for:
activating the key when detecting that the user logs in the system;
acquiring the opportunity and behavior of the user when logging in the system;
and managing the enterprise data according to the activated key, the opportunity and the behavior.
9. The system of claim 8, wherein the network box is specifically configured to:
activating the key when detecting that the user logs in the system;
acquiring the opportunity and behavior of the user when logging in the system;
generating an independent code for the user logging in the system according to the opportunity and the behavior;
generating an independent password of the user according to the independent code;
respectively converting the independent password into a public password and a private password through the activated key;
based on the behavior, managing the enterprise data according to the public password and the private password.
10. An electronic device, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010716967.5A CN111859430B (en) | 2020-07-23 | 2020-07-23 | Enterprise data security management method, system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010716967.5A CN111859430B (en) | 2020-07-23 | 2020-07-23 | Enterprise data security management method, system and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111859430A true CN111859430A (en) | 2020-10-30 |
| CN111859430B CN111859430B (en) | 2024-04-16 |
Family
ID=72950695
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010716967.5A Active CN111859430B (en) | 2020-07-23 | 2020-07-23 | Enterprise data security management method, system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111859430B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103679050A (en) * | 2013-12-31 | 2014-03-26 | 中国电子科技集团公司第三研究所 | Security management method for enterprise-level electronic documents |
| US20140130117A1 (en) * | 2011-05-09 | 2014-05-08 | I Think Security Ltd. | System, apparatus and method for securing electronic data independent of their location |
| CN104852922A (en) * | 2015-05-26 | 2015-08-19 | 陈彬 | Big data encrypting and decrypting method based on distributed file system |
| CN108287987A (en) * | 2017-12-20 | 2018-07-17 | 杭州云屏科技有限公司 | Data managing method, device, equipment and readable storage medium storing program for executing |
| CN110489996A (en) * | 2019-07-31 | 2019-11-22 | 山东三未信安信息科技有限公司 | A kind of database data method for managing security and system |
| WO2020140666A1 (en) * | 2019-01-04 | 2020-07-09 | 深圳壹账通智能科技有限公司 | Data management method, device, computer apparatus and storage medium |
-
2020
- 2020-07-23 CN CN202010716967.5A patent/CN111859430B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140130117A1 (en) * | 2011-05-09 | 2014-05-08 | I Think Security Ltd. | System, apparatus and method for securing electronic data independent of their location |
| CN103679050A (en) * | 2013-12-31 | 2014-03-26 | 中国电子科技集团公司第三研究所 | Security management method for enterprise-level electronic documents |
| CN104852922A (en) * | 2015-05-26 | 2015-08-19 | 陈彬 | Big data encrypting and decrypting method based on distributed file system |
| CN108287987A (en) * | 2017-12-20 | 2018-07-17 | 杭州云屏科技有限公司 | Data managing method, device, equipment and readable storage medium storing program for executing |
| WO2020140666A1 (en) * | 2019-01-04 | 2020-07-09 | 深圳壹账通智能科技有限公司 | Data management method, device, computer apparatus and storage medium |
| CN110489996A (en) * | 2019-07-31 | 2019-11-22 | 山东三未信安信息科技有限公司 | A kind of database data method for managing security and system |
Non-Patent Citations (2)
| Title |
|---|
| FENG WANG, ET AL.: "A System Famework of S ecurity Management in Enterprise Systems", 《SYSTEMS RESEARCH AND BEHAVIORAL SCIENCE》 * |
| 马辉林;: "数据加密系统在企业信息数据防泄密的应用", 《中国新通信》, no. 11 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111859430B (en) | 2024-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2867810B1 (en) | Social sharing of security information in a group | |
| Agarwal et al. | The security risks associated with cloud computing | |
| CN103873454B (en) | Authentication method and equipment | |
| US10726111B2 (en) | Increased security using dynamic watermarking | |
| US10164982B1 (en) | Actively identifying and neutralizing network hot spots | |
| US20170099144A1 (en) | Embedded encryption platform comprising an algorithmically flexible multiple parameter encryption system | |
| US11509459B2 (en) | Secure and robust decentralized ledger based data management | |
| US20120266239A1 (en) | Authorized data access based on the rights of a user and a location | |
| CN105827574A (en) | File access system, file access method and file access device | |
| GB2526181A (en) | Method and system for providing temporary secure access enabled virtual assets | |
| CN109922027A (en) | A kind of trusted identity authentication method, terminal and storage medium | |
| CN111131216A (en) | File encryption and decryption method and device | |
| US20060248578A1 (en) | Method, system, and program product for connecting a client to a network | |
| Sahd et al. | Mobile technology risk management | |
| CN106254226B (en) | A kind of information synchronization method and device | |
| Waqar et al. | User privacy issues in eucalyptus: A private cloud computing environment | |
| KR101404537B1 (en) | A server access control system by automatically changing user passwords and the method thereof | |
| CN111859430B (en) | Enterprise data security management method, system and electronic equipment | |
| CN113901507B (en) | Multi-party resource processing method and privacy computing system | |
| CN109218318A (en) | A kind of things-internet gateway login detecting method based on equipment knowledge | |
| CN114124561A (en) | Cloud security encryption system and method for public cloud and storage medium | |
| Torsteinbø | Data loss prevention systems and their weaknesses | |
| Hsiao et al. | An implementation of efficient hierarchical access control method for VR/AR platform | |
| CN107612917B (en) | Method for encrypting log storage by using 3DES encryption algorithm in cloud computing environment | |
| Mensah‐Bonsu et al. | SECURITY CHALLENEGES OF CLOUD COMPUTING IN GHANA |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |