CN111859430B - Enterprise data security management method, system and electronic equipment - Google Patents
Enterprise data security management method, system and electronic equipment Download PDFInfo
- Publication number
- CN111859430B CN111859430B CN202010716967.5A CN202010716967A CN111859430B CN 111859430 B CN111859430 B CN 111859430B CN 202010716967 A CN202010716967 A CN 202010716967A CN 111859430 B CN111859430 B CN 111859430B
- Authority
- CN
- China
- Prior art keywords
- user
- password
- key
- file
- enterprise data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 43
- 238000000034 method Methods 0.000 claims abstract description 53
- 230000008569 process Effects 0.000 claims abstract description 18
- 230000003213 activating effect Effects 0.000 claims abstract description 9
- 230000006399 behavior Effects 0.000 claims description 47
- 230000008520 organization Effects 0.000 claims description 14
- 230000009471 action Effects 0.000 claims description 5
- 230000004913 activation Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 7
- 238000012423 maintenance Methods 0.000 abstract description 6
- 238000004590 computer program Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 210000001747 pupil Anatomy 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to the field of data security technologies, and in particular, to a method and a system for enterprise data security management, and an electronic device. The method comprises the following steps: activating the key when detecting that a user logs in to the system; acquiring the time and behavior of the user when logging in a system; and managing the enterprise data according to the activated key, the opportunity and the behavior. The enterprise data security management method, the enterprise data security management system and the electronic equipment provided by the embodiment of the invention can realize seamless encryption of the whole process from generation to application of data, and can realize distributed data security management; the method has the advantages of low investment, simple maintenance, convenient use and the like, and is especially suitable for small and medium enterprises.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a method and a system for enterprise data security management, and an electronic device.
Background
With the continuous development of internet technology, the use of network technology or cloud storage as a corporate collaborative office tool has become a necessary trend to improve work efficiency and reduce operation costs. Because network equipment and software are expensive, the setting is complex, professional network engineers are required to install and maintain, and the threshold is high for many small and medium enterprises. Meanwhile, some enterprises have problems of internal data leakage, client data leakage and the like due to network security problems and cloud storage data security problems, and the security and survival of the enterprises are more and more threatened.
To solve the above problems, software is currently used to encrypt data, and a server management scheme is used, where the scheme needs support of server hardware and microsoft server software, and requires special network engineers to set and maintain.
The inventors found that the related art has at least the following problems in the process of implementing the embodiments of the present invention: the maintenance cost is high, the server cannot be separated from the network environment of the server, and the applicability is not wide.
Disclosure of Invention
The technical problem to be solved by the embodiment of the invention is to provide an enterprise data security management method, system and electronic equipment, so as to solve the technical problems of high maintenance cost and narrow applicability of the related technology.
In order to solve the technical problems, one technical scheme adopted by the embodiment of the invention is as follows: there is provided an enterprise data security management method applied to an electronic device including a network box and a key communicatively connected to the network box, the method comprising:
activating the key when detecting that a user logs in to the system;
acquiring the time and behavior of the user when logging in a system;
and managing the enterprise data according to the activated key, the opportunity and the behavior.
Optionally, the key is generated according to a non-repeating organic seed algorithm.
Optionally, the managing the enterprise data according to the key after activation, the opportunity and the behavior includes:
generating independent codes for the users logging in the system according to the time and the behaviors;
generating an independent password of the user according to the independent code;
the independent password is converted into a public password and a private password respectively through the activated key;
based on the behavior, the enterprise data is managed according to the public password and the private password.
Optionally, the action includes the user creating or modifying a file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
acquiring information of the user;
converting the information of the user into a public password based on the network box;
converting the information of the user into a private password based on the key;
and implanting the public password and the private password into the file newly created or modified by the user so as to encrypt the file.
Optionally, the act includes the user obtaining an update file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
receiving a file acquisition instruction sent by a user, and analyzing the file acquisition instruction to obtain a file corresponding to the file acquisition instruction;
converting the user information of the user into a public password;
encrypting the file according to the public password, and sending the encrypted file to the user.
Optionally, the user login system includes a client mode and a web page mode, and the method further includes:
encrypting data cached in the use process of a client when a user accesses the system through the client mode;
when a user accesses the system through the web mode, a secure client portal is generated according to a non-repeating organic seed algorithm, the secure client portal supporting at least one browser used by the user when accessing the system.
Optionally, the method further comprises:
and obtaining an organization architecture of the enterprise, and setting the access right of the document according to the organization architecture.
In order to solve the technical problems, another technical scheme adopted by the embodiment of the invention is as follows: there is provided an enterprise data security management system, the system comprising: the network box is respectively in communication connection with the key and the user terminal;
the key is used for providing an independent password when data is encrypted, and the independent password comprises a public password and a private password;
the network box is used for:
activating the key when detecting that a user logs in to the system;
acquiring the time and behavior of the user when logging in a system;
and managing the enterprise data according to the activated key, the opportunity and the behavior.
Optionally, the network box is specifically configured to:
activating the key when detecting that a user logs in to the system;
acquiring the time and behavior of the user when logging in a system;
generating independent codes for the users logging in the system according to the time and the behaviors;
generating an independent password of the user according to the independent code;
the independent password is converted into a public password and a private password respectively through the activated key;
based on the behavior, the enterprise data is managed according to the public password and the private password.
In order to solve the above technical problems, another technical solution adopted by the embodiment of the present invention is: there is provided an electronic device including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above.
Different from the situation of the related art, the method, the system and the electronic device for enterprise data security management provided by the embodiment of the invention are characterized in that a network box and a key are arranged, the network box is in communication connection with the key, and the key is activated when a user is detected to log in the system; acquiring the time and behavior of the user when logging in a system; and managing the enterprise data according to the activated key, the opportunity and the behavior. The enterprise data security management method, the enterprise data security management system and the electronic equipment provided by the embodiment of the invention can realize seamless encryption of the whole process from generation to application of data, and can realize distributed data security management; the method has the advantages of low investment, simple maintenance, convenient use and the like, and is especially suitable for small and medium enterprises.
Drawings
One or more embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements, and in which the figures of the drawings are not to scale, unless expressly stated otherwise.
FIG. 1 is a schematic diagram of an enterprise data security management system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a network architecture of the enterprise data security management system;
FIG. 3 is a schematic flow chart of encrypting a file newly created or modified by a user in the system according to the embodiment of the present invention;
FIG. 4 is a schematic flow chart of sharing encrypted files for users in the system according to the embodiment of the present invention;
FIG. 5 is a flow chart of an enterprise data security management method provided by an embodiment of the present invention;
FIG. 6 is a flowchart of a method for managing enterprise data according to the key after activation and the timing and behavior in an enterprise data security management method according to an embodiment of the present invention;
fig. 7 is a schematic hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Fig. 1 is a schematic structural diagram of an enterprise data security management system according to an embodiment of the present invention. As shown in fig. 1, the system 100 includes a network box 10, a key 20, and a user terminal 30, and the network box 10 is communicatively connected to the key 20 and the user terminal 30, respectively. Wherein a socket may be provided on the network box 10, and the key 20 is inserted into the socket to be connected with the network box 10.
The network box 10 includes a secure file encryption management platform under the control of the network box 10 and the key 20, the network box 10 functioning similarly to a server. The file encryption management platform performs tight authentication on each user accessed, and performs hierarchical and encryption management on each file and directory accessed. The key 20 may be generated according to a predetermined algorithm (e.g., a non-repeating organic seed algorithm). The Non-duplicate organic seed algorithm (Non-repetitive Organic Seed, nrOS) is a 128-bit symmetric key block cipher algorithm. Organic seeds are an improved encryption algorithm proposed by the balance of the complex arrangement used by standard encryption algorithms and designs with current computing technology. The non-repeated organic seed algorithm has a Feistel cipher structure of 16 rounds of data, and has the advantages of strong direct current resistance (differential) cipher analysis, linear cipher analysis, related key attack, balanced security/efficiency balance and the like. In cryptography research, the Feistel cipher structure is a symmetrical structure used in block ciphers. The Feistel cipher structure has the advantages that: since it is a symmetric cryptographic structure, the process of encrypting and decrypting information is very similar, even identical. The basic idea of the non-repeated seed algorithm is that a number is randomly taken out each time, then the number is placed at the end of the set, so that when the random number is taken out next time, the random number is randomly extracted from 1 to-1 target sets, and the process of judging whether the conflicting number exists in the result set is avoided. But the meaning of an organic seed is that its algorithm itself has resistance to cracking.
The user terminal 30 may be various intelligent terminals such as a desktop computer, a notebook computer, a smart phone, a tablet computer, etc. The user terminal 30 may include a plurality of intelligent terminals, each of which may constitute the user terminal 30, in an office or home.
In this embodiment, a user may access the network box 10 and the key 20 through the user terminal 30. As shown in fig. 2, fig. 2 is a schematic diagram of a network architecture of the system 100. In fig. 2, the scenario in which the system 100 is applied includes an indoor environment (such as an office and a home) in which the user terminal 30 accesses the network box 10 and the key 20 through a local area network. The application scenario further includes an outdoor environment, such as an outbound trip or a business trip, in which the user terminal 30 may be a user's personal computer or mobile phone, which accesses the network box 10 and the key 20 through the world wide web.
The network box 10 needs to be started by using the key 20, and if the key 20 is not available, the network box cannot be started, so that the stored data can be effectively protected from losing, revealing and other problems.
The key 20 can encrypt and decrypt the whole hard disk in the network box 10, so that the data in the hard disk can be used only by authorized personnel. The encryption process combines symmetric encryption and asymmetric encryption algorithms. In addition, the key 20 may encrypt the cache data used or generated by the user terminal 30, so as to protect the data security of the user terminal 30.
In this embodiment, the key 20 is used to provide an independent password for data encryption, where the independent password includes a public password and a private password. The network box 10 is used for activating the key 20 when detecting that a user logs into the system; acquiring the time and behavior of the user when logging in a system; the enterprise data is managed according to the key 20 after activation, as well as the occasion and the behavior.
In this embodiment, the network box 10 is specifically configured to: activating the key when detecting that a user logs in to the system; acquiring the time and behavior of the user when logging in a system; generating independent codes for the users logging in the system according to the time and the behaviors; generating an independent password of the user according to the independent code; the independent password is converted into a public password and a private password respectively through the activated key; based on the behavior, the enterprise data is managed according to the public password and the private password.
Wherein, activating the key 20 may start the function of the key 20, which may be to change the key 20 from the dormant state to the activated state, where the independent password may be obtained.
Wherein the independent password is an independent authentication ID generated by each user on the system, for example, the independent password is similar to the DNA of a person or similar to the characteristics of fingerprint or pupil influence of the person.
The process of generating the independent password by the preset algorithm can be understood as a complex encryption process, which can be specifically performing deep encryption on a group of character strings.
The process of converting the independent password into the public password and the private password through the activated key respectively can be to divide the independent password into two passwords, such as a password A and a password B, wherein the public password A is input when a user logs in a system and is used when the system is authenticated, and the private password B is only mastered by the system. When a user logs in the system, the user can log in the system only after the password A and the password B are opposite to each other.
The time of the user logging in the system comprises the time of the user logging in the system, the logging-in place, the hardware and software environment of a client used when the user logs in, the hardware and software environment used when the user logs in and the pre-authenticated user basic information, and the like. The user logging-in system comprises the actions of creating a file, modifying the file, accessing the file, acquiring an updated file and the like.
The enterprise data management is to create a secure encryption environment based on the time of the user logging in the system and the activated key, and implement the behavior of the user logging in the system based on the secure encryption environment.
In this embodiment, the user's actions include the user creating or modifying a file, the user obtaining an updated file, the user accessing a file, and so on.
When the behavior of the user is to create or modify a file, as shown in fig. 3, the managing the enterprise data according to the public password and the private password based on the behavior includes: acquiring information of the user; converting the information of the user into a public password based on the network box; converting the information of the user into a private password based on the key; and implanting the public password and the private password into the file newly created or modified by the user so as to encrypt the file. Wherein a user can create or modify a file on his personal device.
When the user's behavior is to acquire an update file, as shown in fig. 4, the managing the enterprise data according to the public password and the private password based on the behavior includes: receiving a file acquisition instruction sent by a user, and analyzing the file acquisition instruction to obtain a file corresponding to the file acquisition instruction; converting the user information of the user into a public password; encrypting the file according to the public password, and sending the encrypted file to the user.
When a user accesses the network box 10 and the key 20 through the user terminal 30, two modes, namely a client mode and a web page mode, can be adopted. And encrypting the data cached in the use process of the client when the user accesses the system through the client mode. When a user accesses the system through the web mode, a secure client portal is generated according to a non-repeating organic seed algorithm, the secure client portal supporting at least one browser used by the user when accessing the system.
The system 100 provided by the embodiment of the invention can also realize automatic authority management of data, and specifically, the system 100 sets the access authority of the document according to the organization architecture of an enterprise by acquiring the organization architecture of the enterprise. The organization architecture can be set through a simple graphical interface, and can realize the management of document attributes and the data structure of the interface based on the technologies such as visual driving of data and the like. The organization structure may specifically be a staff organization structure of an enterprise, such as a board, a general manager, a group leader, staff of a department, and the like. After the organization architecture is established, the access authority of the file can be automatically set according to the organization architecture, the access authority of the file is strictly defined according to the organization architecture, the upper level can access the lower level data file, but the lower level cannot access the upper level data file unless the upper level leader is authorized.
In this embodiment, when each client accesses the system 100, the physical information of the access terminal provided by the user is automatically collected and authenticated, and meanwhile, the non-repeated organic seed password generated by the binding system is bound, so that seamless authentication and encryption management are performed, and the document of the enterprise is protected in the closed multi-layer encryption environment. Enterprise data and documents are severely protected wherever a customer accesses them in any environment.
The embodiment of the invention provides an enterprise data security management system, which is characterized in that a network box, a key and a user terminal are arranged, the network box is in communication connection with the key, and the key is activated when a user is detected to log in the system through the user terminal; acquiring the time and behavior of the user when logging in a system; and managing the enterprise data according to the activated key, the opportunity and the behavior. The enterprise data security management system provided by the embodiment of the invention can realize seamless encryption of the whole process from generation to application of data, and can realize distributed data security management; the method has the advantages of low investment, simple maintenance, convenient use and the like, and is especially suitable for small and medium enterprises.
Fig. 5 is a flowchart of an enterprise data security management method according to an embodiment of the present invention, where the method may be applied to a network box and a key in the foregoing system embodiment, where the network box and the key may together form an electronic device, as shown in fig. 5, and the method includes:
s11, when the user is detected to log in the system, the key is activated;
s12, acquiring the time and behavior of the user when logging in a system;
s13, managing the enterprise data according to the activated key, the opportunity and the behavior.
Wherein the key is generated according to a non-repeating organic seed algorithm.
Wherein, as shown in fig. 6, the managing the enterprise data according to the key after activation, the opportunity and the behavior includes:
s131, generating independent codes for the users logging in the system according to the opportunities and the behaviors;
s132, generating an independent password of the user according to the independent code;
s133, converting the independent password into a public password and a private password respectively through the activated key;
s134, managing the enterprise data according to the public password and the private password based on the behavior.
Wherein the action includes the user creating or modifying a file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
acquiring information of the user;
converting the information of the user into a public password based on the network box;
converting the information of the user into a private password based on the key;
and implanting the public password and the private password into the file newly created or modified by the user so as to encrypt the file.
Wherein the act includes the user obtaining an update file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
receiving a file acquisition instruction sent by a user, and analyzing the file acquisition instruction to obtain a file corresponding to the file acquisition instruction;
converting the user information of the user into a public password;
encrypting the file according to the public password, and sending the encrypted file to the user.
In some embodiments, the user login system includes a client mode and a web page mode, the method further comprising:
encrypting data cached in the use process of a client when a user accesses the system through the client mode;
when a user accesses the system through the web mode, a secure client portal is generated according to a non-repeating organic seed algorithm, the secure client portal supporting at least one browser used by the user when accessing the system.
In some embodiments, the method further comprises: and obtaining an organization architecture of the enterprise, and setting the access right of the document according to the organization architecture.
It should be noted that, the enterprise data security management method and the enterprise data security management system provided in the embodiments of the present invention are based on the same inventive concept, and the detailed process may refer to the system embodiment.
The embodiment of the invention provides an enterprise data security management method, which is applied to a network box and a key, wherein the network box is in communication connection with the key, and the method activates the key when detecting that a user logs in a system through a user terminal; acquiring the time and behavior of the user when logging in a system; and managing the enterprise data according to the activated key, the opportunity and the behavior. The enterprise data security management method provided by the embodiment of the invention can realize seamless encryption of the whole process from generation to application of data, and can realize distributed data security management; the method has the advantages of low investment, simple maintenance, convenient use and the like, and is especially suitable for small and medium enterprises.
Fig. 7 is a schematic hardware structure of an electronic device according to an embodiment of the present invention, where the electronic device may be used to perform the enterprise data security management method as described above. The electronic device 40 may specifically be the network box and the key, as shown in fig. 7, and the electronic device 40 includes:
one or more processors 41 and a memory 42, one processor 41 being exemplified in fig. 7.
The processor 41 and the memory 42 may be connected by a bus or otherwise, which is illustrated in fig. 7 as a bus connection.
The memory 42 is used as a non-volatile computer readable storage medium for storing non-volatile software programs, non-volatile computer executable programs and modules, such as program instructions/modules corresponding to the enterprise data security management method in the embodiments of the present invention. Processor 41 implements the enterprise data security management methods of the method embodiments described above by running non-volatile software programs, instructions, and modules stored in memory 42.
The memory 42 may include a storage program area that may store an operating system, at least one application program required for functionality, and a storage data area. In addition, memory 42 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some embodiments, memory 42 may optionally include memory located remotely from processor 41.
The one or more modules are stored in the memory 42 and when executed by the one or more processors 41 perform the enterprise data security management method of any of the method embodiments described above, e.g., perform the method steps described above in fig. 5 and 6.
The product can execute the method provided by the embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method. Technical details not described in detail in this embodiment may be found in the methods provided in the embodiments of the present invention.
Embodiments of the present invention also provide a non-transitory computer-readable storage medium storing computer-executable instructions for execution by one or more processors shown in fig. 7, such as performing the enterprise data security management method described above.
Embodiments of the present invention also provide a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by the electronic device, cause the electronic device to perform the enterprise data security management method of the above embodiments.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
From the above description of embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus a general purpose hardware platform, or may be implemented by hardware. Those skilled in the art will appreciate that all or part of the processes implementing the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and where the program may include processes implementing the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or the like.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; the technical features of the above embodiments or in the different embodiments may also be combined within the idea of the invention, the steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.
Claims (7)
1. An enterprise data security management method applied to an electronic device, wherein the electronic device includes a network box and a key, the key being communicatively connected to the network box, the method comprising:
activating the key when detecting that a user logs in to the system;
acquiring the time and behavior of the user when logging in a system;
managing the enterprise data according to the activated key, the opportunity and the behavior;
wherein said managing said enterprise data according to said key after activation, and said occasion and said behavior comprises:
generating independent codes for the users logging in the system according to the time and the behaviors;
generating an independent password of the user according to the independent code;
the independent password is converted into a public password and a private password respectively through the activated key;
managing the enterprise data according to the public password and the private password based on the behavior;
wherein the action includes the user creating or modifying a file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
acquiring information of the user;
converting the information of the user into a public password based on the network box;
converting the information of the user into a private password based on the key;
and implanting the public password and the private password into the file newly created or modified by the user so as to encrypt the file.
2. The method of claim 1, wherein the key is generated according to a non-repeating organic seed algorithm.
3. The method of claim 1, wherein the act of obtaining comprises the user obtaining an update file,
the managing the enterprise data according to the public password and the private password based on the behavior includes:
receiving a file acquisition instruction sent by a user, and analyzing the file acquisition instruction to obtain a file corresponding to the file acquisition instruction;
converting the user information of the user into a public password;
encrypting the file according to the public password, and sending the encrypted file to the user.
4. A method according to any one of claims 1 to 3, wherein the user login system comprises a client mode and a web page mode, the method further comprising:
encrypting data cached in the use process of a client when a user accesses the system through the client mode;
when a user accesses the system through the web mode, a secure client portal is generated according to a non-repeating organic seed algorithm, the secure client portal supporting at least one browser used by the user when accessing the system.
5. The method according to claim 4, wherein the method further comprises:
and obtaining an organization architecture of the enterprise, and setting the access right of the document according to the organization architecture.
6. An enterprise data security management system, the system comprising: the network box is respectively in communication connection with the key and the user terminal;
the key is used for providing an independent password when data is encrypted, and the independent password comprises a public password and a private password;
wherein, the network box is specifically used for:
activating the key when detecting that a user logs in to the system;
acquiring the time and behavior of the user when logging in a system;
generating independent codes for the users logging in the system according to the time and the behaviors;
generating an independent password of the user according to the independent code;
the independent password is converted into a public password and a private password respectively through the activated key;
managing the enterprise data according to the public password and the private password based on the behavior;
wherein the behavior comprises the user creating or modifying a file;
wherein the network box is further for:
acquiring information of the user;
converting the information of the user into a public password based on the network box;
converting the information of the user into a private password based on the key;
and implanting the public password and the private password into the file newly created or modified by the user so as to encrypt the file, wherein the user can create or modify the file on personal equipment of the user.
7. An electronic device, comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010716967.5A CN111859430B (en) | 2020-07-23 | 2020-07-23 | Enterprise data security management method, system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010716967.5A CN111859430B (en) | 2020-07-23 | 2020-07-23 | Enterprise data security management method, system and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111859430A CN111859430A (en) | 2020-10-30 |
| CN111859430B true CN111859430B (en) | 2024-04-16 |
Family
ID=72950695
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010716967.5A Active CN111859430B (en) | 2020-07-23 | 2020-07-23 | Enterprise data security management method, system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111859430B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103679050A (en) * | 2013-12-31 | 2014-03-26 | 中国电子科技集团公司第三研究所 | Security management method for enterprise-level electronic documents |
| CN104852922A (en) * | 2015-05-26 | 2015-08-19 | 陈彬 | Big data encrypting and decrypting method based on distributed file system |
| CN108287987A (en) * | 2017-12-20 | 2018-07-17 | 杭州云屏科技有限公司 | Data managing method, device, equipment and readable storage medium storing program for executing |
| CN110489996A (en) * | 2019-07-31 | 2019-11-22 | 山东三未信安信息科技有限公司 | A kind of database data method for managing security and system |
| WO2020140666A1 (en) * | 2019-01-04 | 2020-07-09 | 深圳壹账通智能科技有限公司 | Data management method, device, computer apparatus and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8984611B2 (en) * | 2011-05-09 | 2015-03-17 | I Think Security Ltd. | System, apparatus and method for securing electronic data independent of their location |
-
2020
- 2020-07-23 CN CN202010716967.5A patent/CN111859430B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103679050A (en) * | 2013-12-31 | 2014-03-26 | 中国电子科技集团公司第三研究所 | Security management method for enterprise-level electronic documents |
| CN104852922A (en) * | 2015-05-26 | 2015-08-19 | 陈彬 | Big data encrypting and decrypting method based on distributed file system |
| CN108287987A (en) * | 2017-12-20 | 2018-07-17 | 杭州云屏科技有限公司 | Data managing method, device, equipment and readable storage medium storing program for executing |
| WO2020140666A1 (en) * | 2019-01-04 | 2020-07-09 | 深圳壹账通智能科技有限公司 | Data management method, device, computer apparatus and storage medium |
| CN110489996A (en) * | 2019-07-31 | 2019-11-22 | 山东三未信安信息科技有限公司 | A kind of database data method for managing security and system |
Non-Patent Citations (2)
| Title |
|---|
| Feng wang,et al..A System Famework of S ecurity Management in Enterprise Systems.《Systems Research and Behavioral Science》.2013,全文. * |
| 数据加密系统在企业信息数据防泄密的应用;马辉林;;《中国新通信》(第11期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111859430A (en) | 2020-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9767299B2 (en) | Secure cloud data sharing | |
| US9058481B2 (en) | Security token based user authentication in a multi-tenanted application | |
| US10491588B2 (en) | Local and remote access apparatus and system for password storage and management | |
| CN101072102B (en) | Information leakage preventing technology based on safety desktop for network environment | |
| JP2017112592A (en) | System and method for encrypted transmission of web page | |
| CN103731475B (en) | A kind of data protection system | |
| CN103763355A (en) | Cloud data uploading and access control method | |
| US10630722B2 (en) | System and method for sharing information in a private ecosystem | |
| US8619978B2 (en) | Multiple account authentication | |
| US20170099144A1 (en) | Embedded encryption platform comprising an algorithmically flexible multiple parameter encryption system | |
| US11329817B2 (en) | Protecting data using controlled corruption in computer networks | |
| CN107359998A (en) | A kind of foundation of portable intelligent password management system and operating method | |
| US11489660B2 (en) | Re-encrypting data on a hash chain | |
| CA3092611A1 (en) | Secure password management systems, methods and apparatuses | |
| CA3066701A1 (en) | Controlling access to data | |
| CN106203141A (en) | The data processing method of a kind of application and device | |
| Sharma et al. | A two-tier security solution for storing data across public cloud | |
| CN106919348A (en) | Distributed memory system and storage method that anti-violence is cracked | |
| Sahd et al. | Mobile technology risk management | |
| US10218505B1 (en) | Server based settings for client software with asymmetric signing | |
| CN105515959A (en) | Implementation method of CMS technology-based instant messenger security system | |
| CN111859430B (en) | Enterprise data security management method, system and electronic equipment | |
| Suthar et al. | Encryscation: An secure approach for data security using encryption and obfuscation techniques for iaas and daas services in cloud environment | |
| Nasirinejad et al. | SASy username and password management on the cloud | |
| Ganaa | A comparative study of remote access technologies and implementation of a smartphone app for remote system administration based on a secure RFB protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |