CN112118250B - Modularized data analysis method based on zero trust technology - Google Patents
Modularized data analysis method based on zero trust technology Download PDFInfo
- Publication number
- CN112118250B CN112118250B CN202010965338.6A CN202010965338A CN112118250B CN 112118250 B CN112118250 B CN 112118250B CN 202010965338 A CN202010965338 A CN 202010965338A CN 112118250 B CN112118250 B CN 112118250B
- Authority
- CN
- China
- Prior art keywords
- data analysis
- data
- information
- request
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a modular data analysis method based on a zero trust technology, which comprises the following steps: (1) Firstly, a user dynamically encrypts a data source and then sends a request; (2) the request processing module receives a sending request of a user; (3) The zero trust authentication module receives the information of the request processing module, the zero trust authentication module discriminates the received information at the moment, the information meeting the requirements is transmitted to the data analysis request, and the information not meeting the requirements is transmitted to the result acquisition request; (4) The information processed by the data analysis request is continuously transmitted to the encryption algorithm module; (5) the data acquisition interface receives the analysis result; (6) And finally, the information is fed back to the user, and the method has the advantages that the data is encrypted by the zero trust technology, so that the safety of the data is improved, the data analysis function is modularized, the data is finely split, and the high customization of the analysis function is realized.
Description
Technical Field
The invention relates to the technical field of data analysis, in particular to a modular data analysis method based on a zero trust technology.
Background
With the continuous promotion of the digitization process, the requirement of enterprise organizations on data analysis is continuously upgraded, the traditional data encryption mode brings too much limitation to the data analysis function needing plaintext at present, namely, the traditional data encryption mode can keep encryption under certain conditions, but has a lot of limitations on the data analysis function of the plaintext, the existing data encryption mode cannot solve the data security threat from the inside aiming at the security protection of a data analysis module, the data analysis needs data, the requirement on partial data privacy is high, the data analysis function module needs to be called under the premise of guaranteeing the data privacy, the requirement on partial data analysis requirement customization is high, and the standardized data analysis function cannot meet the customization requirement.
In view of the above, there is a need for an improved modular analysis method, which can adapt to the current needs of data security transmission and data analysis.
Disclosure of Invention
In order to overcome the problems in the prior art, a novel modular data analysis method is designed on the basis of the defects, a zero trust technology is adopted to analyze data, a certain protection effect can be provided for the data, and a secret key is prevented from being eavesdropped and revealed.
The technical scheme of the invention is that a modular data analysis method based on zero trust technology comprises the following steps:
(1) Firstly, a user dynamically encrypts a data source and then sends a request;
(2) The request processing module receives a sending request of a user;
(3) The zero trust authentication module receives the information of the request processing module, discriminates the received information, transmits the information meeting the requirements to the data analysis request, and transmits the information not meeting the requirements to the result acquisition request;
(4) The information processed by the data analysis request is continuously transmitted to an encryption algorithm module, and at the moment, the encryption algorithm module acquires a one-time private key of an information source, and then the private key is used for encrypting and transmitting the data source to a database server; the database server is connected with the data analysis module, then the data analysis module is connected with the encryption algorithm module to decrypt and analyze the information source and transmit back an analysis result, and the database server resets the emptying encrypted data after the analysis result is transmitted back to the data analysis module;
(5) The data acquisition interface receives the analysis result;
(6) And finally, feeding back the information to the user.
The technical scheme is further supplemented, and a zero trust technology is used for protecting the database server in data transmission.
Further supplementing the technical scheme, the encryption algorithm module mentioned in the step (4) adopts asymmetric encryption.
Further supplementing the technical scheme, the data analysis module in the step (4) comprises a detection algorithm based on classification, clustering and abnormal values.
The technical scheme is further supplemented, and an algorithm based on classification is an SVM support vector machine.
Further supplementing the technical scheme, the clustering-based algorithm is DBSCAN.
The technical scheme is further supplemented, and an algorithm based on abnormal value detection is an isolated forest algorithm.
The technical scheme is further supplemented, a plurality of data analysis functions are stored in the database server in a modularized mode, and a user calls, calls and customizes the data analysis functions in an interface mode.
Further supplementing the technical solution, the information transmitted in the result acquisition request in step (3) is also fed back to the data acquisition interface.
The method has the advantages that the data are encrypted through the zero trust technology, the safety of the data is improved, wherein the zero trust network framework considers that all network requests from the inside and the outside need to be authenticated, the initiation of the authentication depends on network behaviors rather than network identities, any known or unknown user is not trusted, the zero trust authentication is carried out on all access applications, and all data analysis requests and result calling requests can be filtered and screened; the invention also modularizes the data analysis function, finely divides the data analysis function and realizes the high customization of the analysis function.
Drawings
FIG. 1 is a schematic workflow diagram of the present invention.
Detailed Description
Because people have higher and higher requirements on data analysis and customization, the existing data encryption analysis module has a plurality of limitations on the data analysis function of a plaintext, and because the data analysis module has certain threats to the safety protection of the data in the data analysis module, a novel modular data analysis method is designed, and the technical scheme of the invention is explained in detail according to the attached drawing 1;
the invention mainly comprises the following steps:
(1) Firstly, a user dynamically encrypts a data source and then sends a request;
(2) The request processing module receives a sending request of a user;
(3) The zero trust authentication module receives the information of the request processing module, discriminates the received information, transmits the information meeting the requirements to the data analysis request, and transmits the information not meeting the requirements to the result acquisition request;
(4) The information processed by the data analysis request is continuously transmitted to an encryption algorithm module, and at the moment, the encryption algorithm module acquires a one-time private key of an information source, and then the private key is used for encrypting and transmitting the data source to a database server; the database server is connected with the data analysis module, then the data analysis module is connected with the encryption algorithm module to decrypt and analyze the information source and send back an analysis result, and the database server resets the emptying encrypted data after the analysis result is sent back to the data analysis module;
(5) The data acquisition interface receives the analysis result;
(6) Finally, feeding back the information to the user;
wherein, the information transmitted in the result acquisition request in the step (3) is also fed back to the data acquisition interface.
And a zero trust technology is used for protecting the database server in data transmission.
The encryption algorithm module mentioned in the step (4) adopts asymmetric encryption; asymmetric encryption is that the encryption and decryption use different keys, usually there are two keys, called "public key" and "private key", which must be used in pair, otherwise the encrypted file cannot be opened, here the "public key" means that it can be published to the outside, the "private key" cannot be known only by the holder, because the symmetric encryption method is difficult to tell the other party the key if the encrypted file is transmitted over the network, whatever method may be eavesdropped, and the asymmetric encryption method has two keys, and the "public key" therein can be disclosed, so that it is not afraid of others to know, the recipient only needs to use his own private key when decrypting, so the problem of the transmission security of the key is well avoided, further, the public key adopts the RSA public key cryptosystem.
The principle of the RSA public key cryptosystem is as follows: according to number theory, it is relatively simple to seek two large prime numbers, and factoring the product of the two large prime numbers is extremely difficult, so that the product can be disclosed as an encryption key;
one general formula used in the encryption process of RSA is:
ciphertext = plaintext E mod N
Namely, RSA encryption is a process of dividing the plaintext to the power E by N to obtain the remainder.
Wherein, the data analysis module in the step (4) comprises a detection algorithm based on classification, clustering and abnormal values; the algorithm based on classification is an SVM (support vector machine), the SVM is a two-classification model, a basic model of the SVM is a linear classifier defined on a feature space at the maximum interval, and the maximum interval makes the SVM different from a perceptron; the SVM also comprises a nuclear skill, so that the SVM becomes a substantially nonlinear classifier, the learning strategy of the SVM is interval maximization, can be formalized into a problem of solving convex quadratic programming, and is also equivalent to the minimization problem of a regularized hinge loss function, and the learning algorithm of the SVM is an optimization algorithm for solving the convex quadratic programming; the clustering-based algorithm is DBSCAN, which is a density-based clustering algorithm, and it is assumed that classes can be determined by the closeness of sample distribution, samples of the same class are closely connected, that is, samples of the same class must exist in a short distance around any sample in the class, and DBSCAN requires two parameters: scanning radius (eps) and minimum contained points (minPts), optionally starting with a point that is not visited (unvisited), finding all nearby points that are within a distance (including eps) from it, if the number of nearby points is ≧ minPts, the current point forms a cluster with its nearby points, and the starting point is marked visited (visited), then recursively, processing all points within the cluster that are not marked visited (visited) in the same way, thereby expanding the cluster, if the number of nearby points < minPts, the point is temporarily marked as a noise point, if the cluster is sufficiently expanded, i.e., all points within the cluster are marked as visited, then processing the unvisited points with the same algorithm; the algorithm based on the abnormal value detection is an isolated forest algorithm, the isolated forest algorithm is an unsupervised abnormal detection method suitable for continuous data, the separation degree among samples is different from other abnormal detection algorithms by quantitative indexes such as distance and density, the isolated forest algorithm detects the abnormal value by isolating sample points, and particularly, the algorithm utilizes a binary search tree structure named an isolated tree to isolate the samples, and the abnormal value is less and has separation with most samples, so that the abnormal value can be isolated earlier, namely the abnormal value is closer to a root node, and the normal value has a longer distance from the root node.
Storing various data analysis functions in a database server in a modularized mode, and calling, parameter adjusting and self-customizing the data analysis functions in an interface mode by a user; the method comprises the steps that an encryption module based on a zero trust technology is used for carrying out encryption transmission on original data and an analysis result, cloud analysis and cloud computing functions for guaranteeing data privacy are achieved, a pre-customized data analysis module is used for achieving independent customization of the analysis function, and automatic adjustment and automatic optimization are achieved; the cloud analysis function meeting the data privacy premise is realized through the database server deployment and zero trust technology of the data analysis module, and the cloud analysis module is convenient for people to use.
The technical solutions described above only represent the preferred technical solutions of the present invention, and some possible modifications to some parts of the technical solutions by those skilled in the art all represent the principles of the present invention, and fall within the protection scope of the present invention.
Claims (9)
1. A modular data analysis method based on zero trust technology is characterized by comprising the following steps:
(1) Firstly, a user dynamically encrypts a data source and then sends a request;
(2) The request processing module receives a sending request of a user;
(3) The zero trust authentication module receives the information of the request processing module, discriminates the received information, transmits the information meeting the requirements to the data analysis request, and transmits the information not meeting the requirements to the result acquisition request;
(4) The information processed by the data analysis request is continuously transmitted to an encryption algorithm module, and at the moment, the encryption algorithm module acquires a one-time private key of an information source, and then the private key is used for encrypting and transmitting the data source to a database server; the database server is connected with the data analysis module, then the data analysis module is connected with the encryption algorithm module to decrypt and analyze the information source and send back an analysis result, and the database server resets the emptying encrypted data after the analysis result is sent back to the data analysis module;
(5) The data acquisition interface receives the analysis result;
(6) And finally, feeding back the information to the user.
2. The modular data analysis method based on the zero trust technology as claimed in claim 1, wherein the database server is protected by the zero trust technology in data transmission.
3. The modular data analysis method based on zero trust technology as claimed in claim 2, wherein the encryption algorithm module mentioned in step (4) adopts asymmetric encryption.
4. The modular data analysis method based on zero trust technology as claimed in claim 3, wherein the data analysis module in step (4) comprises classification, clustering and outlier detection based algorithms.
5. The method of claim 4, wherein the classification-based algorithm is an SVM support vector machine.
6. The modular data analysis method based on zero trust technology as claimed in claim 4, wherein the clustering based algorithm is DBSCAN.
7. The modular data analysis method based on the zero-trust technology as claimed in claim 4, wherein the algorithm based on outlier detection is an isolated forest algorithm.
8. The modular data analysis method based on the zero trust technology as claimed in claim 1, wherein a plurality of data analysis functions are stored in a modular manner in the database server, and a user calls, invokes and self-customizes the data analysis functions in the form of an interface.
9. The modular data analysis method based on zero-trust technology as claimed in claim 1, wherein the information transmitted in the result acquisition request in step (3) is also fed back to the data acquisition interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010965338.6A CN112118250B (en) | 2020-09-15 | 2020-09-15 | Modularized data analysis method based on zero trust technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010965338.6A CN112118250B (en) | 2020-09-15 | 2020-09-15 | Modularized data analysis method based on zero trust technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112118250A CN112118250A (en) | 2020-12-22 |
| CN112118250B true CN112118250B (en) | 2022-11-11 |
Family
ID=73803566
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010965338.6A Active CN112118250B (en) | 2020-09-15 | 2020-09-15 | Modularized data analysis method based on zero trust technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112118250B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140081652A1 (en) * | 2012-09-14 | 2014-03-20 | Risk Management Solutions Llc | Automated Healthcare Risk Management System Utilizing Real-time Predictive Models, Risk Adjusted Provider Cost Index, Edit Analytics, Strategy Management, Managed Learning Environment, Contact Management, Forensic GUI, Case Management And Reporting System For Preventing And Detecting Healthcare Fraud, Abuse, Waste And Errors |
| US20170272362A1 (en) * | 2016-03-18 | 2017-09-21 | Adbrain Ltd | Data communication systems and methods of operating data communication systems |
| US10726034B2 (en) * | 2016-03-30 | 2020-07-28 | Microsoft Technology Licensing, Llc | Modular electronic data analysis computing system |
| CN111339050B (en) * | 2018-12-03 | 2023-07-18 | 国网宁夏电力有限公司信息通信公司 | Centralized security audit method and system based on big data platform |
| CN110266533A (en) * | 2019-06-18 | 2019-09-20 | 湖南晖龙集团股份有限公司 | Big data platform management system |
-
2020
- 2020-09-15 CN CN202010965338.6A patent/CN112118250B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112118250A (en) | 2020-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021208690A1 (en) | Method and apparatus for data encryption and decryption, device, and storage medium | |
| US7739501B2 (en) | Cryptographic key construct | |
| US8353023B2 (en) | Identity-based-encryption message management system | |
| KR100903599B1 (en) | Searching method for encrypted data using inner product and terminal and server therefor | |
| WO2018189681A1 (en) | Data tokenization | |
| US20190334708A1 (en) | Method for secure classification using a transcryption operation | |
| CN109951513B (en) | Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card | |
| WO2005091579A1 (en) | Secure email service | |
| CN112966287B (en) | Method, system, device and computer readable medium for acquiring user data | |
| CN110771190A (en) | Controlling access to data | |
| Costantino et al. | Privacy-preserving text mining as a service | |
| US11233646B2 (en) | Searchable encryption method | |
| CN110110550B (en) | Searchable encryption method and system supporting cloud storage | |
| CN112118250B (en) | Modularized data analysis method based on zero trust technology | |
| Al-Mashhadi et al. | A survey of email service; attacks, security methods and protocols | |
| EP3461055B1 (en) | System and method for secure outsourced annotation of datasets | |
| CN114170709A (en) | Money box management method and system based on Internet of things | |
| Allagi et al. | A hybrid model for data security and preserving anonymity using machine learning | |
| CN117240627B (en) | Network data information secure transmission method and system | |
| CN115580394B (en) | Privacy data desensitization transmission method and system in property digital system | |
| Shah et al. | SecureCSearch: Secure searching in PDF over untrusted cloud servers | |
| Ezhil Roja et al. | Secured and Lightweight Key Distribution Mechanism for Wireless Sensor Networks | |
| Abdulrahman et al. | Privacy preservation, sharing and collection of patient records using cryptographic techniques for cross-clinical secondary analytics | |
| Jabber et al. | Secure Cloud Computing By A dual-Layer Encryption Mechanism | |
| Thayananthan et al. | Big Data Security Issues and Quantum Cryptography for Cloud Computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Wang Dejia Inventor after: Yang Boya Inventor after: Zhu Xuguang Inventor before: Zhu Xuguang Inventor before: Wang Dejia Inventor before: Yang Boya |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |