CN114036545A - Method, system and storage medium for implementing data security control - Google Patents

Method, system and storage medium for implementing data security control Download PDF

Info

Publication number
CN114036545A
CN114036545A CN202111358209.1A CN202111358209A CN114036545A CN 114036545 A CN114036545 A CN 114036545A CN 202111358209 A CN202111358209 A CN 202111358209A CN 114036545 A CN114036545 A CN 114036545A
Authority
CN
China
Prior art keywords
data
user
control system
private key
distribution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111358209.1A
Other languages
Chinese (zh)
Inventor
朱洪区
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China Shenzhen Branch
Original Assignee
Agricultural Bank of China Shenzhen Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China Shenzhen Branch filed Critical Agricultural Bank of China Shenzhen Branch
Priority to CN202111358209.1A priority Critical patent/CN114036545A/en
Publication of CN114036545A publication Critical patent/CN114036545A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method, a system and a storage medium for realizing a data security control system, which are characterized in that strict user identity authentication is set before accessing controlled data by a user at this time, and the authority of accessing the controlled data is acquired after the user identity authentication; providing controlled data access rights of different levels for the current access user passing the identity authentication; controlled data are encrypted by adopting a drive level technology during storage, a specific data control system is arranged, and the data decryption and display can be realized only in the data control system by a user accessing the data through a specific key. By authenticating the user accessing the data, unauthorized access of the application is prevented, and only legal personnel can access the data application system; automatically increasing a path for transmitting and tracking data transmission to form a whole data using chain; the possibility of unauthorized access is greatly reduced, and the safety and traceability of data control are improved.

Description

Method, system and storage medium for implementing data security control
Technical Field
The invention relates to the field of financial transaction support systems, in particular to a method, a system and a storage medium for realizing data security control.
Background
In the era of information explosion today, the meaning of data has far exceeded the notion of its intended value. Any information stored in various storage media, such as a document, a picture, a movie, a program, etc., may be referred to as data. The data coverage is extremely wide, as small as one diary, as large as all client data of multinational companies, and the importance of data security is self-evident.
The data use of the current banking service application system is mostly controlled by a user logging in the application system, and the downloading and the propagation of the data are not subjected to any safety control. The security control of the sensitive data is the final barrier of the data security of the application system, once the data is separated from the application system, the data is randomly or illegally spread, and the data security of the whole application system does not exist any more, so that the data security is very important to protect the data. There are two ways of data access: and displaying the data by using the application system page, downloading the data, and then opening the data by using an office software tool for reading. In order to eliminate the security risks brought by the two data access modes to the data use, in this document, we need to solve the following two problems: data is arbitrarily downloaded and propagated.
Disclosure of Invention
The technical problem to be solved by the invention is how to prevent the data of the application system from being illegally accessed, arbitrarily downloaded and arbitrarily spread.
The invention provides a method for realizing a data security control system, which is characterized in that strict user identity authentication is set before accessing controlled data by a user at this time, and the authority of the accessed controlled data is acquired after the user identity authentication; providing controlled data access rights of different levels for the current access user passing the identity authentication; controlled data are encrypted by adopting a drive level technology during storage, a specific data control system is arranged, and the data decryption and display can be realized only in the data control system by a user accessing the data through a specific key.
The method for realizing the data security control system is characterized in that the user identity authentication is realized by adopting an AES symmetric encryption mode, a public key is generated by the system, a user private key is distributed to each user, and the user identity authentication is carried out through the obtained user private key.
The implementation method of the data security control system is characterized by comprising initial downloading and distributing behaviors, after an initial downloading user obtains data downloading permission, the system acquires required data from a background database according to a downloading request of the initial downloading user and encapsulates the required data into a JSON data chain, a user information area is added in the JSON data chain, user information of the initial downloading user is added in the user information area, then the user private key of the initial downloading user is used for encrypting the JSON data chain, the encrypted data is further encoded by BAS64 to generate a DAT file, and the user private key of the initial downloading user and the generated DAT file are sent to a person needing to be distributed.
The implementation method of the data security control system is characterized by further comprising a re-distribution behavior, if further distribution is needed, a re-distribution user needs to use the data control system, the received user private key of the upper-level distribution user and a DAT file corresponding to the user private key are imported, the data control system uses the user private key for decryption, after decryption is successful, user information of the re-distribution user is added to a user information area of a decrypted JSON data chain, meanwhile, the user private key of the re-distribution user is used for encryption, the encrypted data is encoded by BAS64 to form a DAT file, and then the user private key of the re-distribution user and the DAT file are sent to a receiver.
The implementation method of the data security control system is characterized in that when a receiver needs to use data, a received DAT file and an encrypted user private key used by the file are imported into the data use control system, and the DAT file is decrypted by the data use control system by using the imported user private key and displayed in the data use control system.
The implementation method of the data security control system is characterized in that the method is characterized in that the data validity period information is added on a JSON data chain, and the validity period information is added during data distribution; the data control system automatically checks whether the current data is in the valid period during decryption, and stops decryption if the current data is not in the valid period, so as to prompt that the data is out of date.
A data security control system is characterized by being realized by adopting the implementation method of the data security control system.
A computer-readable storage medium, characterized in that the readable storage medium stores a computer program which, when executed by a processor, causes the processor to execute an implementation method of the data security control system.
The implementation of the invention has the following beneficial effects: by authenticating the user accessing the data, unauthorized access of the application is prevented, and only legal personnel can access the data application system; automatically increasing a path for transmitting and tracking data transmission to form a whole data using chain; the possibility of unauthorized access is greatly reduced, and the safety and traceability of data control are improved.
Drawings
FIG. 1 is a flow chart of the initial download and distribution behavior of data;
FIG. 2 is a flow diagram of data redistribution activity;
fig. 3 is a data query presentation flow diagram.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
FIG. 1 is a flow chart of the initial download and distribution behavior of data; the system can be divided into a data application system and a data control system, wherein the data application system comprises a unified user authentication and data subsystem; the data control system comprises a key subsystem, an authentication subsystem and a display subsystem. When a user downloads controlled data from the system, the user needs to log in firstly, strict user authentication is carried out in the login process, in order to increase the security of user authentication, artificial or AI character biological feature identification authentication can be added in a bidirectional audio and video conversation mode, a data request is sent to the digital subsystem after the authentication is passed, the data in the database is obtained by the data subsystem according to the request of the user, the data can be plaintext data or encrypted, and if the data is encrypted, the data needs to be decrypted into the plaintext data. The method comprises the steps of converting plaintext data into a JSON data chain format, adding a user information using region in the JSON data chain, adding user information of an initial downloading user to the user information using region, encrypting a user private key of the initial downloading user used by the JSON data chain, further coding the encrypted data by using BAS64, generating a DAT file, and sending the user private key of the initial downloading user and the generated DAT file to a person needing to be distributed if the DAT file needs to be distributed.
FIG. 2 is a flow diagram of data redistribution activity; if the user already has controlled data on hand, further distribution is required; the data control system is used for carrying out user login and user authentication, after the authentication is successful, the data to be distributed and the obtained user private key are decrypted and decrypted into a plaintext JSON data chain, user information of a re-distribution user is added to a user information using region of the JSON data chain, meanwhile, the user private key of the re-distribution user is used for encryption, the encrypted data is encoded by BAS64 to form an encrypted DAT file, and then the user private key of the re-distribution user and the DAT file are sent to a receiver.
FIG. 3 is a data query presentation flow diagram; if the user needs to use the hand to have the controlled data, and needs to further distribute, the user needs to log in and authenticate the user through the data control system, when the receiver needs to use the data, the received DAT file and the encrypted user private key used by the file are imported into the data control system, the DAT file is decrypted by the data control system through the imported user private key, and the DAT file is displayed in a temporary display subsystem in the data control system.
In order to further improve the security, the validity period information is added during data distribution; the data control system automatically checks whether the current data is in the valid period during decryption, and stops decryption if the current data is not in the valid period, so as to prompt that the data is out of date. And the indication or the number of times of distribution is allowed can be increased, the possibility that the data is randomly distributed is further limited, and the safety of the system is further improved.
In summary, the above embodiments are merely illustrative of the principles and effects of the present invention, and are not intended to limit the present invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.

Claims (8)

1. A method for realizing a data security control system is characterized in that strict user identity authentication is set before accessing controlled data of a user at this time, and the right of accessing the controlled data is obtained after the user identity authentication; providing controlled data access rights of different levels for the current access user passing the identity authentication; controlled data are encrypted by adopting a drive level technology during storage, a specific data control system is arranged, and the data decryption and display can be realized only in the data control system by a user accessing the data through a specific key.
2. The method of claim 1, wherein the user authentication is implemented by AES symmetric encryption, the system generates a public key and assigns a user private key to each user, and the user authentication is performed by the obtained user private key.
3. The implementation method of the data security control system according to claim 2, comprising an initial downloading and distributing behavior, wherein after an initial downloading user obtains a data downloading right, the system obtains required data from a background database according to a downloading request of the initial downloading user and encapsulates the required data into a JSON data chain, a user information area is added to the JSON data chain, user information of the initial downloading user is added to the user information area, then a user private key of the initial downloading user is used for encrypting the JSON data chain, the encrypted data is further encoded by using BAS64 to generate a DAT file, and the user private key of the initial downloading user and the generated DAT file are sent to a person needing to be distributed.
4. The implementation method of the data security control system according to claim 3, further comprising a re-distribution behavior, if further distribution is needed, a re-distribution user needs to use the data control system, and import the received user private key of the previous distribution user and the DAT file corresponding to the user private key, the data control system uses the user private key to perform decryption, after decryption is successful, the user information of the re-distribution user is added to the user information area of the decrypted JSON data chain, and at the same time, the user private key of the re-distribution user is used to perform encryption, the encrypted data is encoded by BAS64 to form a DAT file, and then the user private key of the re-distribution user and the DAT file are sent to the receiver.
5. The method for implementing the data security control system according to claim 4, wherein when the receiver needs to use the data, the received DAT file and the encrypted user private key used by the file are imported to the data use control system, and the DAT file is decrypted by the data use control system by using the imported user private key and is displayed in the data use control system.
6. The method for implementing a data security control system according to claim 5, wherein the data validity period information is added to the JSON data link, and the validity period information is added during data distribution; the data control system automatically checks whether the current data is in the valid period during decryption, and stops decryption if the current data is not in the valid period, so as to prompt that the data is out of date.
7. A data security control system is characterized by being realized by the implementation method of the data security control system according to any one of claims 1 to 6.
8. A computer-readable storage medium, characterized in that the readable storage medium stores a computer program which, when executed by a processor, causes the processor to execute a method of implementing the data security control system according to any one of claims 1 to 6.
CN202111358209.1A 2021-11-16 2021-11-16 Method, system and storage medium for implementing data security control Pending CN114036545A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111358209.1A CN114036545A (en) 2021-11-16 2021-11-16 Method, system and storage medium for implementing data security control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111358209.1A CN114036545A (en) 2021-11-16 2021-11-16 Method, system and storage medium for implementing data security control

Publications (1)

Publication Number Publication Date
CN114036545A true CN114036545A (en) 2022-02-11

Family

ID=80144620

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111358209.1A Pending CN114036545A (en) 2021-11-16 2021-11-16 Method, system and storage medium for implementing data security control

Country Status (1)

Country Link
CN (1) CN114036545A (en)

Similar Documents

Publication Publication Date Title
CN114726643B (en) Data storage and access methods and devices on cloud platform
AU2008341026B2 (en) System and method for securing data
CN101802833B (en) Local stores service is provided to the application run in application execution environment
KR100564731B1 (en) A method for providing data to a personal portable device via network and a system thereof
US7587608B2 (en) Method and apparatus for storing data on the application layer in mobile devices
US8204233B2 (en) Administration of data encryption in enterprise computer systems
US8572372B2 (en) Method for selectively enabling access to file systems of mobile terminals
CN109923548A (en) Method, system and the computer program product that encryption data realizes data protection are accessed by supervisory process
US20080209231A1 (en) Contents Encryption Method, System and Method for Providing Contents Through Network Using the Encryption Method
CN105103119A (en) Data security service
MXPA06001252A (en) Flexible licensing architecture in content rights management systems.
CN104756127A (en) Secure data handling by a virtual machine
JPH1185622A (en) Protection memory for core data secret item
CN105122265A (en) Data security service system
CN110708162B (en) Resource acquisition method and device, computer readable medium and electronic equipment
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN112422287B (en) Multi-level role authority control method and device based on cryptography
CN113592497A (en) Financial transaction service security authentication method and device based on block chain
CN114036545A (en) Method, system and storage medium for implementing data security control
KR101249343B1 (en) Method for protection of a digital rights file
CN113987561A (en) Trusted execution environment-based private data classification method, system and terminal
CN108985079B (en) Data verification method and verification system
KR20090022493A (en) Device authenticating apparatus, method and computer readable record-medium on which program for executing method thereof
CN114826616B (en) Data processing method, device, electronic equipment and medium
CN116244671A (en) Authentication method, authentication device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination