CN114036545A - Method, system and storage medium for implementing data security control - Google Patents
Method, system and storage medium for implementing data security control Download PDFInfo
- Publication number
- CN114036545A CN114036545A CN202111358209.1A CN202111358209A CN114036545A CN 114036545 A CN114036545 A CN 114036545A CN 202111358209 A CN202111358209 A CN 202111358209A CN 114036545 A CN114036545 A CN 114036545A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- control system
- private key
- distribution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method, a system and a storage medium for realizing a data security control system, which are characterized in that strict user identity authentication is set before accessing controlled data by a user at this time, and the authority of accessing the controlled data is acquired after the user identity authentication; providing controlled data access rights of different levels for the current access user passing the identity authentication; controlled data are encrypted by adopting a drive level technology during storage, a specific data control system is arranged, and the data decryption and display can be realized only in the data control system by a user accessing the data through a specific key. By authenticating the user accessing the data, unauthorized access of the application is prevented, and only legal personnel can access the data application system; automatically increasing a path for transmitting and tracking data transmission to form a whole data using chain; the possibility of unauthorized access is greatly reduced, and the safety and traceability of data control are improved.
Description
Technical Field
The invention relates to the field of financial transaction support systems, in particular to a method, a system and a storage medium for realizing data security control.
Background
In the era of information explosion today, the meaning of data has far exceeded the notion of its intended value. Any information stored in various storage media, such as a document, a picture, a movie, a program, etc., may be referred to as data. The data coverage is extremely wide, as small as one diary, as large as all client data of multinational companies, and the importance of data security is self-evident.
The data use of the current banking service application system is mostly controlled by a user logging in the application system, and the downloading and the propagation of the data are not subjected to any safety control. The security control of the sensitive data is the final barrier of the data security of the application system, once the data is separated from the application system, the data is randomly or illegally spread, and the data security of the whole application system does not exist any more, so that the data security is very important to protect the data. There are two ways of data access: and displaying the data by using the application system page, downloading the data, and then opening the data by using an office software tool for reading. In order to eliminate the security risks brought by the two data access modes to the data use, in this document, we need to solve the following two problems: data is arbitrarily downloaded and propagated.
Disclosure of Invention
The technical problem to be solved by the invention is how to prevent the data of the application system from being illegally accessed, arbitrarily downloaded and arbitrarily spread.
The invention provides a method for realizing a data security control system, which is characterized in that strict user identity authentication is set before accessing controlled data by a user at this time, and the authority of the accessed controlled data is acquired after the user identity authentication; providing controlled data access rights of different levels for the current access user passing the identity authentication; controlled data are encrypted by adopting a drive level technology during storage, a specific data control system is arranged, and the data decryption and display can be realized only in the data control system by a user accessing the data through a specific key.
The method for realizing the data security control system is characterized in that the user identity authentication is realized by adopting an AES symmetric encryption mode, a public key is generated by the system, a user private key is distributed to each user, and the user identity authentication is carried out through the obtained user private key.
The implementation method of the data security control system is characterized by comprising initial downloading and distributing behaviors, after an initial downloading user obtains data downloading permission, the system acquires required data from a background database according to a downloading request of the initial downloading user and encapsulates the required data into a JSON data chain, a user information area is added in the JSON data chain, user information of the initial downloading user is added in the user information area, then the user private key of the initial downloading user is used for encrypting the JSON data chain, the encrypted data is further encoded by BAS64 to generate a DAT file, and the user private key of the initial downloading user and the generated DAT file are sent to a person needing to be distributed.
The implementation method of the data security control system is characterized by further comprising a re-distribution behavior, if further distribution is needed, a re-distribution user needs to use the data control system, the received user private key of the upper-level distribution user and a DAT file corresponding to the user private key are imported, the data control system uses the user private key for decryption, after decryption is successful, user information of the re-distribution user is added to a user information area of a decrypted JSON data chain, meanwhile, the user private key of the re-distribution user is used for encryption, the encrypted data is encoded by BAS64 to form a DAT file, and then the user private key of the re-distribution user and the DAT file are sent to a receiver.
The implementation method of the data security control system is characterized in that when a receiver needs to use data, a received DAT file and an encrypted user private key used by the file are imported into the data use control system, and the DAT file is decrypted by the data use control system by using the imported user private key and displayed in the data use control system.
The implementation method of the data security control system is characterized in that the method is characterized in that the data validity period information is added on a JSON data chain, and the validity period information is added during data distribution; the data control system automatically checks whether the current data is in the valid period during decryption, and stops decryption if the current data is not in the valid period, so as to prompt that the data is out of date.
A data security control system is characterized by being realized by adopting the implementation method of the data security control system.
A computer-readable storage medium, characterized in that the readable storage medium stores a computer program which, when executed by a processor, causes the processor to execute an implementation method of the data security control system.
The implementation of the invention has the following beneficial effects: by authenticating the user accessing the data, unauthorized access of the application is prevented, and only legal personnel can access the data application system; automatically increasing a path for transmitting and tracking data transmission to form a whole data using chain; the possibility of unauthorized access is greatly reduced, and the safety and traceability of data control are improved.
Drawings
FIG. 1 is a flow chart of the initial download and distribution behavior of data;
FIG. 2 is a flow diagram of data redistribution activity;
fig. 3 is a data query presentation flow diagram.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
FIG. 1 is a flow chart of the initial download and distribution behavior of data; the system can be divided into a data application system and a data control system, wherein the data application system comprises a unified user authentication and data subsystem; the data control system comprises a key subsystem, an authentication subsystem and a display subsystem. When a user downloads controlled data from the system, the user needs to log in firstly, strict user authentication is carried out in the login process, in order to increase the security of user authentication, artificial or AI character biological feature identification authentication can be added in a bidirectional audio and video conversation mode, a data request is sent to the digital subsystem after the authentication is passed, the data in the database is obtained by the data subsystem according to the request of the user, the data can be plaintext data or encrypted, and if the data is encrypted, the data needs to be decrypted into the plaintext data. The method comprises the steps of converting plaintext data into a JSON data chain format, adding a user information using region in the JSON data chain, adding user information of an initial downloading user to the user information using region, encrypting a user private key of the initial downloading user used by the JSON data chain, further coding the encrypted data by using BAS64, generating a DAT file, and sending the user private key of the initial downloading user and the generated DAT file to a person needing to be distributed if the DAT file needs to be distributed.
FIG. 2 is a flow diagram of data redistribution activity; if the user already has controlled data on hand, further distribution is required; the data control system is used for carrying out user login and user authentication, after the authentication is successful, the data to be distributed and the obtained user private key are decrypted and decrypted into a plaintext JSON data chain, user information of a re-distribution user is added to a user information using region of the JSON data chain, meanwhile, the user private key of the re-distribution user is used for encryption, the encrypted data is encoded by BAS64 to form an encrypted DAT file, and then the user private key of the re-distribution user and the DAT file are sent to a receiver.
FIG. 3 is a data query presentation flow diagram; if the user needs to use the hand to have the controlled data, and needs to further distribute, the user needs to log in and authenticate the user through the data control system, when the receiver needs to use the data, the received DAT file and the encrypted user private key used by the file are imported into the data control system, the DAT file is decrypted by the data control system through the imported user private key, and the DAT file is displayed in a temporary display subsystem in the data control system.
In order to further improve the security, the validity period information is added during data distribution; the data control system automatically checks whether the current data is in the valid period during decryption, and stops decryption if the current data is not in the valid period, so as to prompt that the data is out of date. And the indication or the number of times of distribution is allowed can be increased, the possibility that the data is randomly distributed is further limited, and the safety of the system is further improved.
In summary, the above embodiments are merely illustrative of the principles and effects of the present invention, and are not intended to limit the present invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (8)
1. A method for realizing a data security control system is characterized in that strict user identity authentication is set before accessing controlled data of a user at this time, and the right of accessing the controlled data is obtained after the user identity authentication; providing controlled data access rights of different levels for the current access user passing the identity authentication; controlled data are encrypted by adopting a drive level technology during storage, a specific data control system is arranged, and the data decryption and display can be realized only in the data control system by a user accessing the data through a specific key.
2. The method of claim 1, wherein the user authentication is implemented by AES symmetric encryption, the system generates a public key and assigns a user private key to each user, and the user authentication is performed by the obtained user private key.
3. The implementation method of the data security control system according to claim 2, comprising an initial downloading and distributing behavior, wherein after an initial downloading user obtains a data downloading right, the system obtains required data from a background database according to a downloading request of the initial downloading user and encapsulates the required data into a JSON data chain, a user information area is added to the JSON data chain, user information of the initial downloading user is added to the user information area, then a user private key of the initial downloading user is used for encrypting the JSON data chain, the encrypted data is further encoded by using BAS64 to generate a DAT file, and the user private key of the initial downloading user and the generated DAT file are sent to a person needing to be distributed.
4. The implementation method of the data security control system according to claim 3, further comprising a re-distribution behavior, if further distribution is needed, a re-distribution user needs to use the data control system, and import the received user private key of the previous distribution user and the DAT file corresponding to the user private key, the data control system uses the user private key to perform decryption, after decryption is successful, the user information of the re-distribution user is added to the user information area of the decrypted JSON data chain, and at the same time, the user private key of the re-distribution user is used to perform encryption, the encrypted data is encoded by BAS64 to form a DAT file, and then the user private key of the re-distribution user and the DAT file are sent to the receiver.
5. The method for implementing the data security control system according to claim 4, wherein when the receiver needs to use the data, the received DAT file and the encrypted user private key used by the file are imported to the data use control system, and the DAT file is decrypted by the data use control system by using the imported user private key and is displayed in the data use control system.
6. The method for implementing a data security control system according to claim 5, wherein the data validity period information is added to the JSON data link, and the validity period information is added during data distribution; the data control system automatically checks whether the current data is in the valid period during decryption, and stops decryption if the current data is not in the valid period, so as to prompt that the data is out of date.
7. A data security control system is characterized by being realized by the implementation method of the data security control system according to any one of claims 1 to 6.
8. A computer-readable storage medium, characterized in that the readable storage medium stores a computer program which, when executed by a processor, causes the processor to execute a method of implementing the data security control system according to any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111358209.1A CN114036545A (en) | 2021-11-16 | 2021-11-16 | Method, system and storage medium for implementing data security control |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111358209.1A CN114036545A (en) | 2021-11-16 | 2021-11-16 | Method, system and storage medium for implementing data security control |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114036545A true CN114036545A (en) | 2022-02-11 |
Family
ID=80144620
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111358209.1A Pending CN114036545A (en) | 2021-11-16 | 2021-11-16 | Method, system and storage medium for implementing data security control |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114036545A (en) |
-
2021
- 2021-11-16 CN CN202111358209.1A patent/CN114036545A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN114726643B (en) | Data storage and access methods and devices on cloud platform | |
AU2008341026B2 (en) | System and method for securing data | |
CN101802833B (en) | Local stores service is provided to the application run in application execution environment | |
KR100564731B1 (en) | A method for providing data to a personal portable device via network and a system thereof | |
US7587608B2 (en) | Method and apparatus for storing data on the application layer in mobile devices | |
US8204233B2 (en) | Administration of data encryption in enterprise computer systems | |
US8572372B2 (en) | Method for selectively enabling access to file systems of mobile terminals | |
CN109923548A (en) | Method, system and the computer program product that encryption data realizes data protection are accessed by supervisory process | |
US20080209231A1 (en) | Contents Encryption Method, System and Method for Providing Contents Through Network Using the Encryption Method | |
CN105103119A (en) | Data security service | |
MXPA06001252A (en) | Flexible licensing architecture in content rights management systems. | |
CN104756127A (en) | Secure data handling by a virtual machine | |
JPH1185622A (en) | Protection memory for core data secret item | |
CN105122265A (en) | Data security service system | |
CN110708162B (en) | Resource acquisition method and device, computer readable medium and electronic equipment | |
CN110708291B (en) | Data authorization access method, device, medium and electronic equipment in distributed network | |
CN112422287B (en) | Multi-level role authority control method and device based on cryptography | |
CN113592497A (en) | Financial transaction service security authentication method and device based on block chain | |
CN114036545A (en) | Method, system and storage medium for implementing data security control | |
KR101249343B1 (en) | Method for protection of a digital rights file | |
CN113987561A (en) | Trusted execution environment-based private data classification method, system and terminal | |
CN108985079B (en) | Data verification method and verification system | |
KR20090022493A (en) | Device authenticating apparatus, method and computer readable record-medium on which program for executing method thereof | |
CN114826616B (en) | Data processing method, device, electronic equipment and medium | |
CN116244671A (en) | Authentication method, authentication device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |