CN114048498A - Data sharing method, device, equipment and medium - Google Patents

Data sharing method, device, equipment and medium Download PDF

Info

Publication number
CN114048498A
CN114048498A CN202111394890.5A CN202111394890A CN114048498A CN 114048498 A CN114048498 A CN 114048498A CN 202111394890 A CN202111394890 A CN 202111394890A CN 114048498 A CN114048498 A CN 114048498A
Authority
CN
China
Prior art keywords
data
party
shared
sharing
data sharing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111394890.5A
Other languages
Chinese (zh)
Inventor
姚善
杨圣峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202111394890.5A priority Critical patent/CN114048498A/en
Publication of CN114048498A publication Critical patent/CN114048498A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present disclosure relates to a data sharing method, apparatus, device, and medium. The data sharing method comprises the following steps: acquiring data to be shared of a data sharing party; determining a data sharing mode based on the current network environment; based on the data sharing mode, authenticating a data sharing party and a data access party; and after the data sharing party and the data access party pass the authentication, sending the data to be shared to the data access party based on the data sharing mode. According to the embodiment of the disclosure, the coupling degree of the data access party can be reduced, the data sharing and docking cost is effectively reduced, and the data storage safety of the data sharing party is improved.

Description

Data sharing method, device, equipment and medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a data sharing method, apparatus, device, and medium.
Background
With the continuous development of the information age, the information exchange of different departments and different regions is gradually increased, and the development of the computer network technology provides guarantee for information transmission. The data sharing is realized, more people can fully use the existing data resources, and the repeated work and corresponding cost of data collection, data acquisition and the like are reduced.
At present, in the related technical solutions, a data sharing party opens an account for a data accessing party and binds an Internet Protocol (IP), a Software Development Kit (SDK) is set at the data accessing party, and an SKD authenticates the IP of the data accessing party, so that the data accessing party passing the authentication accesses a storage environment of the data sharing party. Therefore, the current data sharing scheme has high coupling degree to the data access party, which results in high data sharing cost. And, the data accessing party can directly access the storage environment of the data sharing party, which results in poor storage security of the data accessing party.
Disclosure of Invention
To solve the technical problem or at least partially solve the technical problem, the present disclosure provides a data sharing method, apparatus, device and storage medium.
In a first aspect, an embodiment of the present disclosure provides a data sharing method, including:
acquiring data to be shared of a data sharing party;
determining a data sharing mode based on the current network environment;
based on the data sharing mode, authenticating a data sharing party and a data access party;
and after the data sharing party and the data access party pass the authentication, sending the data to be shared to the data access party based on the data sharing mode.
In a second aspect, an embodiment of the present disclosure provides a data sharing apparatus, including:
the first acquisition module is used for acquiring data to be shared of a data sharing party;
the first determining module is used for determining a data sharing mode based on the current network environment;
the authentication module is used for authenticating a data sharing party and a data access party based on a data sharing mode;
and the sending module is used for sending the data to be shared to the data access party based on the data sharing mode after the data sharing party and the data access party are authenticated.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including:
a processor;
a memory for storing executable instructions;
wherein the processor is configured to read the executable instructions from the memory and execute the executable instructions to implement the method according to the first aspect.
In a fourth aspect, the disclosed embodiments provide a computer-readable storage medium having a computer program stored therein, which, when executed by a processor, implements the method according to the first aspect.
Compared with the existing network security data sharing scheme, the technical scheme provided by the embodiment of the disclosure has the following advantages:
the data sharing method, device, equipment and medium provided by the embodiment of the disclosure can acquire data to be shared of a data sharing party; determining a data sharing mode based on the current network environment; based on the data sharing mode, authenticating a data sharing party and a data access party; and after the data sharing party and the data access party pass the authentication, sending the data to be shared to the data access party based on the data sharing mode. Therefore, the data sharing method in the disclosure removes the SDK in a decoupling mode, so that the data access party does not need to set the SDK, the coupling degree of the data access party is reduced, and the data sharing docking cost is effectively reduced. And the data to be shared is sent to the data access party through the data sharing system, so that the data access party cannot directly access the storage environment of the data sharing party, and the data storage safety of the data sharing party can be protected.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the technical solutions in the embodiments or the prior acceleration schemes of the present disclosure, the drawings needed to be used in the description of the embodiments or the prior acceleration schemes will be briefly described below, and it is obvious for those skilled in the art to obtain other drawings without any creative effort.
Fig. 1 is a flowchart of a data sharing method provided by an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a data sharing system provided in an embodiment of the present disclosure;
fig. 3 is a schematic flow chart of a data sharing process provided by an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a data sharing apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device in an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
Fig. 1 is a flowchart of a data sharing method provided by an embodiment of the present disclosure, which may be performed by an electronic device including a data sharing system. The electronic device may exemplarily be understood as a device with computing functionality, such as a mobile phone, a tablet computer, a notebook computer, a desktop computer, a smart tv, etc. As shown in fig. 1, the method provided by this embodiment includes the following steps:
and S110, acquiring the data to be shared of the data sharing party.
In the embodiment of the present disclosure, after the data sharing task is established, the data sharing system may start the data sharing task, so as to share the data to be shared provided by the data sharing party to the data accessing party. When the data sharing system shares data for the data to be shared, the data to be shared of the data sharing party needs to be acquired first.
Specifically, the data to be shared is data to be shared provided by the data sharing party. The specific content of the data to be shared and the type of the data to be included are determined by the data sharing party, and are not limited herein. Illustratively, the data to be shared includes network security data and the like.
Optionally, after S110, the type of the data to be shared may be further combed to obtain the shared data directory.
Specifically, the data to be shared can be combed according to the type of the shared data provided by the shared data task, so as to form a shared data directory.
In one example, the data sharing party is a situation awareness product, and the data to be shared is data to be shared provided by the situation awareness product. Combing the data type of the data to be shared to obtain a shared data directory, wherein the shared data directory may include: asset data, threat intelligence data, security event data, vulnerability data, alarm data, work order data, security report data, emergency response data, and the like.
Specifically, the data interaction policy of each type of data to be shared may include at least one of a synchronization policy, an update policy, and a deletion policy.
Specifically, there are various specific embodiments of S110, and a typical example is described below, but the present disclosure is not limited thereto.
In some embodiments, the data sharing party actively sends the data to be shared to the data sharing system.
Specifically, when detecting that new data (i.e., data to be shared) is generated by the data sharing party, the data sharing party actively sends the data to be shared to the data sharing system.
In other embodiments, the data sharing party passively sends the data to be shared to the data sharing system.
In one example, the data sharing system sends the data to be shared acquisition request to the data sharing party irregularly (or randomly), so that the data sharing party sends the data to be shared to the data sharing system in response to the data to be shared acquisition request.
In another example, the data sharing system periodically sends a data to be shared acquisition request to the data sharing party, so that the data sharing party sends the data to be shared to the data sharing system in response to the data to be shared acquisition request.
Specifically, in response to the data to be shared obtaining request, the data sharing party detects whether the data to be shared is generated by itself, if so, sends the data to be shared to the data sharing system, otherwise, does not send the data to be shared to the data sharing system, and can send a notification of no data to be shared to the data sharing system.
And S120, determining a data sharing mode based on the current network environment.
In the embodiment of the disclosure, when a data sharing task is established, multiple data sharing modes may be set, so that after the data sharing task is started, the data sharing mode matched with the current network environment is determined according to the current network environment.
Specifically, there are various specific embodiments of S120, and a typical example is described below, but the present disclosure is not limited thereto.
In some embodiments, S120 specifically includes: when the network is reachable, the data sharing mode is determined to be an Application Programming Interface (API) mode or a KAFAK mode.
In other embodiments, S120 specifically includes: when the network is not reachable, the data sharing mode is determined to be a File Transfer Protocol (SFTP) mode.
It can be understood that, in the related art, the data accessing party can access the data sharing party only when the network is reachable, and the data accessing party cannot access the data sharing party when the network is not reachable, so that data sharing cannot be realized. However, in the embodiment of the present disclosure, different data sharing manners are made according to different network environments, so that the method is adaptable to different network environments, data sharing is more convenient, and data sharing implementation efficiency is improved.
S130, authenticating the data sharing party and the data access party based on the data sharing mode.
In the embodiment of the present disclosure, when a data sharing task is established, a preset data sharing party and a preset data accessing party corresponding to the data sharing task are determined. In order to ensure that the data sharing party and the data access party which actually perform data sharing are the preset data sharing party and the preset data access party after the data sharing task is started, the data sharing party and the data access party which actually perform data sharing need to be authenticated.
Specifically, there are various specific embodiments of S130, and a typical example is described below, but the present disclosure is not limited thereto.
In some embodiments, when the data sharing mode is the application programming interface mode, the Internet Protocol Address (IP Address) of the data sharing party is authenticated, and the Internet Address and the account information of the data accessing party are authenticated.
Specifically, the data sharing system authenticates the data sharing party as follows: and the data sharing system acquires the IP address of the data sharing party, compares the IP address with the preset IP address of the data sharing party, and if the IP address is consistent with the preset IP address of the data sharing party, the authentication of the data sharing party is passed, otherwise, the authentication of the data sharing party is not passed.
Specifically, the data sharing system authenticates the data access party as follows: the data sharing system acquires the IP address and the account information of the data access party, compares the IP address with the IP address of a preset data sharing party, compares the account information with the account information of the preset data sharing party, and if the IP address and the account information are consistent, the authentication of the data access party is passed, otherwise, the authentication of the data access party is not passed.
In other embodiments, when the data sharing mode is the KAFAK mode, the account information of the data sharing party is authenticated, and the account information of the data accessing party is authenticated.
Specifically, the data sharing system authenticates the data sharing party as follows: the data sharing system acquires account information of a data sharing party aiming at KAFAK, compares the account information with preset account information of the data sharing party, if the account information is consistent with the preset account information of the data sharing party, the authentication of the data sharing party is passed, otherwise, the authentication of the data sharing party is not passed. The account information described here and below may include, but is not limited to, an account number, a password, and the like.
Specifically, the data sharing system authenticates the data access party as follows: the data sharing system acquires account information of a data access party aiming at KAFAK, compares the account information with preset account information of the data access party, if the account information is consistent with the preset account information of the data access party, the authentication of the data access party is passed, and otherwise, the authentication of the data access party is not passed.
In still other embodiments, when the data sharing mode is the file encryption transmission protocol mode, the account information of the data sharing party is authenticated, and the account information of the data accessing party is authenticated.
Specifically, the data sharing system authenticates the data sharing party as follows: and the data sharing system acquires the account information of the data sharing party aiming at the SFTP, compares the account information with the preset account information of the data sharing party, if the account information is consistent with the preset account information of the data sharing party, the authentication of the data sharing party is passed, and otherwise, the authentication of the data sharing party is not passed.
Specifically, the data sharing system authenticates the data access party as follows: the data sharing system acquires account information of a data access party aiming at the SFTP, compares the account information with preset account information of the data access party, if the account information is consistent with the preset account information of the data access party, the authentication of the data access party is passed, and otherwise, the authentication of the data access party is not passed.
It can be understood that, in the related art, the data accessing party directly accesses the storage environment of the data storing party, and because the data sharing party has a low data resolution, the data sharing party cannot accurately know the data taken by the data accessing party, for example, the data sharing party only knows that the data accessing party accesses a certain data table, but cannot accurately know which data in the data table the data accessing party accesses. However, in the embodiment of the present disclosure, after the data sharing system authenticates the data sharing party and the data accessing party, only the to-be-shared data that the data sharing party has the right to share and the data accessing party has the right to acquire is sent to the data accessing party, so that the data accessing party is prevented from acquiring the data that the data accessing party does not have the right to acquire, and the data security of the data sharing party is improved.
And S140, after the data sharing party and the data access party are authenticated, sending the data to be shared to the data access party based on the data sharing mode.
In the embodiment of the disclosure, the authentication of both the data sharing party and the data accessing party is passed, which indicates that the data sharing and data accessing party actually performing data sharing is consistent with the preset data sharing party and the preset data accessing party, and the data sharing and the data accessing party have the right to perform data sharing, otherwise, the data sharing and the data accessing party do not have the right to perform data sharing.
Specifically, the data sharing system sends the data to be shared to the data access party by means of offline, email, short message and the like. But is not limited thereto.
Specifically, there are various data sharing manners, and accordingly, there are various specific embodiments of "sending data to be shared to a data access party based on the data sharing manner", and the following description is made with reference to a typical example, but the present disclosure is not limited thereto.
In some embodiments, when the data sharing mode is the application programming interface mode, the data to be shared is sent according to the internet protocol address and the port number of the data access party.
Specifically, when the data sharing mode is an API, the data sharing system may send the data to be shared according to the internet protocol address and the port number of the data accessing party, and various types of data to be shared may be sent through the same channel.
In other embodiments, when the data sharing mode is the KAFAK mode, different channels are configured for each type of data to be shared based on the shared data directory to send the data to be shared.
Specifically, when the data sharing mode is KAFAK, the data sharing system may configure different channels for each type of data to be shared to send the data to be shared after combing the data to be shared.
In one example, the data sharing system combs data to be shared, and the obtained shared data directory includes: and the asset data, the threat intelligence data and the security event data are respectively sent to the data access party through different TOPIC channels.
In still other embodiments, when the data sharing mode is a file encryption transfer protocol mode, different paths are configured for each type of data to be shared based on the shared data directory to send the data to be shared.
Specifically, when the data sharing mode is SFTP, the data sharing system may configure different paths for each type of data to be shared and send the data to be shared after combing the data to be shared.
In some embodiments, the data access party includes a computer, and each type of data to be shared needs to be stored in a different path of the computer, the data sharing system may configure a different path for each type of data to be shared to send the data to be shared, so as to satisfy that each type of data to be shared is stored in its corresponding location.
Optionally, configuring a different path for each type of data to be shared to send the data to be shared includes: and configuring different paths, different IP addresses, different port numbers, different account numbers and different passwords for each type of data to be shared to send the data to be shared.
It can be understood that when the data access party includes a plurality of data access parties, since the authentication information (IP address, port number, account number, and password) of different data access parties may be different, different types of data to be shared can be sent to their corresponding data access parties through the above setting.
It can be understood that, in the data sharing process of the related art, the data accessing party can directly access the storage environment of the data sharing party, which provides a convenient condition for the illegal data accessing party to tamper with the data of the data sharing party, resulting in poor security of the data sharing party. However, in the embodiment of the present disclosure, the data accessing party needs to perform data acquisition through the data sharing system, that is, the data accessing party cannot directly access the storage environment of the data sharing party, so that the data storage security of the data sharing party can be protected. In addition, in the embodiment of the disclosure, the data sharing party and the data accessing party do not need to have built-in SDKs, and the data sharing party and the data accessing party can be independently deployed, so that decoupling is realized, and the data sharing docking cost can be effectively reduced.
The data sharing method, device, equipment and medium provided by the embodiment of the disclosure can acquire data to be shared of a data sharing party; determining a data sharing mode based on the current network environment; based on the data sharing mode, authenticating a data sharing party and a data access party; and after the data sharing party and the data access party pass the authentication, sending the data to be shared to the data access party based on the data sharing mode. Therefore, the data sharing method in the disclosure removes the SDK in a decoupling mode, so that the data access party does not need to set the SDK, the coupling degree of the data access party is reduced, and the data sharing docking cost is effectively reduced. And the data to be shared is sent to the data access party through the data sharing system, so that the data access party cannot directly access the storage environment of the data sharing party, and the data storage safety of the data sharing party can be protected.
In another embodiment of the present disclosure, sending data to be shared to a data accessing party includes: and based on the encryption mode, encrypting and sending the data to be shared to the data access party.
Specifically, there are various specific implementations of encryption, which can be set by those skilled in the art according to practical situations, and the implementation is not limited herein. Illustratively, the encryption scheme is Secure Socket Layer (SSL).
It can be understood that, by encrypting and transmitting the data to be shared, the security of the data sharing process can be improved.
In another embodiment of the present disclosure, before sending data to be shared to a data access party based on a sharing mode, the method further includes: and when detecting that the data to be shared does not meet the data docking standard of the data access party, preprocessing the data to be shared so as to enable the data to be shared to meet the data docking standard of the data access party.
Specifically, there are various specific embodiments for preprocessing the data to be shared, and a typical example is described below.
Optionally, the preprocessing the data to be shared so that the data to be shared meets the data docking standard of the data accessing party includes: performing data structure mapping based on the data structure standard of the data access party and the data structure standard of the data to be shared to obtain a data mapping template; and splitting and recombining the data to be shared based on the data mapping template to obtain the data to be shared which meets the data docking standard of the data access party.
In particular, the data structure criteria may include, but is not limited to, field criteria.
Optionally, when the data structure standard comprises a field standard, performing the data structure mapping may comprise: and for each piece of data to be shared, determining a field corresponding to the data of each attribute according to the data structure standard of the data sharing party, determining a field corresponding to the data of each attribute according to the data structure standard of the data accessing party, and establishing a mapping relation between the field of the data of the same attribute on the data sharing party and the field of the data accessing party to obtain a data mapping template.
In one example, both the data-sharing party and the data-accessing party maintain some personal information, and both parties do not know which field the other party placed the name, which field the gender, and which field the identification number. At this time, field mapping needs to be done. For example, the data sharing party places the name in the field a, but the data accessing party places the name in the field C, and the field a-name-field C is a field map. The name extracted from the field A of the data sharing party is put into the field C, so that the mapping of the name can be completed, and similarly, the field mapping of the gender and the identity card number can be completed.
Specifically, for each attribute data of each piece of data to be shared, whether the number of the attribute data is the same in the fields corresponding to the data sharing party and the data accessing party can be detected according to the data mapping template, if so, the attribute data is placed in the field required by the data accessing party, and if not, the attribute data is split and recombined, so that the number of the attribute data in the fields corresponding to the data sharing party and the data accessing party is the same.
In one example, where the data sharer and the data accessor each comprise a piece of data describing the computer, it relates to attributes of the computer such as brand, model, IP address, user, etc. When the computer includes multiple network cards, the computer will have multiple IP addresses. However, at the data sharing party, the IP address corresponds to three fields, each field corresponds to one IP address, and at the data accessing party, the IP address corresponds to one field, at this time, the data docking standards of the data sharing party and the data accessing party are different, and the data of the data sharing party needs to be split and reassembled according to the data docking standard of the data accessing party. One way is that: a piece of data describing the computer is divided into three pieces of data, and each piece of data comprises an IP address. The other mode is as follows: three IP addresses may be placed in one field and separated by commas, pauses, etc.
It can be understood that the data sharing system adopts a tangent plane mode, performs data format conversion according to the data structure requirement of a data access party, can realize complex data format conversion, saves the customized docking cost, and improves the processing efficiency.
In another embodiment of the present disclosure, before acquiring data to be shared of a data sharing party, the method further includes: determining a sharing type; wherein, the sharing type comprises sending and receiving; and determining a data access party and a data sharing party according to the sharing type.
Specifically, when a data sharing task is newly created, if the sharing type is outgoing for the application system a, after the data sharing task is started, the application system a is a data sharing party and can send data to be shared to a data accessing party through the data sharing system; if the sharing type of the application system a is receiving, after the data sharing task is started, the application system a is a data access party, and the application system a can receive the data to be shared sent by the data sharing party through the data sharing system. Furthermore, it is possible for the application system a to be a data sharing party in one data sharing task and a data accessing party in another data sharing task.
In one example, a data sharing system connects an application system a and an application system B, when a data sharing task is newly created, if a sharing type is sent out for the application system a, after the data sharing task is started, the application system a is a data sharing party, the application system B is a data access party, and the application system a can send out data to be shared to the application system B through the data sharing system; if the sharing type of the application system a is receiving, after the data sharing task is started, the application system a is a data access party, the application system B is a data sharing party, and the application system a can receive the data to be shared, which is sent to the application system B by the application system B, through the data sharing system.
It can be understood that, in the related art, the data sharing party can only share data externally, and does not have the problem of collecting data. However, in the embodiment of the present disclosure, the data sharing system may specify a data sharing direction when a data sharing task is newly created, so that a certain application system may serve as a data sharing party to send data to be shared externally, and may also serve as a data accessing party to collect data to be shared sent by other application systems.
In another embodiment of the present disclosure, after sending data to be shared to a data access party based on a data sharing manner, the method further includes: and recording the sharing information of the data sharing party and the data accessing party into a sharing log.
Specifically, the specific content of the shared information may be set by those skilled in the art according to practical situations, and is not limited herein.
Optionally, the shared information may include interface call information, and accordingly, the shared log may include an interface call log.
Specifically, the interface call information may include: IP information, authorization information, calling time, status, etc. of the data access party. But is not limited thereto.
Optionally, the shared information may further include data interaction information, and accordingly, the shared log may include a data interaction log.
Specifically, for the data sharing party, the data interaction information may include: shared data directory, shared time, shared data quantity, shared status, etc. But is not limited thereto.
Specifically, for the data access party, the data interaction information may include: access data directory, access time, acquisition data combing, data acquisition status, etc. But is not limited thereto.
It can be understood that by recording the shared information of the data sharing party and the data accessing party into the shared log, it is convenient to trace the problem according to the shared log when the problem occurs subsequently.
Hereinafter, a data sharing method provided by the embodiment of the present disclosure will be described in detail based on a specific example.
Fig. 2 is a schematic structural diagram of a data sharing system according to an embodiment of the present disclosure. Referring to fig. 2, the data sharing system 200 includes: a shared data directory module 210, a data structure mapping module 220, an authentication module 230, a shared task creation module 240, and an audit log module 250. The shared data directory module 210 is configured to comb the data to be shared to obtain a shared data directory. The data structure mapping module 220 is configured to perform data mapping on data to be shared of the data sharing party according to a data structure requirement of the data accessing party to form a data mapping template, and split and reassemble the shared data in a tangent plane form based on the mapping template. The authentication module 230 is used for authenticating a data sharing party and a data accessing party. The shared task establishing module 240 is used for establishing a data sharing task. The audit log module 250 is used for recording interface call logs and data interaction logs of a data sharing party and a data accessing party.
The construction content of the data sharing task comprises the following steps: shared task name, shared data directory, shared type, shared task mode, shared period, shared target, etc.
Illustratively, the shared task name is network security data sharing.
The shared data directory includes: asset data, threat intelligence data, security event data, vulnerability data, alarm data, work orders, security reports, emergency plans, and the like.
The sharing types include: outgoing and receiving. The outward sending refers to that the situation awareness product serves as a data sharing party and shares data externally. Data reception means that the situation awareness product can be used as a data access party at the same time, and data can be received through the data sharing system.
The task sharing mode comprises the following steps: API, KAFAK, SFTP.
When the sharing mode is API: the sharing target is an IP address and port.
When the sharing target is KAFAK: different types of data to be shared are configured with different TOPICs.
When the sharing target is SFTP: different types of data to be shared are configured with different paths, IP addresses, ports, accounts and passwords.
When the sharing mode is API: the IP of the data sharing party needs to be configured for identification and authentication, and the authentication is carried out through the IP of the data accessing party and account information generated by the data sharing task.
When the sharing target is KAFAK: the account information of the data sharing party needs to be configured for authentication, and the account information generated by the data sharing task is used for authentication.
When the sharing target is SFTP: the account information of the data sharing party needs to be configured for authentication, and the account information generated by the data sharing task is used for authentication.
The sharing cycle includes: single sharing, periodic sharing. The single sharing means that the data sharing system distributes the data sharing task once. The periodic sharing refers to that the data sharing system periodically establishes the data sharing task and distributes the data sharing task once in each period, and distribution objects corresponding to different data sharing tasks may be the same or different, and are not limited herein. The duration of a cycle may be one day, ten days, one month, etc., and is not limited herein.
Fig. 3 is a flowchart illustrating a data sharing process according to an embodiment of the present disclosure. Referring to fig. 2 and 3, the data sharing process of the electronic device having the data sharing system shown in fig. 3 specifically includes the following steps:
and S310, determining the sharing type.
Wherein the sharing type includes sending and receiving.
And S320, determining a data access party and a data sharing party according to the sharing type.
S330, obtaining the data to be shared of the data sharing party.
S340, preprocessing the data to be shared when the data to be shared is detected not to meet the data docking standard of the data access party, so that the data to be shared meets the data docking standard of the data access party.
And S350, determining a data sharing mode based on the current network environment.
And S360, authenticating the data sharing party and the data access party based on the data sharing mode.
And S370, after the data sharing party and the data access party pass the authentication, encrypting and sending the data to be shared to the data access party based on the data sharing mode and the encryption mode.
And S380, recording the sharing information of the data sharing party and the data accessing party into a sharing log.
The data sharing method provided by the embodiment of the invention has the advantages of simple scheme, low coupling degree and flexible implementation, and can effectively reduce the data sharing butt joint cost. Moreover, the method is suitable for various network scenes, so that data sharing is more convenient, and the utilization rate of shared data is higher. And moreover, the security of the data sharing process is improved by encrypting and transmitting the shared data. In addition, the data sharing system is used for splitting and recharging in a tangent plane form to support data format conversion, can adapt to complex data conversion, saves customized butt joint cost and improves processing efficiency.
Fig. 4 is a schematic structural diagram of a data sharing apparatus provided in an embodiment of the present disclosure, where the data sharing apparatus may be understood as the electronic device or a part of functional modules in the electronic device. As shown in fig. 4, the data sharing apparatus 400 includes:
a first obtaining module 410, configured to obtain data to be shared of a data sharing party;
a first determining module 420, configured to determine a data sharing manner based on a current network environment;
the authentication module 430 is configured to authenticate a data sharing party and a data access party based on a data sharing manner;
the sending module 440 is configured to send the data to be shared to the data accessing party based on the data sharing mode after the data sharing party and the data accessing party both pass the authentication.
In another embodiment of the present disclosure, the first determining module 420 includes:
the first determining submodule is used for determining that the data sharing mode is an application programming interface mode or a KAFAK mode when the network is reachable;
and the second determining submodule is used for determining that the data sharing mode is a file encryption transmission protocol mode when the network is not reachable.
In yet another embodiment of the present disclosure, the authentication module 430 includes:
the first authentication sub-module is used for authenticating the internet protocol address of the data sharing party and authenticating the internet address and account information of the data accessing party when the data sharing mode is the application programming interface mode;
the second authentication submodule is used for authenticating the account information of the data sharing party and authenticating the account information of the data accessing party when the data sharing mode is the KAFAK mode;
and the third authentication submodule is used for authenticating the account information of the data sharing party and authenticating the account information of the data access party when the data sharing mode is a file encryption transmission protocol mode.
In yet another embodiment of the present disclosure, the sending module 440 specifically includes:
the first sending submodule is used for sending the data to be shared according to the Internet protocol address and the port number of the data access party when the data sharing mode is the application programming interface mode;
the second sending submodule is used for configuring different channels for each type of data to be shared and sending the data to be shared based on the shared data directory when the data sharing mode is the KAFAK mode;
and the third sending submodule is used for configuring different paths for each type of data to be shared based on the shared data directory to send the data to be shared when the data sharing mode is a file encryption transmission protocol mode.
In yet another embodiment of the present disclosure, the sending module 440 is specifically configured to send the data to be shared to the data accessing party in an encrypted manner based on the encryption manner.
In yet another embodiment of the present disclosure, the apparatus further comprises:
and the preprocessing module is used for preprocessing the data to be shared to enable the data to be shared to meet the data docking standard of the data access party when the data to be shared is detected not to meet the data docking standard of the data access party before the data to be shared is sent to the data access party based on the sharing mode.
In yet another embodiment of the present disclosure, the preprocessing module includes:
the mapping submodule is used for carrying out data structure mapping based on the data structure standard of the data access party and the data structure standard of the data to be shared to obtain a data mapping template;
and the splitting and recombining submodule is used for splitting and recombining the data to be shared based on the data mapping template to obtain the data to be shared which meets the data docking standard of the data access party.
In yet another embodiment of the present disclosure, the apparatus further comprises:
the second determining module is used for determining the sharing type before the data to be shared of the data sharing party is obtained; wherein, the sharing type comprises sending and receiving;
and the third determining module is used for determining the data access party and the data sharing party according to the sharing type.
In yet another embodiment of the present disclosure, the apparatus further comprises:
and the recording module is used for recording the sharing information of the data sharing party and the data accessing party into the sharing log.
The apparatus provided in this embodiment can execute the method in any one of the above embodiments in fig. 1 and fig. 3, and the execution manner and the beneficial effects are similar, and are not described herein again.
For example, fig. 5 is a schematic structural diagram of an electronic device in an embodiment of the present disclosure. Referring now specifically to fig. 5, a schematic diagram of an electronic device 500 suitable for use in implementing embodiments of the present disclosure is shown. The electronic device 500 in the disclosed embodiment may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle terminal (e.g., a car navigation terminal), and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 5, electronic device 500 may include a processing means (e.g., central processing unit, graphics processor, etc.) 501 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM503, various programs and data necessary for the operation of the electronic apparatus 500 are also stored. The processing device 501, the ROM 502, and the RAM503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Generally, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 507 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, and the like; storage devices 508 including, for example, magnetic tape, hard disk, etc.; and a communication device 509. The communication means 509 may allow the electronic device 500 to communicate with other devices wirelessly or by wire to exchange data. While fig. 5 illustrates an electronic device 500 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 509, or installed from the storage means 508, or installed from the ROM 502. The computer program performs the above-described functions defined in the methods of the embodiments of the present disclosure when executed by the processing device 501.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: acquiring data to be shared of a data sharing party; determining a data sharing mode based on the current network environment; based on the data sharing mode, authenticating a data sharing party and a data access party; and after the data sharing party and the data access party pass the authentication, sending the data to be shared to the data access party based on the data sharing mode.
Computer program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The embodiments of the present disclosure further provide a computer-readable storage medium, where a computer program is stored in the storage medium, and when the computer program is executed by a processor, the method of any one of the embodiments in fig. 1 and fig. 3 may be implemented, where the execution manner and the beneficial effects are similar, and are not described herein again.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (12)

1. A data sharing method, performed by a data sharing system, the method comprising:
acquiring data to be shared of a data sharing party;
determining a data sharing mode based on the current network environment;
based on the data sharing mode, authenticating the data sharing party and the data access party;
and after the data sharing party and the data access party are authenticated, sending the data to be shared to the data access party based on the data sharing mode.
2. The method of claim 1, wherein determining the data sharing mode based on the current network environment comprises:
when the network is accessible, determining that the data sharing mode is an application programming interface mode or a KAFAK mode;
and when the network is not reachable, determining that the data sharing mode is a file encryption transmission protocol mode.
3. The method of claim 1, wherein authenticating the data sharer and the data accessor based on the data sharing mode comprises:
when the data sharing mode is an application programming interface mode, authenticating the Internet protocol address of the data sharing party, and authenticating the Internet address and account information of the data accessing party;
when the data sharing mode is a KAFAK mode, the account information of the data sharing party is authenticated, and the account information of the data accessing party is authenticated;
and when the data sharing mode is a file encryption transmission protocol mode, authenticating the account information of the data sharing party and authenticating the account information of the data access party.
4. The method according to claim 1, wherein the sending the data to be shared to a data access party based on the data sharing manner comprises:
when the data sharing mode is an application programming interface mode, sending the data to be shared according to the Internet protocol address and the port number of the data access party;
when the data sharing mode is a KAFAK mode, configuring different channels for each type of the data to be shared based on a shared data directory and sending the data to be shared;
and when the data sharing mode is a file encryption transmission protocol mode, configuring different paths for each type of the data to be shared based on a shared data directory, and sending the data to be shared.
5. The method of claim 1, wherein the sending the data to be shared to the data accessor comprises:
and based on an encryption mode, encrypting and sending the data to be shared to the data access party.
6. The method according to claim 1, before said sending the data to be shared to the data accessing party based on the sharing manner, further comprising:
and preprocessing the data to be shared when the data to be shared is detected not to meet the data docking standard of the data accessor, so that the data to be shared meets the data docking standard of the data accessor.
7. The method of claim 6, wherein preprocessing the data to be shared so that the data to be shared meets data docking criteria of the data accessor comprises:
performing data structure mapping based on the data structure standard of the data access party and the data structure standard of the data to be shared to obtain a data mapping template;
and splitting and recombining the data to be shared based on the data mapping template to obtain the data to be shared which meets the data docking standard of the data accessor.
8. The method according to claim 1, wherein before the obtaining the data to be shared of the data sharing party, further comprising:
determining a sharing type; wherein the sharing type comprises sending and receiving;
and determining the data access party and the data sharing party according to the sharing type.
9. The method according to claim 1, further comprising, after the sending the data to be shared to the data accessing party based on the data sharing manner, the following steps:
and recording the sharing information of the data sharing party and the data accessing party into a sharing log.
10. An apparatus for sharing network security data, comprising:
the first acquisition module is used for acquiring data to be shared of a data sharing party;
the first determining module is used for determining a data sharing mode based on the current network environment;
the authentication module is used for authenticating the data sharing party and the data access party based on the data sharing mode;
and the sending module is used for sending the data to be shared to the data access party based on the data sharing mode after the data sharing party and the data access party are authenticated.
11. An electronic device, comprising:
a processor;
a memory for storing executable instructions;
wherein the processor is configured to read the executable instructions from the memory and execute the executable instructions to implement the data sharing method of any one of claims 1 to 9.
12. A computer-readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, causes the processor to carry out the data sharing method of any one of the preceding claims 1 to 9.
CN202111394890.5A 2021-11-23 2021-11-23 Data sharing method, device, equipment and medium Pending CN114048498A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111394890.5A CN114048498A (en) 2021-11-23 2021-11-23 Data sharing method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111394890.5A CN114048498A (en) 2021-11-23 2021-11-23 Data sharing method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN114048498A true CN114048498A (en) 2022-02-15

Family

ID=80211208

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111394890.5A Pending CN114048498A (en) 2021-11-23 2021-11-23 Data sharing method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN114048498A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112784230A (en) * 2021-01-21 2021-05-11 北京启明星辰信息安全技术有限公司 Network security data sharing and control method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112784230A (en) * 2021-01-21 2021-05-11 北京启明星辰信息安全技术有限公司 Network security data sharing and control method and system
CN112784230B (en) * 2021-01-21 2024-02-09 北京启明星辰信息安全技术有限公司 Network security data sharing and controlling method and system

Similar Documents

Publication Publication Date Title
CN111639319B (en) User resource authorization method, device and computer readable storage medium
US11582579B2 (en) Secure streaming of real-time location data between electronic devices
CN113347206A (en) Network access method and device
CN112866385B (en) Interface calling method and device, electronic equipment and storage medium
US20220377119A1 (en) Interaction method and apparatus, and electronic device
CN111199037B (en) Login method, system and device
CN110430292B (en) Method and device for inviting login of network platform, electronic equipment and readable medium
CN111914229A (en) Identity authentication method and device, electronic equipment and storage medium
CN112202744B (en) Multi-system data communication method and device
CN112702336A (en) Security control method and device for government affair service, security gateway and storage medium
CN112312057A (en) Multimedia conference data processing method and device and electronic equipment
CN112953815B (en) Information access control method, device, equipment and storage medium
CN110598381A (en) Data access method, device, equipment and storage medium
CN114048498A (en) Data sharing method, device, equipment and medium
CN112311750B (en) Interaction method and device and electronic equipment
CN110825797B (en) Data exchange method and device
CN115801299B (en) Meta universe identity authentication method, device, equipment and storage medium
CN115174558B (en) Cloud network end integrated identity authentication method, device, equipment and storage medium
CN111460432A (en) Online document authority control method, device, equipment and computer readable medium
CN112257039B (en) Identity attribute adding method and device and electronic equipment
CN114827060A (en) Interaction method and device and electronic equipment
CN110647767A (en) Data viewing method, electronic device and computer-readable storage medium
CN115766830B (en) Computing power network processing method, device, equipment and storage medium
CN115174062B (en) Cloud service authentication method, device, equipment and storage medium
US11637819B2 (en) Establishing connectivity between user devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination