CN116846555A - Data access method and device - Google Patents

Data access method and device Download PDF

Info

Publication number
CN116846555A
CN116846555A CN202210307352.6A CN202210307352A CN116846555A CN 116846555 A CN116846555 A CN 116846555A CN 202210307352 A CN202210307352 A CN 202210307352A CN 116846555 A CN116846555 A CN 116846555A
Authority
CN
China
Prior art keywords
data
target user
access
target
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210307352.6A
Other languages
Chinese (zh)
Inventor
王永智
张愚
蒋强
李平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Jiangsu Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Jiangsu Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Jiangsu Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202210307352.6A priority Critical patent/CN116846555A/en
Publication of CN116846555A publication Critical patent/CN116846555A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data access method and device, and relates to the technical field of computers. The method comprises the following steps: classifying target task data, and determining privacy data in the target task data; receiving a request of a target user for accessing private data, and sending a first key to the target user; transmitting a second key to the target user under the condition that the user information and the first key verification feedback information pass verification and the target user is a history access user; and receiving the first key and the second key uploaded by the target user, and controlling the target user to access the private data after the first key and the second key pass verification. According to the data access method and device, the target task data are classified, so that all data are prevented from being acquired at one time, and the safety of data access is improved. Meanwhile, when the target user accesses the private data, the security of the private data access is further improved through double verification of the first secret key and the second secret key.

Description

Data access method and device
Technical Field
The invention relates to the technical field of computers, in particular to a data access method and device.
Background
In the existing scene based on higher network security protection level, the behavior of accessing data needs to be strictly protected, and the existing protection mode is to encrypt the data and manage and control the access behavior of the user.
The existing method aims at the network security protection problem in a big data scene, even if the data are encrypted and the access behaviors of users are managed and controlled, the privacy information of different devices in a data system, the personal privacy data information in a communication network and the like are easy to obtain or falsify, and the problem that how to enable the privacy data information in the data to be difficult to falsify or randomly obtain is currently needed to be solved.
Disclosure of Invention
The invention provides a data access method and device, which are used for solving the technical problem that the safety of data access is not high enough in the prior art.
In a first aspect, the present invention provides a method for accessing data, including:
classifying target task data, and determining privacy data in the target task data;
receiving a request of a target user for accessing the private data, and sending a first key to the target user;
receiving user information of the target user and first key verification feedback information of the target user, and sending a second key to the target user when the user information and the first key verification feedback information pass verification and the target user is a history access user;
and receiving the first key and the second key uploaded by the target user, and controlling the target user to access the private data after the first key and the second key pass verification.
In one embodiment, classifying the target task data includes:
constructing a classified storage model of task data according to the data security estimation value of the task data and the confidentiality level of the task data;
and classifying the target task data according to the classified storage model, and determining privacy data in the target task data and common content data in the target task data.
In one embodiment, classifying the target task data according to the classified storage model, determining privacy data in the target task data and general content data in the target task data includes:
according to the classified storage model, carrying out weighted summation on the data security estimation value of the target task data and the security level of the target task data to obtain the security level score of the target task data;
and classifying the target task data according to the security grade score, and determining privacy data in the target task data and common content data in the target task data.
In one embodiment, the data security estimate is determined based on the importance of the task data, the data integrity of the task data, the inter-data correlation of the task data, and the data invalidity of the task data.
In one embodiment, after receiving the user information of the target user and the first key verification feedback information of the target user, the method further includes:
and marking the target user as a historical access user under the condition that the user information and the first key verification feedback information pass verification and the target user is not the historical access user.
In one embodiment, before controlling the target user to access the private data, the method further comprises:
determining the access security level of the target user according to the access request times of the privacy data of the target user and the first key verification feedback information verification passing times of the target user;
and determining the access permission level of the target user according to the access security level, the access equipment security of the target user and the access frequency of the target user.
In one embodiment, after determining the access right level of the target user, the method further includes:
determining the access priority of the target user according to the size relation between the access permission level and a preset permission level threshold;
and controlling the target user to access the private data according to the access priority.
In a second aspect, the present invention also provides a data access device, including:
the classification storage module of the task data is used for classifying the target task data and determining privacy data in the target task data;
the first key sending module is used for receiving a request of a target user for accessing the private data and sending a first key to the target user;
the second key sending module is used for receiving the user information of the target user and the first key verification feedback information of the target user, and sending a second key to the target user when the user information and the first key verification feedback information pass verification and the target user is a history access user;
and the access control module is used for receiving the first secret key and the second secret key uploaded by the target user, and controlling the target user to access the private data after the first secret key and the second secret key pass verification.
In a third aspect, the present invention also provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing a method of accessing data of any of the above when executing the computer program.
In a fourth aspect, the invention also provides a computer program product comprising a computer program which when executed by a processor implements a method of accessing data of any of the above.
According to the data access method, the device, the electronic equipment and the storage medium, the privacy data in the target task data are determined by classifying the target task data, so that a user can acquire part of data required in the task data according to the data type, the private data can be conveniently acquired, all data can be prevented from being acquired at one time, and the safety of data access is improved. Meanwhile, when the target user accesses the private data, the security of the private data access is further improved through double verification of the first secret key and the second secret key.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for accessing data according to the present invention;
FIG. 2 is a schematic diagram of a data storage stripe according to the present invention;
FIG. 3 is a schematic diagram of a multiple task classification storage structure provided by the present invention;
FIG. 4 is a diagram of a private data access signaling provided by the present invention;
FIG. 5 is a schematic diagram of a data storage strip for multiple tasks provided by the present invention;
FIG. 6 is a schematic diagram of a data access device according to the present invention;
fig. 7 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a flow chart of a method for accessing data according to the present invention. Referring to fig. 1, the method for accessing data provided by the present invention may include:
110. classifying target task data, and determining privacy data in the target task data;
120. receiving a request of a target user for accessing the private data, and sending a first key to the target user;
130. receiving user information of the target user and first key verification feedback information of the target user, and sending a second key to the target user when the user information and the first key verification feedback information pass verification and the target user is a history access user;
140. and receiving the first key and the second key uploaded by the target user, and controlling the target user to access the private data after the first key and the second key pass verification.
The execution subject of the data access method provided by the invention can be an electronic device, a component in the electronic device, an integrated circuit, or a chip. The electronic device may be a mobile electronic device or a non-mobile electronic device. By way of example, the mobile electronic device may be a cell phone, tablet computer, notebook computer, palm computer, vehicle mounted electronic device, wearable device, ultra-mobile personal computer (ultra-mobile personal computer, UMPC), netbook or personal digital assistant (personal digital assistant, PDA), etc., and the non-mobile electronic device may be a server, network attached storage (Network Attached Storage, NAS), personal computer (personal computer, PC), television (TV), teller machine or self-service machine, etc., without limitation of the present invention.
The following describes the technical scheme of the present invention in detail by taking a computer to execute the data access method provided by the present invention as an example.
In step 110, after the target task data is obtained, the target task data may be classified according to the specific data type in the target task data, and the privacy data in the classification result of the target task data may be determined.
Optionally, after classifying the target task data, storing each data type obtained after classification respectively to obtain a storage bar of the target task data. The data types obtained by classifying the target task data may be: data category data, data modification times data, data base content data, privacy data and data encryption information data. The data type data store the type information of the target task data, the data modification times data store the times of modification and calling of the target task data, the data base content data store the common data relative to the privacy data in the target task data, and the data encryption information data store the data encryption related information.
After classifying the target task data, the classified data may be stored in each module of one data storage strip. As shown in the schematic diagram of the data storage bar provided in fig. 2, the data storage bar includes a data category storage module, a data modification number storage module, a data content storage module, a privacy data storage module, and a data encryption information storage module. After determining the data type of the target task data, the data of the corresponding type can be stored into the corresponding module of the data storage bar according to the corresponding module of the data storage bar. For example, the data category data is stored in a data category storage module in the data storage strip.
In the case of classified storage for multiple tasks, the data content storage module and the privacy data storage module in the data storage bar can construct multiple sub-modules for storage, as shown in the schematic diagram of the multiple task classified storage structure provided in fig. 3. Each sub-module stores a class of data for a task. For example, the data base content data of the task 1 is stored in the sub-module content storage module 1 of the data content storage module, and the privacy data of the task 1 is stored in the sub-module privacy data storage module 1 of the privacy data storage module. And storing according to different tasks by modules.
It can be understood that in a data system, the data is generally large in data quantity, and isolation of separate storage is not generally set when the data is stored, so that the process of extracting the data is complex when the subsequent data is extracted, and the data extraction efficiency is reduced. Therefore, when the data are divided and stored according to different tasks, and the same task data are respectively stored in different modules according to a certain storage rule, the storage regularity of the data can be improved. Meanwhile, especially for the private data, when the data is accessed, the data is accessed according to the data storage type, and when the private data does not need to be accessed, the private data is not accessed, and the security of the data access can be improved.
In step 120, after the target user initiates a request to access the private database in the target task data, the request of the target user to access the private data is received, and a first key is sent to the target user.
The first secret key is a preliminary verification secret key for the target user, and after the target user passes the verification of the first secret key, the target user is explained to be preliminarily in accordance with the requirement of accessing the private data.
In step 130, user information of a target user and first key verification feedback information of the target user are received, the user information of the target user and the first key verification feedback information are verified, and when the user information and the first key verification feedback information pass verification, a second key is sent to the target user under the condition that the target user is a history access user.
And after the target user is initially verified through the first key and the user information of the target user, sending a second key to the target user under the condition that the target user is a history access user. The second key is used for further authentication.
It can be understood that whether the target user is a history access user is determined, and the second key is sent to the target user only when the target user is the history access user, so that malicious random access data behaviors are avoided.
In step 140, the first key and the second key uploaded by the target user are received, the first key and the second key are verified, and after the verification is passed, the target user is controlled to access the private data.
It can be appreciated that by dual verification of the first key and the second key, the security of accessing the private data by the target user can be further improved.
According to the data access method, the privacy data in the target task data are determined by classifying the target task data, so that a user can acquire part of data required in the task data according to the data type, and the privacy data can be conveniently acquired, and meanwhile, all data can be prevented from being acquired at one time, so that the safety of data access is improved. Meanwhile, when the target user accesses the private data, the security of the private data access is further improved through double verification of the first secret key and the second secret key.
In one embodiment, classifying the target task data includes: constructing a classified storage model of task data according to the data security estimation value of the task data and the confidentiality level of the task data; and classifying the target task data according to the classified storage model, and determining privacy data in the target task data and common content data in the target task data.
Specifically, a classification storage model may be constructed to store the target task data in a classification manner. And inputting the target task data into a classified storage model, and determining privacy data in the target task data and common content data in the target task data.
The task classification storage module is determined according to the data security estimation of the task data and the confidentiality level of the task data. The data security evaluation value of the task data and the confidentiality level of the task data jointly reflect the privacy degree of the task data.
It can be understood that by classifying and storing the data, the common content data and the privacy data in the data are determined, and the corresponding data are respectively stored in different data modules, so that the data storage security is improved while the data storage regularity is ensured.
According to the data access method provided by the invention, the general content data and the private data in the target task data are determined by constructing the classified storage model, and the access is performed according to the type of the data, so that all the data are prevented from being acquired at one time, and the safety of data storage is improved.
In one embodiment, classifying the target task data according to the classified storage model, determining privacy data in the target task data and general content data in the target task data includes: according to the classified storage model, carrying out weighted summation on the data security estimation value of the target task data and the security level of the target task data to obtain the security level score of the target task data; and classifying the target task data according to the security grade score, and determining privacy data in the target task data and common content data in the target task data.
Optionally, a classification storage model is constructed according to the data security estimation of the task data and the security level of the task data, and the classification storage model may be:
C f =Blog 2 (ηp r +αM r ) (1)
wherein C is f Is a classification result; b is a preset adjusting coefficient; p (P) r Security level for the task; m is M r A data security estimate; η and α are weight adjustment coefficients.
Calculating target task data, and estimating the data security value M r And security level P r Weighting and summing to obtain comprehensive data security grade score, obtaining evaluation score of data in task, and adjusting by preset weight B to obtain final storage position C of data f The score is evaluated.
By the method of C f Evaluation of the value, if C f The value is within a preset interval [ G, H ]]RangeIn, it is determined as ordinary content data; if C f The value is within a preset interval L, M]Within the range, the private data is determined.
According to the data access method provided by the invention, the general content data and the private data in the target task data are determined by constructing the classified storage model, and the access is performed according to the type of the data, so that all the data are prevented from being acquired at one time, and the safety of data storage is improved.
In one embodiment, the data security estimate is determined based on the importance of the task data, the data integrity of the task data, the inter-data correlation of the task data, and the data invalidity of the task data.
The data security estimate reflects the degree of importance of the data and the quality of the data. The data security estimate can be obtained by equation (2):
M r =(W+min-max[F,a,b]) (2)
wherein M is r Estimating the data security, wherein W is the importance degree of the data, F is the data integrity, a is the relativity between the data, and b is the data failure; min-max [ F, a, b ]]The parameters F, a and b are normalized by using a min-max method.
According to the data access method provided by the invention, the data security estimation is determined, the classified storage model is constructed according to the data security estimation of the task data and the security level of the task data, the common content data and the private data in the target task data are determined, and the access is performed according to the type of the data, so that all data are prevented from being acquired at one time, and the security of data storage is improved.
In one embodiment, after receiving the user information of the target user and the first key verification feedback information of the target user, the method further includes: and marking the target user as a historical access user under the condition that the user information and the first key verification feedback information pass verification and the target user is not the historical access user.
It will be appreciated that after the user information and the first key verification feedback information are verified, it may be determined that the target user has passed the preliminary verification. And determining whether the target user is a historical user, and further verifying the target user. The second key is sent to the target user only if the target user is a history user. In the case where the target user is not a history user, the target user is marked as a history access user.
According to the data access method provided by the invention, whether the target user is the history access user is determined, so that whether the second key is sent to the target user is determined. And sending the second secret key to the target user only under the condition that the target user is the history access user, so that malicious random access data behaviors are avoided.
In one embodiment, before controlling the target user to access the private data, the method further comprises: determining the access security level of the target user according to the access request times of the privacy data of the target user and the first key verification feedback information verification passing times of the target user; and determining the access permission level of the target user according to the access security level, the access equipment security of the target user and the access frequency of the target user.
Considering the problem of system concurrency, multiple users cannot be carried for a period of time for simultaneous access. Especially, in the access peak period, the number of users is large, the access level of the target user can be set, and the access of the target user can be controlled.
Optionally, the access request number Q initiated by the target user and the verification passing number M of the first key verification feedback information fed back by the target user can be calculated, so as to obtain the access security level S of the target user F =q-M. It will be appreciated that the access level reflects the access behavior of the target user, the better the access behavior of the target user, the higher the access level.
After determining the access security level of the target user, determining the access permission level of the target user according to the access security level of the target user, the access equipment security of the target user and the access frequency of the target user, wherein the access permission level of the target user is specifically shown as a formula (3):
wherein Q is X For the access authority level of the target user, S F For the access security level of the target user, S Q Access device security for target user, R E For the access frequency of the target user, alpha, beta and epsilon are set weight coefficients.
And controlling the target user to access the privacy data in the target task data according to the access authority level of the target user when the access authority level of the target user is determined.
According to the data access method provided by the invention, the privacy data in the target task data is controlled to be accessed by the target user according to the access authority level of the target user by determining the access authority level of the target user, so that reasonable control of user access in the peak access period is realized.
In one embodiment, after determining the access right level of the target user, the method further includes: determining the access priority of the target user according to the size relation between the access permission level and a preset permission level threshold; and controlling the target user to access the private data according to the access priority.
After determining the access permission level of the target user, a permission level threshold value can be set, and the access priority of the target user is determined according to the size relation between the access permission level and the preset permission level threshold value. For example, when accessing for a plurality of users, the target user access time is divided into access peak period, off-peak access period, and space period according to actual usage habits. When the user accesses in the peak access time, the user with the authority level higher than the authority level threshold 3 can access preferentially; when the user accesses in the off-peak access period, the user with the authority level higher than the authority level threshold value 1 can access preferentially; and when the space time is in a period, the access authority of the user is not limited.
According to the data access method provided by the invention, the privacy data in the target task data is controlled to be accessed by the target user according to the access authority level of the target user by determining the access authority level of the target user, so that reasonable control of user access in the peak access period is realized.
The following describes the technical scheme provided by the present invention by taking a private data access signaling diagram provided by the present invention as an example in fig. 4:
the method comprises the steps of classifying task data of A, B, C, D four tasks aiming at A, B, C, D four tasks which a target user1 wants to access, and respectively storing the classified data of each type into corresponding modules of a data storage bar. As shown in the schematic diagram of the data storage bars of the tasks provided by the invention in FIG. 5, the data storage bars of four tasks are obtained. Each data storage bar comprises a data category storage module, a data modification frequency storage module, a data content storage module, a privacy data storage module and a data encryption information storage module. When a target user1 wants to access the private data of a task A stored in a server, the user1 sends request authentication information to a supervision node of the server;
the supervision node S of the server sends a first key which can access private data to the target User1 and the verification node of the server;
the target user1 receives the first key and verifies the integrity of the first key;
after the target user1 verifies the integrity of the first secret key, feedback information of verification of the first secret key is fed back, and the information is fed back to the verification node;
the verification node verifies feedback information based on the user information of the target user and the first secret key, and verifies whether the user1 of the target user is a user accessed in a history and whether the information fed back by the target user is real; if the verification node verifies that the feedback result of the target user is real, and meanwhile, the target user is a user with a history access record, a second key is further sent to the user 1; if the verification node verifies that the feedback result of the target user is true but the user is not a historical user, marking the target user as the historical user;
after the target user1 combines the first secret key and the second secret key for verification, accessing the private data in the task A;
the data bar of task A records the access behavior information of the target user1, and synchronizes the access behavior information to the consensus authentication module of the B, C, D task. At this time, if the target user1 wants to access any one of the data storage strips in B, C, D again, a re-access request needs to be initiated to the supervisory node, the supervisory node checks the data storage strips in task B, C, D, detects the access behavior of the target user1, if the user access behavior is compliant, obtains the second key from the verification node, and directly provides the first key and the second key to the target user1, so as to provide the target user1 with the combined decryption key corresponding to accessing any one of the data storage strips in B, C, D. If any data access data is misbehaving in the process of accessing the data by the user, the original access step is adopted to access the storage data bar of the task.
The invention also provides a data access device which can be correspondingly referred to the data access method.
Fig. 6 is a schematic structural diagram of a data access device according to the present invention, as shown in fig. 6, the device includes:
the classification storage module 610 of task data is configured to classify target task data and determine privacy data in the target task data;
a first key sending module 620, configured to receive a request from a target user to access the private data, and send a first key to the target user;
a second key sending module 630, configured to receive user information of the target user and first key verification feedback information of the target user, and send a second key to the target user when the user information and the first key verification feedback information pass verification and the target user is a history access user;
and the access control module 640 is configured to receive the first key and the second key uploaded by the target user, and control the target user to access the private data after the first key and the second key pass verification.
According to the data access device provided by the invention, the privacy data in the target task data is determined by classifying the target task data, so that a user can acquire part of data required in the task data according to the data type, and the privacy data can be conveniently acquired, and meanwhile, the acquisition of all data at one time is prevented, so that the safety of data access is improved. Meanwhile, when the target user accesses the private data, the security of the private data access is further improved through double verification of the first secret key and the second secret key.
In one embodiment, the classification storage module 610 of task data is specifically configured to:
classifying the target task data, including:
constructing a classified storage model of task data according to the data security estimation value of the task data and the confidentiality level of the task data;
and classifying the target task data according to the classified storage model, and determining privacy data in the target task data and common content data in the target task data.
In one embodiment, the classification storage module 610 of task data is further specifically configured to:
classifying the target task data according to the classified storage model, and determining privacy data in the target task data and common content data in the target task data, wherein the method comprises the following steps:
according to the classified storage model, carrying out weighted summation on the data security estimation value of the target task data and the security level of the target task data to obtain the security level score of the target task data;
and classifying the target task data according to the security grade score, and determining privacy data in the target task data and common content data in the target task data.
In one embodiment, the classification storage module 610 of task data is further specifically configured to:
the data security estimate is determined based on the importance of the task data, the data integrity of the task data, the inter-data correlation of the task data, and the data invalidity of the task data.
In one embodiment, the second key sending module 630 is specifically configured to:
after receiving the user information of the target user and the first key verification feedback information of the target user, the method further comprises the following steps:
and marking the target user as a historical access user under the condition that the user information and the first key verification feedback information pass verification and the target user is not the historical access user.
In one embodiment, the access control module 640 is specifically configured to:
before controlling the target user to access the private data, the method further comprises:
determining the access security level of the target user according to the access request times of the privacy data of the target user and the first key verification feedback information verification passing times of the target user;
and determining the access permission level of the target user according to the access security level, the access equipment security of the target user and the access frequency of the target user.
In one embodiment, the access control module 640 is further specifically configured to:
after determining the access right level of the target user, the method further comprises the following steps:
determining the access priority of the target user according to the size relation between the access permission level and a preset permission level threshold;
and controlling the target user to access the private data according to the access priority.
The present invention also provides an electronic device, as shown in fig. 7, which may include: processor (processor) 710, communication interface (Communication Interface) 720, memory (memory) 730, and communication bus (bus) 740, wherein processor 710, communication interface 720, memory 730 communicate with each other via communication bus 740. Processor 710 may invoke logic instructions in memory 730 to perform access methods for data, including, for example:
classifying target task data, and determining privacy data in the target task data;
receiving a request of a target user for accessing the private data, and sending a first key to the target user;
receiving user information of the target user and first key verification feedback information of the target user, and sending a second key to the target user when the user information and the first key verification feedback information pass verification and the target user is a history access user;
and receiving the first key and the second key uploaded by the target user, and controlling the target user to access the private data after the first key and the second key pass verification.
Further, the logic instructions in the memory 730 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform a method of accessing data provided by the above-described method embodiments, for example comprising:
classifying target task data, and determining privacy data in the target task data;
receiving a request of a target user for accessing the private data, and sending a first key to the target user;
receiving user information of the target user and first key verification feedback information of the target user, and sending a second key to the target user when the user information and the first key verification feedback information pass verification and the target user is a history access user;
and receiving the first key and the second key uploaded by the target user, and controlling the target user to access the private data after the first key and the second key pass verification.
In yet another aspect, the present invention further provides a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements a method for accessing data provided by the above method embodiments, for example, including:
classifying target task data, and determining privacy data in the target task data;
receiving a request of a target user for accessing the private data, and sending a first key to the target user;
receiving user information of the target user and first key verification feedback information of the target user, and sending a second key to the target user when the user information and the first key verification feedback information pass verification and the target user is a history access user;
and receiving the first key and the second key uploaded by the target user, and controlling the target user to access the private data after the first key and the second key pass verification.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A method of accessing data, comprising:
classifying target task data, and determining privacy data in the target task data;
receiving a request of a target user for accessing the private data, and sending a first key to the target user;
receiving user information of the target user and first key verification feedback information of the target user, and sending a second key to the target user when the user information and the first key verification feedback information pass verification and the target user is a history access user;
and receiving the first key and the second key uploaded by the target user, and controlling the target user to access the private data after the first key and the second key pass verification.
2. The method for accessing data according to claim 1, wherein said classifying the target task data comprises:
constructing a classified storage model of task data according to the data security estimation value of the task data and the confidentiality level of the task data;
and classifying the target task data according to the classified storage model, and determining privacy data in the target task data and common content data in the target task data.
3. The method according to claim 2, wherein classifying the target task data according to the classified storage model, determining privacy data in the target task data and general content data in the target task data, comprises:
according to the classified storage model, carrying out weighted summation on the data security estimation value of the target task data and the security level of the target task data to obtain the security level score of the target task data;
and classifying the target task data according to the security grade score, and determining privacy data in the target task data and common content data in the target task data.
4. The method of claim 2, wherein the data security estimate is determined based on a degree of importance of the task data, a data integrity of the task data, a data-to-data association of the task data, and a data invalidity of the task data.
5. The method for accessing data according to claim 1, wherein after receiving the user information of the target user and the first key verification feedback information of the target user, further comprising:
and marking the target user as a historical access user under the condition that the user information and the first key verification feedback information pass verification and the target user is not the historical access user.
6. The method for accessing data according to claim 1, wherein prior to said controlling said target user to access said private data, further comprising:
determining the access security level of the target user according to the access request times of the privacy data of the target user and the first key verification feedback information verification passing times of the target user;
and determining the access permission level of the target user according to the access security level, the access equipment security of the target user and the access frequency of the target user.
7. The method for accessing data according to claim 6, wherein after determining the access authority level of the target user, further comprising:
determining the access priority of the target user according to the size relation between the access permission level and a preset permission level threshold;
and controlling the target user to access the private data according to the access priority.
8. A data access device, comprising:
the classification storage module of the task data is used for classifying the target task data and determining privacy data in the target task data;
the first key sending module is used for receiving a request of a target user for accessing the private data and sending a first key to the target user;
the second key sending module is used for receiving the user information of the target user and the first key verification feedback information of the target user, and sending a second key to the target user when the user information and the first key verification feedback information pass verification and the target user is a history access user;
and the access control module is used for receiving the first secret key and the second secret key uploaded by the target user, and controlling the target user to access the private data after the first secret key and the second secret key pass verification.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of accessing data according to any of claims 1 to 7 when executing the computer program.
10. A computer program product comprising a computer program which, when executed by a processor, implements a method of accessing data according to any of claims 1 to 7.
CN202210307352.6A 2022-03-25 2022-03-25 Data access method and device Pending CN116846555A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210307352.6A CN116846555A (en) 2022-03-25 2022-03-25 Data access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210307352.6A CN116846555A (en) 2022-03-25 2022-03-25 Data access method and device

Publications (1)

Publication Number Publication Date
CN116846555A true CN116846555A (en) 2023-10-03

Family

ID=88164003

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210307352.6A Pending CN116846555A (en) 2022-03-25 2022-03-25 Data access method and device

Country Status (1)

Country Link
CN (1) CN116846555A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117407843A (en) * 2023-10-13 2024-01-16 成都安美勤信息技术股份有限公司 Privacy information access detection management method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117407843A (en) * 2023-10-13 2024-01-16 成都安美勤信息技术股份有限公司 Privacy information access detection management method
CN117407843B (en) * 2023-10-13 2024-04-19 成都安美勤信息技术股份有限公司 Privacy information access detection management method

Similar Documents

Publication Publication Date Title
EP3100171B1 (en) Client authentication using social relationship data
KR101843340B1 (en) Privacy-preserving collaborative filtering
EP3528153B1 (en) Systems and methods for detecting and twarting attacks on an it environment
CN108734028B (en) Data management method based on block chain, block chain link point and storage medium
US11063941B2 (en) Authentication system, authentication method, and program
US20200265438A1 (en) Systems and methods for estimating authenticity of local network of device initiating remote transaction
CN104320389B (en) A kind of fusion identity protection system and method based on cloud computing
CN110268406B (en) Password security
EP3937040B1 (en) Systems and methods for securing login access
CN109614789B (en) Terminal equipment verification method and equipment
CN113472716A (en) System access method, gateway device, server, electronic device, and storage medium
CN106778178A (en) The call method and device of fingerprint business card
CN102882870A (en) Account managing system and method
CN106559386A (en) A kind of authentication method and device
CN116846555A (en) Data access method and device
US8965340B1 (en) Mobile device indentification by device element collection
CN116506206A (en) Big data behavior analysis method and system based on zero trust network user
CN111078649A (en) Block chain-based on-cloud file storage method and device and electronic equipment
CN114036480B (en) Security access control method and system for private application and readable storage medium
CN108512815B (en) Anti-theft chain detection method, anti-theft chain detection device and server
CN105743883B (en) A kind of the identity attribute acquisition methods and device of network application
CN104428819A (en) Identity based ticketing
CN108108310A (en) A kind of data processing method, device and server
TWI650665B (en) Private data management system and method therefor
CN115426179B (en) Information retrieving method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination