CN102340501A - Privacy information protection method for comprehensive platform - Google Patents
Privacy information protection method for comprehensive platform Download PDFInfo
- Publication number
- CN102340501A CN102340501A CN201110201627XA CN201110201627A CN102340501A CN 102340501 A CN102340501 A CN 102340501A CN 201110201627X A CN201110201627X A CN 201110201627XA CN 201110201627 A CN201110201627 A CN 201110201627A CN 102340501 A CN102340501 A CN 102340501A
- Authority
- CN
- China
- Prior art keywords
- comprehensive platform
- privacy information
- memory space
- platform
- comprehensive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the field of network information safety, and particularly provides a privacy information protection method for a comprehensive platform, which can provide and produce privacy information stored in the comprehensive platform for various application systems through the connection with the comprehensive platform for realizing remote services. The privacy information safety protection method for the comprehensive platform is characterized in that the privacy information protection process comprises the step of allocating an exclusive storage space, the step of creating a corresponding new equipment object, the step of forming a filtration driving device at a driving layer, the step of loading privacy information protection strategy files on the filtration driving device, the step of filtering and controlling read-write requests by means of the filtration driving device, and other steps.
Description
Technical field
The present invention relates to filed of network information security, particularly a kind of technology that is applied to the safeguard protection of synthesis business platform realization privacy information.
Background technology
Along with the development of information technology application, the enhancing day by day of importance in the routine work life such as computer, DTV, information security particularly privacy information safety is more and more paid attention to by people.In addition, along with the diverse network application is of a great variety, increasing large-scale synthesis business platform occurs also realizing application associated is united, and realizes trans-sectoral affair, the across a network integrated application more advanced cloudlike storage etc.
Through in the information sharing process between the different system of access platform, just there is the problem of rights of using for some important files, prevent to be read by disabled user or system, disabled user or application are played the effect of hidden file.At present, general control of authority all realizes in application layer, and also played safe effect to a certain extent, but along with the development of hacking technique, the rogue program code can be embedded into inner nuclear layer and walk around the illegal reading of data of application layer.
One Chinese patent application 201010152506.6 " in a kind of data sharing based on trusting and the method for protecting privacy of replacement " disclose and " provides in a kind of data sharing based on the method for protecting privacy of trusting and replacing.In data sharing, the user does not hope to share all own data with entity and only hopes to be familiar with or the problem of the data that the entity of trust is shared specific with own.The present invention calculates the privacy information amount through the screening that comprises the information of privacy in the setting of privacy information scope, the shared data.When the privacy information amount surpasses the scope that sharing data objects can share; Adopt the method for replacement that the data in the shared data set are replaced; Reach the purpose of data sharing and secret protection, and can flexible Application among various data sharing environment " scheme.This scheme is protected privacy information through means such as " setting of privacy information scope ", " method of replacement are replaced the data in the shared data set ", and it belongs to the improvement in application layer equally.
Summary of the invention
The object of the invention proposes a kind of method for protecting privacy of comprehensive platform, and it realizes information safety protection through the application of a series of technological means in platform application layer and Drive Layer.
The present invention realizes through following scheme:
A kind of method for protecting privacy of comprehensive platform; For various application systems through realizing providing and produce and being stored in the comprehensive platform privacy information of teleaction service with docking of comprehensive platform; Comprehensive platform carries out the method for safeguard protection to privacy information; It is characterized in that described privacy information protection process comprises step:
Step 1, comprehensive platform are that the new application system that inserts is distributed unique identify label;
Step 2, the application layer of comprehensive platform are that the new application system that inserts is distributed exclusive memory space; The sign of this memory space is related with the identify label of application system or resource platform;
Step 3, the Drive Layer I/O manager that utilizes comprehensive platform are that exclusive memory space is created the new equipment object corresponding with it;
Step 4, the new equipment object is put on the device stack, and forms the filtration drive device that is deployed in the comprehensive platform Drive Layer;
Step 5, the new application system that inserts application layer and the service groups strategy through comprehensive platform is provided with service groups under it;
Step 6, application system generates the privacy information protection strategy file, and synchronously to comprehensive platform;
Step 7, comprehensive platform application layer are with the privacy information protection strategy file synchronously and be stored in the filtration drive device;
Step 8, when the exclusive memory space of using system is read and write, filtration drive device invoking privacy information protection strategy file and filter after just carry out hardware memory space is carried out read-write operation.
As optimization, the described exclusive memory space of step 2 is the part memory space in one or more independent storage medium or the same storage media; Described new equipment object of step 3 and exclusive memory space are one-to-one relationship; Described filtration drive device of step 4 and new equipment object are one-to-one relationship; Corresponding one or more service groups of the described application system of step 5.
Further; The method for protecting privacy of the comprehensive platform of the above also has step 9; Be the filtration drive device successfully stop hardware memory space read and write after; The result is fed back to application system to comprehensive platform and whether prompting authorizes its operation, if allow then the application layer of comprehensive platform is upgraded privacy information protection strategy file and synchronously to the filtration drive device automatically.
The inventive method in sum has following distinguishing feature:
1. start with from the Drive Layer of platform, read-write requests is filtered the safety guarantee purpose of the information of reaching through the filtration drive device;
2. multiple technologies means integrated application, like " exclusive memory space ", the virtual technology of structure " new equipment object ", " service groups strategy " etc.;
3. realize that data sharing has also ensured the safety of private information separately simultaneously between the various application of comprehensive platform.
Description of drawings
Fig. 1 is the comprehensive platform structural representation;
Fig. 2 is the group policy sketch map;
Fig. 3 is the core procedure flow chart.
Embodiment
Comprehensive platform is meant the public support platform with operation of multiple applied business, and its inside will provide the interdepartmental system of data or professional sharing, and all kinds of business datum centralized stores and the safety protection function of formation is provided simultaneously.
Privacy information refers to business datum or information that each application system produces here, and this partial data or information only offer own or the visit of certain applications system.
Like Fig. 1, comprise software systems part and hardware components in the common comprehensive platform structure; Wherein, platform has application layer and Drive Layer at least; Wherein Drive Layer has the I/O manager, realizes the hardware management to being connected with the I/O bus.Any application system business professional and platform self is all passed through just to realize after the Drive Layer to the operation of hardware such as storage medium at last; Drive Layer also is the only way which must be passed of externally exporting simultaneously.So with respect to traditional method of only coming protected data in application layer, Drive Layer is protected data safety more effectively.
Like Fig. 2, be the group policy sketch map that the present invention uses.According to the professional character of application system, can be divided into different service groups, under the default situations, can be in the same services group between comprehensive platform formation business datum is mutual, sharing.Service groups has classification mechanism simultaneously, and under the default situations, the service groups member of upper level can conduct interviews to next stage member data.As shown in the figure, in group policy, a group can comprise a plurality of application system members, but the only corresponding application system of device object.
As shown in Figure 3, the inventive method comprises the committed step of following several cores, that is:
Distribute exclusive memory space;
Create corresponding new equipment object;
Drive Layer forms the filtration drive device;
The filtration drive device loads the privacy information protection strategy file;
The filtration drive device filters and the control read-write requests;
The filtration drive device filters and the control read-write requests.
More particularly, at first
Comprehensive platform is that the new application system that inserts is distributed unique identify label.Identify label can be various common codings.
Secondly, the application layer of comprehensive platform is that the new application system that inserts is distributed exclusive memory space; This memory space has unique sign equally, and memory space is related with the identify label of sign application system or resource platform.Have a kind of mapping relations between promptly mutual.Exclusive memory space is the part memory space in one or more independent storage medium or the same storage media.Exclusive memory space is only stored business datum or the information that this application system needs protection, and for the business datum that can open, then is stored in the public memory space that comprehensive platform provides.
The Drive Layer I/O manager of comprehensive platform is that exclusive memory space is created the new equipment object corresponding with it; The new equipment object is virtual equipment; New equipment object and exclusive memory space are one-to-one relationship.
The new equipment object is put on the device stack, and comprehensive platform forms the filtration drive device that is deployed in Drive Layer; Its effect of filtration drive device is to carry out read-write requests and discern, filter and then realize control of authority relating to the new equipment object.The filtration drive device forms through programming and modeling.Filtration drive device and new equipment object are one-to-one relationship.
Application layer and the service groups strategy of the new application system that inserts through comprehensive platform is provided with service groups under it; Set-up mode can be provided with according to the interface that platform provides through the application system operator; Also can realize simultaneously through the api interface (API) that platform provides.As shown in Figure 2, a group can comprise a plurality of application system members, but the only corresponding application system of device object.
Application system generates the privacy information protection strategy file, and synchronously to comprehensive platform; The comprehensive platform application layer is loaded into the privacy information protection strategy file in the filtration drive device;
When other application system will be read and write the exclusive memory space of this application system, filtration drive device invoking privacy information protection strategy file and filter after just carry out hardware memory space is carried out read-write operation.
The renewal of privacy information protection strategy file comprises two aspects: one; The filtration drive device successfully stop hardware memory space read and write after; The result is fed back to application system to comprehensive platform and whether prompting authorizes its operation, if allow then the application layer of comprehensive platform is upgraded privacy information protection strategy file and synchronously to the filtration drive device automatically; Two, application system has initiatively been revised the privacy information protection strategy file, and synchronously to comprehensive platform; The comprehensive platform application layer with the privacy information protection strategy file synchronously to the filtration drive device.
For the present invention implements necessary technological means and step, more specifically implement and to carry out according to prior art and knowledge in sum.Enforcement side can add or improve individual steps as required, not breaking away from the key foundation of the present invention, should belong to protection range of the present invention.
Claims (6)
1. the method for protecting privacy of a comprehensive platform; For various application systems through realizing providing and produce and being stored in the comprehensive platform privacy information of teleaction service with docking of comprehensive platform; Comprehensive platform carries out the method for safeguard protection to privacy information; It is characterized in that described privacy information protection process comprises step:
Step 1, comprehensive platform are that the new application system that inserts is distributed unique identify label;
Step 2, the application layer of comprehensive platform are that the new application system that inserts is distributed exclusive memory space; The sign of this memory space is related with the identify label of application system or resource platform;
Step 3, the Drive Layer I/O manager that utilizes comprehensive platform are that exclusive memory space is created the new equipment object corresponding with it;
Step 4, the new equipment object is put on the device stack, and forms the filtration drive device that is deployed in the comprehensive platform Drive Layer;
Step 5, the new application system that inserts application layer and the service groups strategy through comprehensive platform is provided with service groups under it;
Step 6, application system generates the privacy information protection strategy file, and synchronously to comprehensive platform;
Step 7, comprehensive platform application layer are with the privacy information protection strategy file synchronously and be stored in the filtration drive device;
Step 8, when the exclusive memory space of using system is read and write, filtration drive device invoking privacy information protection strategy file and filter after just carry out hardware memory space is carried out read-write operation.
2. the method for protecting privacy of comprehensive platform as claimed in claim 1 is characterized in that, the described exclusive memory space of step 2 is the part memory space in one or more independent storage medium or the same storage media.
3. the method for protecting privacy of comprehensive platform as claimed in claim 2 is characterized in that, described new equipment object of step 3 and exclusive memory space are one-to-one relationship.
4. the method for protecting privacy of comprehensive platform as claimed in claim 3 is characterized in that, described filtration drive device of step 4 and new equipment object are one-to-one relationship.
5. the method for protecting privacy of comprehensive platform as claimed in claim 4 is characterized in that, corresponding one or more service groups of the described application system of step 5.
6. like the method for protecting privacy of the arbitrary described comprehensive platform of claim 1 to 4; It is characterized in that; Also has step 9; The filtration drive device successfully stop hardware memory space read and write after, the result is fed back to application system to comprehensive platform and whether prompting authorizes its operation, if allow then the application layer of comprehensive platform is upgraded the privacy information protection strategy file automatically and synchronously to the filtration drive device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110201627XA CN102340501A (en) | 2011-07-14 | 2011-07-14 | Privacy information protection method for comprehensive platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110201627XA CN102340501A (en) | 2011-07-14 | 2011-07-14 | Privacy information protection method for comprehensive platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102340501A true CN102340501A (en) | 2012-02-01 |
Family
ID=45515999
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110201627XA Pending CN102340501A (en) | 2011-07-14 | 2011-07-14 | Privacy information protection method for comprehensive platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102340501A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113688415A (en) * | 2021-10-27 | 2021-11-23 | 湖南新云网科技有限公司 | File management and control method, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1640087A (en) * | 2002-02-27 | 2005-07-13 | 思科技术公司 | Policy-enabled contract-based management of network operational support systems |
| WO2006017388A1 (en) * | 2004-08-03 | 2006-02-16 | Softricity, Inc. | System and method for controlling inter-application association through contextual policy control |
| CN1801146A (en) * | 2004-11-26 | 2006-07-12 | 国际商业机器公司 | Method and device of determining access control effect |
| CN101401092A (en) * | 2006-03-06 | 2009-04-01 | 思科技术公司 | Application-aware policy enforcement |
| CN101636998A (en) * | 2006-08-03 | 2010-01-27 | 思杰系统有限公司 | Systems and methods for application based interception ssi/vpn traffic |
-
2011
- 2011-07-14 CN CN201110201627XA patent/CN102340501A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1640087A (en) * | 2002-02-27 | 2005-07-13 | 思科技术公司 | Policy-enabled contract-based management of network operational support systems |
| WO2006017388A1 (en) * | 2004-08-03 | 2006-02-16 | Softricity, Inc. | System and method for controlling inter-application association through contextual policy control |
| CN1801146A (en) * | 2004-11-26 | 2006-07-12 | 国际商业机器公司 | Method and device of determining access control effect |
| CN101401092A (en) * | 2006-03-06 | 2009-04-01 | 思科技术公司 | Application-aware policy enforcement |
| CN101636998A (en) * | 2006-08-03 | 2010-01-27 | 思杰系统有限公司 | Systems and methods for application based interception ssi/vpn traffic |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113688415A (en) * | 2021-10-27 | 2021-11-23 | 湖南新云网科技有限公司 | File management and control method, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109522707B (en) | Role and resource-based user data read-write security authority control method and system | |
| EP2711860B1 (en) | System and method for managing role based access control of users | |
| US8051053B2 (en) | System and method for data storage firewall on data storage unit | |
| CN102307114A (en) | Management method of network | |
| US20220083936A1 (en) | Access control method | |
| US20090119772A1 (en) | Secure file access | |
| CN103763369A (en) | Multi-permission distribution method based on SAN storage system | |
| CN101763225A (en) | System and method for protecting virtual disk files | |
| US10628489B2 (en) | Controlling access to one or more datasets of an operating system in use | |
| CN103020501A (en) | Access control method and access control device of user data | |
| CN103729582B (en) | A kind of secure storage management method and system based on separation of the three powers | |
| CN102663313B (en) | Method for realizing information security of computer system | |
| CN109408196A (en) | A kind of virtual management system, construction method and computer readable storage medium based on Xen | |
| CN113505362B (en) | System authority management and control method, data center, management and control device and storage medium | |
| CN107209841A (en) | Classification and IRM are enabled in software application | |
| CN101174224A (en) | Memory management method based on VxWorks operating system | |
| CN103577246B (en) | The method and apparatus for preventing virtual machine from escaping | |
| CN102340501A (en) | Privacy information protection method for comprehensive platform | |
| CN113407626A (en) | Planning control method based on block chain, storage medium and terminal equipment | |
| CN107786518B (en) | Method for dynamically configuring document access authority | |
| CN117034227A (en) | Authority management method and device, electronic equipment and storage medium | |
| CN101577622B (en) | Method for controlling access to shared component of leveled partition | |
| CN102184370B (en) | Document security system based on microfiltration drive model | |
| US9754121B2 (en) | System and methods for live masking file system access control entries | |
| CN106650497B (en) | Implement the method for Encryption management to computer documents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120201 |