CN105515963A - Data gateway device and big data system - Google Patents

Data gateway device and big data system Download PDF

Info

Publication number
CN105515963A
CN105515963A CN201510881918.6A CN201510881918A CN105515963A CN 105515963 A CN105515963 A CN 105515963A CN 201510881918 A CN201510881918 A CN 201510881918A CN 105515963 A CN105515963 A CN 105515963A
Authority
CN
China
Prior art keywords
data
service
management module
number
interface
Prior art date
Application number
CN201510881918.6A
Other languages
Chinese (zh)
Inventor
李卫
魏进武
张基恒
张呈宇
霍玉嵩
Original Assignee
中国联合网络通信集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国联合网络通信集团有限公司 filed Critical 中国联合网络通信集团有限公司
Priority to CN201510881918.6A priority Critical patent/CN105515963A/en
Publication of CN105515963A publication Critical patent/CN105515963A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/02Network-specific arrangements or communication protocols supporting networked applications involving the use of web-based technology, e.g. hyper text transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/06Network-specific arrangements or communication protocols supporting networked applications adapted for file transfer, e.g. file transfer protocol [FTP]

Abstract

The invention discloses a data gateway device and a big data system. The data gateway device comprises a user management module for managing user information; a service management module for managing the information of a data service opened to a user; a rule management module for setting different compliance checking rules aiming at different users and different data services; an access management module for receiving the service access request sent by the user, sending a corresponding access request to a data center and receiving the source data returned by the data center; and a data desensitization processing module for carrying out compliance checking to the source data returned by the data center according to a rule set by the rule management module so as to generate service data; the service data are data satisfying the compliance checking; the access management module also is used for providing the service data generated by the data desensitization processing module for the user.

Description

数据网关装置和大数据系统 Data gateway device and a large data system

技术领域 FIELD

[0001]本发明属于数据处理技术领域,具体涉及一种数据网关(Gateway)装置和一种包括该数据网关装置的大数据系统,其可保障大数据的安全运营。 [0001] The present invention belongs to the technical field of data processing, particularly relates to a data gateway (Gateway) apparatus and a data system that includes a large data gateway device, which can guarantee safe operation of large data.

背景技术 Background technique

[0002] 在大数据时代,盘活数据资产、开放共享数据已成为大势所趋。 [0002] In the era of big data, make an inventory of data assets, open sharing of data has become a trend. 开放数据服务、实现大数据的运营和变现是当前大数据发展的热点问题。 Open Data Services, to achieve large data operations and liquidity are the hot issues of the development of big data. 然而,在大数据的运营或者变现过程中,如何保证数据的合规性、避免敏感信息的泄漏、对交易数据进行计量或者计费以及对数据进行审计等成为了当前亟需解决的问题。 However, in large data operations or cash process, how to ensure compliance data, to avoid leakage of sensitive information, trade data for metering or billing, and data auditing has become a current issue to be resolved.

发明内容 SUMMARY

[0003] 本发明的目的是提供一种数据网关装置和一种包括该数据网关装置的大数据系统,其可以解决现有技术中存在的上述至少一个问题。 [0003] The object of the present invention to provide a data gateway device and a data system that includes a large data gateway device, which can solve the above problems of the prior art at least one present.

[0004] 为实现本发明的目的,根据本发明的一方面,提供了一种数据网关装置,其包括: [0004] To achieve the object of the present invention, in accordance with an aspect of the present invention, there is provided a data gateway device, comprising:

[0005] 用户管理模块,其用于管理用户信息; [0005] The user management module for managing user information;

[0006] 服务管理模块,其用于管理向用户开放的数据服务的信息; [0006] The service management module for managing user information and services open data;

[0007] 规则管理模块,其用于针对不同用户和不同的数据服务设置不同合规检查规则; [0007] The rule management module, for setting different rules compliance check for different users and different data services;

[0008] 取数管理模块,其用于接收用户发出的服务的取数请求,向数据中心发出相应的取数请求,并接受数据中心返回的源数据;以及 [0008] The access management module receiving a service number taken for a request issued by the user, issuing a request to fetch the appropriate number of data centers, data center and receive the source data is returned; and

[0009]数据脱敏处理模块,其用于根据规则管理模块设置的规则,对数据中心返回的源数据进行合规检查,从而生成服务数据,所述服务数据为满足合规检查的数据,其中 [0009] Data desensitization processing module, according to the rules for the rule set-up data, the source data center compliance check is returned, thereby generating service data, service data to meet the compliance check data, wherein

[0010] 所述取数管理模块还用于将数据脱敏处理模块生成的服务数据提供给用户。 [0010] The access management module is further for desensitizing the data processing module generates the service data to the user.

[0011] 可选地,所述规则管理模块还可以用于针对不同用户和不同的数据服务设置不同的数据过滤脱敏规则,并且所述数据脱敏处理模块可以用于对数据中心返回的源数据进行过滤脱敏,然后再对过滤脱敏的数据进行合规检查。 [0011] Alternatively, the rules management module may also be used for different users and different data services set different desensitizing data filtering rule, and the data processing module may be used to desensitize the source of the data center return desensitization filter the data, then the filter data desensitized compliance check.

[0012] 可选地,所述取数模块还可以用于对输出的服务数据进行计量和计费。 [0012] Alternatively, the module may also be used to access the service data output metering and billing.

[0013] 可选地,所述规则管理模块还可以用于设置用户的服务数据的输出行数,当满足合规检查的数据的总行数大于所述设置的服务数据的输出行数时,所述数据脱敏处理模块还可以用于根据所述规则管理模块设置的服务数据的输出行数,对满足合规检查的数据, 从首行开始,顺序截取一定行数的数据,来生成所述服务数据,其中所述行数=服务数据的输出行数。 [0013] Alternatively, the rules management module may also be used to set the number of output lines of the service user data, when the number of output data lines the number of lines to meet the compliance check is greater than the setting of the service data, the said data processing module may also be desensitized according to the number of output lines provided in the rule management module service data, to meet compliance checks, starting from the first row, the order intercept the data range of lines to generate the service data, wherein the number of said rows = number of rows output service data.

[0014] 可选地,所述取数管理模块还可以用于针对用户的取数请求生成取数任务,并提供取数任务的查看功能。 [0014] Alternatively, the access management module may also be used for generating a number of fetch access request of the user tasks, and provides a number of viewing access task.

[0015] 可选地,所述用户管理模块还可以用于对不同类型的用户的权限进行配置,所述权限包括功能菜单访问权限。 [0015] Alternatively, the user management module may also be configured for different types of user rights, including the rights function menu access.

[0016] 所述合规检查规则可以包括:数据字典匹配、数值范围检查和字段长度检查。 [0016] The compliance check rules may include: matching the data dictionary, checks the numerical ranges and field length checking.

[0017] 所述数据过滤脱敏规则可以包括:服务输出字段筛选、字段的条件过滤和字段内容处理。 [0017] The data filtering rule may include desensitizing: service filter output field, field conditions and the field contents filtering process.

[0018] 可选地,所述数据网关装置还可以包括存储单元,其用于缓存数据中心返回的源数据和数据脱敏处理模块生成的服务数据,其中所述取数管理模块配置为:首先判断所述存储单元中是否存在客户所请求的数据,如果所请求的数据已缓存在存储单元中,则将缓存在存储单元中的所请求的数据作为服务数据提供给客户,否则向数据中心发出相应的取数请求。 [0018] Alternatively, the data gateway apparatus may further include a storage unit for the data cache data service data source and the data center return desensitizing processing module generated, wherein the access management module is configured to: firstly whether data requested by the client to determine whether the storage unit, if the requested data is cached in the storage unit, is cached in the storage unit of the data requested data as a service provided to the customer, or sent to the data Center respective fetch requests.

[0019] 可选地,所述数据网关装置还可以包括安全审计模块,其用于记录操作日志和取数日志,并将操作日志和取数日志存档。 [0019] Alternatively, the apparatus may further include a data gateway security audit module, for recording the operation log and access log and operation log and access log archiving.

[0020] 可选地,所述数据网关装置还可以包括工单管理模块,其用于处理系统工单任务, 所述工单任务包括工单创建和工单查看。 [0020] Alternatively, the apparatus may further include a data gateway work order management module for processing the work order system task, the task work order includes work order and work to create a single view.

[0021] 可选地,所述数据网关装置还可以包括系统管理模块,其用于配置系统的基础数据,所述基础数据包括数据周期和定时器,所述数据周期为数据中心返回的源数据和所述数据脱敏处理模块生成的服务数据在数据网关装置中的缓存周期。 [0021] Alternatively, the gateway device may further include a data management system modules for basic system configuration data, said data base comprises data and a timer period, the data cycle is the source of the data center return desensitizing processing module and the data generated period data cache service data gateway device.

[0022] 根据本发明的另一方面,还提供了一种客户端可访问的大数据系统,其包括数据中心和数据网关装置,所述数据网关装置通过接口与所述数据中心连接,其中所述数据网关装置为上述任意一种数据网关装置,并且所述数据网关装置配置为能够通过接口与客户端连接。 [0022] According to another aspect of the present invention, there is provided a system for big data accessible to the client, and the data center comprising data gateway device, said gateway apparatus is connected via the data interface and the data center, wherein said data gateway device any one of the above-mentioned data gateway device, and the data can be connected to the gateway device is configured to interface with the client.

[0023] 所述数据网关装置与所述数据中心可以通过数据服务信息同步更新接口、取数申请接口、服务数据生成通知接口和服务数据同步接口来实现数据连接,其中, [0023] The gateway device data with the data center can be updated simultaneously by the interface data service, the application interface to access the service data generating notification data synchronization interface and service interface to achieve a data connection, wherein,

[0024] 通过所述服务信息同步更新接口,所述数据网关装置的服务管理模块中的数据服务的信息与所述数据中心开放的数据服务保持一致; [0024] The synchronization update interface via said service information, and information of the data center open data services data service data management module of the gateway device consistent service;

[0025]通过所述取数申请接口,所述数据网关装置的取数管理模块向所述数据中心发出服务的取数请求,并且,当所述服务为实时服务时,所述数据中心通过所述取数申请接口向所述数据网关装置的取数管理模块返回源数据,当所述服务为周期服务且所述服务的帐期为历史帐期时,所述数据中心通过所述取数申请接口向所述数据网关装置的取数管理模块返回所请求源数据的存储信息,当所述服务为周期服务且所述服务的帐期为未来帐期时, 所述数据中心通过所述取数申请接口向所述网关装置的取数管理模块返回帐期未到消息; [0025] The number of the fetch request issued to the service center through the data access interface to the application, the number of data taken gateway device management module, and, when the service is a real-time service, the data center by the said application interface to access a data source to return the number of the data fetch module management gateway apparatus, when the service period for the service and the service account of the historical account of the data center via the access application Interface returns information source storing the requested data to the data management module takes the number of the gateway apparatus, when the service period for the service account and the service account of the future of the data center through the access application interface has returned to the account number of the gateway device takes the management module has not expired messages;

[0026] 通过所述服务数据生成通知接口,所述数据中心通知所述数据网关装置的取数管理模块所请求源数据准备就绪并返回所请求源数据的存储信息;以及 [0026] generate a notification interface, said central data management module notifies the number of the data taken by the service gateway apparatus the data source the requested data is ready and returns the information source storing the requested data; and

[0027] 通过所述服务数据同步接口,所述数据网关装置的取数管理模块根据所请求源数据的存储信息获取数据。 [0027] The synchronization interface via said service data, the number of the data fetch module management gateway apparatus acquires data according to the stored information source requested data. 所述数据服务信息同步更新接口、取数申请接口、服务数据生成通知接口可以通过Web Service接口实现;所述服务数据同步接口可以通过FTP接口实现。 The service information data synchronization update interface, an interface access request, the service interface may generate the notification data through the Web Service interface; the service data synchronization interface via FTP interface.

[0028] 数据网关装置还配置为可以通过取数申请接口和服务数据推送接口来与客户端数据连接,其中, [0028] The data gateway device is further configured to be pushed through the access interface and the interface to the application service data connection with the client data, wherein,

[0029] 通过取数申请接口,数据网关装置的取数管理模块接受客户端发出的服务的取数请求,并且数据网关装置的取数管理模块向用户提供所请求的服务数据; Take the number [0029] access request interfaces, the number of the data fetch module management apparatus receiving the service gateway client makes a request, the data management module and the number of the gateway device takes the requested data service to a user;

[0030] 通过服务数据推送接口,数据网关装置的取数管理模块将所请求的服务数据推送到指定位置。 [0030] interface via push service data, the number of the data fetch management module of the gateway device the requested service data pushed to a specified position.

[0031] 所述取数申请接口可以通过Web Service接口实现;所述服务数据推送接口可以通过FTP接口实现。 [0031] The application interface may access through the Web Service interface; the data push service interface may interface via FTP.

[0032] 本发明提供的数据网关装置和大数据系统中,针对不同用户和不同的数据类型, 利用不同的合规检查规则对数据中心提供的源数据进行审核,保证了提供给用户的服务数据的规范性;对于定义的数据中的敏感信息,根据设置的规则进行过滤脱敏,保障交易输出的数据(即,服务数据)中无敏感内容;对于合规的脱敏后的输出数据,按照不同用户、交易输出的数据量大小和数据价值属性进行计量和计费;此外,数据输出或者交易过程中,对数据输出对象(即,交易用户)、输出数据的时间以及输出数据的格式等进行永久性存档,以便于未来的运营合规性审计。 [0032] The data gateway device and a large data system according to the present invention is provided for different users and different data types, with different compliance check rules source data center for review to ensure that the service data provided to the user normative; for the sensitive information defined in the data, according to the rules set by filtration desensitization, the transaction security data output (i.e., data service) in a non-sensitive content; output data for the desensitization of compliance, according to different users, data size and the data value output by the transaction attributes metering and billing; addition, the data output, or transactions, of data to be output (i.e., user transaction) and time output data format of output data is performed, permanently archived for compliance audits in future operations.

附图说明 BRIEF DESCRIPTION

[0033] 图1为本发明一个实施例提供的数据网关装置的示意图; [0033] FIG. 1 is a diagram illustrating a data gateway apparatus according to an embodiment of the present invention;

[0034] 图2为本发明另一个实施例提供的数据网关装置的示意图; [0034] FIG. 2 is a schematic data gateway device provided by another embodiment of the present invention;

[0035]图3为本发明实施例提供的数据网关装置的工作流程图;以及 [0035] FIG. 3 is a flowchart of a data gateway apparatus according to an embodiment of the present invention; and

[0036] 图4为本发明实施例提供的大数据系统的示意图。 [0036] FIG. 4 is a schematic view of a large data system according to an embodiment of the present invention.

具体实施方式 Detailed ways

[0037] 为使本领域技术人员更好地理解本发明的技术方案,下面结合附图和具体实施方式对本发明作进一步详细描述。 [0037] to enable those skilled in the art better understand the technical solutions of the present invention, the following accompanying drawings and specific embodiments of the present invention will be described in further detail.

[0038] 本发明一个实施例提供了一种用于保障大数据安全运营的数据网关装置。 [0038] An embodiment of the present invention provides a data gateway device for large data guarantee safe operation. 如图1 所示,该数据网关装置可以包括用户管理模块、服务管理模块、规则管理模块、取数管理模块和数据脱敏处理模块。 As shown in FIG. 1, the gateway device may include a user data management module, the service management module, rules management module, a data access management module and the processing module desensitization. 用户管理模块用于管理用户信息。 User management module for managing user information. 服务管理模块用于管理向用户开放的数据服务的信息;规则管理模块用于针对不同用户和不同的数据服务设置不同合规检查规则;取数管理模块用于接收用户发出的服务的取数请求,向数据中心发出相应的取数请求,并接受数据中心返回的源数据;数据脱敏处理模块用于根据规则管理模块设置的规则,对数据中心返回的源数据进行合规检查,从而生成服务数据,所述服务数据为满足合规检查的数据;其中,所述取数管理模块还用于将数据脱敏处理模块生成的服务数据提供给用户。 Service management module for managing information open to the user data and services; rule managing module for setting different rules compliance check for different users and different data services; fetch access number service management module for receiving a request issued by the user , issued to the number of data fetch request corresponding to the center, and accepts the source of the data center return; desensitizing a data processing module according to the rules set by the rule management module, the source data center compliance check is returned, thereby generating a service data, the service data to meet the compliance check of data; wherein, the access management module is further for desensitizing the data processing module generates service data to the user.

[0039] 根据本发明的其他实施例,本发明提供的用于保障大数据安全运营的数据网关装置还可以包括安全审计模块、规则管理模块、工单管理模块和/或系统管理模块。 [0039] According to other embodiments of the present invention, the data provided by the gateway device of the present invention for securing the safe operation of large data also may include a security audit module, the module management rules, work order management module and / or system management module. 例如,图2 示出了本发明另一个实施例提供的数据网关装置的示意图。 For example, FIG. 2 shows a schematic view of another embodiment of the invention the data provided by the gateway device of the embodiment.

[0040] 以下,将参照图1和图2对数据网关装置的各功能模块进行详细说明。 [0040] Hereinafter, will be described in detail with reference to two pairs of data of each functional module and the gateway device of FIG. 1 FIG.

[00411用户管理模块 [00411 user management module

[0042]用户管理模块用于管理用户信息,并可以对不同类型的用户的功能菜单访问权限进行配置,从而可支持多种类型的用户管理,实现多租户管理。 [0042] user management module for managing user information, and can function menu access to different types of users to configure, which can support multiple types of user management, multi-tenant management.

[0043]用户可包括数据用户和机构用户。 [0043] The user data may include user and institutional users. 数据用户是数据服务的需求用户或第三方系统/应用,并且每个数据用户必须关联一个机构,数据用户可以申请获取数据服务,并获得合规的服务数据。 Data users demand user data services or third-party systems / applications, and each user must be associated with a data organization, data users can apply to get data services, data services and access compliance. 机构用户作为数据用户的责任人,企业或组织机构的责任人,一个机构下只有一个机构用户,但可以拥有多个数据用户。 Institutional users as the user data of the responsible person, responsible business or organization, there is only one institution users in an organization, but may have multiple data users. 可以理解,机构用户和数据用户均可以自行申请,通过对机构用户和数据用户的申请及修改进行审核,可以更好地追踪和记录服务数据的流向。 It is understood that institutional users and data users can apply on their own, through the application review and modification of institutional users and data users, can better track the flow of data and records services.

[0044]用户还可以包括后台业务管理人员,例如,可以包括数据安全管理员和审核人员。 [0044] The user can also include back-office operations manager, for example, may include data security administrators and auditors. 数据安全管理员配置数据过滤、脱敏及合规检查规则。 Data security administrators to configure data filters, desensitization and compliance checking rules. 审核人员审核用户的注册/修改/注销、分配用户的密级、数据服务查看权限、取数权限、取数优先级权限以及审核数据过滤、脱敏及合规检查规则等。 Auditors audit user registration / modify / write-off, assign user's security classification, data services to access, access permissions, access permissions and audit priority data filtering, desensitization and compliance checking rules.

[0045]用户还可以包括后台系统管理人员用户,例如,可以包括:运维人员和系统管理员。 [0045] The user can also include user management staff back-office systems, for example, may include: operation and maintenance personnel and system administrators. 运维人员运营和维护系统。 Operation and maintenance personnel operate and maintain the system. 系统管理员具有系统的全部权限。 System administrators have full access to the system. 可以理解,系统管理人员可以新建审核人员、数据安全管理员和运维人员。 It is understood that system administrators can create new auditors, administrators and data security operation and maintenance personnel.

[0046]用户管理模块还可以针对不同类型的用户,如数据用户、机构用户、数据安全管理员、审核人员、运维人员和系统管理员,配置用户的功能菜单访问权限。 [0046] user management module also can target different types of users, such as user data, institutional users, data security administrators, auditors, operation and maintenance personnel and system administrators to configure user access rights function menu. 一般而言,不同的用户具有不同级别的功能菜单访问权限。 In general, different users access the function menu with different levels.

[0047]服务管理模块 [0047] Service Management Module

[0048]服务管理模块用于管理向用户开放的数据服务的信息,例如,创建新的数据服务、 修改和删除已开放的数据服务等管理操作。 [0048] Service information management module for managing open to user data services, for example, create a new data service, modify, and delete open data service management operations. 数据管理模块中的数据服务信息与数据运营者向用户开放的数据服务保持一致。 Data Management module data service information and data operators open to user data services consistent.

[0049] 数据服务信息可包括:服务基本信息,其可以包括服务编码、服务名称、服务类型(实时服务或周期服务)、服务周期(年、季、月、周或日;对于周期服务)、周期数据就绪日期(对于周期服务)、服务输出集编码、服务输出集名称等;服务输出字段信息,其包括服务输出集编码、字段编码、字段名称、字段数据类型、字段描述等;以及服务计费信息,例如,每单元字段或每行的价格等。 [0049] Data Service information may include: service basic information, which may include a service code, service name, service type (real-time service or periodic service), the service period (year, season, month, week or day; for periodic service), ready date period data (for periodic service), the service output set encoding service output header names; service output field information including service output header encoding, field encoding, the field name, field data type field describes the like; and a service meter fee information, e.g., the price per unit field or the like of each line.

[0050] 取数管理模块 [0050] The access management module

[0051] 取数管理模块用于接收用户的取数请求,向数据中心发出相应的取数请求,并接受数据中心返回的源数据。 Take the number [0051] The access management module for receiving a user's request, the corresponding number of issued requests to fetch the data center, and accepts the source data center return. 本发明中,数据中心返回的源数据包括:针对实时服务,数据中心返回的源数据,以及针对周期服务,取数管理模块根据数据中心返回的源数据的存储信息获取的源数据。 In the present invention, the source data center return comprising: a real-time service, the source data center to return, and for periodic services, access management module acquires the data center according to the stored information of the returned source data for the source data. 在数据脱敏处理模块(后述)对数据中心返回的源数据进行处理,产生服务数据(即,合规的数据)之后,取数管理模块将服务数据提供给用户。 After the source data center return is processed (described later) in the data desensitization processing module, generating a service data (i.e., data compliant), taking the number of the service data management module is provided to the user.

[0052] 取数管理模块还可以用于针对用户的取数请求生成取数任务。 [0052] The access management module may also be used to generate access requests for a number of tasks the user to take. 取数任务的创建方式有四种,一是针对实时服务,由用户手工发起实时取数任务;二是针对周期服务,由用户首次手工发起取数任务;三是针对周期服务,在用户首次手工发起取数任务之后,由取数管理模块周期性自动生成取数任务;四是数据安全管理员修改合规检查规则并立即生效后重新生成取数任务。 Create a way to take the number of jobs there are four, one for real-time services, initiated manually by the user in real-time to take a few tasks; the second is for the period of service, the first manually initiated by the task of taking the number of users; the third is for the period of service, the first time a user manual after initiating access task, taking the number of tasks automatically generated by the access management module periodically; Fourth, data security administrator to modify the rules and compliance checks take effect immediately regenerates after the number of tasks.

[0053]取数管理模块还可以提供服务取数任务的查看功能。 [0053] access management module can also provide service access task viewing. 服务取数任务可以采取列表方式显不。 Service access task can take a list of ways not noticeable.

[0054] 服务取数任务列表所含的信息可以包括:数据用户名称、服务编码、服务名称、月艮务类型、服务周期、任务账期、数据就绪状态、任务状态、任务开始时间、任务结束时间。 [0054] information service number contained in the task list can take include: data user name, service code, service name, service type May Burgundy, service period, End Task account of, data-ready status, task status, task start time, the task time.

[0055] 其中,服务类型包括周期或实时。 [0055] wherein the service types include real-time or cycles.

[0056] 任务账期只有在服务类型为周期的情况下,该字段才有值,如果任务是通过手工发起的实时取数任务,则该字段显示实时。 [0056] Task account of the type of service only in the case of a cycle, this field have value, if the task is initiated manually access real-time tasks, this field is displayed in real time. 根据账期类型,显示格式可以为:年-yyyy、月- yyyymm、季度-yyyy*Q、周-yyyy**、日-yyyy***。 According to the account of the type of display format can be: In -yyyy, month - yyyymm, quarter -yyyy * Q, Zhou -yyyy **, day -yyyy ***.

[0057] 任务状态可以包括有效和失效。 [0057] The active state may include tasks and failure. 任务创建后,任务状态默认为有效,在数据安全管理员修改规则(包括数据过滤脱敏规则和合规检查规则)并选择立即生效后,将终止当前所有相关的未完成的取数任务,重新创建取数任务,执行新的安全规则,已终止的取数任务的任务状态被设置为失效。 After the task is created, the task status is active by default, data security administrator modify the rules (including data filtering desensitization rules and compliance checking rules) and select the entry into force immediately, will terminate all current relevant fetch unfinished task, again Creating access tasks, implementation of new safety rules, has been taken to terminate the task status is set to the number of tasks failure.

[0058] 数据就绪状态的值可以为准备取数、开始取数、取数完成、脱敏中、合规检查中、数据就绪、非法服务终止、服务已送达或服务送达失败、重试中,各项的说明如下: Value [0058] Data can be taken as a ready state ready number, starts access, access is completed, desensitization, compliance check, the data is ready, the illegal termination of service, delivery service, or the service has been delivered fails, retry , the items are described below:

[0059] [0059]

Figure CN105515963AD00081

[0060] 服务任务列表还可以支持查询功能,例如根据数据用户名称、服务编码、服务名称、开始时间、结束时间进行的查询。 [0060] Service task list can also support query functions, such as data based on user name, service code, service name, start time, end time of the query.

[0061] 服务取数任务列表还可以针对管理人员提供检查结果查看、服务源数据和服务数据的抽样等功能操作。 [0061] the number of services to take the task list can also provide test results to see, sample source and other functions operating services and data services for data management.

[0062] 检查结果查看提供本次取数任务的服务源数据的数据脱敏及检查结果,包括本次取数任务的数据用户登录名、数据用户姓名、所属机构用户登录名、所属机构用户姓名、月艮务编码、服务名称、服务类型、服务周期、任务帐期、任务开始时间、服务源数据是否合规、合规检查总行数、数据脱敏/合规检查规则。 [0062] test results provide data to see the results of this examination and desensitization access service task source data, including data user login access this task, the data user's name, affiliation user login name, user name Affiliation month that works to coding, service name, service type, service period, the task off period, task start time, the service source data for compliance, compliance checking total number of rows, data desensitization / compliance checking rules. 如果服务源数据检查结果为不合规,则将以列表方式显示所有被检查出来的不合规数据,列表展示信息包括:不合规数据行的序号、在服务源数据中的行号,不合规数据所在行的所有数据,以红色字体标注不合规数据,以鼠标触发方式弹出该数据应当遵从的合规检查规则,并提供合规检查结果的导出功能,支持以txt、 excel文件格式导出。 If the service source data check result is non-compliant, it will show all checked out of the non-compliant data as a list, the list shows information including: number of non-compliant data lines, service line number in the source data, not All data compliance data row, the red font marked non-compliant data to trigger pop-up mouse data should comply with the compliance check rules, and provides export capabilities compliance review results, supports txt, excel file format export.

[0063] 服务源数据和服务数据的抽样,支持连续指定行数据内容的抽样(指定从XXX行至XXX行),连续行数最大数为100,结束行号必须小于等于源数据/服务数据的总行数。 [0063] The service source data and service data sample support of a continuous specified line data content of a sample (designated from Line XXX to Line XXX), the continuous line number the maximum number is 100, the end line number must be less than equal to the source data / service data total number of rows.

[0064]如需要对用户获取的服务数据进行统计,取数管理模块还可以对输出至该用户的服务数据进行计量和计费。 [0064] The required service data obtained user statistics, access management module may also be output to metering and billing of the user's service data. 对于输出的服务数据,按照不同的用户,根据数据量大小和数据价值属性进行计量和计费。 For the service of output data, according to different users, metering and billing according to the amount of data size and data value attributes. 在服务取数任务列表展示信息增加服务数据量和收费金额。 List shows the amount of data and information to increase service charges in the amount of access service tasks. 例如,可以按照以下公式来计算数据量和该数据服务的收费金额: For example, the amount of charge may be calculated and the data amount of the data service according to the following formula:

[0065]数据量=字段数X行数; [0065] The amount of data lines X = count field;

[0066]数据服务收费金额=每单元字段/行的定价X数据量X用户定级标准系数。 [0066] X pricing data quantity X user classification standard data service charge amount = coefficient per unit field / line.

[0067]这里,可以在用户管理模块中预先确定用户的用户定级标准系数。 [0067] Here, the user may be predetermined classification standard coefficients user in the user management module.

[0068] 一般而言,数据用户只能查看已授权的数据服务的信息,并提出取数请求。 [0068] In general, data users can only view information authorized data services, and make access requests.

[0069]可以理解,数据网关装置还可以包括存储单元,其用于缓存数据中心返回的源数据和数据脱敏处理模块生成的服务数据。 [0069] It will be appreciated, the data gateway apparatus may further include a storage unit for the data cache data service data source and the data center return desensitizing processing module generates. 此时,取数管理模块配置为首先确认存储单元中是否存在客户所请求的数据,如果所请求的数据已缓存在存储单元中,则将缓存在存储单元中的所请求的数据作为服务数据提供给用户,否则向数据中心发出相应的取数请求。 In this case, access management module is configured to first check whether data requested by the client storage unit, if the requested data is cached in the storage unit, is cached in the storage unit to provide the requested data as a service data to the user, or sent to the fetch request corresponding to the number of the data center.

[0070] 需要说明的是,存储单元可以作为独立的单元存在,也可以作为取数管理模块的一部分,本发明对此不进行限定,只要数据中心返回的源数据或取数管理模块获取的源数据可以被数据脱敏模块读取,并且数据脱敏模块生成的服务数据可以被取数管理模块读取即可。 [0070] Incidentally, the memory cell may exist as a separate unit, or as part of the access management module, according to the present invention which is not limited, as long as the data source or the data center return to fetch source management module acquires data may be the data read module desensitized, desensitizing module and the data may be generated by the service data management module read access to.

[0071] 规则管理模块 [0071] The rule managing module

[0072] 规则管理模块用于对各机构用户和/或数据用户的权限进行独立配置,针对不同的用户和不同的数据服务生成不同的查看权限、取数申请授权、取数优先级权限、数据过滤脱敏规则和合规检查规则,从而可实现不同数据用户间的资源隔离。 [0072] The rule managing module configured independently for each institutional users and / or user permissions data generated for different users and different services to different data permission to view, access authorization request, priority access rights, data desensitization filter rules compliance check rules, enabling isolation of resources between different data users. 通过规则管理模块,可以提供安全规则统一管理功能,可以理解,任何规则配置只能由数据安全管理员操作。 Adoption of the rules management module, can provide unified security management rules, to be understood that any rule configuration data can only be operated by the security administrator. 数据服务的查看权限,指机构用户和/或数据用户能否在数据服务列表中看到该服务及其详细信息。 Permission to view data services, means that the service and its institutional users more information and / or data users see the data in the list of services. 不同的用户所看到的服务列表可以各不相同。 Different users can see a list of services may vary.

[0073]数据服务的取数申请授权,指数据用户能否获取该服务的数据。 Take the number [0073] Data service request authorization, users can refer to data of the data acquisition service. 数据用户可以在取数管理模块针对有查看权限的服务,提交取数申请,经过审核、配置取数申请授权后,能通过取数管理模块发起取数请求。 For data users may have permission to view the service, taking the number of applications submitted in the access management module, reviewed, configured to take the number of applications for authorization, access management module can initiate access requests.

[0074] 数据服务的取数优先级权限,指多个数据用户同时发起取数请求时,取数管理模块创建取数任务的排序优先级规则。 [0074] access privilege priority data services, data refer to multiple users simultaneously initiates a request to take the number, access management module to create a sort priority rule taking several tasks.

[0075] 由于不同机构用户或数据用户的密级要求一般不同,因此,为了尽量避免多个数据用户通过共享获取的服务数据并进行重组而获得敏感信息,优选地,针对不同用户和不同数据服务,制定不同的数据过滤脱敏规则和合规检查规则。 [0075] Due to the different mechanisms or user data of the user requirements are generally different dense, and therefore, in order to avoid a plurality of data users by sharing the acquired service data and recombination of sensitive information, preferably, the data for different users and different services, desensitization for different data filtering rules and compliance checking rules. 数据过滤脱敏规则和合规检查规则可以随机设置或预先设置,只要能尽量使得属于同一个机构用户下的数据用户很难通过获取的服务数据恢复出敏感信息即可。 Desensitization data filtering rule compliance check rules may be set randomly or set in advance as long as possible so that the user data belonging to the same user in a mechanism very difficult to recover sensitive information acquired by the service data.

[0076] 合规检查规则可以包括:数据字典匹配、数值范围检查和字段长度检查。 [0076] Compliance check rules may include: matching the data dictionary, checks the numerical ranges and field length checking. 合规检查规则可以通过excel文件格式导入。 Compliance checking rules can be introduced through the excel file format.

[0077]过滤脱敏规则可以包括:服务输出字段筛选、字段的条件过滤和字段内容处理。 [0077] desensitization filter rule may include: field service output filter, the filter condition field and field contents process. 字段的条件过滤可以包括:根据字段的字典进行过滤,以及针对数值类型的字段,根据数值比较表达式进行过滤。 Filtering condition field can include: field filter according to the dictionary, as well as for the numerical type, filter based on numerical comparison expressions. 字段内容处理可以包括:对特殊字符进行替换的处理,以及对连续位数进行截取替换的处理。 Field contents processing may include: the replacement treatment for special characters, and the processing of the number of consecutive bits taken replacement. 以下,将对这些过滤脱敏规则进行详细说明。 Hereinafter, the desensitization of these filter rules described in detail.

[0078] (1)服务输出字段筛选 [0078] (1) output field screening service

[0079] 服务输出字段筛选即为数据表的列过滤。 [0079] Service column filters is the filter output field data table. 例如,某服务的源数据中包括9个输出字段,字段名称分别为省份、用户编码、姓名、出生日期、身份证号、手机号、套餐类型、机型、月均话费。 For example, a data source services included nine output fields, field names are the provinces, user code, name, date of birth, ID number, phone number, package type, model, the average monthly bill. 根据《电信和互联网用户个人信息保护规定》,不允许输出用户姓名、出生日期、身份证件号码、住址、电话号码、账号和密码等字段。 According to "Telecommunications and Internet user's personal information protection provisions" is not allowed to export a user's name, date of birth, ID number, address, phone number, account number and password fields. 因此,针对数据用户的该服务请求,规则管理模块设置字段筛选规则,使得该服务只输出省份、用户编码、套餐类型、机型和月均话费5个字段,则服务源数据中的姓名、出生日期、身份证号和手机号这4个字段都将被过滤掉。 Therefore, the request for the service user data, rules management module setting field filtering rules, so that the service is only output provinces, user codes, package type, model, and the average monthly bill five fields, the service source data name, birth date, ID number and phone number of the four fields will be filtered out.

[0080] (2)字段的条件过滤 Conditions [0080] (2) filter field

[0081] 字段的条件过滤即为数据表的行过滤。 Conditions [0081] Field of the filter is the filter data table row. 如上所述,字段的条件过滤又可分为两种过滤。 Conditions as described above, the filter can be divided into two kinds of fields filtration.

[0082] 第一种是根据字段的字典进行的过滤。 [0082] The first filtering is performed according to the dictionary field. 例如,上例服务中的输出字段"省份"对应的省份字典包括"北京"、"河北"、"天津"、"河南"、"山东"5个取值,规则管理模块可以针对数据用户设置该服务的输出字段"省份"的取值过滤条件为只包括"北京",则对于该数据用户,服务源数据中的省份字段取值为"河北"、"天津"、"河南"、"山东"的数据行都被过滤掉。 For example, the output of the service in the field "province" corresponds provinces dictionary include "Beijing", "Hebei", "Tianjin", "Henan", "Shandong" 5 values, rules management module can be set for the user data output field services "provinces" of the value of a filter condition to include only "Beijing", the value of the field for the provinces of data users, service in the source data is "Hebei", "Tianjin", "Henan", "Shandong" data rows are filtered out. [0083]第二种是针对数值类型的字段,根据数值比较表达式进行的过滤。 [0083] The second is for the numerical type, the filtration according to the numerical comparison expressions. 例如,上例服务中的输出字段"月均话费"的数据类型是double,规则管理模块针对数据用户设置该服务的输出字段"月均话费"的取值过滤条件为:字段取值范围在50~100之间,则服务源数据中的月均话费字段的取值小于50或者大于100的数据行都被过滤掉。 For example, the output field in the embodiment of the service "monthly bill" data type is double, rules management module of the service provided for the user data output field 'monthly bill, "the value of a filter condition: field value in the range 50 between ~ 100, the service source data value of the average monthly bill data field is less than 50 or greater than 100 rows are filtered out.

[0084] (3)字段内容处理 [0084] (3) the content processing field

[0085] 如上所示,字段内容处理包括两种处理。 As shown in [0085] as described above, the processing content field comprises two processes.

[0086]第一种是对特殊字符进行替换的处理。 [0086] The first process is to replace special characters. 例如,上例服务中,规则管理模块针对数据用户设置对该服务的输出字段"用户编码"进行特殊字符替换,将特殊字符(123)替换处理成***,则服务源数据中的字段"用户编码"中的"123"都将被替换为"***"。 For example, the example service, rules management module is provided for the user data of the replacement character special output field service "user code", special characters (123) into *** replacement process, the source data in the service field " Custom Code "in the" 123 "will be replaced with" ***. " 比如,服务源数据中的"用户编码"为"1235678",经过替换处理后显示为"*#5678"。 For example, the service source data "user code" is "1235678", after the replacement process is displayed as "* # 5678."

[0087]第二种是对连续位数的字符进行截取替换的处理。 [0087] The second number of consecutive bits is taken for processing character replacement. 截取替换包括:将前端N位字符替换成指定字符,将中间连续N位字符替换成指定字符,或将后端从第几位开始的字符替换成指定字符。 Alternatively taken comprising: a front end to replace the N-bit characters into the specified character, the character replacing intermediate N consecutive bits to the specified character from the character, or alternatively the rear end into the first of several specified start character.

[0088]当要求将"用户编码"中的前4位换成6666时,如果服务源数据中的"用户编码"为"1235678",则经过替换处理后显示为:6666678; [0088] When the front four requirements into 6666 "user code" is, if the service source data "user code" is "1235678", after the replacement process is shown as: 6,666,678;

[0089]当要求将"用户编码"中的第2至5位换成6666时,如果服务源数据中的"用户编码" 为"1235678",则经过替换处理后显示为:1666678; [0089] When the time required to replace the 6666, if the service source data "user code" is "1235678", then the replacement process after displaying "Custom Code" is 2 to 5 as follows: 1,666,678;

[0090]当要求将"用户编码"中从第4位之后的字符换成6666时,如果服务源数据中的"用户编码"为"1235678",则经过替换处理后显示为:1236666。 [0090] When it is desired to "user code" 6666 from the character into the following 4 bit, if the source data service "user code" is "1235678", after the replacement process is shown as: 1,236,666.

[0091]需要说明的是,规则管理模块中必须设置数据的合规检查规则,从而确保提供给用户的服务数据的合规性。 [0091] Incidentally, the rules management module must be provided to check the compliance rule data so as to ensure compliance to the user's service data. 在数据中心已经配置有过滤脱敏功能的情况下,数据网关装置无需配置数据的过滤脱敏规则。 In the case of data centers have a filter disposed desensitization function, the data need to configure the gateway device data filtering rule desensitization.

[0092]数据脱敏模块 [0092] Data Module desensitization

[0093]数据脱敏处理模块用于根据规则管理模块的配置,对数据中心返回的源数据进行过滤脱敏处理,并对过滤脱敏后的数据进行合规检查,如果该数据合规,则该合规的数据作为服务数据通过取数管理模块提供给用户,否则,停止输出该数据。 [0093] Data processing means for desensitizing according to the configuration rule management module, the source of the data center return-desensitizing treatment was filtered, and the filtered data desensitization a compliance check, if the compliance data, then the compliance data as a service data management module provides access by the user, otherwise, the data output is stopped.

[0094]如果规则管理模块还针对不同的用户和不同的数据服务设置服务数据的输出行数的情况下,当满足合规检查的数据的总行数大于所述设置的服务数据的输出行数时,数据脱敏处理模块将根据规则管理模块设置的用户的服务数据的输出行数,对满足合规检查的数据,从首行开始顺序截取一定行数的数据,生成所述服务数据,其中行数=服务数据的输出行数。 [0094] If the rules management module is further for the case where the number of different users and different data services and services provided data output line, when the number of output data lines the number of lines to meet the compliance check is greater than the setting of the service data the data processing module in accordance with desensitization output row rule managing module provided user data services, satisfying compliance check of the data, a predetermined number of rows of data taken from the first line sequentially, generating said service data, wherein the row = number of rows of output data service.

[0095]可以理解,在规则管理模块无需配置数据过滤脱敏规则的情情况下(即,数据中心已经配置有过滤脱敏功能的情况下),脱敏脱敏模块直接对数据中心返回的源数据或取数申请接口获取的源数据进行合规检查。 [0095] It will be appreciated, the configuration data without filtering (i.e. in the case, the data center has been disposed desensitization filtering function) the case where desensitization rules in the rule management module, the module desensitization desensitization returned directly to the source of the data center or data access application interface to obtain the source data is checked for compliance.

[0096]安全审计模块 [0096] Security Audit Module

[0097] 安全审计模块用于记录操作日志、取数日志,并将操作日志、取数日志进行存档。 [0097] The security audit means for recording the operation log, access logs and operation logs, log archive access.

[0098] 操作日志是指装置运行中所有用户的操作信息,包括:操作用户账号、被操作用户账号、操作类型、操作功能、操作内容(如:查询自己待办任务列表,数据量:25条)、操作时间等。 [0098] Operation log refers to an operation information device running all users, comprising: operating a user account, is operated the user account, the operation type, operation function, operation content (eg: check their to-do lists, the data amount: 25 ), operating time and the like.

[0099] 取数日志是指装置运行中所有用户的服务数据的获取操作信息,包括:获取数据的时间、数据量、服务基本信息、服务输出字段信息(即,服务数据的字段信息)、执行的服务数据脱敏/合规检查规则等。 [0099] access log to acquire an operation information operation for all users of the service data, comprising: acquiring data time, data volume, service basic information, service output field information (i.e., field information service data), performs service data desensitization / compliance checking rules. 服务数据的获取操作包括两种情况,一是管理人员主动下载或抽样下载服务源数据和服务数据,二是数据网关装置将服务数据成功返回给数据用户。 Data acquisition operation of the service, including two cases, one management took the initiative to download or download sample data source service and service data, and second data gateway device will successfully return data to the data service users.

[0100] 安全审计模块能周期性地对操作日志、取数日志进行审计,并支持针对机构用户或数据用户获取的服务数据的字段级审计,从而可以更准确地追踪敏感字段的数据流向, 使得大数据运营更好地满足运营合规性审计。 [0100] security auditing module can periodically the operation log, access audit log, and support field-level auditing mechanism for acquiring user data or user data services, which can more accurately track the flow of sensitive data field, such that big data operations to better meet operators' compliance audits.

[0101] 工单管理模块 [0101] Work Order Management Module

[0102]工单管理模块用于处理数据网关装置的工单任务,工单任务包括工单创建和工单查看。 [0102] work order management module is configured to work order data processing tasks of the gateway device, comprising a single task work to create work orders and work orders view. 对于需要审批流转的任务,数据网关装置可以自动创建工单。 The need for approval of the transfer of tasks, data gateway device can automatically create work orders. 针对不同业务,在业务流转节点设置工单任务触发条件。 For different business, the business transfer node set work order task trigger condition. 系统管理人员可以配置处理各工单任务的用户类型,当工单任务被触发时,自动生成待办工单给该类用户。 The system administrator can configure the type of each work order processing user tasks, when the work order tasks are triggered automatically generate work orders Upcoming to such users. 例如,对于新用户注册业务,可将注册信息的提交设置为触发条件,并将处理该新用户注册工单的用户类型设置为审核人员。 For example, business registration for new users, may submit the registration information to set trigger conditions, and new user registration process the work order type is set to user auditors. 用户在提交注册信息后将触发新用户注册工单,并自动生成一个待办工单给在岗的审核人员处理。 Users registered user to trigger a new ticket will be submitted registration information, and automatically generate a work order to deal with to-do in the auditors Kong.

[0103] 此外,可以通过工单管理模块查看工单,管理人员可以查看待办/已办/撤回的工单。 [0103] In addition, you can view the work order by work order management module, managers can view the to-do / have to do / work order withdrawn.

[0104] 待办工单的查看向处理用户提供工单查询以及处理功能。 [0104] To-do view the work order to provide workers to handle single-user query and processing functions. 用户可以根据待办类型、待办标题、待办内容进行模糊查询。 Users can type to-do, to-do title, to-do content fuzzy query. 系统将根据待办生成时间进行降序排序展示,用户直接点击处理进入相应的工单处理页面。 The system generates a time display in descending order according to to-do, users click on the appropriate process to enter the work order processing page. 工单处理后,会自动流转到已办工单。 After the work order processing, automatic transfer will have to do the work order.

[0105] 已办工单的查看将会展示已处理工单历史处理信息,包括:上一步工单处理人、处理时间、处理意见、处理时间等信息。 [0105] have to do work orders View work order history will show processing information has been processed, including: Previous work order processing people, treatment time, treatment advice, processing time and other information.

[0106] 撤回工单的查看将会展示已撤回工单的详细信息,包括工单撤回原因。 [0106] withdraw the ticket view will show details of work orders have been withdrawn, including work orders to withdraw reason. 通过工单管理模块,数据网关系统能够实现对各类用户的用户信息和权限的审核流程的运转。 By work order management module, the system can achieve data gateway review process for the operation of various types of user information and user permissions.

[0107] 系统管理模块 [0107] System Management Module

[0108] 系统管理模块用于配置系统的基础数据,该基础数据可以包括数据周期和定时器。 [0108] System data base management module for configuring the system, the data base may include a timer and a data cycle.

[0109] 数据周期为服务源数据和服务数据在数据网关装置中的缓存周期,该数据周期可以预先设置或由运维人员指定或修改。 [0109] Data service source data cycle and service cycle in the data cache data in the gateway apparatus, the data may be set in advance or specified period or modified by operation and maintenance personnel.

[0110] 数据的缓存周期的类型可以是年、季、月、周或日,周期单位为天,即在该周期后对该数据进行清理。 [0110] the type of cache cycle data can be annual, seasonal, monthly, weekly or daily cycle in days, that is to clean up the data after this period.

[0111] 系统管理模块每天扫描检查数据是否过期,针对过期的数据,生成过期数据清理待办工单,通知运维人员,经运维人员审批通过后自动执行过期数据的清理。 [0111] The system management module scans daily data has expired, the data for expired expiration data cleaning to-do generate work orders, operation and maintenance personnel notification, automatic cleanup after approval by stale data by operation and maintenance personnel.

[0112] 定时器可以包括:周期服务的任务自动创建监控定时器、服务源数据扫描时间间隔、数据脱敏/规范性检查时间间隔、FTP推送失败后重新推送的时间间隔、FTP推送重发失败次数等。 [0112] The timer may comprise: task period monitoring timer is automatically created and services, the service source data scan interval, data desensitizing / normative check interval, failure of re-pushes the FTP push interval, retransmission fails FTP Push number of times.

[0113] 图3为本发明实施例提供的用于保障大数据安全运营的数据网关装置的工作流程图。 [0113] FIG. 3 is a flowchart of the gateway device the data for a large data security protection operations according to an embodiment of the present invention. 如图3所示,该工作流程具体包括以下步骤。 As shown in FIG. 3, the workflow includes the following steps.

[0114] 步骤1:用户通过数据网关装置的用户管理模块进行用户注册。 [0114] Step 1: The user performs user registration management module via the user data gateway device.

[0115] 步骤2:数据网关装置的服务管理模块从数据中心同步各种数据服务的信息。 [0115] Step 2: The service data management module of the gateway device synchronization information including various data and services from the data center.

[0116] 步骤3:数据网关装置的规则管理模块对用户进行数据服务查询权限的授权。 [0116] Step 3: Rules Management module data gateway device the user is authorized to query data services authority.

[0117] 步骤4:用户通过网关装置的取数管理模块提交服务的取数申请。 [0117] Step 4: service user submits application number taken by taking the number of the management module of the gateway device.

[0118] 步骤5:数据网关装置的规则管理模块对用户进行数据服务取数权限的配置。 [0118] Step 5: The gateway apparatus rule data management module of the data service user to configure access permissions.

[0119] 规则管理模块可以针对用户进行服务的取数申请授权、服务数据取数的优先级授权、服务的数据过滤脱敏规则、服务数据的合规检查规则和服务数据的输出行数等。 Take the number [0119] rule management module may request authorization for the user service, data service takes priority authorization number, the data and services desensitization filtering rules, the rule check and service data output line number and other service data compliance. 同一服务面向不同用户独立配置其数据过滤脱敏规则、合规检查规则、服务数据的输出行数。 Independently the same service for different users configure their desensitization data filtering rule, the number of output lines compliance check rules and services data.

[0120] 步骤6:数据网关装置的取数管理向数据中心提交用户授权服务的取数申请。 [0120] Step 6: access gateway apparatus management data to the data center user to submit the authorization service access request.

[0121] 步骤7:数据中心生成服务源数据。 [0121] Step 7: The data center generates data service source. 特别地,如果用户提交的是实时服务取数申请, 则数据中心生成实时服务源数据。 In particular, if a user submits a real-time service access application, data center services to generate real-time data source. 如果用户提交的是周期服务的取数申请,则数据中心将根据周期服务的生成周期,生成周期服务源数据。 If a user submits application cycle is to take the number of services, according to the data center of the service period generation period, generation period data service source.

[0122] 步骤8:数据中心将服务源数据(实时服务源数据或者周期服务源数据存储信息) 返回给数据网关装置。 [0122] Step 8: The data service center source data (source data or real-time service data service source storage period information) to the data gateway device.

[0123] 步骤9:数据网关装置的数据脱敏处理模块根据规则管理模块中设置的针对该用户的数据过滤脱敏规则,对服务源数据进行数据过滤脱敏。 [0123] Step 9: The data processing module desensitization data gateway device based on the data filtering rule for desensitization to the user's rule set in the management module, the service data source data filtering desensitization. 具体的数据过滤脱敏可参照前述,此处不再赘述。 Specific data can be referred to the filtering desensitization is not repeated here.

[0124] 步骤10:数据网关装置的数据脱敏处理模块根据规则管理模块中针对该用户设置的合规检查规则,对经过数据过滤脱敏后的服务源数据进行数据合规检查,如果存在不合规数据,则中断本次服务数据取数流程。 [0124] Step 10: desensitization data processing module for data gateway apparatus checks the compliance of the rule set by the user, via the data services of the filtered data source data desensitization compliance check rules management module, if there is not in accordance with compliance data, stop the current service data access process.

[0125] 如前所述,合规检查可以包括数据字典匹配、数值范围检查和字段长度检查。 [0125] As described above, the compliance check may include matching the data dictionary, checks the value range and field length checking.

[0126] 步骤11:数据网关装置的数据脱敏处理模块根据规则管理模块中针对该用户设置的服务数据的输出行数,对满足数据合规检查规则的、过滤脱敏后的服务源数据,从首行开始,顺序截取规定行数的数据,生成服务数据。 [0126] Step 11: The data processing module desensitization rule data gateway device management module, the data satisfying the rules compliance check, the filtered data service source for the desensitization of the user setting the number of output lines in accordance with data services, starting from the first row, the order intercept the data a predetermined number of rows, to generate service data.

[0127] 步骤12:数据网关装置的取数管理模块将服务数据返回给用户,并进行计量、计费。 [0127] Step 12: Take the number of data management module of the gateway device service data returned to the user, and measurement and calculation.

[0128] 需要说明的是,实时服务的服务数据可以通过Web Service接口返回给用户。 [0128] It should be noted that the service interface to real-time data services can be returned to the user through the Web Service. 周期服务的服务数据可以采用数据文件方式通过FTP接口推送到用户的FTP服务器。 Periodic service data and services can be used by a data file interface to FTP pushed to the user's FTP server.

[0129] 步骤13:数据网关装置的安全审计模块定期对操作日志、取数日志进行审计。 [0129] Step 13: Data security audit module of the gateway device periodically the operation log, access audit log.

[0130] 根据本发明的另一方面,还提供了一种客户端可访问的大数据通信系统,如图4所示,其包括数据中心和数据网关装置,该数据网关装置通过接口与数据中心数据连接,并且该数据网关装置配置为可通过接口与客户端数据通信。 [0130] According to another aspect of the present invention, there is provided a large data communication system accessible to a client, as shown, which means that the data gateway via the interface to the data center and the data center comprising data gateway apparatus 4 data connection, and the data gateway device is configured via an interface data communication with the client. 客户端(代表数据服务需求者)发出的数据服务请求通过数据网关装置发送至数据中心,数据中心返回的服务源数据通过数据网关装置进行过敏脱敏处理和合规性检查,然后将脱敏后的满足合规性检查的服务数据提供给客户端,防止了关键和敏感数据的泄漏,满足了合规性。 Data Services client (data representing service requestor) requests from the data center via the data transmission to the gateway device, the source data center service returned by the allergy desensitization treatment compliance by checking the data gateway device, and after desensitization meet compliance checks of service data provided to the client, to prevent the leakage of critical and sensitive data, meet regulatory compliance. 此外,本发明提供的数据网关装置还可以对发送给客户端的服务数据进行计量或者计费,并对这些服务数据进行审计。 In addition, the data provided by the gateway device of the present invention may also be metered or charging for the service data to the client, and audit service data. 该数据网关装置为上述的数据网关装置,因此,不再对其进行赘述。 The data gateway apparatus as the gateway apparatus said data, therefore, will not be repeated herein.

[0131]根据大数据系统中的数据的流向,运营商的数据中心构成数据内网区,本发明提供的数据网关装置构成审核区,其可保障数据服务开放运营的安全性,请求数据服务的客户端构成外网合作区,客户端可发出各种数据服务请求,如图4所示。 [0131] The flow of data of large data systems, carrier's data center constituting the data network area, the data gateway device of the present invention provides a configuration audit area, which may protect the security of the data service opening operation, requesting data service client constituting the zone outside the network, the client may issue a variety of data service requests, as shown in FIG.

[0132]数据网关装置(审核区)与数据中心(数据内网区)之间可以通过接口进行连接。 [0132] data between the gateway device (reviewed region) and the data center (within the data area network) can be connected via the interface. 在一个示例中,数据网关装置与数据中心通过数据服务信息同步更新接口、取数申请接口、月艮务数据生成通知接口和服务数据同步接口来实现数据连接。 In one example, the gateway device with the data synchronization update the data center via the data interface to the service information, the application access interface that works to monthly data generating notification data synchronization interface and service interface for data connection.

[0133]数据服务信息同步更新接口可以通过Web Service接口来实现。 [0133] data synchronization service information update interface through Web Service interfaces to achieve. 当数据中心开放的数据服务信息发生变化(例如,新建数据服务或修改数据服务)时,数据中心通过Web Service接口主动将数据服务信息推送给数据网关装置。 When the data service center open data information changes (e.g., new service or modify data service data), the data center to the interface data active service data push information to the gateway device through the Web Service. 通过该数据服务信息同步更新接口,数据网关装置的服务管理模块中的信息与所述数据中心开放的数据服务保持一致[0134]取数申请接口也可以通过Web Service接口实现方式。 The service information through the data synchronization update interface, said data center information management module open service data gateway apparatus consistent data service [0134] access request through the Web Service Interface can interface mode. 在收到来自客户端的服务数据提取申请后,数据网关装置检查本地服务缓存表是否存在所请求的数据,如果不存在则向数据中心发起该服务的数据提取请求。 After receiving service data from the client application to extract data service gateway apparatus checks the local cache table if the requested data is present, then if there is no data to initiate the service request extracts the data center. 如果该服务的服务类型是实时服务,则数据中心实时生成源数据返回给数据网关装置;如果该服务的服务类型是周期服务,且所请求的服务账期是历史账期,则数据中心将该服务源数据的存储信息(包括例如文件服务器的FTP 地址、访问端口、登录用户名、密码、源数据文件存储路径、源数据文件名等)返回给数据网关装置;如果该服务的服务类型是周期服务,且所请求的服务账期是未来账期,则数据中心将返回一个账期未到的消息给数据网关装置,在满足账期条件并且源数据生成后再通过服务数据生成通知接口通知数据网关装置。 If the service type of the service is real-time service, the real-time data center data back to the data generation source gateway apparatus; if the service type of the service is the service period, and the requested service account of the history of the account, then the data center storing information service source data (including e.g. FTP address file server, access port, login user name, password, the source data file storage path, the source data file name) is returned to the data gateway apparatus; If the service type of the service is a periodic service, and the requested service account of the account of the future, the data center will return a message to the account of the data not yet reached the gateway device, generating a notification interface to notify the service data by the account of the data source and data generation condition is satisfied and then gateway device.

[0135] 服务数据生成通知接口也可以通过Web Service接口实现。 [0135] Service data interfaces can also generate notifications through the Web Service interface. 如前述,当数据网关装置向数据中心发起某个周期服务的取数申请后,由于所请求的服务账期是未来账期,数据中心在满足账期条件并且源数据生成后再通过该接口通知数据网关装置数据就绪,并将该服务源数据的存储信息(包括例如文件服务器的FTP地址、访问端口、登录用户名、密码、源数据文件存储路径、源数据文件名)提供给数据网关装置。 As described above, when the number of the data fetch request initiated by the gateway apparatus a certain period of the data service center, the service account of the requested due account of the future, data centers account of the condition is satisfied and then the source data generating notification via the interface data gateway device data is ready, and stores the information service source data (including, for example FTP file server address, access port, login user name, password, and the source data file storage path, the source data file name) to the data gateway device.

[0136] 服务数据同步接口可以通过FTP接口来实现,数据网关装置根据服务源数据的存储信息,通过FTP方式获取服务源数据。 [0136] Service data synchronization interface may be implemented by FTP interface, data gateway apparatus acquires service data source according to the stored information through FTP service source data.

[0137] 数据网关装置(审核区)与客户端(外网合作区)可以通过接口连接。 [0137] the gateway device data (audit region) and the client (the zone outside the network) may be connected through an interface. 在一个示例中,数据网关装置与客户端通过取数申请接口和服务数据推送接口来实现数据连接。 In one example, the gateway device data with the client application interface and the service access data through the data connection interface to achieve pushing.

[0138] 取数申请接口可以通过Web Service接口来实现。 [0138] interface to access application interfaces can be implemented by Web Service. 客户端通过Web Service接口向数据网关装置提交服务数据提取申请。 Client interface to submit an application to extract data service data gateway device through the Web Service. 如果该服务的服务类型是实时服务,则数据网关装置在对源数据进行脱敏处理、合规检查等审核处理后,将服务数据返回给客户端。 If the service type of the service is real-time service, the gateway device is the data source in the desensitization process data, such as compliance with the review process, the service data back to the client.

[0139] 服务数据推送接口可以通过FTP接口来实现。 [0139] The data push service interface may be implemented by FTP interface. 在数据网关装置对周期服务的源数据进行脱敏处理和合规性检查等审核处理后,通过服务数据推送接口将服务数据采用数据文件方式推送到数据服务需求者指定的FTP。 After desensitization treatment compliance audit process in the inspection data source gateway apparatus periodic service, through the service data push service data interface using a data file to the data push service requirements specified by FTP. 数据服务需求者可以在注册时指定FTP,即,指定用于接收服务数据的推送FTP连接相关信息,其可以包括:FTP地址、访问端口、登录用户名、密码、文件存储路径等。 Demand for data services can be specified when registering FTP, namely, push FTP receive service data is specified for the connection-related information, which may include: FTP address, access port, login user name, password, file storage path.

[0140] 可以理解,虽然上述以Web Service接口和FTP接口为例对本发明进行了说明,但本发明并不限于此,任何可以实现实时数据交换和周期数据读写的接口都可以用于本发明。 [0140] It will be appreciated that although the above Web Service interface to FTP interface as an example and the present invention has been described, but the present invention is not limited thereto, may be implemented in any real-time data exchange of data read and write cycle interface and can be used according to the present invention .

[0141]可以理解的是,以上实施方式仅仅是为了说明本发明的原理而采用的示例性实施方式,然而本发明并不局限于此。 [0141] It will be appreciated that the above embodiments are merely illustrative of the principles of the present invention is employed in an exemplary embodiment, but the present invention is not limited thereto. 对于本领域内的普通技术人员而言,在不脱离本发明的精神和实质的情况下,可以做出各种变型和改进,这些变型和改进也视为本发明的保护范围。 For those of ordinary skill in the art, without departing from the spirit and substance of the invention can be made various modifications and improvements, these modifications and improvements into the protection scope of the invention.

Claims (13)

1. 一种数据网关装置,包括: 用户管理模块,其用于管理用户信息; 服务管理模块,其用于管理向用户开放的数据服务的信息; 规则管理模块,其用于针对不同用户和不同的数据服务设置不同合规检查规则; 取数管理模块,其用于接收用户发出的服务的取数请求,向数据中心发出相应的取数请求,并接受数据中心返回的源数据;以及数据脱敏处理模块,其用于根据规则管理模块设置的规则,对数据中心返回的源数据进行合规检查,从而生成服务数据,所述服务数据为满足合规检查的数据,其中所述取数管理模块还用于将数据脱敏处理模块生成的服务数据提供给用户。 A data gateway apparatus, comprising: a user management module for managing user information; service management module managing information open to the user for the data service; rule management module, which is used for different users and different data services set different compliance check rules; access management module for receiving a user service fetch request issued by the number issuing number corresponding fetch request to the data center, the data center and returned to accept the source; and a data de Min processing module, according to the rules for the rule set-up data, the source data center compliance check is returned, thereby generating service data, service data to meet the compliance check of the data, wherein the access management module is further for desensitizing the data processing module generates the service data to the user.
2. 根据权利要求1所述的数据网关装置,所述规则管理模块还用于针对不同用户和不同的数据服务设置不同的数据过滤脱敏规则,并且所述数据脱敏处理模块用于对数据中心返回的源数据进行过滤脱敏,然后再对过滤脱敏的数据进行合规检查。 The data gateway apparatus according to claim 1, the filtering rule management module is further for desensitizing different rules for different users and different data service setting data, and the data processing module for data desensitizing source data center return desensitization was filtered, then the filter desensitization checked for compliance data.
3. 根据权利要求1所述的数据网关装置,其中,所述取数模块还用于对输出的服务数据进行计量和计费。 3. The data gateway apparatus according to claim 1, wherein said access module is further configured to output data service metering and billing.
4. 根据权利要求3所述的数据网关装置,其中,所述规则管理模块还用于设置用户的服务数据的输出行数,当满足合规检查的数据的总行数大于所述设置的服务数据的输出行数时,所述数据脱敏处理模块还用于根据所述规则管理模块设置的服务数据的输出行数,对满足合规检查的数据,从首行开始,顺序截取一定行数的数据,来生成所述服务数据,其中所述行数=服务数据的输出行数。 4. The data gateway apparatus according to claim 3, wherein said rule management module is further configured to output the number of lines provided service user data, service data when the number of lines to meet the compliance check of the data is greater than the set when the number of output lines, the data processing module is further for desensitizing according to the number of output lines provided in the rule management module service data, to meet compliance checks, starting from the first row, the order of a certain number of lines taken data, generates the service data, wherein the number of output rows = number of rows of data and services.
5. 根据权利要求1所述的数据网关装置,其中,所述合规检查规则包括:数据字典匹配、 数值范围检查和字段长度检查。 The data gateway apparatus according to claim 1, wherein the compliance check rules comprises: matching the data dictionary, checks the value range and field length checking.
6. 根据权利要求1所述的数据网关装置,其中,所述过滤脱敏规则包括:服务输出字段筛选、字段的条件过滤和字段内容处理。 The data gateway apparatus according to claim 1, wherein the filtering rule desensitization comprising: service filter output field, field conditions and the field contents filtering process.
7. 根据权利要求1-6中任一项所述的数据网关装置,还包括: 存储单元,其用于缓存数据中心返回的源数据和数据脱敏处理模块生成的服务数据, 其中所述取数管理模块配置为:首先判断所述存储单元中是否存在客户所请求的数据,如果所请求的数据已缓存在存储单元中,则将缓存在存储单元中的所请求的数据作为服务数据提供给客户,否则向数据中心发出相应的取数请求。 The data gateway apparatus of any one of claims 1-6, further comprises: a storage unit for the data cache data service data source and the data center return desensitizing processing module generated, wherein said take number management module is configured to: first determine whether there is data requested by the client in the storage unit, if the requested data is cached in the storage unit, is cached in the storage unit to provide the requested data as a service data customers, or the appropriate number of issued requests to fetch the data center.
8. 根据权利要求1-6中任一项所述的数据网关装置,还包括: 安全审计模块,其用于记录操作日志和取数日志,并将操作日志和取数日志存档。 8. The data gateway apparatus as claimed in any one of claims 1 to 6, further comprising: a security audit module, for recording the operation log and access log and operation log and access log archiving.
9. 根据权利要求1-6中任一项所述的数据网关装置,还包括: 系统管理模块,其用于配置系统的基础数据,所述基础数据包括数据周期和定时器,所述数据周期为数据中心返回的源数据和所述数据脱敏处理模块生成的服务数据在数据网关装置中的缓存周期。 A data gateway device as claimed in any one of claims 1 to 6, further comprising: a system management module, the data for basic system configuration, the data base comprises data and a timer period, the data period source data for the data center, and return the data processing module generates desensitizing service data cache cycle data gateway device.
10. -种客户端可访问的大数据系统,其包括数据中心和数据网关装置,所述数据网关装置通过接口与所述数据中心连接,其中所述数据网关装置为根据权利要求1-8中任一项所述的数据网关装置,并且所述数据网关装置配置为能够通过接口与客户端连接。 10. - Large species client data system accessible, and the data center comprising data gateway device, the gateway device via the data interface and the data center is connected, wherein the data gateway device according to claim 1-8 in claim the gateway device according to any one of the data, and the data can be connected to the gateway device is configured to interface with the client.
11. 根据权利要求10所述的大数据系统,其中,所述数据网关装置与所述数据中心通过数据服务信息同步更新接口、取数申请接口、服务数据生成通知接口和服务数据同步接口来实现数据连接,其中, 通过所述服务信息同步更新接口,所述数据网关装置的服务管理模块中的数据服务的信息与所述数据中心开放的数据服务保持一致; 通过所述取数申请接口,所述数据网关装置的取数管理模块向所述数据中心发出服务的取数请求,并且,当所述服务为实时服务时,所述数据中心通过所述取数申请接口向所述数据网关装置的取数管理模块返回源数据,当所述服务为周期服务且所述服务的帐期为历史帐期时,所述数据中心通过所述取数申请接口向所述数据网关装置的取数管理模块返回所请求源数据的存储信息,当所述服务为周期服务且所述服务的帐期为未 11. The system of large data according to claim 10, wherein said gateway means and the data synchronization update of the data center via the data interface to the service information, the application interface to access the service data generating notification data synchronization interfaces and service interfaces to achieve data connection, wherein said synchronization update service information through an interface, information relating to the data service center open service data management module of the data gateway apparatus consistent data service; fetch the application interfaces, the number fetch said data access management module issues a service gateway apparatus to the data center requests, and, when the service is a real-time service, the data center via the application interface to access the gateway apparatus to said data fetching data management module back to the source, when the service period for the service and the service account of the history of the account, access to the data center application data via the interface to the gateway device takes the number of management modules returns information source storing the requested data, if the service is a service period and the service period is not posted 帐期时,所述数据中心通过所述取数申请接口向所述网关装置的取数管理模块返回帐期未到消息; 通过所述服务数据生成通知接口,所述数据中心通知所述数据网关装置的取数管理模块所请求源数据准备就绪并返回所请求源数据的存储信息;以及通过所述服务数据同步接口,所述数据网关装置的取数管理模块根据所请求源数据的存储信息获取源数据。 When the off period, the data center by the access request message not yet reached the interface returns to the number of account management module takes the gateway device; generating a notification interface via said service data, the notification of the data center data gateway taking the number of the requested device management module is ready and return data source information source storing the requested data; and by the service data synchronization interface, said data management module takes several gateway apparatus acquires data according to the stored information source requested source data.
12. 根据权利要求10或11所述的大数据系统,其中,数据网关装置还配置为通过取数申请接口和服务数据推送接口来与客户端数据连接,其中, 通过取数申请接口,数据网关装置的取数管理模块接受客户端发出的服务的取数请求,并且数据网关装置的取数管理模块向用户提供所请求的服务数据; 通过服务数据推送接口,数据网关装置的取数管理模块将所请求的服务数据推送到指定位置。 12. The big data system of claim 10 or claim 11, wherein the data gateway device is further configured to push the interface by taking the number of applications and interfaces to service data connection with the client data, wherein the access request by the interface, data gateway the number of access take the management module means receiving the service client sends a request, and the number of taking the management module data gateway device to provide the service requested data to a user; push interface via service data, the number of fetch the management module data gateway device will requested service data pushed to a specified position.
13. 根据权利要求12所述的大数据系统,其中,所述数据服务信息同步更新接口、取数申请接口、服务数据生成通知接口通过Web Servi ce接口实现,所述服务数据同步接口通过FTP接口实现;所述取数申请接口通过Web Servi ce接口实现,所述服务数据推送接口通过FTP接口实现。 13. Large data system as claimed in claim 12, wherein the data synchronization update information service interfaces, an interface access request, generates a data service notification interface through Web Servi ce interface, said data synchronization interface via FTP service interfaces achieved; the access request by the interface Web Servi ce interface, the data push service interface via FTP interface.
CN201510881918.6A 2015-12-03 2015-12-03 Data gateway device and big data system CN105515963A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510881918.6A CN105515963A (en) 2015-12-03 2015-12-03 Data gateway device and big data system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510881918.6A CN105515963A (en) 2015-12-03 2015-12-03 Data gateway device and big data system

Publications (1)

Publication Number Publication Date
CN105515963A true CN105515963A (en) 2016-04-20

Family

ID=55723621

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510881918.6A CN105515963A (en) 2015-12-03 2015-12-03 Data gateway device and big data system

Country Status (1)

Country Link
CN (1) CN105515963A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016188325A1 (en) * 2015-11-27 2016-12-01 中兴通讯股份有限公司 Data charging method and apparatus
CN106371975A (en) * 2016-08-31 2017-02-01 国信优易数据有限公司 Automatic operation and maintenance early-warning method and system
CN106529329A (en) * 2016-10-11 2017-03-22 中国电子科技网络信息安全有限公司 Desensitization system and desensitization method used for big data
WO2019114766A1 (en) * 2017-12-14 2019-06-20 中兴通讯股份有限公司 Data desensitising method, server, terminal, and computer-readable storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7398311B2 (en) * 2000-07-10 2008-07-08 Oracle International Corporation Selective cache flushing in identity and access management systems
CN101986599A (en) * 2010-12-09 2011-03-16 北京交通大学 Network security control method based on cloud service and cloud security gateway
US20120259877A1 (en) * 2011-04-07 2012-10-11 Infosys Technologies Limited Methods and systems for runtime data anonymization
US20140047551A1 (en) * 2012-08-10 2014-02-13 Sekhar Nagasundaram Privacy firewall
US20140164405A1 (en) * 2012-12-12 2014-06-12 Institute For Information Industry Dynamic data masking method and database system
US20140337614A1 (en) * 2013-05-07 2014-11-13 Imperva, Inc. Selective modification of encrypted application layer data in a transparent security gateway
CN104699777A (en) * 2015-03-10 2015-06-10 中国联合网络通信集团有限公司 Association method and system of management plane and service plane of big data analysis and mining
CN105119956A (en) * 2015-07-09 2015-12-02 传成文化传媒(上海)有限公司 Network application system and disposition method

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7398311B2 (en) * 2000-07-10 2008-07-08 Oracle International Corporation Selective cache flushing in identity and access management systems
CN101986599A (en) * 2010-12-09 2011-03-16 北京交通大学 Network security control method based on cloud service and cloud security gateway
US20120259877A1 (en) * 2011-04-07 2012-10-11 Infosys Technologies Limited Methods and systems for runtime data anonymization
US20140047551A1 (en) * 2012-08-10 2014-02-13 Sekhar Nagasundaram Privacy firewall
US20140164405A1 (en) * 2012-12-12 2014-06-12 Institute For Information Industry Dynamic data masking method and database system
US20140337614A1 (en) * 2013-05-07 2014-11-13 Imperva, Inc. Selective modification of encrypted application layer data in a transparent security gateway
CN104699777A (en) * 2015-03-10 2015-06-10 中国联合网络通信集团有限公司 Association method and system of management plane and service plane of big data analysis and mining
CN105119956A (en) * 2015-07-09 2015-12-02 传成文化传媒(上海)有限公司 Network application system and disposition method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016188325A1 (en) * 2015-11-27 2016-12-01 中兴通讯股份有限公司 Data charging method and apparatus
CN106371975A (en) * 2016-08-31 2017-02-01 国信优易数据有限公司 Automatic operation and maintenance early-warning method and system
CN106371975B (en) * 2016-08-31 2019-03-01 国信优易数据有限公司 A kind of O&M automation method for early warning and system
CN106529329A (en) * 2016-10-11 2017-03-22 中国电子科技网络信息安全有限公司 Desensitization system and desensitization method used for big data
WO2019114766A1 (en) * 2017-12-14 2019-06-20 中兴通讯股份有限公司 Data desensitising method, server, terminal, and computer-readable storage medium

Similar Documents

Publication Publication Date Title
US10134036B1 (en) Method and apparatus for performing transactions over a network using cross-origin communication
US6173446B1 (en) Apparatus for licensing software applications
US10360399B2 (en) System and method for detecting fraud and misuse of protected data by an authorized user using event logs
EP0538464B1 (en) License management system
US7761306B2 (en) icFoundation web site development software and icFoundation biztalk server 2000 integration
US6289460B1 (en) Document management system
US7647257B2 (en) System and method for web access to financial data
US6856970B1 (en) Electronic financial transaction system
US6985922B1 (en) Method, apparatus and system for processing compliance actions over a wide area network
US9112836B2 (en) Management of secure data in cloud-based network
US5956690A (en) Bundled billing accounting computer systems
JP3886362B2 (en) Content filtering method, content filtering device and content filtering program
CA2376249C (en) Data management system
US9846902B2 (en) Augmented aggregation of emailed product order and shipping information
US8126785B2 (en) Automated transaction accounting processing engine and approach
US7401083B2 (en) Methods and systems for managing user access to computer software application programs
AU659652B2 (en) Management interface and format for license management system
EP1394706B1 (en) Network-based information management
US20070136814A1 (en) Critical function monitoring and compliance auditing system
US20050183143A1 (en) Methods and systems for monitoring user, application or device activity
US8560439B2 (en) Transaction processing with core and distributor processor implementations
US9407620B2 (en) System and method for identity management
US20130055367A1 (en) Multi-Factor Profile and Security Fingerprint Analysis
Champlain Auditing information systems
US20020198798A1 (en) Modular business transactions platform

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination