CN106131120A - A kind of business data method for security protection relating to cloud disk and system - Google Patents

A kind of business data method for security protection relating to cloud disk and system Download PDF

Info

Publication number
CN106131120A
CN106131120A CN201610438846.2A CN201610438846A CN106131120A CN 106131120 A CN106131120 A CN 106131120A CN 201610438846 A CN201610438846 A CN 201610438846A CN 106131120 A CN106131120 A CN 106131120A
Authority
CN
China
Prior art keywords
data
document
cloud disk
index information
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610438846.2A
Other languages
Chinese (zh)
Inventor
徐震
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Constant Jin Yuan Electronic Technology Co Ltd
Original Assignee
Qingdao Constant Jin Yuan Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Constant Jin Yuan Electronic Technology Co Ltd filed Critical Qingdao Constant Jin Yuan Electronic Technology Co Ltd
Priority to CN201610438846.2A priority Critical patent/CN106131120A/en
Publication of CN106131120A publication Critical patent/CN106131120A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of business data method for security protection relating to cloud disk and system, the method includes: (1) is split as two parts by needing the non-computational class document depositing in cloud disk in the enterprise information management system;(2) Part I is left in cloud disk;It is local that Part II leaves user in.Therefore, even if the data in cloud disk are obtained by disabled user, but the data owing to depositing in cloud disk are imperfect, and causing accessed cloud disk data is invalid file such that it is able to be effectively improved the safety of the document that enterprise information system relates to.

Description

A kind of business data method for security protection relating to cloud disk and system
[technical field]
The present invention relates to Computer Data Security technical field, particularly relate to a kind of be saved in cloud disk by business data Data safety.
[background technology]
Along with the development of IT application in enterprise, the data of the related system of enterprise are more and more huger, wherein further comprises A lot of non-computational type data, the minutes deposited with e-file form such as related in the office software of enterprise, wealth The electronic document of the invoice related in business system, quality inspection report related in ERP system etc. for the non-computational type data put on record, this The data of a little non-computational classes occupy substantial amounts of space, if also be stored in data base, then can consume substantial amounts of resource, drop simultaneously Low data computational efficiency, therefore a lot of enterprises do not store that data in data base, and meanwhile, these data are not owing to joining With calculating, be intended only as putting on record to inquire about, therefore enterprise customer for save storage resource spending, reduce O&M maintenance cost and Improve business system operational efficiency, can be to store data into what cloud service provider provided a user with the form of network cloud disk In memory space, such as 360 cloud disks, Baidu's cloud disk, Semen setariae cloud disk, etc..But great majority have user data directly to be accessed The cloud service provider of power is not the most believable, say, that leaving the data in cloud disk in may be visited by disabled user Ask, there is the risk that company information is divulged a secret;Or also there is enterprise customer to set up privately owned cloud, when privately owned cloud is deployed in business data When the fire wall at center is outer, still there is problem of data safety.Therefore, in order to overcome above-mentioned deficiency, user data is usually taken The mode uploaded after encipherment protection is saved in cloud disk.But, the data of encryption still cannot be avoided and are saved in data letter in cloud disk The situation that breath is illegally accessed, because encrypted data still have the probability being cracked, such as: on July 6th, 2015, meaning is big The server of the famous hacker company Hacking Team of profit is under attack, and the encryption data of the said firm about 400GB is stolen and quilt Crack, including source code, mail, recording and client's details of Hacking some products of Team.Similar has this Event is stepped in promise, CSDN user cipher is revealed, 12306 subscriber identity information leakages etc..
This, for utilizing cloud disk to manage the user of data, only relies on the means being encrypted the data leaving cloud disk in It is far from being enough for strengthening Information Security.
[summary of the invention]
In order to solve the problems referred to above of the prior art, the present invention proposes a kind of enterprise information management system relating to cloud disk System data security protection method, comprises the following steps:
(1) extraction management information system in enterprise needs to be saved in the document of cloud disk;
(2) described document is split as two parts;
(3) Part I in said two part leaves cloud disk in, and Part II leaves in user's local data base;
(4) described document is set up index information, and described index information is left in user's local data base;Described Index information includes: the cloud disk address that the data total amount of described document and described Part I are deposited;
(5) when user reads described document, the index information of described document is first read;Then according to described index letter Breath reads the described Part I being stored in cloud disk and storage described Part II in the local database;Afterwards by described Part I and described Part II are reduced into a transient document;Finally by the capacity of the transient document of described reduction and described rope Data capacity in fuse breath compares, if both are equal, then the transient document reduced is effective document, if both Unequal, then there is mistake in the temporary file reduced.
Preferably, data volume m of described Part II meets following condition:
As n > 500KB time,
As 50KB < n≤500KB,
As 0 < n≤50KB, 0.5n≤m < n;
Wherein, n is the data total amount of described document, and the unit of m, n is KB.
Preferably, the position during described index information also includes the described Part I described document before fractionation;To When described Part I and described Part II are reduced into described transient document, according to the described sequence of positions of described Part I Reduce;
Preferably, described user's local memory device includes: computer, mobile phone, iPad, floppy disk, portable hard drive;
Preferably, described index information also includes the AES to described Part I;It is described data are deposited in First described Part I is encrypted before cloud disk;When user uses data file, first will encryption after deposit in cloud disk Described Part I be decrypted
Preferably, described document is the adnexa of the described enterprise information management system, including: the office software of enterprise relates to The minutes deposited with e-file form;The electronic document of the invoice related in financial system, the matter related in ERP system Inspection report;What human resource system related to clear a paper and product description etc. is for the non-computational type data put on record.
In order to realize said method, present invention includes a kind of enterprise information management system data safety relating to cloud disk Protection system, including following device:
Data extraction device, described data extraction device is used for extracting in management information system in enterprise to be needed to be saved in cloud disk Document;
Data detachment device, described data detachment device for being split as the device of two parts by document;
Data storage device, described data storage device is for leaving the Part I in said two part in cloud Dish, Part II leaves the device of user's local data base in;
Index information sets up device, and described index information sets up device for setting up index information and by described index information Leave in user's local data base;Described index information includes: data total amount and the described Part I of described document are deposited Cloud disk address;
Data Recapture Unit, described Data Recapture Unit is used for: the cloud disk address information deposited according to described Part I Read described Part I and the described Part II depositing in described local data base, and by described Part I with described Part II merging is reduced into a transient document;By the total amount of the transient document of described reduction and the data capacity in index information Comparing, if both are equal, then the temporary file reduced is effective document, if both are unequal, then that reduces faces Time file mistake occurs.
Preferably, data volume m of described Part II meets following condition:
As n > 500KB time,
As 50KB < n≤500KB,
As 0 < n≤50KB, 0.5n≤m < n;
Wherein, n is the data total amount of described each document, and the unit of m, n is KB.
Further, described index information also includes: the position in the described Part I described document before fractionation;Institute State Data Recapture Unit time described Part I and described Part II are reduced into described transient document, according to described first The described sequence of positions divided is reduced;
Preferably, described user's local memory device includes: computer, mobile phone, iPad, floppy disk, portable hard drive;
Preferably, described data storage device also includes being encrypted described Part I;Described Data Recapture Unit Also include described Part I is decrypted.
Preferably, described document is the adnexa of the described enterprise information management system, including: the office software of enterprise relates to The minutes deposited with e-file form;The electronic document of the invoice related in financial system, the matter related in ERP system Inspection report;What human resource system related to clear a paper and product description etc. is for the non-computational type data put on record.
The invention has the beneficial effects as follows:
1, store data in the memory space that cloud service provider provides a user with the form of network cloud disk, in order to Storage resource spending can be saved in a large number in enterprise customer, reduce O&M maintenance cost and improve business system operational efficiency;
2, rely on the means that the data leaving cloud disk in are encrypted to strengthen Information Security;
3, make the data in cloud disk can not be organized into a complete document, though when in cloud disk data used by unauthorized Family obtains or cracks, and causes owing to data are imperfect described unauthorized user cannot obtain effective information, prevents in cloud disk Data be illegally accessed or crack caused information leakage, improve the safety of the data being saved in cloud disk;
4, difference non-computational class data and calculating class data, are saving storage resource spending, are reducing O&M maintenance cost Improve running efficiency of system simultaneously.
[accompanying drawing explanation]
Accompanying drawing described herein is used to provide a further understanding of the present invention, constitutes the part of the application, but It is not intended that inappropriate limitation of the present invention, in the accompanying drawings:
Fig. 1 is the system diagram preserving data by cloud disk;
Fig. 2 is a preferred method of the present invention flow chart.
[detailed description of the invention]
The present invention is described in detail, illustrative examples therein and saying below in conjunction with accompanying drawing and specific embodiment Bright being only used for explains the present invention, but is not intended as inappropriate limitation of the present invention.
The basic thought of the present invention is: the non-computational type data that will relate in the enterprise information management system, such as: enterprise The minutes deposited with e-file form related in office software;The electronic document of the invoice related in financial system, The quality inspection report related in ERP system;What human resource system related to clear a paper and the similar document of product description etc. A part of document storing in cloud disk, i.e. data in cloud disk can not be organized into a complete document so that works as cloud disk Even if upper data are obtained by unauthorized user or crack, described unauthorized user is caused to have obtained owing to data are imperfect The information of effect, prevents the data in cloud disk to be illegally accessed or crack caused information leakage, therefore improves and be saved in cloud The safety of the data on dish.
Seeing Fig. 1, Fig. 1 is the system schematic preserving data by cloud disk.The document that the former user of being saved in is local is passed through Network is saved on Cloud Server, in this way, can effectively improve subscriber computer memory space inadequate and can drop Low enterprise O&M maintenance cost and raising business system operational efficiency.But, it is the most all believable due to Cloud Server, because of This, the document being stored in cloud disk exists by unauthorized access or the risk that cracks.One of the present invention shown in Figure 2 is preferred Method flow diagram, not as the restriction of protection domain of the presently claimed invention.First in step S200, extract needs and be saved in The non-computational type data being used for putting on record in cloud disk, such as relate in the office software of enterprise deposits with e-file form Minutes, the electronic document of the invoice related in financial system, quality inspection report related in ERP system etc.;Step S201, Document is split as two parts;Then step S202, leaves Part I in cloud disk;Remainder deposits user this locality number According in storehouse.This makes the data preserved in cloud disk can not constitute a complete document, therefore, even if the data quilt in cloud disk Illegal acquisition, also due to the imperfection of data so that the document of acquisition is invalid, thus is effectively improved the safety of document Property.
Additionally, in order to prevent the means utilizing data to recover from incomplete data are reverted to partial data, therefore, deposit The data volume local at subscriber computer can not be the least, through big data and the test of all kinds of cracking trajectory, leaves user in and calculates Data volume m of the described remainder that machine is local need to meet following condition:
As n > 500KB time,
As 50KB < n≤500KB,
As 0 < n≤50KB, 0.5n≤m < n;
Wherein, n is the data total amount of document, and the unit of m, n is KB.Visible, when the capacity of document is less, the least When 50KB, then need to deposit more data division in subscriber computer this locality, to prevent disabled user from being recovered by data Means the part data of cloud disk are reverted to initial data.
Step S203 can be Part I is encrypted.Data can be improved through encryption and crack difficulty.
In step S204, each document is set up index information, and preserves in the local database, described index information bag Including: the total data capacity of document, AES and the position of Part I that the cloud disk address that Part I is deposited uses are suitable Sequence, sequence of positions here refers to that Part I is first half or the latter half of original document.By setting up index letter Breath, it is ensured that user is when accessing cloud disk data, it is possible to quickly the data division of fractionation is reverted to original document, improves cloud The access efficiency of dish data.
In step S205, when user reads the data of non-computational class, such as minutes, quality inspection report, product description, When clearing a paper, first read the index information being stored in data base corresponding to the document, according to the order in index information, the The Part I being split and Part II are read under the same catalogue of local computer by the cloud disk address of part storage; And according to the AES of the use in index information, the decipherment algorithm deciphering corresponding to the data division of encryption;According to rope Part I and Part II data are merged and are reduced into one by the position in original document of the Part I in fuse breath Transient document;The capacity of transient document of described reduction is compared with the data capacity in index information, if both phases Deng, then the temporary file reduced is effective document, if both are unequal, then mistake occurs in the temporary file reduced.Pass through This step carries out capacity verification to the document recovered, it is ensured that correctness based on the document that the data division split recovers.
One of ordinary skill in the art will appreciate that all or part of step of above-described embodiment can use computer journey Sequence flow process realizes, and described computer program can be stored in a computer-readable recording medium, and described computer program exists On corresponding hardware platform, (such as system, unit, device etc.) perform, upon execution, including embodiment of the method step it One or a combination thereof.Alternatively, all or part of step of above-described embodiment can also use integrated circuit to realize, these steps Integrated circuit modules one by one can be fabricated to respectively, or the multiple modules in them or step are fabricated to single integrated Circuit module realizes.Device/functional module/functional unit in above-described embodiment can use general calculating device real Existing, they can concentrate on single calculating device, it is also possible to is distributed on the network that multiple calculating device is formed.Above-mentioned Device/functional module/functional unit in embodiment realizes and as independent production marketing using the form of software function module Or when using, can be stored in a computer read/write memory medium.Computer read/write memory medium mentioned above Can be read only memory, the local memory device of the user such as disk, CD, mobile phone, iPad, portable hard drive.

Claims (8)

1. the enterprise information management system data security protection method relating to cloud disk, it is characterised in that comprise the following steps:
(1) extraction management information system in enterprise needs to be saved in the document of cloud disk;
(2) described document is split as two parts;
(3) Part I in said two part leaves cloud disk in, and Part II leaves in user's local data base;
(4) described document is set up index information, and described index information is left in user's local data base;Described index Information includes: the cloud disk address that the data total amount of described document and described Part I are deposited;
(5) when user reads described document, the index information of described document is first read;Then read according to described index information Take the described Part I being stored in cloud disk and storage described Part II in the local database;Afterwards by described first Part is reduced into a transient document with described Part II;Finally by the capacity of the transient document of described reduction and described index letter Data capacity in breath compares, if both are equal, then the transient document reduced is effective document, if both not phases Deng, then there is mistake in the temporary file reduced.
A kind of enterprise information management system data security protection method relating to cloud disk, its feature It is that data volume m of described Part II meets following condition:
As n > 500KB time,
As 50KB < n≤500KB,
As 0 < n≤50KB, 0.5n≤m < n;
Wherein, n is the data total amount of described document, and the unit of m, n is KB.
3. a kind of enterprise information management system data security protecting side relating to cloud disk as described in any one of claim 1 or 2 Method, it is characterised in that:
Described index information also includes the position in the described Part I described document before fractionation;By described Part I When being reduced into described transient document with described Part II, reduce according to the described sequence of positions of described Part I;
Preferably, described user's local memory device includes: computer, mobile phone, iPad, floppy disk, portable hard drive;
Preferably, described index information also includes the AES to described Part I;Data are being deposited in described cloud disk The most described Part I is encrypted;When user uses data file, first by the institute depositing in cloud disk after encryption State Part I to be decrypted.
4. a kind of enterprise information management system data security protecting side relating to cloud disk as described in any one of claim 1-3 Method, it is characterised in that described document is the adnexa of the described enterprise information management system, including: minutes, quality inspection report, product Description, clear a paper.
5. the enterprise information management system data security protecting system relating to cloud disk, it is characterised in that include following device:
Data extraction device, described data extraction device is for extracting the literary composition needing to be saved in cloud disk in management information system in enterprise Shelves;
Data detachment device, described data detachment device for being split as the device of two parts by document;
Data storage device, described data storage device is used for leaving the Part I in said two part in cloud disk, the Two parts leave the device of user's local data base in;
Index information sets up device, and described index information sets up device for setting up index information and being deposited by described index information In user's local data base;Described index information includes: the cloud that the data total amount of described document and described Part I are deposited Disk address;
Data Recapture Unit, described Data Recapture Unit is used for: read according to the cloud disk address information that described Part I is deposited Described Part I and the described Part II deposited in described local data base, and by described Part I and described second Part merging is reduced into a transient document;The total amount of the transient document of described reduction is carried out with the data capacity in index information Relatively, if both are equal, then the temporary file reduced is effective document, if both are unequal, then and the interim literary composition reduced There is mistake in part.
A kind of enterprise information management system data security protecting system relating to cloud disk, its feature It is that data volume m of described Part II meets following condition:
As n > 500KB time,
As 50KB < n≤500KB,
As 0 < n≤50KB, 0.5n≤m < n;
Wherein, n is the data total amount of described each document, and the unit of m, n is KB.
7. a kind of enterprise information management system data security protecting system relating to cloud disk as described in as arbitrary in claim 5 or 6, It is characterized in that described index information also includes: the position in the described Part I described document before fractionation;Described data When described Part I and described Part II are reduced into described transient document by recovery device, according to the institute of described Part I State sequence of positions to reduce;
Preferably, described user's local memory device includes: computer, mobile phone, iPad, floppy disk, portable hard drive;
Preferably, described data storage device also includes being encrypted described Part I;Described Data Recapture Unit also wraps Include and described Part I is decrypted.
8. a kind of as described in any one of claim 5-7 relates to the enterprise information management system data security protecting system of cloud disk System, it is characterised in that described document is the adnexa of the described enterprise information management system, including: minutes, quality inspection report, product Description, clear a paper.
CN201610438846.2A 2016-06-15 2016-06-15 A kind of business data method for security protection relating to cloud disk and system Pending CN106131120A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610438846.2A CN106131120A (en) 2016-06-15 2016-06-15 A kind of business data method for security protection relating to cloud disk and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610438846.2A CN106131120A (en) 2016-06-15 2016-06-15 A kind of business data method for security protection relating to cloud disk and system

Publications (1)

Publication Number Publication Date
CN106131120A true CN106131120A (en) 2016-11-16

Family

ID=57469842

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610438846.2A Pending CN106131120A (en) 2016-06-15 2016-06-15 A kind of business data method for security protection relating to cloud disk and system

Country Status (1)

Country Link
CN (1) CN106131120A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997929A (en) * 2010-11-29 2011-03-30 北京卓微天成科技咨询有限公司 Data access method, device and system for cloud storage
CN102664928A (en) * 2012-04-01 2012-09-12 南京邮电大学 Data secure access method used for cloud storage and user terminal system
WO2013152811A1 (en) * 2012-04-12 2013-10-17 Qatar Foundation Backup and storage system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997929A (en) * 2010-11-29 2011-03-30 北京卓微天成科技咨询有限公司 Data access method, device and system for cloud storage
CN102664928A (en) * 2012-04-01 2012-09-12 南京邮电大学 Data secure access method used for cloud storage and user terminal system
WO2013152811A1 (en) * 2012-04-12 2013-10-17 Qatar Foundation Backup and storage system

Similar Documents

Publication Publication Date Title
CN102739774B (en) Method and system for obtaining evidence under cloud computing environment
Bose et al. The roles of security and trust: Comparing cloud computing and banking
Doran A forensic look at bitcoin cryptocurrency
Lazarenko et al. Financial risks of the blockchain industry: A survey of cyberattacks
CN108667835A (en) A kind of control remote equipment carries out method, system and the storage medium of network forensics
CN106127066A (en) A kind of history data file security protection method and system based on cloud disk
Nicholson How ethical hacking can protect organisations from a greater threat
CN106127083A (en) A kind of logistics data security protection method and system based on cloud disk
Wang et al. The evolutional view of the types of identity thefts and online frauds in the era of the Internet
CN101382919A (en) Storage data isolating method based on identity
Dagada Digital banking security, risk and credibility concerns in South Africa
Moid Fighting Cyber Crimes Using Forensic Accounting: A Tool to Enhance Operational Efficiency.
CN106130963A (en) A kind of cloud disk data file security guard method and system
Sabillon Cyber Security Auditing, Assurance, and Awareness Through CSAM and CATRAM
Anatoliy et al. Technologies of safety in the bank sphere from cyber attacks
Jones et al. The 2016 analysis of information remaining on computer hard disks offered for sale on the second hand market in the UAE
CN106131120A (en) A kind of business data method for security protection relating to cloud disk and system
CN106127060A (en) A kind of large data files security protection method and system based on cloud disk
Brockett et al. Managing risk in mobile commerce
CN103258170A (en) Mobile storage medium data safety protective method
Gordon Economic and national security effects of cyber attacks against small business communities
Edy et al. Analysing the trends of cyber attacks: Case study in Indonesia during period 2013-Early 2017
Reddy et al. Introduction to cyber forensics
Das Ransomware: Penetration Testing and Contingency Planning
Dalpini Cybercrime Protection in E-Commerce During the COVID-19 Pandemic

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20161116