CN108121513A - A kind of data destruction method and system - Google Patents
A kind of data destruction method and system Download PDFInfo
- Publication number
- CN108121513A CN108121513A CN201711436563.5A CN201711436563A CN108121513A CN 108121513 A CN108121513 A CN 108121513A CN 201711436563 A CN201711436563 A CN 201711436563A CN 108121513 A CN108121513 A CN 108121513A
- Authority
- CN
- China
- Prior art keywords
- data
- business datum
- information
- destroying
- destroyed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0646—Horizontal data movement in storage systems, i.e. moving data in between storage devices or systems
- G06F3/0652—Erasing, e.g. deleting, data cleaning, moving of data to a wastebasket
Abstract
An embodiment of the present invention provides a kind of data destruction method and systems, are related to Technology On Data Encryption;Field.This method includes:Data markers are carried out to the business datum of input, generate the corresponding label information of the business datum;The business datum is identified according to the label information, determines the corresponding data mode of the business datum;When the data mode is abnormality, data-frozen is carried out to the business datum according to the default policy information that freezes, obtains freezing business datum;Destruction discriminating is carried out to the business datum of freezing, determines data to be destroyed;Data destroying is carried out to the data to be destroyed.The embodiment of the present invention is determined to need the data to be destroyed destroyed, reduces the False Rate of data destroying and improve data destroying efficiency with realizing automated intelligent.
Description
Technical field
The present invention relates to technical field of data security, more particularly to a kind of data destruction method, a kind of data destroying system
System, a kind of electronic equipment and a kind of readable storage medium storing program for executing.
Background technology
Under the overall background changed in information-technology age to the data technique epoch, data are gathered around according to itself exclusive value
There are the inner principles of " internal leakage, outside are stolen ", in the easy excessive risk state leaked and abuse, data safety protection
It faces a severe challenge.
With the enhancing of people awareness of network security, around the generation of data, storage, transmission, the data Life Cycle such as use
Phase process has gradually formed ripe security protection system.Data destroying, as the significant process of data life period, mesh
Be permanently to delete specific data, avoid data leak, be still not affected by the enough attention of people so far.Existing data pin
Damage method is mainly to determine the target data destroyed required for it by manually, this causes data destroying efficiency low, it is difficult to big
Scale, mass determine to destroy target data.The target data destroyed is needed completely by profile to determine, is susceptible to
The data that need not be destroyed are judged as to need the data destroyed, cause the False Rate of data destroying high or even can destroy by mistake to have
Data.
The content of the invention
In view of the above problems, the embodiment of the present invention provides a kind of data destruction method, to promote data destroying efficiency, reduces
The False Rate of data destroying.
Correspondingly, the embodiment of the present invention additionally provides a kind of data destroying system, a kind of equipment and a kind of readable storage
Medium, to ensure the realization of the above method and application.
To solve the above-mentioned problems, the embodiment of the invention discloses a kind of data destruction method, including:
Data markers are carried out to the business datum of input, generate the corresponding label information of the business datum;
The business datum is identified according to the label information, determines the corresponding data shape of the business datum
State;
When the data mode is abnormality, freeze policy information to the business datum into line number according to default
According to freezing, obtain freezing business datum;
Destruction discriminating is carried out to the business datum of freezing, determines data to be destroyed;
Data destroying is carried out to the data to be destroyed.
Optionally, further include:
Analytical auditing is carried out according to the corresponding record information of the business datum, obtains analytical auditing as a result, wherein, it is described
Recording information includes following at least one:Usage record information destroys record information and freezes to record information;
According to the analytical auditing as a result, being updated to the corresponding label information of the business datum.
Optionally, it is described that data destroying is carried out to the data to be destroyed, including:
According to default matched rule information, the corresponding data destroying mode of the data to be destroyed is matched, wherein, it is described
Data destroying mode includes:The soft destruction mode of data and data destroy mode firmly;
Data destroying is carried out to the data to be destroyed according to the data destroying mode, corresponding record of destroying is generated and believes
Breath.
Optionally, further include:
It is corresponding to the business datum to carry out authentication using user when the data mode is normal condition;
In authentication by rear, the business datum is supplied to described using user, generates corresponding usage record
Information.
Optionally, the abnormality includes:Frozen state, the method further include:
Judge whether to need to carry out data defrosting to the business datum according to the default Rule Information that freezes;
If desired thaw to the business datum, then generate defrosting request, thaw according to described described in request removal
The corresponding frozen state of business datum generates corresponding thaw and records information and the business datum after defrosting is re-started
Data markers;
If need not thaw to the business datum, the business datum is determined as freezing business datum, is held
Row is described to carry out destroying the step of differentiating to the business datum of freezing.
Optionally, before the business datum of described pair of input carries out data markers, further include:System management messages are set,
The system management messages include at least one of following:Freeze Rule Information, destroy Rule Information, matched rule information, freeze
Policy information destroys policy information and user information;
After the progress data-frozen to the business datum, further include:Freeze business datum generation pair for described
That answers freezes record information.
The embodiment of the invention discloses a kind of data destroying system, including:
For carrying out data markers to the business datum of input, it is corresponding to generate the business datum for data markers module
Label information;
Data identification module for the business datum to be identified according to the label information, determines the business
The corresponding data mode of data;
Data-frozen module, for when the data mode is abnormality, freezing policy information pair according to default
The business datum carries out data-frozen, obtains freezing business datum;And destruction mirror is carried out to the business datum of freezing
Not, data to be destroyed are determined;
Data destroying module, for carrying out data destroying to the data to be destroyed.
Optionally, further include:Analytical auditing module;
The analytical auditing module for carrying out analytical auditing according to the corresponding record information of the business datum, obtains
Analytical auditing is as a result, wherein, the record information includes following at least one:Usage record information destroys record information and jelly
Knot record information;
The data markers module is additionally operable to according to the analytical auditing as a result, to the corresponding mark of the business datum
Information is updated.
Optionally, the data destroying module includes:
Matched sub-block, for according to default matched rule information, matching the corresponding data pin of the data to be destroyed
Mode is ruined, wherein, the data destroying mode includes:The soft destruction mode of data and data destroy mode firmly;
Submodule is destroyed, for carrying out data destroying, generation to the data to be destroyed according to the data destroying mode
It is corresponding to destroy record information.
Optionally, further include:Use module safely;
The safe handling module, for when the data mode be normal condition when, it is corresponding to the business datum
Authentication is carried out using user;And in authentication by rear, the business datum is supplied to it is described using user,
Generate corresponding usage record information.
Optionally, the data identification module is additionally operable to when the abnormality is frozen state, according to default jelly
Knot Rule Information judges whether to need to carry out data defrosting to the business datum;If desired the business datum is solved
Freeze, then generate request of thawing, it is corresponding to trigger the data markers module removal business datum according to the request of thawing
Frozen state;If need not thaw to the business datum, the business datum is determined as freezing business datum, be touched
It sends out data-frozen module described and performs and described the business datum of freezing is carried out destroying the step of differentiating;
The data markers module is additionally operable to remove the corresponding frozen state of the business datum, generates corresponding defrosting
It records information and data markers is re-started to the business datum after defrosting.
Optionally, further include:System management module;
The system management module, for setting system management messages, the system management messages include following at least one
:Freeze Rule Information, destroy Rule Information, matched rule information, freeze policy information, destruction policy information and user's letter
Breath;
The data-frozen module is additionally operable to freeze that business datum generation is corresponding to be freezed to record information for described.
The embodiment of the invention also discloses a kind of electronic equipment, including memory, processor and store on a memory simultaneously
The computer program that can be run on a processor, the processor realize the data in the embodiment of the present invention when performing described program
The step of destroying method.
The embodiment of the invention also discloses a kind of computer readable storage mediums, are stored thereon with computer program, the journey
The step of data destruction method in the embodiment of the present invention is realized when sequence is executed by processor.
The embodiment of the present invention includes advantages below:
First, the embodiment of the present invention is to the business datum of input by carrying out data markers, generates label information, and can be according to
Business datum is identified according to the label information, so as to identify business datum whether in abnormality, Yi Jike
Data-frozen is carried out to the business datum for being in abnormality according to the default policy information that freezes, obtains freezing business datum,
It can then determine data to be destroyed by carrying out destruction discriminating to freezing business datum, i.e., based on data-driven, realize certainly
It is dynamic intelligently to determine to need the data to be destroyed destroyed, the False Rate of data destroying is reduced, improves data destroying efficiency, into
And data management cost can be reduced.
Secondly, the embodiment of the present invention can carry out analytical auditing, energy according to according to the corresponding record information of the business datum
It is enough to ensure to destroy overall effect with objective evaluation data safety.
Again, the embodiment of the present invention can match the corresponding data of data to be destroyed according to default matched rule information
Destruction mode such as can select the soft destruction mode of data or data to destroy mode firmly according to matched rule information, provide data
The unified standard flow of destruction is supported the soft destruction of same platform management data and data to destroy firmly, is destroyed so as to guarantee data security
The uniformity of system promotes data safety and destroys overall effect.
Description of the drawings
Fig. 1 is a kind of step flow chart of data destruction method embodiment of the present invention;
Fig. 2 is a kind of structure diagram of data destroying system embodiment of the present invention;
Fig. 3 is an optional exemplary a kind of structure diagram for data destroying system of the invention
Fig. 4 is a kind of principle schematic of data destruction method in an example of the present invention;
Fig. 5 is a kind of step flow chart of data destruction method in an example of the present invention.
Specific embodiment
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, it is below in conjunction with the accompanying drawings and specific real
Applying mode, the present invention is described in further detail.
With information technology flourish, people's awareness of network security is increasingly enhanced, around the generation of data, storage,
It the processes such as transmits, use, gradually forming ripe security protection system.Wherein, weight of the data destroying as data life period
Process is wanted, is the key link of data safety protection.Data life period can be the generations of data, storage, transmission, using and
The set of the processes such as destruction.Around data destroying process, complete security protection system is not yet formed at present.
Specifically, destroy demand with data safety increasingly to change, the existing soft destruction of data destroys difficulty firmly with data
Demand is destroyed with the data safety met under the new situation.Specifically, the soft destroying method of existing data and the hard destroying method of data
Be predefined according to user or custom data destroy strategy, towards fixed destruction target data, provide data
Safety destroys ability, but lacks monitoring and audit to data Destruction, that is, lacks and ruin what is output and input to data safety pin
Assessment and control, it is difficult to ensure and objective evaluation data safety destroys overall effect.In addition, the soft destruction of existing data and data
It is hard to destroy, possess respective independent flow.Accordingly, it is difficult to be destroyed firmly with the soft destruction of the existing data of platform management and data, influence
Data safety destroys safely the uniformity of system, limits data safety and destroys overall effect, is unfavorable for data safety destruction
Skill scheme is applied under complicated business scene.
It should be noted that soft destroy of data is also known as mathematical logic and destroys, can refer to wipe using data/overriding method etc.
Software approach destroys data.Wherein, data wipe/overriding method can refer to:Legacy data is covered using specific data, is made original
Data disappear with the change of data, pre-set specific data " 0 " covering legacy data such as can be used so that original number
It disappears according to the covering with data.
Data firmly destroy be also known as Data Physical destroy, can refer to using demagnetization method, destroy method by fire, smash to pieces method etc. destroy data
The method of storage medium physical arrangement realizes data destroying.Wherein, demagnetization method can be adapted for magnetic-based storage media, Ke Yishi
Refer to:The strong magnetic field generated using Deperming Facility, is destroyed the magnetic texure of magnetic-based storage media, loses magnetic-based storage media and deposit
Store up data capability.The method of destroying by fire can utilize high temperature that storage medium is made to turn to dust and ashes, so that data have not existed permanently.It smashs to pieces
Method also known as shreds method, can be smashed to pieces or shred to minimum fragment by storage medium physical damage, such as by storage medium, so as to
Can be ensured that can not recover data from storage medium remains.
One of the core concepts of the embodiments of the present invention is, provides a kind of data destruction method and system, with data life
Data destroying process is core in cycle, towards the important business data that need to be protected, is constructed including data markers, data knowledge
Not, the data safety of data-frozen, data destroying etc. destroys system, determines to destroy target data with automated intelligent, realize
The purpose that target data is permanently deleted is destroyed, data leak is avoided, so as to guarantee data security.
It should be noted that important business data can include needing business datum to be protected;Destroying target data can be with
Refer to need the data destroyed safely, can be the subset of important business data, the embodiment of the present invention is not specifically limited this.
Reference Fig. 1, shows a kind of step flow chart of data destruction method embodiment of the present invention, and this method can answer
For in data destroying system, specifically may include steps of:
Step 102, data markers are carried out to the business datum of input, generates the corresponding label information of the business datum.
In practical applications, the data destruction method in the embodiment of the present invention can be utilized to build a data peace and destroy system
System.The data destroying system can be using data destroying process in data life period as core, by data-driven and data life
Other processes are connected in cycle, determine data to be destroyed so as to automated intelligent.
Specifically, during incoming traffic data, data destroying system can be marked, indirectly by such as direct
The modes such as mark, self-defined mark, are marked the business datum of input, generate the corresponding label information of the business datum.
Wherein, direct mark mode can refer to:The data markers mode of additional label information in the business datum for needing to wrap protection,
It is merged so as to fulfill business datum to be protected is needed with the physics of label information;Indirect labelling mode can refer to:It will need to protect
Business datum and the associated data markers mode of label information, so as to fulfill business datum to be protected and label information is needed
Logic merges;Self-defined mark mode can refer to destroys demand according to actual business demand and/or data safety, customized
Data markers mode, etc..
In the embodiment of the present invention, label information can be used for recording the business datum that need to be protected in data intelligence Destruction
In status information, unique encodings (Identity, ID), data mode, self-defined information etc., this hair embodiment can be included
This is not restricted.Wherein, ID can represent the unique string for the business datum that need to be protected;Data mode can be divided into normally
State, abnormality etc., the present invention implement also to be not specifically limited this.
For example, data destroying system after need important business data to be protected is detected, is such as detecting user's input
Important business data when, can data markers, generation carry out the important business data that detects by direct mark mode
The corresponding label information of the important business data, with the additional label information being currently generated in the important business data, thus
It realizes to important business data to be protected is needed to bind unique label information.Wherein, important business data can include needing
Business datum to be protected, as needed to need business datum to be protected in business datum to be protected, release mechanism in financial institution
Etc., the embodiment of the present invention is not restricted this.
In the embodiment of the present invention, optionally, data destroying system can also to the business datum after Data Identification and its
Corresponding label information carries out secure storage, and business processing is carried out can subsequently to obtain the business datum after data markers.Example
Such as, with reference to above-mentioned example, the important business data after Data Identification can be safely stored into database by data destroying system,
Business processing is carried out can subsequently to obtain the important business data after data markers from the database.
Step 104, the business datum is identified according to the label information, determines that the business datum is corresponding
Data mode.
The embodiment of the present invention can be before business datum be used, business datum that can be according to label information to that will use
Be identified, with identify the business datum that will be used whether the abnormality during the data destroying.If it will make
Business datum is in the abnormality during data destroying, then can recognize the corresponding data shape of the business datum
State is abnormality, can then be directed to the business datum in abnormality recognized and perform step 106.If it will use
Business datum be not in abnormality during data destroying, then can recognize the corresponding data of the business datum
State is normal condition, and the user's progress identity that can be then directed to the business datum in normal condition identified is recognized
Card, by rear, to authorize the access right of the business datum to user so that the user for obtaining mandate can in authentication
To use the business datum.
Step 106, when the data mode is abnormality, according to the default policy information that freezes to the business number
According to data-frozen is carried out, obtain freezing business datum.
In the embodiment of the present invention, policy information can be freezed in the setting of data destroying system in advance so that the data destroying
System can freeze policy information according to this and carry out data-frozen to the business datum for being in abnormality.Optionally, abnormal shape
Condition can be divided into the abnormality for freezing situation and non-freezing, wherein, frozen state can be the abnormality freezed.Specifically
, data destroying system is when it is abnormality to recognize the corresponding data mode of business datum, it may be determined that the abnormality
Whether be non-freezing abnormality.It, can be according to pre-setting when definite business datum is in the abnormality of non-freezing
The policy information that freezes business datum is freezed so that the business datum is in frozen state.Industry in frozen state
Business data referred to as can freeze business datum.It, can be by the business datum when business datum has been in the abnormality freezed
It is determined as freezing business datum, you can keep the frozen state of business datum, then executable step 108.
In an alternate embodiment of the present invention where, after freezing to business datum, corresponding jelly can also be generated
Knot record information carries out analytical auditing can subsequently to freeze to record information according to this to freezing business datum.Wherein, freeze
Record information can include according to practical business demand, analytical auditing demand, data safety destruction demand etc. determine, it is necessary to remember
Record with the relevant information of data-frozen, the embodiment of the present invention is not restricted this.
Step 108, destruction discriminating is carried out to the business datum of freezing, determines data to be destroyed.
It, can be according to pre-set rule of destroying to freezing after freezing to business datum in the embodiment of the present invention
Knot business datum carries out destruction discriminating, to judge whether to need to freeze business datum progress data destroying to this.Optionally, to institute
It states and freezes business datum and carry out destruction discriminating, can specifically include:According to default destruction Rule Information, judge whether needs pair
The business datum of freezing carries out data destroying;If desired data destroying is carried out to freezing business datum, then this can be freezed
Business datum is determined as data to be destroyed, then performs step 110.Data to be destroyed can be used for characterizing the destruction that needs are destroyed
Target data can include needing the various businesses data destroyed, if desired for financial circles important business data of destruction etc..If no
It needs to carry out data destroying to freezing business datum, then can freeze the corresponding record information of freezing of business datum according to this and carry out
Analytical auditing forms analytical auditing as a result, to freeze the corresponding data mode of business datum according to analytical auditing result update.
Step 110, data destroying is carried out to the data to be destroyed.
In the embodiment of the present invention, data destroying system can be directed to the data to be destroyed after data to be destroyed are determined
Intelligent Matching is carried out, to determine in a manner of the corresponding data destroying of the data to be destroyed, so as to utilize the data determined
Destruction mode destroys data to be destroyed.
To sum up, the embodiment of the present invention is to the business datum of input by carrying out data markers, generates label information, and can be according to
Business datum is identified according to the label information, so as to identify business datum whether in abnormality, Yi Jike
Data-frozen is carried out to the business datum for being in abnormality according to the default policy information that freezes, obtains freezing business datum,
It can then determine data to be destroyed by carrying out destruction discriminating to freezing business datum, i.e., based on data-driven, realize certainly
It is dynamic intelligently to determine to need the data to be destroyed destroyed, the False Rate of data destroying is reduced, improves data destroying efficiency, into
And data management cost can be reduced.
In an alternate embodiment of the present invention where, data destruction method can also include:It is corresponding according to business datum
Record information and carry out analytical auditing, obtain analytical auditing as a result, with according to the analytical auditing result to the input of business datum and
Output is assessed and controlled, so as to ensure to destroy overall effect with objective evaluation data safety.Wherein, recording information can
To include at least one:Usage record information destroys record information and freezing and records information etc., the embodiment of the present invention to this not
It is restricted.
Specifically, data destroying system can integrate usage record information, freeze to record information, destroy record information etc.
Many factors carry out analytical auditing, such as carry out analytical auditing to business datum, when going out business datum exception with analytical auditing oneself
Dynamic alarm, export problem report destroy overall effect and being capable of objective evaluation data safety so as to guarantee data security
Destroy overall effect.Wherein, usage record information can be included in the information recorded when business datum is supplied to using user;
The information of record when data-frozen is carried out to business datum, such as freeze-off time can be included in by freezing record information;Destroy note
Record information can include, to carrying out business datum the information that data destroying is record, can such as including data destroying time, number
According to destruction mode etc.;Problem report can be used for user is aided in determine that the reason for abnormal occurs in business datum.
Optionally, the data destruction method in the embodiment of the present invention can also include:According to analytical auditing as a result, to business
The corresponding label information of data is updated.Specifically, data destroying system can also be according to analytical auditing as a result, to business number
It is updated according to corresponding label information;Visualization can also be carried out according to the analytical auditing result and concentrates displaying, such as to needing to protect
The quantity of the important business data of shield shows, state accounting, situation of freezing, service condition, destruction situation etc. are shown, so as to
It realizes that various visual angles, multidimensional information show, and then user can be helped to know data intelligence clearly and destroy state, control data intelligence
Destroy global situation.
In embodiments of the present invention, optionally, data destroying is carried out to the data to be destroyed, can included:According to pre-
If matched rule information, the corresponding data destroying mode of the matching data to be destroyed, wherein, the data destroying mode bag
It includes:The soft destruction mode of data and data destroy mode firmly;According to the data destroying mode to the data to be destroyed into line number
According to destruction, generate corresponding destroy and record information.
Specifically, matched rule information can be set in data destroying system in advance so that the data destroying is true
After making data to be destroyed, can according to pre-set matched rule information to data to be destroyed carry out intelligent Matching, with according to
According to matching result intelligent selection mode is destroyed firmly, data to be destroyed are destroyed using the soft destruction mode of data or data.Its
In, pre-set matched rule information can include predefining in data destroying system or customized matched rule.Matching
Rule can destroy demand customization according to practical business demand or data safety, and realization method is flexible, the embodiment of the present invention to this not
It is restricted.For example, can be in matched rule, it is the soft destruction mode of data to set the corresponding data destroying mode of cloud service data,
So that in follow-up data Destruction, the soft destruction of data is carried out to cloud service data according to the soft destruction mode of data;It sets removable
The corresponding data destroying mode of storage data of dynamic storage medium destroys mode firmly for data, so as to follow-up data Destruction
In, it destroys mode firmly according to data and the storage data of movable storage medium is carried out with data destruction, etc. firmly.
It should be noted that the soft destruction mode of data, can be wiped using data/software approach such as overriding method are destroyed
Data.In actual treatment, data destroying system may be employed on platform line, can to realize the execution of the soft destruction mode of data
To support domestic and international data are soft to destroy algorithm, standards and norms, and can support according to practical business demand or data safety pin
Ruin the soft destruction algorithm of data of demand customization.Wherein, the soft algorithm of destroying of data can include:The mode of erasing/overriding, erasing/
Number of overriding etc..
The data mode of destroying firmly can utilize demagnetization method, destroy method by fire, smash the destruction data storage medium physical arrangement such as method to pieces
Method realize data destroying.Specifically, being destroyed firmly if necessary to carry out data, can be directed in data destroying system to be destroyed
Data generation data destroy work order firmly, and execution data under platform line then can be used and destroy firmly, such as can be by data destroying work order
It is supplied to data destroying person liable so that data destroying person liable carries out data according to the data destroying work order and destroys firmly, and
It completes that the corresponding confirmation message of data destroying work order can be submitted in data destroying system after data are destroyed firmly so that data pin
The system of ruining can determine the completion of data destroying work order according to the confirmation message.Wherein, data destroy work order and can be used for remembering firmly
Record data storage medium destroys target data, data and destroys person liable firmly, can be also used for record according to practical business demand,
Analytical auditing demand or data safety destroy the information of demand customization, and the embodiment of the present invention is not restricted this.
In an alternate embodiment of the present invention where, further include:When the data mode is normal condition, to the industry
Data of being engaged in are corresponding to carry out authentication using user;In authentication by rear, the business datum is supplied to described make
With user, corresponding usage record information is generated.Specifically, identifying that the business datum that will be used is in normal condition
When, data destroying system can carry out authentication to the business datum using user;If authentication is by can be with
The corresponding access right of the business datum is authorized using user, so as to be put forward business datum based on the access right authorized
Supply is used using user.For example, data destroying system can pass through such as off-line data, service interface, data-interface, application
The modes such as Program Interfaces (Application Programming Interface, API), by the industry in normal condition
Business data are supplied to using user, and can be to the business datum using user is supplied to record, and generation is corresponding to be made
With record information.The usage record information can include according to practical business demand, analytical auditing summed data being needed to destroy safely
The definite information for needing to record such as demand, the embodiment of the present invention are not restricted this.
In embodiments of the present invention, normal condition can be used to indicate that the business datum state that need to be protected is normal, can make
With.Abnormality can be used to indicate that other states needed outside normal condition to be protected, specifically may include expired state, redundancy
State, derivative state, failure state, frozen state and self-defined abnormality etc..Wherein, expired state can represent to need to protect
Business datum exceeded the legal time limit used.The business datum that redundant state can represent protect is other business datums
Reproduction replica.The business datum that derivative state can represent protect is generated based on the processing of other business datums, computing
Data.The business datum that failure state can represent protect has lost intrinsic business value.Frozen state can represent to need to protect
Business datum be in the state of data-frozen.Self-defined abnormality may include according to practical business demand or data safety pin
Ruin the customized data mode of demand.Wherein, the data status of demand customization is destroyed according to practical business demand or data safety,
Realization method is flexible, and the embodiment of the present invention is not restricted this.
In an alternate embodiment of the present invention where, abnormality can include:Frozen state, the method further include:
Judge whether to need to carry out data defrosting to the business datum according to the default Rule Information that freezes;If desired to the business
Data are thawed, then generate defrosting request, and the corresponding frozen state of the business datum is removed according to the request of thawing, raw
Into corresponding defrosting record information and data markers are re-started to the business datum after defrosting;It if need not be to the industry
Business data are thawed, then are determined as the business datum freezing business datum, execution is described to freeze business datum to described
It carries out destroying the step of differentiating.
In the embodiment of the present invention, it can be set in advance in data destroying system and freeze Rule Information.Freeze Rule Information
Can include it is predefined or it is customized freeze rule, can be used for carrying out defrosting mirror to the business datum for being in frozen state
Not, with determine the need for be in frozen state business datum carry out data defrosting.Wherein, predefine or customized jelly
Knot rule can destroy demand according to practical business demand or data safety and be customized, and realize flexibly, can such as be arranged on one
Frozen state thawed automatically to freezing data in specified time, kept freezing business datum towards specific user etc., this hair
Bright embodiment is not restricted this.
In the concrete realization, data destroying system is recognizing after the business datum in frozen state is recognized
After freezing business datum, can according to it is predefined or it is customized freeze rule, judge whether to freeze business number to this to needs
According to progress data defrosting.If desired data defrosting is carried out to freezing business datum, then can freezes business datum generation for this
Corresponding request of thawing, is thawed with freezing business datum to this automatically according to defrosting request, the business after being thawed
Data and the corresponding record information of thawing of generation, so as to record information to the business datum after defrosting according to the defrosting
Data markers are re-started, the corresponding data mode of business datum after such as thawing is labeled as normal condition, etc..If it is not required to
Data defrosting is carried out to freezing business datum, then can keep freezing the frozen state of business datum, it then can be according to advance
The destruction Rule Information of setting carries out destruction discriminating to freezing business datum.
Wherein, destroying Rule Information can be including predefined in data destroying system or customized destruction rule.It is predetermined
Adopted or customized destruction rule can destroy demand according to practical business demand or data safety and be customized, and realize flexibly,
It is more than to specify time limit, access times arrival that upper limit etc. is allowed to freeze business datum to be determined as needing to destroy as the time limit can will be freezed
Business datum, the embodiment of the present invention are not restricted this.
In an alternate embodiment of the present invention where, before the business datum of described pair of input carries out data markers, may be used also
To include:System management messages are set, and the system management messages include at least one of following:Freeze Rule Information, destroy rule
Then information, matched rule information, freeze policy information, destroy policy information and user information.It, can be advance in actual treatment
System management messages are set in data destroying system so that the data destroying system can be according to pre-set system administration
Information is managed business number, and such as the business datum for being in frozen state is carried out according to the pre-set Rule Information that freezes
Thaw differentiate, according to it is pre-set destruction Rule Information judge whether need to freeze business datum carry out data destroying, according to
Freeze plan according to the corresponding data destroying mode of pre-set matched rule information matches data to be destroyed, according to pre-set
Slightly information carries out the business datum that needs freeze data-frozen, carries out data pin according to pre-set destruction policy information
Ruin, etc..
In the embodiment of the present invention, optionally, after the progress data-frozen to the business datum, further include:For
It is described freeze business datum generation it is corresponding freeze record information.Specifically, data destroying system is carried out to business datum
During data-frozen, can record with the relevant information of data-frozen, formation is freezed to record information, so as to subsequently can be according to the jelly
Knot record information carries out analytical auditing, so as to ensure to destroy overall effect with objective evaluation data safety.Freeze record letter
Breath can include needing the definite letter for needing to record such as summed data safety destruction demand according to practical business demand, analytical auditing
Breath, the embodiment of the present invention are not restricted this.
Referring to Fig. 2, show a kind of structure diagram of data destroying system embodiment of the present invention, can specifically include such as
Lower module:
Data markers module 202 for carrying out data markers to the business datum of input, generates the business datum and corresponds to
Label information;
Data identification module 204 for the business datum to be identified according to the label information, determines the industry
The corresponding data mode of data of being engaged in;
Data-frozen module 206, for when the data mode is abnormality, freezing policy information according to default
Data-frozen is carried out to the business datum, obtains freezing business datum;And destruction mirror is carried out to the business datum of freezing
Not, data to be destroyed are determined;
Data destroying module 208, for carrying out data destroying to the data to be destroyed.
In an alternate embodiment of the present invention where, which can also include analytical auditing module.It is described
Analytical auditing module, for according to the business datum it is corresponding record information carry out analytical auditing, obtain analytical auditing as a result,
Wherein, the record information includes following at least one:Usage record information destroys record information and freezes to record information.Institute
Data markers module is stated, is additionally operable to according to the analytical auditing as a result, being carried out more to the corresponding label information of the business datum
Newly.
In an alternate embodiment of the present invention where, the data destroying module 208 can include following submodule:
Matched sub-block, for according to default matched rule information, matching the corresponding data pin of the data to be destroyed
Mode is ruined, wherein, the data destroying mode includes:The soft destruction mode of data and data destroy mode firmly;
Submodule is destroyed, for carrying out data destroying, generation to the data to be destroyed according to the data destroying mode
It is corresponding to destroy record information.
In embodiments of the present invention, optionally, data destroying system can also include:Use module safely.The safety
Using module, for when the data mode is normal condition, use user corresponding to the business datum to carry out identity
Certification;And in authentication by rear, the business datum is supplied to described using user, the corresponding use note of generation
Record information.
In embodiments of the present invention, optionally, the data identification module 204, it is to freeze to be additionally operable in the abnormality
During knot state, judge whether to need to carry out data defrosting to the business datum according to the default Rule Information that freezes;If desired
It thaws to the business datum, then generates defrosting request, the data markers module 202 is triggered according to the request of thawing
Remove the corresponding frozen state of the business datum;If need not thaw to the business datum, by the business number
According to being determined as freezing business datum, trigger the data-frozen module 206 perform it is described to the business datum of freezing into marketing
The step of ruining discriminating.
The data markers module 202 is additionally operable to remove the corresponding frozen state of the business datum, generates corresponding solution
Freeze record information and data markers are re-started to the business datum after defrosting.
In an alternate embodiment of the present invention where, data destroying system can also include:System management module.The system
System management module can be used for setting system management messages, and the system management messages include at least one of following:Freeze rule
Information destroys Rule Information, matched rule information, freezes policy information, destroys policy information and user information.
Data-frozen module 208 can be also used for freezing that business datum generation is corresponding to be freezed to record information for described.
In one optional example, as shown in figure 3, data destroying system 300 can include:Data markers module 202, data
Identification module 204, data-frozen module 206, data destroying module 208, safe handling module 210,212 and of analytical auditing module
System management module 214.
In actual treatment, data markers module 202 can be used for the important business data that need to be protected is marked and
Storage management provides data markers and secure storage two functions.
Specifically, data markers function can refer to:Data Identification module 202 can by directly marking, indirect labelling
The important business data that need to be protected is marked with modes such as self-defined marks, to be bound to the important business data that need to be protected
Unique label information.For example, in the case where the important business data that need to be protected is structural data, pass through the directly side of mark
Formula can add in the field for including label information in tables of data where important business data;It, can by indirect labelling mode
Outside tables of data, to create the tables of data for including label information where important business data, and can be by the tables of data with being somebody's turn to do
Important business data is associated, so as to establish the correspondence between important business data and identification information.For another example, needing
It, can be direct by label information by direct mark mode in the case that the important business data of protection is unstructured data
It writes in file header or the file body of important business data;It, can be literary where important business data by indirect labelling mode
Outside part, the newly-built attachment files for including label information, associated with the important business data etc..The specific implementation side of data markers
Formula is flexible, and the embodiment of the present invention is not restricted this.
Secure storage function can refer to:The important industry that Data Identification module 202 can protect the need after data markers
Data of being engaged in carry out secure storage, and the specific implementation of secure storage is flexible, and the embodiment of the present invention is not restricted this.
Data identification module 204 can be identified the business datum taken out, will used from secure storage, carry
It identifies and thaws for data and differentiate two functions.Wherein, data identification function can refer to:Data identification module 204 can carry
The corresponding identification information of the business datum that will be used is taken, then the identification information extracted can be disassembled label information is
ID, data mode and self-defined information etc. then using ID, data mode and the self-defined information disassembled, judge industry
Whether data mode of the data of being engaged in data intelligence Destruction is in abnormality or judges business datum in data intelligence
Whether the data mode in energy Destruction is in normal condition.Defrosting identification function can refer to that data identification module 204 can
To carry out defrosting discriminating to the business datum for being in frozen state, freeze shape with judge whether to need to keep the business datum
State.
Data-frozen module 206 can provide data-frozen, freezes to record and destroy the functions such as discriminating.Wherein, number
According to freezing function can according to it is predefined or it is customized freeze strategy, to identifying in expired, redundancy, derivative, failure
With the business datum of the abnormalities such as self-defined, data-frozen is carried out.It should be noted that predefined or customized freeze plan
Demand slightly can be destroyed according to practical business demand or data safety to be customized, realize flexibly, such as carried out using cipher mode
Data-frozen carries out data-frozen etc. using permission mode, and the embodiment of the present invention is not restricted this.Freezing writing function can be with
Business datum by data-frozen feature freeze is recorded, record content is according to practical business demand, analytical auditing need
Summed data safety destruction demand is determined, and the embodiment of the present invention is not restricted this.Destroying identification function can be according to pre-
Definition or it is customized destroy rule, destruction discriminating is carried out to the business datum for being in frozen state, to determine the need for pair
The business datum carries out data destroying.
For example, data-frozen module 206 can according to it is predefined or it is customized freeze strategy, to data identification module 204
The business datum in expired, redundancy, derivative, failure and the abnormalities such as self-defined identified performs data-frozen, and can
To carry out freezing to record to freezing data, destroy discriminating.It is optional, it, can when data destroying need not be carried out to the business datum
To carry out analytical auditing to the business datum, analytical auditing result is formed.
Data destroying module 208 can provide the soft destruction of intelligent Matching, data, record etc. is destroyed and destroyed firmly to data
Function.Wherein, the business datum destroyed by data destroying function can be recorded by destroying writing function, the content of record
Summed data safety destruction demand can be needed to be determined with practical business demand, analytical auditing, the embodiment of the present invention does not make this
Concrete restriction.For example, data destroying module 208 can carry out intelligent Matching to the data to be destroyed for needing progress data destroying,
In a manner of the soft destruction of data gone out using intelligent Matching or data destroy mode firmly, carry out data destroying, and can be to destroying
Business datum recorded, generate it is corresponding destroy record information.
Safe handling module 210 can provide the functions such as authorization identifying, safe handling, usage record.Specifically,
Based on authorization identifying function, user of the security identity module 210 to the business datum in normal condition identified carries out
Authentication, and can authentication by when, authorize the data right to use of the business datum to user.In addition, safety is known
Other module 210 can be based on safe handling function, in a manner of off-line data, service interface, data-interface, API etc., will be in just
The business datum of normal state is supplied to the user of mandate to make, and on the premise of guaranteeing data security, meets user demand;And
Usage record function can be based on, the business datum provided by using function safely is recorded, generation usage record letter
Breath.
Analytical auditing module 212 may be used to provide analytical auditing function, visualize function.Specifically, analysis is examined
It counts module 212 and is based on analytical auditing function, it can be more with integrated data usage record, data-frozen record, data destroying record etc.
Aspect factor carries out analytical auditing, generation analytical auditing report.Optionally, analytical auditing module 212 can be shown by regarding
Function carries out analytical auditing result visualization concentration and shows, realizes various visual angles, multidimensional information shows.
System management module 214 can provide the functions such as regulation management, tactical management, system administration.Wherein, system
214 rule-based management function of management module can need summed data to destroy need safely according to practical business demand, analytical auditing
It asks, to freezing rule, destroying rule, matched rule, is increased newly, deleted, changed and inquired about.Based on policy management capability, it is
System management module 214 summed data safety destruction demand can be needed according to practical business demand, analytical auditing, to freeze strategy,
Strategy is destroyed, is increased newly, deleted, changed and inquired about;And based on system management function, the user of data destroying system is provided
It sets, user grouping is set and user authority setting.It should be noted that user setting can include create, delete, modification,
Inquire about the user of data destroying system;User grouping setting can include creating, delete, changes, inquire about data destroying system
User grouping and can also include set user grouping description information, adjustment specific user to specific user be grouped etc.;With
Family priority assignation can include assigning user different system permissions, can such as create, delete, change, inquire about specific user
Or the permission of specific user's grouping is set etc..
For those skilled in the art is made to more fully understand the embodiment of the present invention, below in conjunction with example in the embodiment of the present invention
Data destruction method illustrate.
Reference Fig. 4 shows a kind of principle schematic of data destruction method in an example of the present invention.
In this example, data destroying system can be using data destroying process in data life period as core, towards need
The business datum of protection carries out intelligent destruction to the business datum that needs are destroyed, as figure 5 illustrates, specifically may include steps of:
Step 502, in system management module, system management messages are set.For example, can in system management module,
To freeze rule, destroy rule, matched rule, freeze strategy, destruction strategy predefines and can set data destroying
User, user grouping and user right of system, etc..
Step 504, data markers module carries out data markers to the business datum that need to be protected, and generates label information.For example,
Data markers module can by directly marking, indirect labelling or it is self-defined mark etc. modes to financial circles important business data into
Line flag generates corresponding label information.
Step 506, data markers module carries out secure storage to the business datum that the need after data markers are protected.For example,
With reference to above-mentioned example, data markers module can carry out secure storage to the financial circles important business data after data markers.
Step 508, the corresponding label information of business datum that data identification module extraction will use, to believe according to mark
Breath carries out data identification, identifies the data mode of the business datum.Specifically, taking out what will be used from secure storage
After business datum, data identification module can extract the corresponding label information of the business datum, and disassemble label information as ID, number
According to state and self-defined information, so as to using ID, data mode and self-defined information, judge business datum in data intelligence
Whether the data mode in Destruction is in normal condition.If the data mode of business datum is normal condition, can be true
The fixed business datum is in normal condition, then executable step 510.If the data mode of business datum is frozen state,
The business datum can be determined to freeze business datum, then perform step 514.If the data mode of business datum is non-freezing
Abnormality, then can be directed to the business datum perform step 516.
Step 510, use use user of the module to the business datum in normal condition identified safely, carry out body
Part certification.If authentication fails, service can be terminated.It if, can be by the business datum by authentication
The data right to use is authorized using user, and can use user for authorized, with off-line data, service interface, number
Business datum is provided according to modes such as interface, API so that the business datum provided using user can be provided, then perform step
512。
Step 512, safe handling module records the business datum of offer, generates corresponding usage record information.
Specifically, safe handling module can carry out usage record, used to the business datum provided by using function safely
Information is recorded, and usage record information is sent to analytical auditing module, then performs step 522.
Step 514, data identification module carries out defrosting discriminating to the business datum for being in frozen state, to judge whether to need
It to thaw to the business datum.
Specifically, data identification module can according to it is predefined or it is customized freeze rule, judge whether to need to freezing
It ties business datum and carries out data defrosting.If need not freeze business datum to this carries out data defrosting, this can be kept to freeze industry
The frozen state for data of being engaged in.If desired thaw to freezing business datum, generate corresponding thaw and ask and asked thawing
It asks and is sent to data markers module.Data markers module removes this and freezes business datum correspondence mark after request of thawing is received
Know the data-frozen state in information, and can return and perform step 506.
Step 516, data-frozen module carries out data-frozen, obtains to the business datum in abnormality identified
To freezing business datum.Specifically, it is in such as expired state, redundant state, derivative state, failure recognizing business datum
After the abnormality of the non-freezing such as state and self-defined abnormality, data-frozen module can be according to predefined or customized
Freeze strategy, to the business datum carry out data-frozen and can to the business datum by data-frozen feature freeze into
Row freezes to record, and generation is corresponding to be freezed to record information, can will then be freezed record information and is sent to analytical auditing module so that
Analytical auditing module can carry out analytical auditing according to record information is freezed.
Step 518, data-frozen module carries out destruction discriminating to the business datum of freezing, and determines data to be destroyed.Tool
Body, data-frozen module can according to it is predefined or it is customized destroy rule, to be in the business datum of frozen state into
Discriminating is ruined in marketing, to judge whether to need to carry out the business datum a point progress data destroying.When judging result is to need to this
Business datum carries out data destroying, which can be determined as to data to be destroyed, and the data sending to be destroyed is to number
According to module is destroyed, step 520 is then performed.When judging result is that business datum progress data destroying can need not be sentenced
It is disconnected whether to need to carry out analytical auditing to the business datum.If desired analytical auditing is carried out to the business datum, then it can be by the industry
Business data sending gives analytical auditing module, then executable step 522.
Step 520, data destroying module destroys the data to be destroyed for needing to carry out data destroying.Specifically, number
According to predefined or customized matched rule data to be destroyed can be carried out with intelligent Matching, generation matching knot according to module is destroyed
Fruit, so as to be destroyed firmly to data to be destroyed into marketing using the soft destruction of data or data according to matching result intelligent selection
It ruins.
If data destroying module, using the soft destruction of data, can wipe/overriding method according to matching result using data
Software approach is waited to destroy data, the destruction of business datum is realized using the execution soft destruction mode of data on platform line.Specifically, number
Strategy can be destroyed according to pre-set data are soft according to module is destroyed, perform the soft destruction of data for data to be destroyed automatically,
To achieve the purpose that safety destroys data;And destruction note can be carried out to the business datum destroyed by data destroying function
Record generates corresponding destroy and records information, and then can the destruction be recorded information issue analytical auditing module, so that analysis
Audit Module can record information according to the destruction and carry out analytical auditing.
If data destroying module is destroyed firmly according to matching result using data, demagnetization method can be utilized, method is destroyed by fire, smashes
The method that broken method etc. destroys data storage medium physical arrangement realizes data destroying.Specifically, data destroying system can be directed to
Data generation data to be destroyed destroy work order firmly, and the data are destroyed work order firmly, data is supplied to destroy person liable firmly, to adopt
It is destroyed firmly with data are performed under platform line, i.e., destroys person liable firmly by data and data to be destroyed are destroyed.Data are sold firmly
Person liable is ruined after completing data and destroying firmly, can in data destroying system data be destroyed with work order firmly and confirmed, triggered
Data destroying system destroys the corresponding confirmation message of work order firmly into the data, so that data destroying system being capable of foundation
The confirmation message determines the completion that data are destroyed firmly.Optionally, data destroying module can also be based on confirmation message, to passing through data
It destroys the business datum that function is destroyed and carries out destruction record, generate corresponding destruction record information and record the destruction and believe
Breath issues analytical auditing module, so that analytical auditing module can record information according to the destruction carries out analytical auditing.
Step 522, analytical auditing module carries out analytical auditing, and generation analytical auditing is as a result, carry out analytical auditing result
Visualization, which is concentrated, to be showed.Specifically, analytical auditing module can determine the input and defeated that data safety is destroyed by analytical auditing
Whether go out has exception;If without exception, service can be terminated;, then can be with auto-alarming if there is exception, and can export and ask
Topic is reported and relevant abnormalities can be sent to data markers module, by Data Identification module, will appear from abnormal industry
Data mode in the corresponding label information of business data is updated to abnormality.
To sum up, data destruction method and system provided in an embodiment of the present invention, can be with data pin in data life period
Process is ruined for core, towards the important business data that need to be protected, is constructed including data markers, data identification, data-frozen, peace
It entirely uses, the data safety of data destroying, analytical auditing destruction system, realizes that destroying target data permanently deletes, and avoids counting
According to leakage, so as to guarantee data security.
Specifically, the data destruction method in the embodiment of the present invention and system can be according to predefined or customized numbers
According to rule is destroyed, based on data-driven, automated intelligent determines to need the data to be destroyed destroyed, i.e., need not manually participate in, just
Can automated intelligent determine to destroy target data, improve the definite efficiency for destroying target data, can on a large scale, mass determines
Target data is destroyed, and the False Rate for destroying target data is low, and it is at low cost to reduce data management.
Furthermore, the data destruction method and system in the embodiment of the present invention, can be according to predefined or self-defined
Strategy of Data Maintenance, towards the important business data that need to be protected, construct data safety and destroy system.Specifically, data pin
Damage method and system are using data destroying process in data life period as core, by other in data-driven and data life period
Process is connected, and is supported to ruin data safety pin the assessment output and input and control and can be used note with integrated data
The many factors such as record, data-frozen record, data destroying record carry out analytical auditing, so as to ensure and objective evaluation number
Overall effect is destroyed according to safety.
The present invention implement in data destruction method and system can also utilize intelligent Matching function, according to it is predefined or from
The matched rule of definition, intelligent selection using the soft destruction of data or data are destroyed, can provide unified standard flow, support firmly
It is destroyed firmly with the soft destruction of platform management data and data, so as to the uniformity for the destruction system that guarantees data security, promotes data peace
It is complete to destroy overall effect, be conducive to data safety destruction and applied under complicated business scene, disclosure satisfy that data under the new situation
Safety destroys demand.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it is all expressed as to a series of action group
It closes, but those skilled in the art should know, the embodiment of the present invention and from the limitation of described sequence of movement, because according to
According to the embodiment of the present invention, some steps may be employed other orders or be carried out at the same time.Secondly, those skilled in the art also should
Know, embodiment described in this description belongs to preferred embodiment, and the involved action not necessarily present invention is implemented
Necessary to example.
A kind of electronic equipment including memory, processor and stores the meter that can be run on a memory and on a processor
Calculation machine program, which is characterized in that the processor can realize following steps when performing described program:To the business datum of input
Data markers are carried out, generate the corresponding label information of the business datum;According to the label information to the business datum into
Row identification, determines the corresponding data mode of the business datum;When the data mode is abnormality, according to default jelly
It ties policy information and data-frozen is carried out to the business datum, obtain freezing business datum;The business datum of freezing is carried out
It destroys and differentiates, determine data to be destroyed;Data destroying is carried out to the data to be destroyed.
Optionally, further include:
Analytical auditing is carried out according to the corresponding record information of the business datum, obtains analytical auditing as a result, wherein, it is described
Recording information includes following at least one:Usage record information destroys record information and freezes to record information;
According to the analytical auditing as a result, being updated to the corresponding label information of the business datum.
Optionally, it is described that data destroying is carried out to the data to be destroyed, including:
According to default matched rule information, the corresponding data destroying mode of the data to be destroyed is matched, wherein, it is described
Data destroying mode includes:The soft destruction mode of data and data destroy mode firmly;
Data destroying is carried out to the data to be destroyed according to the data destroying mode, corresponding record of destroying is generated and believes
Breath.
Optionally, further include:It is corresponding to the business datum to use user when the data mode is normal condition
Carry out authentication;In authentication by rear, the business datum is supplied to described using user, generates corresponding use
Record information.
Optionally, the abnormality includes:Frozen state, the method further include:
Judge whether to need to carry out data defrosting to the business datum according to the default Rule Information that freezes;
If desired thaw to the business datum, then generate defrosting request, thaw according to described described in request removal
The corresponding frozen state of business datum generates corresponding thaw and records information and the business datum after defrosting is re-started
Data markers;
If need not thaw to the business datum, the business datum is determined as freezing business datum, is held
Row is described to carry out destroying the step of differentiating to the business datum of freezing.
Optionally, before the business datum of described pair of input carries out data markers, further include:System management messages are set,
The system management messages include at least one of following:Freeze Rule Information, destroy Rule Information, matched rule information, freeze
Policy information destroys policy information and user information;
After the progress data-frozen to the business datum, further include:Freeze business datum generation pair for described
That answers freezes record information.
A kind of computer readable storage medium, is stored thereon with computer program, can be with when which is executed by processor
The step of realizing the data destruction method in the embodiment of the present invention.
For electronic equipment, computer readable storage medium embodiment, since it is basicly similar to embodiment of the method,
So description is fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
Each embodiment in this specification is described by the way of progressive, the highlights of each of the examples are with
The difference of other embodiment, just to refer each other for identical similar part between each embodiment.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can be provided as method, system or calculate
Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can
With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code
The form of the computer program product of implementation.
The embodiment of the present invention be with reference to according to the method for the embodiment of the present invention, terminal device (system) and computer program
The flowchart and/or the block diagram of product describes.It should be understood that it can realize flowchart and/or the block diagram by computer program instructions
In each flow and/or block and flowchart and/or the block diagram in flow and/or box combination.These can be provided
Computer program instructions are set to all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals
Standby processor is to generate a machine so that is held by the processor of computer or other programmable data processing terminal equipments
Capable instruction generation is used to implement in one flow of flow chart or multiple flows and/or one box of block diagram or multiple boxes
The system for the function of specifying.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing terminal equipments
In the computer-readable memory to work in a specific way so that the instruction being stored in the computer-readable memory generates bag
The manufacture of instruction system is included, which realizes in one flow of flow chart or multiple flows and/or one side of block diagram
The function of being specified in frame or multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing terminal equipments so that
Series of operation steps is performed on computer or other programmable terminal equipments to generate computer implemented processing, thus
The instruction offer performed on computer or other programmable terminal equipments is used to implement in one flow of flow chart or multiple flows
And/or specified in one box of block diagram or multiple boxes function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, those skilled in the art once know base
This creative concept can then make these embodiments other change and modification.So appended claims are intended to be construed to
Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements are not only wrapped
Those elements are included, but also including other elements that are not explicitly listed or are further included as this process, method, article
Or the element that terminal device is intrinsic.In the absence of more restrictions, it is wanted by what sentence "including a ..." limited
Element, it is not excluded that also there are other identical elements in the process including the element, method, article or terminal device.
Above to a kind of data destruction method provided by the present invention, system, equipment and storage medium, detailed Jie has been carried out
It continues, specific case used herein is set forth the principle of the present invention and embodiment, and the explanation of above example is only
It is the method and its core concept for being used to help understand the present invention;Meanwhile for those of ordinary skill in the art, according to this hair
Bright thought, there will be changes in specific embodiments and applications, in conclusion this specification content should not manage
It solves as limitation of the present invention.
Claims (14)
1. a kind of data destruction method, which is characterized in that the described method includes:
Data markers are carried out to the business datum of input, generate the corresponding label information of the business datum;
The business datum is identified according to the label information, determines the corresponding data mode of the business datum;
When the data mode is abnormality, data jelly is carried out to the business datum according to the default policy information that freezes
Knot, obtains freezing business datum;
Destruction discriminating is carried out to the business datum of freezing, determines data to be destroyed;
Data destroying is carried out to the data to be destroyed.
2. it according to the method described in claim 1, it is characterized in that, further includes:
Analytical auditing is carried out according to the corresponding record information of the business datum, obtains analytical auditing as a result, wherein, the record
Information includes following at least one:Usage record information destroys record information and freezes to record information;
According to the analytical auditing as a result, being updated to the corresponding label information of the business datum.
3. method according to claim 1 or 2, which is characterized in that it is described that data destroying is carried out to the data to be destroyed,
Including:
According to default matched rule information, the corresponding data destroying mode of the data to be destroyed is matched, wherein, the data
Destruction mode includes:The soft destruction mode of data and data destroy mode firmly;
Data destroying is carried out to the data to be destroyed according to the data destroying mode, corresponding destroy is generated and records information.
4. it according to the method described in claim 2, it is characterized in that, further includes:
It is corresponding to the business datum to carry out authentication using user when the data mode is normal condition;
In authentication by rear, the business datum is supplied to described using user, generates corresponding usage record information.
5. according to the method described in claim 2, it is characterized in that, the abnormality includes:Frozen state, the method is also
Including:
Judge whether to need to carry out data defrosting to the business datum according to the default Rule Information that freezes;
If desired thaw to the business datum, then generate defrosting request, the business is removed according to the request of thawing
The corresponding frozen state of data generates corresponding thaw and records information and re-start data to the business datum after defrosting
Mark;
If need not thaw to the business datum, the business datum is determined as to freeze business datum, performs institute
It states and the business datum of freezing is carried out destroying the step of differentiating.
6. the method according to claim 2 or 4, which is characterized in that
Before the business datum of described pair of input carries out data markers, further include:System management messages, the system administration are set
Information includes at least one of following:Freeze Rule Information, destroy Rule Information, matched rule information, freeze policy information, destroy
Policy information and user information;
After the progress data-frozen to the business datum, further include:For it is described freeze business datum generation it is corresponding
Freeze to record information.
7. a kind of data destroying system, which is characterized in that including:
Data markers module for carrying out data markers to the business datum of input, generates the corresponding mark of the business datum
Information;
Data identification module for the business datum to be identified according to the label information, determines the business datum
Corresponding data mode;
Data-frozen module, for when the data mode be abnormality when, according to the default policy information that freezes to described
Business datum carries out data-frozen, obtains freezing business datum;And destruction discriminating is carried out to the business datum of freezing, really
Fixed data to be destroyed;
Data destroying module, for carrying out data destroying to the data to be destroyed.
8. system according to claim 7, which is characterized in that further include:Analytical auditing module;
The analytical auditing module for carrying out analytical auditing according to the corresponding record information of the business datum, is analyzed
Auditing result, wherein, the record information includes following at least one:Usage record information destroys record information and freezes to remember
Record information;
The data markers module is additionally operable to according to the analytical auditing as a result, to the corresponding label information of the business datum
It is updated.
9. the system according to claim 7 or 8, which is characterized in that the data destroying module includes:
Matched sub-block, for according to default matched rule information, matching the corresponding data destroying side of the data to be destroyed
Formula, wherein, the data destroying mode includes:The soft destruction mode of data and data destroy mode firmly;
Submodule is destroyed, for carrying out data destroying to the data to be destroyed according to the data destroying mode, generation corresponds to
Destruction record information.
10. system according to claim 8, which is characterized in that further include:Use module safely;
The safe handling module, for when the data mode be normal condition when, use corresponding to the business datum
User carries out authentication;And in authentication by rear, the business datum is supplied to described using user, generation
Corresponding usage record information.
11. system according to claim 8, which is characterized in that
The data identification module is additionally operable to, when the abnormality is frozen state, freeze Rule Information according to default
Judge whether to need to carry out data defrosting to the business datum;If desired thaw to the business datum, then generate solution
Freeze request, triggering the data markers module according to the request of thawing removes the corresponding frozen state of the business datum;If
It need not thaw to the business datum, then be determined as freezing business datum by the business datum, trigger the data
Freeze module perform it is described to it is described freeze business datum carry out destroy differentiate the step of;
The data markers module is additionally operable to remove the corresponding frozen state of the business datum, generates the corresponding record that thaws
Information and data markers are re-started to the business datum after defrosting.
12. the system according to claim 8 or 10, which is characterized in that further include:System management module;
The system management module, for setting system management messages, the system management messages include at least one of following:Freeze
Knot Rule Information destroys Rule Information, matched rule information, freezes policy information, destroys policy information and user information;
The data-frozen module is additionally operable to freeze that business datum generation is corresponding to be freezed to record information for described.
13. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that the processor realizes following steps when performing described program:
Data markers are carried out to the business datum of input, generate the corresponding label information of the business datum;
The business datum is identified according to the label information, determines the corresponding data mode of the business datum;
When the data mode is abnormality, data jelly is carried out to the business datum according to the default policy information that freezes
Knot, obtains freezing business datum;
Destruction discriminating is carried out to the business datum of freezing, determines data to be destroyed;
Data destroying is carried out to the data to be destroyed.
14. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The step of any one of claim 1 to 6 the method is realized during execution.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711436563.5A CN108121513B (en) | 2017-12-26 | 2017-12-26 | A kind of data destruction method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711436563.5A CN108121513B (en) | 2017-12-26 | 2017-12-26 | A kind of data destruction method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108121513A true CN108121513A (en) | 2018-06-05 |
| CN108121513B CN108121513B (en) | 2019-02-22 |
Family
ID=62231902
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711436563.5A Active CN108121513B (en) | 2017-12-26 | 2017-12-26 | A kind of data destruction method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108121513B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111787029A (en) * | 2020-07-29 | 2020-10-16 | 浙江德迅网络安全技术有限公司 | Advanced network security threat mitigation for https protocol deep monitoring |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103618693A (en) * | 2013-10-31 | 2014-03-05 | 中国航天科工集团第二研究院七〇六所 | A cloud manufacturing user data management and control method based on labels |
| CN103823830A (en) * | 2012-11-15 | 2014-05-28 | 国际商业机器公司 | Method and system for destruction of sensitive information |
| CN106020729A (en) * | 2016-05-25 | 2016-10-12 | 青岛海信移动通信技术股份有限公司 | Clearing method and device for multi-media data of mobile terminal |
| CN106529329A (en) * | 2016-10-11 | 2017-03-22 | 中国电子科技网络信息安全有限公司 | Desensitization system and desensitization method used for big data |
| CN106649587A (en) * | 2016-11-17 | 2017-05-10 | 国家电网公司 | High-security desensitization method based on big data information system |
| US20170194054A1 (en) * | 2014-10-13 | 2017-07-06 | Semiconductor Manufacturing International (Shanghai) Corporation | Eeprom backup method and device |
| CN106971007A (en) * | 2017-04-28 | 2017-07-21 | 成都优易数据有限公司 | A kind of data processing of utilization data structure control and data analysis framework |
| CN107241452A (en) * | 2017-08-15 | 2017-10-10 | 江苏北弓智能科技有限公司 | A kind of data destruct system and method for mobile terminal |
-
2017
- 2017-12-26 CN CN201711436563.5A patent/CN108121513B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103823830A (en) * | 2012-11-15 | 2014-05-28 | 国际商业机器公司 | Method and system for destruction of sensitive information |
| CN103618693A (en) * | 2013-10-31 | 2014-03-05 | 中国航天科工集团第二研究院七〇六所 | A cloud manufacturing user data management and control method based on labels |
| US20170194054A1 (en) * | 2014-10-13 | 2017-07-06 | Semiconductor Manufacturing International (Shanghai) Corporation | Eeprom backup method and device |
| CN106020729A (en) * | 2016-05-25 | 2016-10-12 | 青岛海信移动通信技术股份有限公司 | Clearing method and device for multi-media data of mobile terminal |
| CN106529329A (en) * | 2016-10-11 | 2017-03-22 | 中国电子科技网络信息安全有限公司 | Desensitization system and desensitization method used for big data |
| CN106649587A (en) * | 2016-11-17 | 2017-05-10 | 国家电网公司 | High-security desensitization method based on big data information system |
| CN106971007A (en) * | 2017-04-28 | 2017-07-21 | 成都优易数据有限公司 | A kind of data processing of utilization data structure control and data analysis framework |
| CN107241452A (en) * | 2017-08-15 | 2017-10-10 | 江苏北弓智能科技有限公司 | A kind of data destruct system and method for mobile terminal |
Non-Patent Citations (1)
| Title |
|---|
| 龚培培: "云端融合计算环境中的数据销毁机制", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111787029A (en) * | 2020-07-29 | 2020-10-16 | 浙江德迅网络安全技术有限公司 | Advanced network security threat mitigation for https protocol deep monitoring |
| CN111787029B (en) * | 2020-07-29 | 2023-03-17 | 浙江德迅网络安全技术有限公司 | Advanced network security threat mitigation for https protocol deep monitoring |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108121513B (en) | 2019-02-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110263585B (en) | Test supervision method, device, equipment and storage medium | |
| US8135135B2 (en) | Secure data protection during disasters | |
| US9049226B1 (en) | Defending against a cyber attack via asset overlay mapping | |
| CN111898148A (en) | Information supervision method and device based on block chain | |
| US20210124730A1 (en) | Blockchain based distributed file systems | |
| JP2006521608A (en) | Method and device for securely storing computer data | |
| CN102207951A (en) | Systems and/or methods for distributed data archiving | |
| CN110018924A (en) | A kind of file damage preventing method based on block chain and correcting and eleting codes | |
| CN205681457U (en) | A kind of data safety network gateway equipment with inherently safe defense function | |
| CN111125776A (en) | Operation data tamper-proofing method based on block chain | |
| CN107622390A (en) | System and method for the secure payment terminal of no battery | |
| CN104579632A (en) | Method and device for secure storage and retrieval of sensitive data in operation and maintenance system | |
| CN109936580A (en) | Password management services platform towards intelligent terminal and application system | |
| CN105427401A (en) | Device and method for recording electronic device detachment information | |
| CN107045605A (en) | A kind of real-time metrics method and device | |
| CN108121513B (en) | A kind of data destruction method and system | |
| CN113591144A (en) | Block chain-based electronic data long-term storage system and method | |
| US11868339B2 (en) | Blockchain based distributed file systems | |
| Ali et al. | Audit logs management and security-A survey | |
| CN105989482A (en) | Data encryption method | |
| CN106326769B (en) | A kind of field monitoring information processing unit | |
| CN108494797A (en) | Data monitoring and managing method, system, equipment and storage medium based on virtualization technology | |
| CN107229394A (en) | A kind of method and device of interface alarm | |
| CN115221136A (en) | Log tamper-proof verification system, method and device and computer equipment | |
| CN109783317A (en) | A kind of detection method around security management and control behavior |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |