CN108270735A - A kind of data leakage prevention method and equipment - Google Patents

A kind of data leakage prevention method and equipment Download PDF

Info

Publication number
CN108270735A
CN108270735A CN201611262407.7A CN201611262407A CN108270735A CN 108270735 A CN108270735 A CN 108270735A CN 201611262407 A CN201611262407 A CN 201611262407A CN 108270735 A CN108270735 A CN 108270735A
Authority
CN
China
Prior art keywords
data
request message
sensitive information
sensitive
legal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611262407.7A
Other languages
Chinese (zh)
Inventor
李佳
王永强
姚润刚
杨云辉
张晋瑜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Shanxi Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Shanxi Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Shanxi Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201611262407.7A priority Critical patent/CN108270735A/en
Publication of CN108270735A publication Critical patent/CN108270735A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a kind of leakage-preventing method and apparatus of data, for improving the safety of the data stored in server.The leakage-preventing method of data therein includes:The request message that receiving terminal apparatus is sent, the request message, which is used to indicate user, to be needed to be operated for data;According to the request message, the data are obtained, and the data are identified from server, to determine whether the data include sensitive information;Wherein, the server is used to store data;The sensitive information is needs information to be protected;If the data include the sensitive information, it is determined that whether the request message is legal;If the request message is legal, the operation in response to the request message is carried out to the data.

Description

A kind of data leakage prevention method and equipment
Technical field
The present invention relates to technical field of communication safety and comprising, more particularly to a kind of data leakage prevention method and equipment.
Background technology
At present, most of operation commercial city is by being mounted with that the server of data base management system provides data for application system Storage with inquiry etc. services, the server be, for example, full-text search server (Search On Lucene Replication, Solr).Usual user can access the server, and in the server by terminal device, such as personal computer (PC) Data operated.
In order to ensure the data safety between terminal device and server, at present, operator is put down by unified security management Platform, that is, collection certification (Authentication), account (Account), permission (Authorization), audit (Audit) in The platform of one, realizes the control to user access server.Unified security management platform is also referred to as 4A) platform, 4A platforms pair The control process of user access server is only based on network authenticating protocol and terminal device and server is caused to carry out mutual identity The process of certification.For example, phase is carried out by the mode terminal device and server of authentication secret based on network authenticating protocol Mutual authentication.However, this mode may lead to safety problem, for example, the private data of user is stored in server, These private datas, which may include identification card number of user etc., needs information to be protected.4A platforms are by authentication secret come to user Carry out authentication, then as long as these numbers that can be by terminal device to being stored in server by the user of certification According to the various operations of progress, such as download, be deleted or modified.However, present network platform safety is not very high, for into The key of row certification is likely to be stolen by illegal user, then illegal user can also be by terminal device to being stored in server These data carry out various operations, it is clear that the safety of data is relatively low.
Invention content
The embodiment of the present invention provides a kind of leakage-preventing method and apparatus of data, for improving the data stored in server Safety.
In a first aspect, one embodiment of the invention provides a kind of leakage-preventing method of data, the leakage-preventing method packet of data It includes:
The request message that receiving terminal apparatus is sent, the request message, which is used to indicate user, to be needed to be grasped for data Make;
According to the request message, the data are obtained, and the data are identified from server, it is described to determine Whether data include sensitive information;Wherein, the server is used to store data;The sensitive information is needs letter to be protected Breath;
If the data include the sensitive information, it is determined that whether the request message is legal;
If the request message is legal, the operation in response to the request message is carried out to the data.
Optionally, determine whether the request message is legal, including:
Determine whether the user for sending the request message is legal;Wherein, if the user is and the sensitive information pair One at least one validated user answered, it is determined that the request message is legal.
Optionally, the request message is operated for request for the sensitive information;Determine the request message It is whether legal, including:
Determine the operation whether be in the corresponding at least one valid operation of the sensitive information any one is legal Operation;Wherein, if the operation is any one valid operation at least one valid operation, it is determined that the request Message is legal.
Optionally, the method further includes:
Determine the sensitive grade of the sensitive information, the sensitivity grade is used to indicate the sensitive information should be shielded Importance;
According to the sensitive grade and the correspondence of sensitive grade and valid operation, determine corresponding with the data At least one valid operation.
Optionally, the data are identified, to determine whether the data include sensitive information, including:
Determine the classification of the user belonging to the data;
Corresponding sensitive information recognition rule is obtained according to the classification;
The data are identified according to the sensitive information recognition rule of acquisition, to determine whether the data wrap Include sensitive information.
Optionally, the data are identified, to determine whether the data include sensitive information, including:
Determine whether the data include sensitive identification;
If the data include the sensitive identification, it is determined that the data include sensitive information.
Second aspect, another embodiment of the present invention provide a kind of leakage-preventing equipment of data, the leakage-preventing equipment of data Including:
Receiving module, for the request message that receiving terminal apparatus is sent, the request message is used to indicate user's needs It is operated for data;
Identification module, for according to the request message, the data to be obtained, and know to the data from server Not, whether include sensitive information with the determining data;Wherein, the server is used to store data;The sensitive information is Need information to be protected;
Determining module, if including the sensitive information for the data, it is determined that whether the request message is legal;
Respond module if legal for the request message, is carried out in response to the request message data Operation.
Optionally, the determining module is used to determine whether the request message is legal, including:
Determine whether the user for sending the request message is legal;Wherein, if the user is and the sensitive information pair One at least one validated user answered, it is determined that the request message is legal.
Optionally, the request message is operated for request for the sensitive information;The determining module is used for Determine whether the request message is legal, including:
Determine the operation whether be in the corresponding at least one valid operation of the sensitive information any one is legal Operation;Wherein, if the operation is any one valid operation at least one valid operation, it is determined that the request Message is legal.
Optionally, the determining module is additionally operable to:
Determine the sensitive grade of the sensitive information, the sensitivity grade is used to indicate the sensitive information should be shielded Importance;
According to the sensitive grade and the correspondence of sensitive grade and valid operation, determine corresponding with the data At least one valid operation.
Optionally, the identification module is for being identified the data, to determine whether the data include sensitivity Information, including:
Determine the classification of the user belonging to the data;
Corresponding sensitive information recognition rule is obtained according to the classification;
The data are identified according to the sensitive information recognition rule of acquisition, to determine whether the data wrap Include sensitive information.
Optionally, the identification module is for being identified the data, to determine whether the data include sensitivity Information, including:
Determine whether the data include sensitive identification;
If the data include the sensitive identification, it is determined that the data include sensitive information.
It is first after the request message operated for data sent in receiving terminal apparatus in the embodiment of the present invention First judge whether the data that the request message is directed to include sensitive information, if including sensitive information, also to judge that the request disappears Whether breath is legal, if the request message is legal, just can data be carried out with the operation in response to request message.If that is, data packet Containing sensitive information, then illegal operation is filtered as possible, it is ensured that the operation for the data is valid operation, to ensure that server is deposited The safety of the data of storage reduces security risk.
Description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Inventive embodiments, for those of ordinary skill in the art, without creative efforts, can also be according to carrying The attached drawing of confession obtains other attached drawings.
Fig. 1 is the schematic diagram of data interaction system provided in an embodiment of the present invention;
Fig. 2 is the flow chart of data leakage prevention method provided in an embodiment of the present invention;
Fig. 3 is a kind of structure diagram of anti-data-leakage equipment provided in an embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction in the embodiment of the present invention Attached drawing, the technical solution in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only It is part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people Member's all other embodiments obtained without making creative work, shall fall within the protection scope of the present invention. In the case of not conflicting, the feature in embodiment and embodiment in the present invention mutually can be combined arbitrarily.Although it also, is flowing Logical order is shown in journey figure, but in some cases, can be performed with the sequence being different from herein shown or described by The step of.
In addition, the terms "and/or", only a kind of incidence relation for describing affiliated partner, represents there may be Three kinds of relationships, for example, A and/or B, can represent:Individualism A exists simultaneously A and B, these three situations of individualism B.Separately Outside, character "/" herein, in the case where not illustrating, it is a kind of relationship of "or" to typically represent forward-backward correlation object.
In the embodiment of the present invention, server can be the equipment for being mounted with data base management system, such as be mounted with 4A platforms Equipment, server can store data.In daily management mission, user can be by terminal device related to user In data storage to server, and the data stored to server are operated accordingly, as that can check in server The data of storage, the data that can also be stored in download server, to realize the management to data.User can be natural person, Can also be enterprise or administrative department etc..Terminal device can pass through smart mobile phone, personal computer (PC) or tablet electricity The equipment such as brain (PAD) are realized.
In existing data interaction system, in order to ensure to operate the data stored in server by validated user as possible, Third Party Authentication service trusty, such as kerberos server can be set between terminal device and server.Wherein, Tripartite's certificate server is also referred to as gateway server.Terminal device and server carry out mutual identity by gateway server to be recognized Card, only by gateway server certification by user could operate the data stored in server.Wherein, terminal device and Server can set multiple, and a gateway server can be set between multiple terminal devices and multiple servers, Multiple gateway servers can be set, if setting multiple gateway servers, then a gateway server can correspond to an end End equipment and a server can correspond to multiple terminal devices and multiple servers, and each terminal device can lead to It crosses one of gateway server and accesses multiple servers.
Fig. 1 is referred to, introduces a kind of application scenarios of the embodiment of the present invention.Fig. 1 show a kind of data interaction system, Include terminal device 101, gateway server 102 and server 103, Fig. 1 includes a terminal device with data interaction system 101st, for a gateway server 102 and a server 103.Terminal device 101 and server 103 can be taken by gateway Business device 102 carries out mutual identity authentication, if certification passes through, and terminal device 101 and server 103 can communicate.
In certification by rear, if user needs to write data into server 103, user's operation terminal device 101, by number According to gateway server 102 is first written, gateway server 102 by the data write service device 103 received, takes again per secondary gateway Business device 102 is write data into after server 103, can delete the data stored in gateway server 102.
In certification by rear, if user needs operation of modifying to the data of server 103, can also first be taken by gateway Device 102 be engaged in from the reading data of server 103, user sends operation instruction by terminal device 101 to gateway server 102 again, The operation instruction is used to indicate how gateway server 102 changes the data.Gateway server 102 receives the operation instruction Afterwards, the data are changed, and modification result is informed into terminal device 101 according to the operation instruction.Gateway server 102 carries out every time After modification operation, the data after the modification stored in gateway server 102 can be deleted.
In certification by rear, if user needs to carry out delete operation to the data of server 103, can also first be taken by gateway Device 102 be engaged in from the reading data of server 103, user sends operation instruction by terminal device 101 to gateway server 102 again, The operation instruction is used to indicate gateway server 102 and deletes the data.After gateway server 102 receives the operation instruction, according to The operation instruction deletes the data stored in gateway server 102, and informs terminal device 101 by result is deleted.Gateway takes It is engaged in after each progress delete operation of device 102, server 103 can be accessed, determine whether still store this in server 103 Data, if still storing the data in server 103, gateway server 102 indicates that server 103 is deleted for data addition Except label, deleted with recording the data by user.However the data practical not really deletion in server 103, so as to it After can reuse.
Technical solution provided in an embodiment of the present invention is introduced below in conjunction with the accompanying drawings, in the following description with shown in FIG. 1 For application scenarios.
Refer to Fig. 2, the embodiment of the present invention provides a kind of data leakage prevention method, this method by gateway server 102 It performs.The flow of this method is described as follows.
S201:The request message for being used to be operated for data that receiving terminal apparatus 101 is sent;
S202:According to request message, data are obtained, and data are identified from server 103, whether to determine data Including sensitive information;Wherein, server 103 is for storing data, and sensitive information is needs information to be protected;
S203:If data include sensitive information, it is determined that whether request message is legal;
S204:If request message is legal, the operation in response to request message is carried out to data.
When user needs to operate the data in server 103, by terminal device 101 to gateway server 102 send request message, which is the message operated for data.The request message can carry the mark of data Know, which can indicate the requested data of the request message, so that gateway server 102 is able to know that terminal device 101 Which data need to operate is, to obtain corresponding data from server 103.
In the embodiment of the present invention, since the data to be operated of terminal device 101 may not include sensitive information, it is also possible to Including sensitive information.If data do not include sensitive information, gateway server 102 obviously can directly respond the data In the operation of request message.And if data include sensitive information, if gateway server 102 directly responds data The operation of request message may result in serious error, such as change sensitive information.Therefore, after gateway server 102 obtains data, It is identified firstly the need of to data, to determine whether acquired data include sensitive information, however, it is determined that the data include quick Feel information, then further determine that whether request message is legal, to be carried out again to the data in the case where request message is legal In response to the operation of request message.User can thus be reached to carry out the data on server 103 by terminal device 101 The purpose of valid operation ensures the data safety that server 103 is stored as possible.
Sensitive information is needs information to be protected, and for different users, the data that server 103 is stored may differ Sample, the sensitive information that the data stored include may be also different.For example, if user is personal, then 103 institute of server The data of storage may include the relevant data of identity of user, such as the personal information of user, such as ID card No., it is also possible to Service content data including user, such as the network identity password of user.In these data, ID card No. may be sensitive Information.Alternatively, if user is enterprise, then the data that server 103 is stored may include management of enterprise operation data, such as look forward to Industry internal management data, such as financial data, it is also possible to including service operation service data, such as customer data etc., these numbers In, customer data may be sensitive information.In order to which relatively accurately data are identified, the embodiment of the present invention can be to clothes The data that business device 103 is stored can classify to data according to the classification of the user belonging to data.The classification of user can be with Including personal classification and enterprise sort, personal data and business data can be splitted data into according to the classification of user in this way Deng since the sensitive information included by different classes of data is also different, then gateway server 102 is directed to different classes of number According to being identified, based on recognition rule may also be different, in the embodiment of the present invention, knowledge based on gateway server 102 Rule is not known as sensitive information recognition rule.
Gateway server 102 can first determine the classification of the data, with according to the category before data are identified Corresponding sensitive information recognition rule is obtained, so as to which the data are identified in the sensitive information recognition rule further according to acquisition, To determine whether the data include sensitive information.
Sensitive information recognition rule can be understood as the recognition rule established in advance according to the classification of data, be situated between below It continues.
Refer to table 1, a kind of correspondence example of the table 1 for data category and sensitive information.As can be seen from Table 1 not Sensitive information corresponding to generic data is also different.In the embodiment of the present invention, the class of the user according to belonging to data Can not split data into four major class, i.e., user identity related data, user service content-data, user service derivative data and Management of enterprise operation data, as shown in table 1.Each classification can also include multiple subclass, and each subclass corresponds to phase The sensitive information answered, and corresponding corresponding sensitive information recognition rule.The correspondence of data category and sensitive information in table 1 It is exactly sensitive information recognition rule.
The correspondence of table 1, data category and sensitive information
In table 1, the data of each classification include the data of at least one subclass, and the data of each subclass are right A line sensitive information is answered, often row sensitive information includes at least one field.If server 103 stores data according to the form of table 1 The correspondence of classification and sensitive information, then if data belong to some classification, identify whether the data include under the category Corresponding certain field, if including certain field, then it is assumed that the data include sensitive information.It therefore, can be by a line every in table 1 Data category regards corresponding sensitive information recognition rule as with per the correspondence of a line sensitive information.Certain server 103 Field under sensitive information in table 1 can be added or be deleted, to change sensitive information recognition rule.
In possible embodiment, gateway server 102 obtains corresponding sensitive information recognition rule according to table 1, can be with Identify the field included by data, data include the field specified, such as name, driving license if identifying, then it is assumed that the data Including sensitive information.Certainly, it in order to more accurately determine whether data to be identified include sensitive information, determines to be identified After the classification of data, if identifying, field that data include not in the range of specified field, can also further determine to treat The subclass of the data of identification determines sensitive information recognition rule corresponding with subclass, so as to according to determining sensitive information Data are identified in recognition rule.If identifying, data include the field specified, such as vocal print, fingerprint, then can be true The fixed data include sensitive information.Certain table 1 is only illustrated, it is also possible to be identified the other feature included by data, not only be limited In field.
In the embodiment of the present invention, data that server 103 is stored directly store or pass through gateway Server 102 is stored again later by the identification of sensitive information recognition rule.If the data that server 103 is stored are to pass through net Server 102 is closed by being stored again after the identification of sensitive information recognition rule that is, user is write data by terminal device 101 Before server 103, the classification that gateway server 102 determines data is first passed through, corresponding sensitivity is obtained according to the classification of data Information recognition rule identifies data, by the data write service device after identification according still further to the sensitive information recognition rule of acquisition 103.Wherein, can be that the data add sensitive identification if data include sensitive information after gateway server 102 identifies data, The sensitive identification can be used to indicate that data include sensitive information.After gateway server 102 obtains data from server in this way, It can directly determine whether acquired data include sensitive identification, if including, then it is assured that acquired data packet Sensitive information is included, without data are identified by sensitive information recognition rule again, it is possible to reduce 101 He of terminal device Interaction time between gateway server 102.
It may include the data of identified mistake in the data that server 103 is stored, it is also possible to including no by knowing Other data.In the embodiment of the present invention, the data identified not over gateway server 102 that server 103 is stored are claimed For historical data.Server 103 in the embodiment of the present invention can be in the more idle time, such as -4 point of 2:00 AM, to history number It is identified according to by corresponding sensitive information recognition rule, and preserves the data after identification.Ensure server 103 as possible in this way On the data that are stored all identified, so as to which gateway server 102 does not need to again identify that the data of acquisition, to reduce The interaction time of gateway server 102 and terminal device 101 so that better user experience.Wherein, it is empty for server 103 Can be the accessed number of the server 103 less time between idle.
Gateway server 102 is after determining that acquired data include sensitive information, it may be determined that whether request message closes Method, so that in the case where request message is legal, the operation in response to request message is carried out to the data.Gateway clothes are described below How business device 102 determines whether request message is legal.
In the embodiment of the present invention, even if data include sensitive information, user may by the operation that terminal device 101 carries out It is for sensitive information, it is also possible to not be for sensitive information, if not for sensitive information, gateway server 102 can be with The operation that directly data are carried out in response to request message.And if user by the operation that terminal device 101 carries out is needle To the operation that sensitive information is carried out, if then gateway server 102 directly can to the operation of data progress response request message It can lead to serious error, such as change sensitive information.It therefore, first can be with after gateway server 102 receives request message Request message is determined whether for asking to be operated for sensitive information, if the request message is directed to sensitive letter for request Breath is operated, then can continue to determine whether request message is legal.
Request message described in the embodiment of the present invention is legal, refer to send request message user it is legal and/or with please It asks the corresponding operation of message legal, introduces separately below.
1st, determine whether the user for sending request message is legal.Wherein, if the user for sending request message is legal, it is determined that Request message is legal, otherwise determines that request message is illegal.
The embodiment of the present invention can identify different users by user account, as user steps on terminal device 101 Some platform is recorded, such as server or the platform of operator's offer, sends request message, then user needs to register on the platform Account be exactly user account.That is, the user described in the embodiment of the present invention, it can be understood as user account.For same ID card No., if user's first can check the ID card No., and user's second cannot check the ID card No., then It is considered that if send request message is user's first, request message is legal, please if send request message is user's second Ask message illegal.
A kind of validated user corresponding to sensitive information may only there are one, it is also possible to more than one is with sensitive information For Bank Account Number, it is generally recognized that any bank clerk can operate Bank Account Number, and non-banking work people Member cannot operate Bank Account Number, i.e., in this case, the corresponding validated user of sensitive information is with regard to more than one (arbitrary bank clerk).Gateway server 102 can set corresponding validated user, such as silver for these sensitive informations in advance Row staff.When gateway server 102 determines that request operation is for Bank Account Number, then gateway server 101 can be first First determine at least one validated user corresponding with sensitive information, if it is determined that the corresponding user of request message is at least one conjunction A validated user in method user, then can determine that the request message is legal, if it is not, so it is considered that request message It is illegal.Certainly, gateway server 102 can determine corresponding user by user account.
2nd, determine whether the requested operation of request message is legal.Wherein, if the requested operation of request message is legal, It determines that request message is legal, otherwise determines that request message is illegal.
Similarly, there are one a kind of possible of the valid operations corresponding to sensitive information, it is also possible to more than one.For example, Sensitive information is ID card No., and usual ID card No. is unique characterization personal identification, it is believed that may only check body Part card number, it is not possible to change ID card No., i.e., in this case, there are one the corresponding valid operations of sensitive information. For another example sensitive information is personal work unit, and usual individual can change jobs, and work unit changes also with possible, it is believed that Work unit can check incessantly, can also change, i.e., in this case, the corresponding valid operation of sensitive information is with regard to more than one It is a.Therefore, gateway server 102 can determine at least one valid operation corresponding with sensitive information first, if it is determined that please It is a valid operation at least one valid operation to ask the corresponding operation of message, then can determine that the request message closes Method.
In the embodiment of the present invention, the correspondence of sensitive information and valid operation, such gateway service can be established in advance Device 102 can according to the correspondence, determine at least one valid operation corresponding with sensitive information, may thereby determine that and Whether the corresponding operation of request message is one at least one valid operation.The embodiment of the present invention should be by according to sensitive information The significance level of protection establishes the correspondence of sensitive information and valid operation.Different sensitive informations is answered shielded important Degree may it is identical may also be different, the embodiment of the present invention can for each sensitive information according to answer shielded significance level come Establish corresponding sensitive grade, sensitive grade can be according to answering shielded significance level to divide from low to high, for example be divided into 1-4 grades, 1 grade then represents that corresponding sensitive information answers shielded significance level relatively low, and 4 grades then represent that corresponding sensitive information should Shielded significance level is higher, and such sensitive information and the correspondence of sensitive grade can be set up.Due to sensitivity Grade and data category all have correspondence with sensitive information, then the embodiment of the present invention can also be believed in data category with sensitive Sensitive information and the correspondence of sensitive grade are established on the basis of the correspondence of breath, that is, establishes data category, sensitive information And the correspondence between sensitive grade three, it is specific as shown in table 2.Table 2 is by taking sensitive grade includes 4 grades as an example, this sample hair Server 103 can only store the correspondence such as table 2 in bright embodiment, without storing sensitive information and sensitivity etc. respectively The correspondence of grade and the correspondence of data category and sensitive information reduce the data volume of storage.
Table 2, data category, sensitive information and sensitive grade correspondence
In table 2, the data of each classification include the data of at least one subclass, and the data of each subclass are right At least one sensitive information is answered, each sensitive information therein includes at least one field, wherein each field correspondence one is quick Feel grade.If server 103 stores the correspondence of data category, sensitive information and sensitive grade according to the form of table, that If the data of certain classification include certain field, which belongs at least one field that sensitive information includes, then can recognize It is exactly the corresponding sensitive grade of the data for the corresponding sensitive grade of the field.So as to which gateway server 102 can be true according to table 2 Fixed sensitive grade corresponding with data.Gateway server 102 in this way after sensitive grade corresponding with sensitive information is determined, Corresponding with data at least one can be determined according to the correspondence between sensitive grade and sensitive grade and valid operation A valid operation.
In the embodiment of the present invention, above two mode can also be used in combination to determine request message in gateway server 102 It is whether legal.That is, determine whether the user for sending request message is legal and determines whether operation corresponding with request message closes Method, if send request message user it is legal and it is corresponding with request message operation it is legal, it is determined that request message is legal, Otherwise, it determines request message is illegal.For certain sensitive informations, different users may have different operating rights, determine After user is legal, it is also necessary to the corresponding operation of request message is determined whether in the permission of user, if corresponding with request message Operation in the permission of user, then request message is legal.In this case, it is necessary to above two mode is combined, with More accurately determine whether request message is legal.
In the embodiment of the present invention, the valid operation for sensitive information sets corresponding control authority can include but is not limited to It is several below:Operating time, operation address, operating frequency etc., operating time can be understood as operating time of the user to data Section, operation address can be understood as terminal device 101 used by user Internet protocol (Internet Protocol, IP) address, operating frequency can be understood as number of operations of the user to data.
For example, by taking sensitive information includes Bank Account Number as an example, validated user is bank clerk, and bank clerk exists Some period by terminal device 101 to the Bank Account Number of server 103 carry out operation may be considered it is unreasonable.If Bank clerk sends request message for checking bank account in -4 point of 2:00 AM by terminal device, and the work of bank Make personnel's general work hours at night before 9 points, then it is considered that the operation in -4 this period of point of 2:00 AM can Can be unreasonable, then can think in this period bank clerk without the control for check operation Limit, then the embodiment of the present invention can be to set operating time range, such as the morning 8 to check that operation is further:00- evenings 9: 00, if operating time corresponding to request message not to check in the range of the operating time of operation setting, gateway server 102 It is assured that the request message is illegal.
Such as progress is just only had permission by section terminating equipment 101 for the possible user of some sensitive informations Modification.By taking sensitive information includes financial data as an example, user is only just had permission by fixed terminal device 101 to be repaiied Change.If so user operates in revocable terminal device 101, just do not have the permission for operation of modifying.It is so of the invention Embodiment can further set operation address permission, such as 192.168.1.101 to be operated for modification.The embodiment of the present invention can be with Being set in advance for server 103 allows the address range of operation, if there is user by terminal device 101 in server 103 Data are operated, then gateway server 102 obtain terminal device 101 IP address, with determine the IP address whether for Server 103 is set in the address range for allowing operation, if not existing, it may be considered that the user does not have operating right, gateway Server 102 is assured that the request message is illegal.
Such as if continually operated for some sensitive informations user, the possible operation is unreasonable.Believed with sensitivity For breath includes Bank Account Number, if the number that the Bank Account Number was merchandised in one day is more than 20 times, it is believed that may be other people Illegal transaction, i.e. number of operations are higher than threshold value, it is possible to which it is unreasonable to think the operation.So embodiment of the present invention For the valid operation corresponding to this sensitive information of Bank Account Number, operating frequency permission is further set.The embodiment of the present invention can be with Fixing each user in duration for some corresponding operation settings of some data on server 103 in advance allows time of operation Number, fixed duration can be pre-set durations, such as 1 day or other possible values, if same user is in fixation Set number is more than to the number of operations that the same data in server 103 carry out by terminal device 101 in duration, that Gateway server 102 can think that the user does not have operating right at this time, and gateway server 102 is assured that this please Ask message illegal, then gateway server 102 to the data without the operation in response to request message.
It, can be with after gateway server 102 carries out in response to the operation of request message data in the embodiment of the present invention Whether the data operated on detection service device 103 further include sensitive information, if the data operated further include sensitive information, This partial data can be handled accordingly, be described below.
For example, user carries out certain operation, such as delete operation by terminal device 101 to the data on server 103, use Family sends the request message that data are carried out with delete operation, gateway server by terminal device 101 to gateway server 102 After 102 verification delete operations are valid operation, so that it is determined that request message is legal, then gateway server 102 is to data The delete operation in response to request message is carried out, i.e. gateway server 102 deletes the data stored in gateway server 102. And after gateway server 102 carries out delete operation every time, server 103 can be accessed, determine in server 103 whether according to The data are so stored, if still storing the data in server 103, gateway server 102 indicates that server 103 should The state of data is set as deletion state, and label is deleted in for example, data addition, is deleted with recording the data by user.However The data are practical in server 103 not to delete really, to reuse later.
In the embodiment of the present invention, gateway server 102 can block what data were carried out if it is determined that request message is illegal Operation, can also export prompting message, which can be used for user gateway server 102 is prompted to block to data progress The reason of operation.Alternatively, gateway server 102 can also send alert message to administrator, to inform that administrator has illegal behaviour Make.
In the embodiment of the present invention, gateway server 102 is directed to what data were operated what receiving terminal apparatus 101 was sent After request message, both it can determine whether request message is legal by determining whether the user for sending request message is legal, It again can be by determining that operate corresponding with request message whether legal determines whether request message is legal, can be combined with two Person determines whether request message is legal, to filter illegal operation as possible, it is ensured that the operation for the data is valid operation, is subtracted Few security risk.The equipment that the embodiment of the present invention is provided is introduced below in conjunction with the accompanying drawings.
Fig. 3 is referred to, based on same inventive concept, one embodiment of the invention provides a kind of anti-data-leakage equipment, the number Include receiving module 301, identification module 302, determining module 303 and respond module 304 according to anti-leak equipment.
Wherein, receiving module 301 can be used for the request message of receiving terminal apparatus transmission, which is used to indicate User needs to be operated for data.
Identification module 302 can be used for according to request message, and data are obtained, and data are identified from server, with Determine whether data include sensitive information;Wherein, server is for storing data, and sensitive information is needs information to be protected.
If determining module 303 can be used for data and include sensitive information, it is determined that whether request message is legal.
If respond module 304 can be used for, request message is legal, and the operation in response to request message is carried out to data.
Optionally, determining module 303 is used to determine whether request message is legal, including:
Determine whether the user for sending request message is legal;Wherein, if user is corresponding with sensitive information at least one One in validated user, it is determined that request message is legal.
Optionally, request message is operated for request for sensitive information;Determining module 303 disappears for determining request Whether breath is legal, including:
Whether determining operation is any one valid operation in the corresponding at least one valid operation of sensitive information;Its In, if operation is any one valid operation at least one valid operation, it is determined that request message is legal.
Optionally, determining module 303 is additionally operable to:
Determine the sensitive grade of sensitive information, sensitive grade is used to indicate sensitive information and answers shielded importance;
According to sensitive grade and the correspondence of sensitive grade and valid operation, corresponding with data at least one is determined A valid operation.
Optionally, identification module 302 is for being identified data, to determine whether data include sensitive information, including:
Determine the classification of the user belonging to data;
Corresponding sensitive information recognition rule is obtained according to classification;
Data are identified according to the sensitive information recognition rule of acquisition, to determine whether data include sensitive information.
Optionally, identification module 302 is for being identified data, to determine whether data include sensitive information, including:
Determine whether data include sensitive identification;
If data include the sensitive identification, it is determined that data include sensitive information.
The anti-data-leakage equipment can be used for performing the method that embodiment shown in Fig. 2 is provided, for example, aforementioned Gateway server 102.Therefore the function that can be realized about each function module in the anti-data-leakage equipment, can refer to Fig. 2 Corresponding description in shown embodiment, seldom repeats.
In the embodiment of the present invention, after the request message operated for data sent in receiving terminal apparatus 101, It first determines whether the data that the request message is directed to include sensitive information, if including sensitive information, also to judge the request Whether message is legal, if the request message is legal, just can data be carried out with the operation in response to request message.If that is, data Comprising sensitive information, then illegal operation is filtered as possible, it is ensured that the operation for the data is valid operation, to ensure server The safety of 103 data stored reduces security risk.
It is apparent to those skilled in the art that for convenience and simplicity of description, only with above-mentioned each function The division progress of module, can be as needed and by above-mentioned function distribution by different function moulds for example, in practical application Block is completed, i.e., the internal structure of device is divided into different function modules, to complete all or part of work(described above Energy.The specific work process of the system, apparatus, and unit of foregoing description can refer to corresponding in preceding method embodiment Journey, details are not described herein.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the module or unit It divides, only a kind of division of logic function can have other dividing mode, such as multiple units or component in actual implementation It may be combined or can be integrated into another system or some features can be ignored or does not perform.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be the indirect coupling by some interfaces, device or unit It closes or communicates to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separate, be shown as unit The component shown may or may not be physical unit, you can be located at a place or can also be distributed to multiple In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme 's.
In addition, each functional unit in each embodiment of the application can be integrated in a processing unit, it can also That each unit is individually physically present, can also two or more units integrate in a unit.Above-mentioned integrated list The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is independent product sale or uses When, it can be stored in a computer read/write memory medium.Based on such understanding, the technical solution of the application is substantially The part to contribute in other words to the prior art or all or part of the technical solution can be in the form of software products It embodies, which is stored in a storage medium, is used including some instructions so that a computer It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) perform the application The all or part of step of embodiment the method.And aforementioned storage medium includes:General serial bus USB (Universal Serial Bus flash disk), mobile hard disk, read-only memory (Read-Only Memory, ROM), Random access memory (Random Access Memory, RAM), magnetic disc or CD etc. are various can to store program code Medium.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (12)

  1. A kind of 1. leakage-preventing method of data, which is characterized in that including:
    The request message that receiving terminal apparatus is sent, the request message, which is used to indicate user, to be needed to be operated for data;
    According to the request message, the data are obtained, and the data are identified from server, to determine the data Whether sensitive information is included;Wherein, the server is used to store data;The sensitive information is needs information to be protected;
    If the data include the sensitive information, it is determined that whether the request message is legal;
    If the request message is legal, the operation in response to the request message is carried out to the data.
  2. 2. the method as described in claim 1, which is characterized in that determine whether the request message is legal, including:
    Determine whether the user for sending the request message is legal;Wherein, if the user is corresponding with the sensitive information One at least one validated user, it is determined that the request message is legal.
  3. 3. the method as described in claim 1, which is characterized in that the request message for ask for the sensitive information into Row operation;Determine whether the request message is legal, including:
    Determine whether the operation is any one valid operation in the corresponding at least one valid operation of the sensitive information; Wherein, if the operation is any one valid operation at least one valid operation, it is determined that the request message It is legal.
  4. 4. method as claimed in claim 3, which is characterized in that the method further includes:
    Determine the sensitive grade of the sensitive information, the sensitivity grade be used to indicate the sensitive information answer it is shielded important Property;
    According to the sensitive grade and the correspondence of sensitive grade and valid operation, institute corresponding with the data is determined State at least one valid operation.
  5. 5. the method as described in claim 1-4 is any, which is characterized in that the data are identified, to determine the number According to whether include sensitive information, including:
    Determine the classification of the user belonging to the data;
    Corresponding sensitive information recognition rule is obtained according to the classification;
    The data are identified according to the sensitive information recognition rule of acquisition, to determine it is quick whether the data include Feel information.
  6. 6. the method as described in claim 1-4 is any, which is characterized in that the data are identified, to determine the number According to whether include sensitive information, including:
    Determine whether the data include sensitive identification;
    If the data include the sensitive identification, it is determined that the data include sensitive information.
  7. 7. a kind of leakage-preventing equipment of data, which is characterized in that including:
    Receiving module, for the request message that receiving terminal apparatus is sent, the request message, which is used to indicate user, to be needed to be directed to Data are operated;
    Identification module, for according to the request message, the data to be obtained, and the data are identified from server, To determine whether the data include sensitive information;Wherein, the server is used to store data;The sensitive information is needs The information of protection;
    Determining module, if including the sensitive information for the data, it is determined that whether the request message is legal;
    If legal for the request message, the operation in response to the request message is carried out to the data for respond module.
  8. 8. equipment as claimed in claim 7, which is characterized in that the determining module is used to determine whether the request message closes Method, including:
    Determine whether the user for sending the request message is legal;Wherein, if the user is corresponding with the sensitive information One at least one validated user, it is determined that the request message is legal.
  9. 9. equipment as claimed in claim 7, which is characterized in that the request message for ask for the sensitive information into Row operation;The determining module is used to determine whether the request message is legal, including:
    Determine whether the operation is any one valid operation in the corresponding at least one valid operation of the sensitive information; Wherein, if the operation is any one valid operation at least one valid operation, it is determined that the request message It is legal.
  10. 10. equipment as claimed in claim 8, which is characterized in that the determining module is additionally operable to:
    Determine the sensitive grade of the sensitive information, the sensitivity grade be used to indicate the sensitive information answer it is shielded important Property;
    According to the sensitive grade and the correspondence of sensitive grade and valid operation, institute corresponding with the data is determined State at least one valid operation.
  11. 11. the equipment as described in claim 7-10 is any, which is characterized in that the identification module is used to carry out the data Identification, to determine whether the data include sensitive information, including:
    Determine the classification of the user belonging to the data;
    Corresponding sensitive information recognition rule is obtained according to the classification;
    The data are identified according to the sensitive information recognition rule of acquisition, to determine it is quick whether the data include Feel information.
  12. 12. the equipment as described in claim 7-10 is any, which is characterized in that the identification module is used to carry out the data Identification, to determine whether the data include sensitive information, including:
    Determine whether the data include sensitive identification;
    If the data include the sensitive identification, it is determined that the data include sensitive information.
CN201611262407.7A 2016-12-31 2016-12-31 A kind of data leakage prevention method and equipment Pending CN108270735A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611262407.7A CN108270735A (en) 2016-12-31 2016-12-31 A kind of data leakage prevention method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611262407.7A CN108270735A (en) 2016-12-31 2016-12-31 A kind of data leakage prevention method and equipment

Publications (1)

Publication Number Publication Date
CN108270735A true CN108270735A (en) 2018-07-10

Family

ID=62755249

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611262407.7A Pending CN108270735A (en) 2016-12-31 2016-12-31 A kind of data leakage prevention method and equipment

Country Status (1)

Country Link
CN (1) CN108270735A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109672657A (en) * 2018-09-18 2019-04-23 平安科技(深圳)有限公司 Data managing method, device, equipment and storage medium
CN116049321A (en) * 2023-03-31 2023-05-02 北京比格大数据有限公司 Data calling method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102841902A (en) * 2011-06-23 2012-12-26 捷达世软件(深圳)有限公司 Database data management method and system
CN104506545A (en) * 2014-12-30 2015-04-08 北京奇虎科技有限公司 Data leakage prevention method and data leakage prevention device
CN104809405A (en) * 2015-04-24 2015-07-29 广东电网有限责任公司信息中心 Structural data asset leakage prevention method based on hierarchical classification
WO2016034068A1 (en) * 2014-09-03 2016-03-10 阿里巴巴集团控股有限公司 Sensitive information processing method, device, server and security determination system
CN105681276A (en) * 2015-12-25 2016-06-15 亿阳安全技术有限公司 Sensitive information leakage active monitoring and responsibility confirmation method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102841902A (en) * 2011-06-23 2012-12-26 捷达世软件(深圳)有限公司 Database data management method and system
WO2016034068A1 (en) * 2014-09-03 2016-03-10 阿里巴巴集团控股有限公司 Sensitive information processing method, device, server and security determination system
CN104506545A (en) * 2014-12-30 2015-04-08 北京奇虎科技有限公司 Data leakage prevention method and data leakage prevention device
CN104809405A (en) * 2015-04-24 2015-07-29 广东电网有限责任公司信息中心 Structural data asset leakage prevention method based on hierarchical classification
CN105681276A (en) * 2015-12-25 2016-06-15 亿阳安全技术有限公司 Sensitive information leakage active monitoring and responsibility confirmation method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109672657A (en) * 2018-09-18 2019-04-23 平安科技(深圳)有限公司 Data managing method, device, equipment and storage medium
CN116049321A (en) * 2023-03-31 2023-05-02 北京比格大数据有限公司 Data calling method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
EP3786871B1 (en) Vehicle-related information processing based on blockchain
AU2017350176A1 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
CN110766405B (en) Information processing method in digital asset certificate inheritance transfer and related device
CN105868970B (en) authentication method and electronic equipment
JP6153669B2 (en) System and method for communicating credentials
CN106850693A (en) The method and real-name authentication system of a kind of real-name authentication
CN105830079B (en) Authentication information managing system, authentication information managing equipment, program, recording medium and authentication information managing method
CN107918911A (en) System and method for performing safe web bank transaction
US10313371B2 (en) System and method for controlling and monitoring access to data processing applications
CN109493212A (en) Reference management method, device, electronic equipment and computer readable storage medium
CN108270735A (en) A kind of data leakage prevention method and equipment
JP5278256B2 (en) Card management system
CN109753574A (en) Determine electronics license checking method, system and storage medium that fulfilling needs
CN102393983A (en) Method for supporting alarm PIN (personal identification number), banking terminal, IC (integrated circuit) card and server
CN108234125A (en) For the system and method for authentication
CN108074186B (en) Health card account opening processing method and device
CN105007267A (en) Privacy protection method and device
CN114444048A (en) Feature management method, feature management device, computer equipment and storage medium
CN108491712B (en) Method and device for safely reading and writing hospital confidential documents
CN113297564A (en) Data security management method and device supporting hierarchical control
JP2004280245A (en) Information record carrier, password input system, and authentication system
WO2021098797A1 (en) Method of managing documents, user equipment, and non-transitory
TWI539323B (en) Personal data inventory system and method
KR101613664B1 (en) Security system reinforcing identification function on the electronic business using certificate
CN115206034B (en) Bank card data processing method and device, terminal equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180710