CN109660579B - Data processing method and system and electronic equipment - Google Patents
Data processing method and system and electronic equipment Download PDFInfo
- Publication number
- CN109660579B CN109660579B CN201710943176.4A CN201710943176A CN109660579B CN 109660579 B CN109660579 B CN 109660579B CN 201710943176 A CN201710943176 A CN 201710943176A CN 109660579 B CN109660579 B CN 109660579B
- Authority
- CN
- China
- Prior art keywords
- data
- service platform
- cloud service
- accessed
- white list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a data processing method, a data processing system and electronic equipment. The method comprises the following steps: a software module deployed in a private network VPC initiates a data writing request, wherein the request comprises data to be written in a cloud service platform and resources to be accessed; the private network VPC sends a data writing request to a corresponding security tunnel according to a preset security group strategy; and the secure tunnel sends the data writing request to the cloud service platform according to the white list and the resources to be accessed, wherein the white list comprises the resources in the cloud service platform allowed to be accessed. According to the data processing method, the data processing system and the electronic equipment, the access (namely data writing request) of the software module deployed in the private network VPC is limited, and only the cloud resource pre-configured in the cloud service platform can be accessed, so that the data are always in the cloud account resource, and the problem of data privacy leakage caused by the fact that the data are written into the outside during the running of third-party software is avoided.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a data processing method and system, and an electronic device.
Background
The intelligent image management service provides a one-stop image data storage, management and intelligent analysis platform for terminal manufacturers, personal equipment manufacturers and the like of image data, and typical functions of the intelligent image management service comprise content analysis and retrieval capability, complete intelligent content management capability (such as photo face grouping) and real-time content processing and processing capability (such as format conversion of PPT and the like).
In the prior art, in order to provide rich functions, the intelligent image management service usually introduces software (i.e. third party software) capability of the leading manufacturers in the industry.
In the process of implementing the invention, the inventor finds that the prior art has at least the following defects: the introduced third-party software may write data to the outside during operation, which brings the problem of data privacy disclosure.
Disclosure of Invention
The embodiment of the invention provides a data processing method, a data processing system and electronic equipment, which are used for avoiding the problem of data privacy leakage caused by writing data into the outside during the running period of third-party software.
In one aspect, an embodiment of the present invention provides a data processing method, including: a software module deployed in a private network VPC initiates a data writing request, wherein the data writing request comprises data to be written into a cloud service platform and resources to be accessed; the private network VPC sends the write data request to a corresponding security tunnel according to a preset security group strategy; and the secure tunnel sends the data writing request to a cloud service platform according to a white list and the resources to be accessed, wherein the white list comprises the resources in the cloud service platform which are allowed to be accessed.
In another aspect, an embodiment of the present invention further provides a data processing system, including: the system comprises a private network VPC, a security tunnel and a cloud service platform, wherein a software module is deployed in the private network VPC; the software module is used for initiating a data writing request, wherein the data writing request comprises data to be written into the cloud service platform and resources to be accessed; the private network VPC is used for sending the write data request to the corresponding secure tunnel according to a preset security group strategy; and the secure tunnel is used for sending the data writing request to the cloud service platform according to a white list and the resource to be accessed, wherein the white list comprises the resource in the cloud service platform which is allowed to be accessed.
On the other hand, an embodiment of the present invention further provides an electronic device, including: a memory for storing a program; a processor, coupled to the memory, for executing the program for: controlling a software module deployed in a private network VPC to initiate a data writing request, wherein the data writing request comprises data to be written into a cloud service platform and resources to be accessed; controlling the special network VPC to send the write data request to a corresponding security tunnel according to a preset security group strategy; and controlling the secure tunnel to send the data writing request to a cloud service platform according to a white list and the resources to be accessed, wherein the white list comprises the resources in the cloud service platform allowed to be accessed.
According to the data processing method, the data processing system and the electronic equipment provided by the embodiment of the invention, the access (namely, data writing request) of the software module arranged in the private network VPC is limited to the designated security tunnel, and the designated security tunnel limits that the software module in the VPC can only access the cloud resources pre-configured in the cloud service platform, so that the data is always in the cloud account resources, and the problem of data privacy leakage caused by writing the data into the outside during the operation of third-party software is avoided.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a deployment architecture diagram of a data processing method according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating an embodiment of a data processing method according to the present invention;
FIG. 3 is a flow chart illustrating a data processing method according to another embodiment of the present invention;
FIG. 4 is a block diagram of an embodiment of a data processing system;
FIG. 5 is a diagram of a deployment architecture of the data processing system shown in FIG. 4;
FIG. 6 is a block diagram illustrating a data processing system according to another embodiment of the present invention;
fig. 7 is a schematic structural diagram of an embodiment of an electronic device provided in the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Description of related terms:
proprietary networks, Virtual Private Cloud, abbreviated VPC. The user-defined private network is created by the user based on the cloud service platform, and different private networks are completely and logically isolated. A user may create and manage cloud product instances, such as cloud Server (ECS) instances, Load balancing (SLB) instances, and cloud Database (RDS) instances, within a proprietary network created by the user.
The software module, which is specifically configured in the private network VPC and used for providing data to be written into the cloud service platform in the embodiment of the present invention, may specifically be a software module developed by a user, or may also be a third-party software module developed by another manufacturer.
Third-party Software modules, which are Software modules of other manufacturers deployed in the private network VPC, such as Independent Software developers (ISV) Software modules, are specifically dedicated to Software development, production, sale, and service.
The Security Group is a logical Group, is a virtual firewall, is composed of mutually trusted instances with the same Security protection requirements in the same Region (Region), can be used for setting network access control of a single or multiple ECS instances, and is an important network Security isolation means.
The network proxy module is used for providing a network proxy service, and is a special network service, which allows one network terminal (generally a client) to make an indirect connection with another network terminal (generally a server) through the service.
White list, in computer system, there are many software applied to black and white list rule, operation system, firewall, antivirus software, mail system, application software, etc. all of them are applied to control. After the white list is enabled, the request (or IP address, IP packet, mail, virus, URL address, etc.) listed in the white list can pass. The white list of the security tunnel comprises the resources in the cloud service platform which are allowed to be accessed.
The technical principle of the present invention is explained as follows:
fig. 1 is a deployment architecture diagram of a data processing method according to an embodiment of the present invention. As shown in fig. 1, the cloud account resources include a private network VPC in which a software module, for example, an independent developer software ISV software module, is deployed, a secure tunnel, and a cloud service platform. The software module initiates a data writing request, wherein the data writing request comprises data to be written into the cloud service platform and resources to be accessed. And the private network VPC sends the write data request to a corresponding security tunnel according to a preset security group strategy. The secure tunnel determines whether to send the data writing request to the cloud service platform according to a white list and the resources to be accessed, wherein the white list comprises the resources in the cloud service platform allowed to be accessed. And if the resource to be accessed is located in the white list, sending the data writing request to the cloud service platform, executing the data writing request by the cloud service platform, writing the data to be written into the cloud service platform into the resource to be accessed, and returning a response that the request is successful. And if the resource to be accessed is not located in the white list, refusing to send the data writing request to the cloud service platform, and returning a response of request error.
To sum up, according to the data processing method provided by the embodiment of the present invention, by limiting the access (i.e., data writing request) of the software module deployed in the private network VPC to the designated security tunnel, the designated security tunnel limits that the software module in the VPC can only access the cloud resources preconfigured in the cloud service platform, so that the data is always in the cloud account resources, and the problem of data privacy leakage caused by writing the data into the outside during the operation of the third-party software is avoided.
The above embodiments are illustrative of the technical principles of the embodiments of the present invention, and in order that those skilled in the art can clearly and accurately understand the technical solutions of the present invention, the technical solutions of the present invention will be described in detail with reference to the drawings and the specific embodiments.
Example one
Fig. 2 is a schematic flow chart of an embodiment of a data processing method provided in the present invention. The data processing method of the embodiment of the invention can be applied to the data processing system shown in fig. 1. As shown in fig. 2, the data processing method according to the embodiment of the present invention may specifically include:
s201, a software module deployed in the private network VPC initiates a data writing request, wherein the data writing request comprises data to be written into the cloud service platform and resources to be accessed.
Specifically, a software module deployed in the private network VPC initiates a data writing request through the private network VPC, where the data writing request includes data to be written into the cloud service platform and resources to be accessed.
S202, the private network VPC sends the data writing request to a corresponding security tunnel according to a preset security group strategy.
Specifically, the security policy is preset to allow all incoming accesses, restrict all outgoing accesses (i.e., write data requests), and only allow writes from the secure tunnel. And the private network VPC sends the data writing request initiated by the software module to a specified security tunnel according to a preset security group strategy. The private network VPC limits the access (namely, data writing request) of the software module to the designated security tunnel according to the preset security group strategy, namely, the data writing channel is limited, so that the normal operation of the software module is ensured.
S203, the secure tunnel sends the data writing request to the cloud service platform according to the white list and the resources to be accessed, wherein the white list comprises the resources in the cloud service platform which are allowed to be accessed.
Specifically, a white list is preconfigured in the secure tunnel, and the white list includes resources in the cloud service platform that are allowed to be accessed. After receiving a write data request sent by a private network VPC, the secure tunnel reads the white list and compares the white list with resources to be accessed in the write data request, so as to determine whether to send the write data request to the cloud service platform.
According to the data processing method provided by the embodiment of the invention, the access (namely, data writing request) of the software module deployed in the private network VPC is limited to the designated security tunnel, and the designated security tunnel limits that the software module in the VPC can only access the cloud resource pre-configured in the cloud service platform, so that the data is always in the cloud account resource, and the problem of data privacy leakage caused by the fact that the data is written into the outside during the running of third-party software is avoided.
Example two
Fig. 3 is a schematic flow chart of a data processing method according to another embodiment of the present invention. The data processing method according to the embodiment of the present invention is a specific implementation of the data processing method according to the embodiment shown in fig. 2, and can be applied to the data processing system shown in fig. 1. As shown in fig. 3, on the basis of the embodiment shown in fig. 2, the data processing method according to the embodiment of the present invention may specifically include:
s301, a software module deployed in the private network VPC initiates a data writing request, wherein the data writing request comprises data to be written into the cloud service platform and resources to be accessed.
S302, the private network VPC sends the data writing request to a corresponding security tunnel according to a preset security group strategy.
Specifically, steps S301 to S302 are the same as steps S201 to S202 in the embodiment shown in fig. 2, and are not described again here.
Step S203 in the embodiment shown in fig. 2 may specifically include the following steps S303-S305.
S303, the security tunnel judges whether the resource to be accessed is located in a white list. If yes, go on to step S304; if not, step S305 is executed.
S304, the secure tunnel sends the data writing request to the cloud service platform.
S305, the secure tunnel refuses to send the data writing request to the cloud service platform.
Specifically, the secure tunnel may also return a response of a request error in addition to rejecting sending the write data request to the cloud service platform.
Further, after step S304, the data processing method according to the embodiment of the present invention may further include the following steps:
s306, the cloud service platform executes the data writing request, and data to be written into the cloud service platform is written into the resources to be accessed.
Specifically, after receiving a data writing request sent by the secure tunnel, the cloud service platform executes the data writing request, and writes data to be written in the cloud service platform in the data writing request into a resource to be accessed. After the data is successfully written, a response that the request is successful can be returned.
Further, the secure tunnel may specifically include a network agent module and a control module. Correspondingly, step S203 in the embodiment shown in fig. 2 may specifically include the following steps: the network agent module calls a corresponding control module; and the control module reads the safety tunnel white list and sends a data writing request to the cloud service platform according to the white list and the resource to be accessed.
Wherein the secure tunnel may also specify access records for the auditing software module. The control module can also perform high-level protocol security detection (supporting seven-layer protocol detection) on the write data request, detect protocols such as HTTP/HTTPS/FTP and the like, analyze fields defined by the protocols and perform control according to the fields. The control module can perform deep packet detection on the data writing request, that is, perform content detection on the data writing request packet, for example, detect that the HTTP transmits a picture, and determine whether the requested content is sensitive content, for example, related to terrorism, thereby implementing finer-grained control.
Further, the resources to be accessed may specifically include, but are not limited to, any one or more of the following resources: data processing and storage systems such as object stores (e.g., S3 buckets), table stores, and database stores (e.g., dynamdb).
According to the data processing method provided by the embodiment of the invention, the access (namely, data writing request) of the software module deployed in the private network VPC is limited to the designated security tunnel, and the designated security tunnel limits that the software module in the VPC can only access the cloud resource pre-configured in the cloud service platform, so that the data is always in the cloud account resource, and the problem of data privacy leakage caused by the fact that the data is written into the outside during the running of third-party software is avoided.
EXAMPLE III
FIG. 4 is a block diagram of a data processing system according to an embodiment of the present invention. FIG. 5 is a diagram of a deployment architecture of the data processing system shown in FIG. 4. The data processing system of the embodiment of the invention can be used for executing the data processing method of the first embodiment. As shown in fig. 4 and 5, the data processing system according to the embodiment of the present invention may specifically include a private network VPC41, a secure tunnel 42, and a cloud service platform 43, where a software module 44 is deployed in the private network VPC 41.
The software module 44 is configured to initiate a data writing request, where the data writing request includes data to be written into the cloud service platform 43 and a resource to be accessed.
And the private network VPC41 is used for sending the write data request to the corresponding secure tunnel 42 according to the preset security group policy.
The secure tunnel 42 is configured to send the write data request to the cloud service platform 43 according to a white list and the resource to be accessed, where the white list includes the resource in the cloud service platform 43 that is allowed to be accessed.
Specifically, the specific process of implementing the functions of each component in the embodiment of the present invention may refer to the related description in the first embodiment, and details are not described herein again.
According to the data processing system, the access (namely data writing request) of the software module deployed in the private network VPC is limited to the designated security tunnel, and the designated security tunnel limits that the software module in the VPC can only access the cloud resource pre-configured in the cloud service platform, so that the data are always in the cloud account resource, and the problem of data privacy leakage caused by the fact that the data are written into the outside during the operation of third-party software is avoided.
Example four
FIG. 6 is a block diagram of a data processing system according to another embodiment of the present invention. FIG. 1 is a diagram of a deployment architecture of the data processing system shown in FIG. 6. The data processing system according to the embodiment of the present invention is a specific implementation manner of the data processing system according to the third embodiment, and can be used for executing the data processing method according to the second embodiment. As shown in fig. 1 and fig. 6, based on the third embodiment, the data processing system according to the third embodiment of the present invention may specifically include a private network VPC41, a secure tunnel 42, and a cloud service platform 43, where a software module 44 is deployed in the private network VPC41, and the secure tunnel 42 may specifically include a network agent module 61 and a control module 62.
And the network agent module 61 is used for calling the corresponding control module 62.
And the control module 62 is configured to read the security tunnel white list, and send the data writing request to the cloud service platform according to the white list and the resource to be accessed.
Further, the cloud service platform 43 may be specifically configured to: and executing the data writing request, and writing the data to be written into the cloud service platform 43 into the resource to be accessed.
Further, the secure tunnel 42 is specifically configured to: judging whether the resources to be accessed are located in a white list or not; if yes, the write data request is sent to the cloud service platform 43.
Further, the resources to be accessed may specifically include, but are not limited to, any one or more of the following resources: data processing and storage systems such as object stores (e.g., S3 buckets), table stores, and database stores (e.g., dynamdb).
Specifically, the specific process of implementing the functions of each component in the embodiment of the present invention may refer to the related description in the second embodiment, and details are not described herein again.
According to the data processing system, the access (namely data writing request) of the software module deployed in the private network VPC is limited to the designated security tunnel, and the designated security tunnel limits that the software module in the VPC can only access the cloud resource pre-configured in the cloud service platform, so that the data are always in the cloud account resource, and the problem of data privacy leakage caused by the fact that the data are written into the outside during the operation of third-party software is avoided.
EXAMPLE five
Having described the internal functions and structure of the data processing system, fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, as shown in fig. 7, in practice, the data processing system in the above embodiment may be implemented as an electronic device, and may include: a memory 71 and a processor 72.
The memory 71 stores programs.
In addition to the above-described programs, the memory 71 may also be configured to store other various data to support operations on the electronic device. Examples of such data include instructions for any application or method operating on the electronic device, such as an online shopping platform, an online merchant platform, phonebook data, messages, pictures, videos, and so forth.
The memory 71 may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
A processor 72, coupled to the memory 71, for executing programs in the memory 71 for:
controlling a software module deployed in a private network VPC to initiate a data writing request, wherein the data writing request comprises data to be written into a cloud service platform and resources to be accessed;
the control special network VPC sends a data writing request to a corresponding security tunnel according to a preset security group strategy;
and the control safety tunnel sends the data writing request to the cloud service platform according to a white list and the resources to be accessed, wherein the white list comprises the resources in the cloud service platform allowed to be accessed.
The above specific processing operations have been described in detail in the foregoing embodiments, and are not described again here.
Further, as shown in fig. 4, the electronic device may further include: communication components 73, power components 74, audio components 75, a display 76, and the like. Only some of the components are schematically shown in fig. 4, and the electronic device is not meant to include only the components shown in fig. 4.
The communication component 73 is configured to facilitate wired or wireless communication between the electronic device and other devices. The electronic device may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 73 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 73 further includes a Near Field Communication (NFC) module to facilitate short-range communication. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
A power supply component 74 provides power to the various components of the electronic device. The power components 74 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for an electronic device.
The audio component 75 is configured to output and/or input audio signals. For example, the audio component 75 includes a Microphone (MIC) configured to receive external audio signals when the electronic device is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signal may further be stored in a memory 71 or transmitted via a communication component 73. In some embodiments, audio assembly 75 also includes a speaker for outputting audio signals.
The display 76 includes a screen, which may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (11)
1. A data processing method, comprising:
a software module deployed in a private network VPC initiates a data writing request, wherein the data writing request comprises data to be written into a cloud service platform and resources to be accessed;
the private network VPC sends the write data request to a corresponding secure tunnel according to a preset security group policy, wherein the security group policy is to allow all access, restrict all access and only allow write from the secure tunnel;
and the secure tunnel sends the data writing request to a cloud service platform according to a white list and the resources to be accessed, wherein the white list comprises the resources in the cloud service platform which are allowed to be accessed.
2. The data processing method of claim 1, further comprising:
and the cloud service platform executes the data writing request and writes the data to be written into the cloud service platform into the resource to be accessed.
3. The data processing method of claim 1, wherein the sending, by the secure tunnel, the write data request to a cloud service platform according to a white list and the resource to be accessed comprises:
the safety tunnel judges whether the resource to be accessed is located in the white list or not;
and if so, sending the data writing request to the cloud service platform.
4. The data processing method of claim 1, wherein the secure tunnel comprises a network proxy module and a control module;
the secure tunnel sends the write data request to a cloud service platform according to a white list and the resource to be accessed, and the method comprises the following steps:
the network agent module calls a corresponding control module;
and the control module reads the white list of the secure tunnel and sends the write data request to the cloud service platform according to the white list and the resource to be accessed.
5. A data processing method according to any one of claims 1 to 4, wherein the resources to be accessed comprise any one or more of: an object store, a table store, and a database store.
6. A data processing system, comprising: the system comprises a private network VPC, a security tunnel and a cloud service platform, wherein a software module is deployed in the private network VPC;
the software module is used for initiating a data writing request, wherein the data writing request comprises data to be written into the cloud service platform and resources to be accessed;
the private network VPC is used for sending the write data request to the corresponding secure tunnel according to a preset security group policy, wherein the security group policy is to allow all access, restrict all access and only allow write-out from the secure tunnel;
and the secure tunnel is used for sending the data writing request to the cloud service platform according to a white list and the resource to be accessed, wherein the white list comprises the resource in the cloud service platform which is allowed to be accessed.
7. The data processing system of claim 6, wherein the cloud service platform is configured to:
and executing the data writing request, and writing the data to be written into the cloud service platform into the resource to be accessed.
8. The data processing system of claim 6, wherein the secure tunnel is specifically configured to:
judging whether the resource to be accessed is located in the white list or not;
and if so, sending the data writing request to the cloud service platform.
9. The data processing system of claim 6, wherein the secure tunnel comprises a network proxy module and a control module;
the network agent module is used for calling the corresponding control module;
the control module is configured to read the white list of the secure tunnel, and send the write data request to the cloud service platform according to the white list and the resource to be accessed.
10. A data processing system according to any one of claims 6 to 9, wherein the resources to be accessed include any one or more of: an object store, a table store, and a database store.
11. An electronic device, comprising:
a memory for storing a program;
a processor, coupled to the memory, for executing the program for:
controlling a software module deployed in a private network VPC to initiate a data writing request, wherein the data writing request comprises data to be written into a cloud service platform and resources to be accessed;
controlling the private network VPC to send the data writing request to a corresponding security tunnel according to a preset security group policy, wherein the security group policy is to allow all access, restrict all access and only allow writing from the security tunnel;
and controlling the secure tunnel to send the data writing request to a cloud service platform according to a white list and the resources to be accessed, wherein the white list comprises the resources in the cloud service platform allowed to be accessed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710943176.4A CN109660579B (en) | 2017-10-11 | 2017-10-11 | Data processing method and system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710943176.4A CN109660579B (en) | 2017-10-11 | 2017-10-11 | Data processing method and system and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109660579A CN109660579A (en) | 2019-04-19 |
| CN109660579B true CN109660579B (en) | 2022-02-25 |
Family
ID=66109689
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710943176.4A Active CN109660579B (en) | 2017-10-11 | 2017-10-11 | Data processing method and system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109660579B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111083166A (en) * | 2019-12-31 | 2020-04-28 | 紫光云(南京)数字技术有限公司 | Method and device for setting white list in cloud database and computer storage medium |
| CN112000540B (en) * | 2020-07-20 | 2024-07-05 | 中国建设银行股份有限公司 | Monitoring processing method, system, equipment and storage medium for distributed deployment product |
| CN114615008B (en) * | 2022-01-14 | 2023-08-08 | 苏州浪潮智能科技有限公司 | Method and device for controlling black-and-white lists of mass storage distributed system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101458666A (en) * | 2008-12-05 | 2009-06-17 | 北京安高科技有限公司 | Data access control method |
| CN102497632A (en) * | 2011-11-30 | 2012-06-13 | 北京百纳威尔科技有限公司 | Smart-phone-based webpage access control method, system and smart phone |
| CN102547400A (en) * | 2010-12-08 | 2012-07-04 | 中国科学院声学研究所 | Content security protection method of embedded television terminal system |
| CN102902909A (en) * | 2012-10-10 | 2013-01-30 | 北京奇虎科技有限公司 | System and method for preventing file from being tampered |
| CN105678183A (en) * | 2015-12-30 | 2016-06-15 | 青岛海信移动通信技术股份有限公司 | User data management method and device for intelligent terminal |
| CN105933886A (en) * | 2016-03-31 | 2016-09-07 | 宇龙计算机通信科技(深圳)有限公司 | ESIM number writing method, security system, ESIM number server and terminal |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9854444B2 (en) * | 2012-08-31 | 2017-12-26 | Xiaomi Inc. | Apparatus and methods for preventing information disclosure |
| CN102833346B (en) * | 2012-09-06 | 2015-12-02 | 上海海事大学 | Based on cloud sensitive data safety system and the method for storing metadata |
| CN103002029B (en) * | 2012-11-26 | 2016-12-21 | 北京百度网讯科技有限公司 | The management method of upper transmitting file, system and client |
| CN105429938B (en) * | 2015-10-23 | 2018-11-06 | 深圳前海达闼云端智能科技有限公司 | Resource allocation method and device |
| CN106572111B (en) * | 2016-11-09 | 2019-06-28 | 南京邮电大学 | A kind of privacy information towards big data issues the discovery method of exposure chain |
-
2017
- 2017-10-11 CN CN201710943176.4A patent/CN109660579B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101458666A (en) * | 2008-12-05 | 2009-06-17 | 北京安高科技有限公司 | Data access control method |
| CN102547400A (en) * | 2010-12-08 | 2012-07-04 | 中国科学院声学研究所 | Content security protection method of embedded television terminal system |
| CN102497632A (en) * | 2011-11-30 | 2012-06-13 | 北京百纳威尔科技有限公司 | Smart-phone-based webpage access control method, system and smart phone |
| CN102902909A (en) * | 2012-10-10 | 2013-01-30 | 北京奇虎科技有限公司 | System and method for preventing file from being tampered |
| CN105678183A (en) * | 2015-12-30 | 2016-06-15 | 青岛海信移动通信技术股份有限公司 | User data management method and device for intelligent terminal |
| CN105933886A (en) * | 2016-03-31 | 2016-09-07 | 宇龙计算机通信科技(深圳)有限公司 | ESIM number writing method, security system, ESIM number server and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109660579A (en) | 2019-04-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9697353B2 (en) | Method and device for intercepting call for service by application | |
| US9569607B2 (en) | Security verification method and apparatus | |
| US20130055387A1 (en) | Apparatus and method for providing security information on background process | |
| US20140365646A1 (en) | Network connection managing device, system and method | |
| CN109660579B (en) | Data processing method and system and electronic equipment | |
| WO2013182005A1 (en) | Method and device for use in intercepting call for service by application | |
| CN110362288B (en) | Same-screen control method, device, equipment and storage medium | |
| CN108090345B (en) | Linux system external command execution method and device | |
| CN113420007B (en) | Audit processing method and device for database access and electronic equipment | |
| CN108984234B (en) | Calling prompt method for mobile terminal and camera device | |
| CN103765936A (en) | Method and apparatus for privacy policy management | |
| WO2013189263A1 (en) | Method and device for monitoring api function scheduling in mobile terminal | |
| US20230254146A1 (en) | Cybersecurity guard for core network elements | |
| CN104580108A (en) | Information prompting method and system as well as server | |
| EP3477526B1 (en) | Method and system for securely controlling access to data | |
| CN111988314A (en) | System architecture and method for dynamically deploying network security service | |
| US10019582B1 (en) | Detecting application leaks | |
| CN110753909B (en) | Service scheduling method and device, computer equipment and computer readable storage medium | |
| KR102095666B1 (en) | Information input methods, devices, programs and storage media | |
| WO2017148337A1 (en) | Methods of providing and acquiring terminal service, device, and terminal | |
| CN110795149B (en) | Terminal platform operation method, device, equipment and readable storage medium | |
| CN114339628A (en) | Method, device, storage medium and product for sending 5G rich media message | |
| CN110336913B (en) | Method, equipment and computer readable medium for presenting call video in telephone call process | |
| CN114884685A (en) | Security management method of electronic device, electronic device and readable medium thereof | |
| CN109451152B (en) | Information transmission method and system based on mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |