CN111431896A - Data sharing method and system - Google Patents
Data sharing method and system Download PDFInfo
- Publication number
- CN111431896A CN111431896A CN202010202530.XA CN202010202530A CN111431896A CN 111431896 A CN111431896 A CN 111431896A CN 202010202530 A CN202010202530 A CN 202010202530A CN 111431896 A CN111431896 A CN 111431896A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- file
- data interaction
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 230000003993 interaction Effects 0.000 claims abstract description 136
- 238000004891 communication Methods 0.000 claims abstract description 28
- 230000008569 process Effects 0.000 claims abstract description 26
- 230000005540 biological transmission Effects 0.000 claims description 56
- 238000000605 extraction Methods 0.000 claims description 17
- 238000012544 monitoring process Methods 0.000 claims description 8
- 238000013475 authorization Methods 0.000 claims description 7
- 210000001503 joint Anatomy 0.000 claims description 6
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 230000002776 aggregation Effects 0.000 claims description 4
- 238000004220 aggregation Methods 0.000 claims description 4
- 238000012216 screening Methods 0.000 claims description 4
- 230000036541 health Effects 0.000 claims description 3
- 238000007726 management method Methods 0.000 abstract description 18
- 238000012795 verification Methods 0.000 abstract description 11
- 238000012550 audit Methods 0.000 abstract description 8
- 238000003860 storage Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 230000000977 initiatory effect Effects 0.000 description 5
- 238000009826 distribution Methods 0.000 description 4
- 239000000284 extract Substances 0.000 description 4
- 238000011160 research Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- TVZRAEYQIKYCPH-UHFFFAOYSA-N 3-(trimethylsilyl)propane-1-sulfonic acid Chemical compound C[Si](C)(C)CCCS(O)(=O)=O TVZRAEYQIKYCPH-UHFFFAOYSA-N 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000739 chaotic effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003862 health status Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention relates to a data sharing method and a system, and the data sharing method provided by the application comprises the following steps: receiving a data interaction request sent by a subsystem and/or a preset terminal; judging whether the request is legal or not based on a preset unified authority management system; if the judgment result is yes, responding to the request; in the data interaction process, protecting data through a signature algorithm; and finally, recording the operation of data interaction in a log center. Therefore, during data interaction, the authority is distributed to the subsystem and/or the preset terminal based on the unified authority management system, the request sent by the subsystem and/or the preset terminal is received and verified, and the request is responded only after the request passes verification, so that the authority control of data interaction is realized; and the operation record is recorded in the log center for subsequent security audit, so that the problems that in the prior art, data interaction is only carried out through a communication tool, and time limit control and security audit cannot be carried out are solved.
Description
Technical Field
The invention relates to the field of data interaction, in particular to a data sharing method and system.
Background
With the development of enterprises, the scale of an IT system is enlarged, data is generated more and more, the data is more and more important as production data, when the branches and office points of the enterprises are distributed all over the world, the enterprises need to issue various notifications, policy files and reports irregularly, and when daily data is transmitted among personnel in the enterprises, the enterprises need to ensure the information security of the data and efficiently share the data. It also becomes critical to address the data sharing issues facing the enterprise.
At present, a main file data sharing mode is to transmit and share files and data through a third-party communication tool or a self-developed communication tool, when information data interaction between departments inside a company is carried out, authority control and safety audit cannot be carried out, authority confusion is easily caused, so that the working efficiency is influenced, and the safety of the information data cannot be guaranteed in an information transmission process, so that a series of safety problems are easily caused.
Disclosure of Invention
In view of this, the present invention aims to overcome the defects of the prior art and provide a data sharing method and system, and the present invention adopts the following technical solutions:
a method for sharing data, comprising:
receiving a data interaction request sent by a subsystem and/or a preset terminal; the number of the subsystems and/or the preset terminals is at least two; the data interaction request is a request for performing data interaction with other subsystems and/or a preset terminal through a preset data transmission module;
judging whether the data interaction request is legal or not based on a preset unified authority management system;
if yes, responding to the data interaction request; when the data are interacted, the interacted data are protected through a signature algorithm;
the subsystem at least comprises: a big data system; the big data system is used for carrying out data interaction with other subsystems, acquiring data and carrying out screening and aggregation;
and pushing the operation record of the data interaction to a log center for recording.
Optionally, interaction is performed with each subsystem and/or a preset terminal based on a preset API.
Optionally, also include
The method comprises the steps of obtaining and scanning a file uploaded by a preset terminal, and checking the security of the file.
Optionally, when the file needs to be sent to a person outside the enterprise, the data sharing method further includes:
encrypting a file to be sent to obtain an encrypted file;
sending the encrypted file to personnel outside the enterprise through a communication mode;
and sending the decryption password of the encrypted file to personnel outside the enterprise through another communication mode.
Optionally, when the file needs to be sent to a person outside the enterprise, the data sharing method further includes:
generating a notice to be received and an extraction code of a file to be sent;
sending the notification to be received and the extraction code to personnel outside the enterprise; and logging in a preset system by an enterprise external person based on a preset account and a preset password, and extracting the file to be sent based on the extraction code.
A data sharing system, comprising: the device comprises a data transmission module, a file scanning module and a log module;
the data transmission module comprises a client and a server;
the server side is connected with different subsystems and preset terminals in a company in a butt joint mode, and the authorities of the different subsystems and the preset terminals are distributed in the data sharing system, so that a unified authority management system is established;
the client is used for the subsystem and/or the preset terminal to send a data interaction request to the data sharing system;
the data transmission module receives the data interaction request and judges the validity of the data interaction request; when the data interaction request is legal, responding to the data interaction request;
the file scanning module is connected with the data transmission module, and scans the file data received by the data sharing system to check the security of the file data;
the log module is connected with the data transmission module and used for receiving the data interaction operation record pushed by the data transmission module in the data interaction process.
Optionally, the system further comprises a message pushing module;
and the message pushing module is used for sending information to the personnel outside the enterprise by butting an external communication tool when the data receiver is the personnel outside the enterprise.
Optionally, the data transmission module client includes: a system transmission tool module and a system front-end interface module;
the system front-end interface module is connected with the data transmission tool module; the system front-end interface module is used for the subsystem and/or the preset terminal to initiate a data interaction request; and the system transmission tool module transmits the request to the server.
Optionally, the system further comprises an authentication authorization module;
the authentication authorization module is a trusted access gateway externally connected with a trust security system and used for authenticating the authority of the data interaction personnel.
Optionally, the system further comprises a monitoring module;
the monitoring module is used for detecting the health state of other modules in the data sharing system and giving an alarm when any one of the other modules of the data sharing system is abnormal.
This application adopts above technical scheme, has following beneficial effect:
the data sharing method provided by the application comprises the following steps: receiving a data interaction request sent by a subsystem and/or a preset terminal, judging the validity of the data interaction request based on a preset unified authority management system, carrying out data interaction after the data interaction request passes verification, protecting data in the data interaction process through a signature algorithm, and pushing an operation record of the data interaction to a log center for recording. By the arrangement, when data interaction is carried out between different departments in the company and between a preset terminal in the company and the system server, the data interaction request is verified through the unified authority management system, when the data interaction request is legal, the data interaction is executed, and when the data interaction request is not legal, that is, when the data interaction request initiator does not have the authority of the data interaction request, the data interaction request is not corresponded, thereby realizing the authority control inside the company, after the verification is passed, the data interaction process protects the data through a signature algorithm, and the operation records are pushed to a log center, so that subsequent security audit is facilitated, the security of data transmission is ensured, and the problem that authority control and security audit cannot be achieved when data transmission is carried out only through a third party or a self-developed communication tool in the prior art is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a data sharing method according to an embodiment of the present application;
FIG. 2 is a schematic structural diagram of a data sharing system according to an embodiment of the present application;
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus consistent with certain aspects of the present application, as detailed in the appended claims.
The communication tool who adopts third party communication or independently research and development carries out data transmission in the company at present, can only be through artificial upload file sending, and artificial receipt file, can not carry out other operations, can not carry out the management and control of authority to data transmission's staff when data transmission is carried out to needs, the business is chaotic, and the reason that the incident takes place is conveniently not found when the incident appears, can not carry out authority control and safety audit to the data file of transmission promptly, efficiency and the safety to work all have very big influence.
Examples
Fig. 1 is a flowchart of a data sharing method according to an embodiment of the present application. Referring to fig. 1, the data sharing method provided in this embodiment is applied to a data sharing system, and the data sharing method provided in this embodiment includes:
s101, receiving a data interaction request sent by a subsystem and/or a preset terminal; the number of the subsystems and/or the preset terminals is at least two; the data interaction request is a request for performing data interaction with other subsystems and/or a preset terminal through a preset data transmission module.
Specifically, data interaction among different subsystems is required inside an enterprise, wherein the subsystems comprise each application system, a big data system and the like, and the number of the subsystems is at least two because the data interaction is related to at least two parties.
It should be noted that the data interaction request sent by the subsystem and/or the preset terminal may be only request information, or may be a request carrying data, for example: a subsystem sends a data export request, wherein the data export request also carries a data file to be exported.
In practical application, the subsystems are IT systems inside a company, including a big data system and various application systems, and system export and import of data related between different subsystems are directly performed between systems of two interactive parties in the prior art, the data sharing method provided by the application uniformly receives and processes data interactive requests through a preset data sharing system, and further, when data interaction is performed between a preset terminal inside the company and other terminals inside the company, the preset data sharing system is used for correspondingly performing data interaction; therefore, a large number of data interaction requests can be processed in a centralized mode, unified authority distribution is carried out, and work safety and efficiency are improved.
S102, based on a preset unified authority management system, judging whether the data interaction request is legal or not.
Before receiving the data interaction request, different subsystems and/or preset terminals perform permission distribution through a unified permission management system, and manage data interaction permissions which can be performed by the different subsystems and/or the preset terminals; after receiving data interaction requests sent by different subsystems and/or preset terminals, judging the received data interaction requests according to a preset unified authority management system.
The judgment content comprises the following steps: the identity of a data interaction request initiating end and the corresponding relation between the authority corresponding to the identity and the request are judged, whether the request is legal or not is judged, if the judgment result is negative, namely the request initiating end does not have the authority of the request, a warning is sent out and the request cannot be executed, and when the request carries a data file, the carried data file is not received.
S103, if yes, responding to the data interaction request; and when data are interacted, the interacted data are protected through a signature algorithm.
Specifically, if the judgment result is yes, that is, the identity of the request initiating end has the authority of the related request is verified through a preset unified authority management system, the data interaction is performed according to the data interaction request.
The specific data interaction process is as follows: and docking the request object according to the data interaction request, transmitting the received data to the request object, or acquiring corresponding data from the request object according to the request, and transmitting the data to the request initiating end to complete data interaction. And in the data interaction process, monitoring and protecting the data interaction process through a signature algorithm.
The signature algorithm is an algorithm of digital signature, the security of data interaction is ensured by generating a section of digital string which can be generated only by a sender of information and cannot be forged by other people, the section of digital string is also an effective proof of the authenticity of the information sent by the sender of the information, the digital signature is an alphanumeric string which cannot be generated by other people and is generated by the sender, the information to be transmitted is processed through a one-way function to authenticate the information source and verify whether the information changes in the transmission process, and the data transmission security is protected. The three signature algorithms that are currently most widely used are: rabin signature, DSS signature, RSA signature.
The S104 subsystem at least comprises: a big data system; the big data system is used for carrying out data interaction with other subsystems, acquiring data and carrying out screening and aggregation.
In practical application, the big data system can be used as a common subsystem to receive and process requests sent by the big data system, and can also be used as a data interaction tool to receive requests of various application systems and/or preset terminals when receiving the requests of the subsystem and/or the preset terminals, the requests and data of different application systems and/or the preset terminals are rapidly screened and aggregated through the big data system, batch operation tasks are generated, and the screened and aggregated requests and data are processed. By using the big data system as an intermediate processing tool, the defect of large resource occupation in the process of sending a request and exporting data by each subsystem and/or preset terminal is avoided, and the performance and the availability of each subsystem and/or preset terminal are improved.
S105, pushing the operation record of data interaction to a log center for recording.
Specifically, in the data interaction process, all operation records may be pushed to the enterprise log center through a preset data sharing system or various open source message middleware to record all operations. The recorded content includes the identity of the operator of the data interaction, i.e. the operator, and the specific operations performed on the data, such as deleting and adding some content, modifying the content, importing and exporting the data, and so on. By recording the data interaction operation, the problem can be inquired where the problem appears in time after the safety problem occurs, and the safety of data interaction is guaranteed on the other hand.
The data sharing method provided by the application comprises the steps of receiving a data interaction request sent by a subsystem and/or a preset terminal; then, judging whether the data interaction request is legal or not based on a preset unified authority management system; if the judgment result is yes, responding to the data interaction request; when data interaction is carried out, the interacted data are protected through a signature algorithm; and finally, pushing the operation record of data interaction to a log center for recording. Therefore, when data interaction is carried out, data transmission interaction is not directly carried out through a third-party communication tool or a self-research communication tool as in the prior art, but a request sent by a subsystem and/or a preset terminal is received and judged based on a preset unified authority management system in a company, and the data interaction request is responded only after verification is passed, so that authority control on data interaction is achieved, data are protected through a signature algorithm in the data interaction process, all operation records are recorded through a log center and can be used for follow-up inquiry, and the problems that in the prior art, data transmission interaction is carried out only through the third-party communication tool or the self-research communication tool, and authority control and safety audit cannot be carried out on data interaction transmission are solved.
Further, for different subsystems and/or preset terminals, the data sharing method provided by the application interacts with each subsystem through a preset API to receive related requests and data.
Specifically, an API (Application Programming Interface) is a predefined function that is intended to provide applications and developers the ability to access a set of routines based on certain software or hardware, without accessing source code or understanding the details of internal working mechanisms. And the preset API is in butt joint with each subsystem to realize the access and interaction of data.
Further, in practical application, when the preset terminal uploads the data file to the internal system of the company, the data sharing method further includes acquiring and scanning the data file uploaded by the preset terminal, and checking the security of the data file.
It should be noted that the data sharing method provided by the present application is not only used for data interaction inside a company, but also used for data interaction with personnel outside the company. When a preset terminal relates to a company external device, namely, when a company external person and a company perform data interaction, authentication is required, after the external person and a company internal worker pass the authentication, a data interaction request to be performed is judged, if the data interaction request sent by the external person relates to an uploaded file, the uploaded file needs to be scanned, a scanning system can be docked through an API (application programming interface), the uploaded file is scanned through the scanning system, once a sensitive file such as a database file, a key configuration file or a virus Trojan file is found, a security policy is triggered and intercepted, and a supervisor or a custom group and a department of the data interaction person is informed through mail and message pushing immediately. Only when the scanning result is safe, the file is uploaded, so that the safety of the company when data interaction is carried out between the company interior and the company exterior is guaranteed, an internal system of the company is prevented from receiving unsafe files, and potential safety hazards are avoided.
Further, when data needs to be sent to a preset terminal outside the company, that is, a file needs to be sent to a person outside the company, the data sharing method further includes:
and encrypting the file to be sent to obtain an encrypted file.
And sending the encrypted file to personnel outside the enterprise through a communication mode.
And sending the decryption password of the encrypted file to personnel outside the enterprise through another communication mode.
It should be noted that when a file needs to be transmitted to an outsider of a company, operations such as encrypting the file and adding a watermark need to be performed, and the encryption method may adopt the current techniques, such as: the method comprises the following steps that an MD5 algorithm, a BASE64 algorithm, a DES algorithm, a PBE algorithm and the like are adopted, after file encryption is completed, an encrypted file is sent to personnel outside an enterprise through one communication mode, and then a decryption password of the encrypted file is sent to the personnel outside the enterprise through the other communication mode; for example, a mailbox may be used to send the encrypted file and a WeChat to send the decrypted password. In the whole process, the file and the message state can be tracked in real time, and after the unread state of the file is overtime, the receiving reminding message can be automatically sent. The security of data transmission is greatly guaranteed by using different communication modes to send the encrypted file and the decrypted password.
Further, when the confidential document needs to be sent to a preset terminal outside the company, that is, when the confidential document needs to be sent to a person outside the company, the data sharing method further includes:
and generating a to-be-received notification and an extraction code of the file to be sent.
Sending a notice to be received and an extraction code to personnel outside the enterprise; and logging in a preset data sharing system by an enterprise external person based on a preset account and a preset password, and extracting a file to be sent based on the extraction code.
It should be noted that, in practical applications, there are also confidential documents that need to be sent in a mode with a higher security factor, and for the confidential documents, the data sharing method provided in the present application generates only the notification to be received and the extraction code of the confidential documents, and sends the notification to be received and the extraction code to the preset terminal, that is, the receiver, so that the receiver can extract the confidential documents from the preset data sharing system through the notification to be received and the extraction code after receiving the confidential documents. When the receiver extracts the confidential document, the receiver is required to log in a preset data sharing system for identity verification. The confidential documents are stored inside the company, and an external receiver carries the notification to be received and the extraction code to log in the preset data sharing system and carries out identity verification, multiple identity verification and matching, so that the transmission security of the confidential documents is greatly improved.
Fig. 2 is a schematic structural diagram of a data sharing system according to an embodiment of the present application. Referring to fig. 2, the data sharing system provided in this embodiment includes: a data transfer module 201, a file scan module 202, and a log module 205.
The data transmission module 201 includes a client and a server.
The server side is connected with different subsystems and preset terminals in a company in a butt joint mode, the authorities of the different subsystems and the preset terminals are distributed in the data sharing system, and a unified authority management system is established.
Specifically, the server is in butt joint with a subsystem and a preset terminal in a company through a general API, and in the butt joint process, different subsystems and the preset terminal are subjected to permission distribution, namely different subsystems and preset terminals correspond to preset permissions, and unified verification is performed in a data sharing system, namely a unified permission management system. When the subsystem and/or the preset terminal sends out a data interaction request each time, the request and the authority are judged, and whether the subsystem and/or the preset terminal has the authority of the request is verified.
In practical applications, when the data sharing system interfaces with the subsystem, the big data system can also be used as a tool. Specifically, the server side firstly connects the big data system, performs data interaction with the big data system, generates batch operation tasks through the big data system, performs rapid screening and aggregation on a large amount of data, and reduces system resource occupation caused by the fact that each subsystem needs to export data, thereby improving performance and usability of each subsystem.
The client is used for the subsystem and/or the preset terminal to send a data interaction request to the data sharing system.
Specifically, the client includes a system front-end interface module 209 and a system transmission tool module 207, before the data interaction process, the client of the data sharing system is installed on the subsystem and/or the preset terminal, the subsystem and/or the preset terminal initiates a request of data interaction at the system front-end interface module 209 of the client, and the request is automatically transmitted to the server through the system transmission tool module 207.
The server side receives the data interaction request and judges the legality of the data interaction request; and when the data interaction request is legal, responding to the data interaction request.
Specifically, the server mainly includes a data export module 208, and the data export module 208 is connected to the system transmission tool module 207 and receives the data interaction request transmitted by the system transmission tool module 207. The data export module 208 judges the validity of the data request through the unified authority management system, and when the request is illegal, the data interaction is not executed, and a warning is given; when the request is legal, the data export module 208 connects to the request receiving system and/or the preset terminal, and obtains the requested data from the request receiving party and then transmits the requested data to the request sending party, or sends the data carried by the request to the request receiving party.
In practical application, a signature algorithm is also adopted to protect the data interaction process in the data interaction process, so that the safety of data transmission is improved.
The file scanning module 202 is connected to the data transmission module 201, and the file scanning module 202 scans file data received by the data sharing system to check the security of the file data.
Specifically, the data sharing system may be integrated with a third-party security scanning system or a plug-in through an API, when uploading a file is involved, the data sharing system receives the file first, analyzes and scans the file through a third-party security service, once a sensitive file, such as a database file, a key configuration file, or a virus trojan file, is found, a security policy is triggered and intercepted, and the data sharing system immediately notifies a supervisor of a data interaction person or a custom group or department through the mail and message push module 203; only after the file passes the scanning and no security threat is confirmed, the file is stored in the storage module 204, so that the file receiving security is guaranteed.
The log module 205 is connected to the data transmission module 201, and is configured to receive, during a data interaction process, an operation record of data interaction pushed by the data transmission module 201.
In practical application, in the interaction process of data, where the data is transmitted from, passes through which subsystems and/or preset terminals in the middle, is finally transmitted to, and is changed in the whole data transmission process, after a security problem occurs, the information can provide important basis for analyzing the problem and provide basis for determining a responsible person of the security problem, the data sharing system provided by the application pushes the information data to the log module 205 through the data transmission module 201 or through the connection of various open source message middleware, and the log module 205 receives and stores the information data for subsequent query.
In the data sharing system provided by the application, the data transmission module 201 comprises a client and a server, wherein the client is used for a subsystem and/or a preset terminal to initiate a data interaction request, the server is connected with the subsystem and the preset terminal inside a company, and performs authority distribution on the subsystem and the preset terminal to establish a unified authority management system; the subsystem and/or the preset terminal sends a data interaction request, the data sharing system firstly performs identity verification, then judges the authority of the request initiating terminal through the data transmission module 201, responds to the request to perform data interaction after the authority check is passed, protects the data through a signature algorithm in the data interaction process, and finally pushes the operation record to the log module 205 for recording for later checking of the data access modification process. So, accomplish through data transmission module 201 and can carry out authority management to the inside subsystem of company and preset terminal to protect data in data transmission process, increased the security of system, and through log module 205's setting, be convenient for provide inquiry function after the safety problem takes place, when having solved among the prior art and only carrying out data transmission through third party communication tool or self-research communication tool, can't carry out authority control and the problem of safety audit to data interaction.
In practical application, the data sharing system further includes a storage module 204, configured to store a data file in a data interaction process; the data sharing system can also be connected with various open source storage middleware and file storage systems through an API (application programming interface), so that the function of the storage module 204 is realized, and the system is more flexible.
Further, the data sharing system further includes a message pushing module 203.
The message pushing module 203 is used for sending information to the personnel outside the enterprise by interfacing with an external communication tool when the data interaction involves the personnel outside the enterprise.
When the data receiver is an external person of a company, the data to be sent needs to be encrypted to generate an encrypted file, and the encrypted file and the decryption password are sent to the receiver through the message pushing module 203.
Specifically, the data sharing system connects a third-party communication tool, such as a communication tool developed by a mail, a WeChat and/or a company independently, with the message pushing module 203, and then connects the message pushing module 203 with the data transmission module 201, so as to complete external interaction of data; the data sharing system encrypts data to be sent, processes and exports the data through a data transmission module 201 in the system, and sends an encrypted file and a decryption password generated by encryption to a receiver outside a company through a communication tool connected with a message pushing module 203.
In practical application, when a file to be sent is a confidential file with higher security requirement, the data sharing system only generates a notification to be received and an extraction code of the confidential file, the notification to be received and the extraction code are sent to a receiver through a communication tool butted by the message pushing module 203, and the receiver extracts the confidential file from the data sharing system after receiving the notification to be received and the extraction code; when the data sharing system extracts the confidential files, the data sharing system is logged in to verify the identity, and the confidential files can be extracted according to the extraction codes only after the identity is verified.
Further, the data sharing system further comprises an authentication authorization module.
The authentication authorization module is used for authenticating the authority of the data interaction personnel through a trusted access gateway externally connected with a trusted security system.
Specifically, the authentication authorization module is connected to the data transmission module 201, and when a data sharing system is used for a subsystem, a preset terminal and external personnel inside a company, login authentication needs to be performed, on one hand, data interaction personnel and/or the system need to log in at a client of the data transmission module 201 for verification, and on the other hand, the data sharing system communicates with a flexible API to interface trusted access gateways of various zero-trust security systems, so as to verify the identity and authority of a user and/or the system, and only after the verification is passed, the data sharing system can be used for data interaction. By docking the trusted access gateway, the security and flexibility of the data sharing system are increased.
The further data sharing system further comprises a monitoring module 206.
The monitoring module 206 is used for detecting the health status of other modules in the data sharing system and sending out an alarm when any other module of the system is abnormal.
Specifically, the monitoring module 206 is connected to other modules, monitors the working states of the other modules in real time, detects the health states of the other modules, and sends an alarm when any module in the data sharing system is abnormal, so that maintenance personnel can find problems in time and then handle the problems, thereby ensuring the normal operation of the data sharing system.
It is understood that the same or similar parts in the above embodiments may be mutually referred to, and the same or similar parts in other embodiments may be referred to for the content which is not described in detail in some embodiments.
It should be noted that, in the description of the present application, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In addition, in this document
In the description of the application, the meaning of "plurality" means at least two unless otherwise indicated.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and the scope of the preferred embodiments of the present application includes other implementations in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware that is related to instructions of a program, and the program may be stored in a computer-readable storage medium, and when executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.
Claims (10)
1. A method for sharing data, comprising:
receiving a data interaction request sent by a subsystem and/or a preset terminal; the number of the subsystems and/or the preset terminals is at least two; the data interaction request is a request for performing data interaction with other subsystems and/or a preset terminal through a preset data transmission module;
judging whether the data interaction request is legal or not based on a preset unified authority management system;
if yes, responding to the data interaction request; when the data are interacted, the interacted data are protected through a signature algorithm;
the subsystem at least comprises: a big data system; the big data system is used for carrying out data interaction with other subsystems, acquiring data and carrying out screening and aggregation;
and pushing the operation record of the data interaction to a log center for recording.
2. The data sharing method according to claim 1, wherein interaction with each of the subsystems and/or predetermined terminals is performed based on a predetermined API.
3. The data sharing method according to claim 1, further comprising
The method comprises the steps of obtaining and scanning a file uploaded by a preset terminal, and checking the security of the file.
4. The data sharing method according to claim 1, wherein when the file needs to be sent to a person outside the enterprise, the data sharing method further comprises:
encrypting a file to be sent to obtain an encrypted file;
sending the encrypted file to personnel outside the enterprise through a communication mode;
and sending the decryption password of the encrypted file to personnel outside the enterprise through another communication mode.
5. The data sharing method according to claim 1, wherein when the file needs to be sent to a person outside the enterprise, the data sharing method further comprises:
generating a notice to be received and an extraction code of a file to be sent;
sending the notification to be received and the extraction code to personnel outside the enterprise; and logging in a preset system by an enterprise external person based on a preset account and a preset password, and extracting the file to be sent based on the extraction code.
6. A data sharing system, comprising: the device comprises a data transmission module, a file scanning module and a log module;
the data transmission module comprises a client and a server;
the server side is connected with different subsystems and preset terminals in a company in a butt joint mode, and the authorities of the different subsystems and the preset terminals are distributed in the data sharing system, so that a unified authority management system is established;
the client is used for the subsystem and/or the preset terminal to send a data interaction request to the data sharing system;
the server receives the data interaction request and judges the validity of the data interaction request; when the data interaction request is legal, responding to the data interaction request;
the file scanning module is connected with the data transmission module, and scans the file data received by the data sharing system to check the security of the file data;
the log module is connected with the data transmission module and used for receiving the data interaction operation record pushed by the data transmission module in the data interaction process.
7. The data sharing system according to claim 6, further comprising a message push module;
and the message pushing module is used for sending information to the personnel outside the enterprise by butting an external communication tool when the data receiver is the personnel outside the enterprise.
8. The data sharing system according to claim 6, wherein the data transmission module client comprises: a system transmission tool module and a system front-end interface module;
the system front-end interface module is connected with the data transmission tool module; the system front-end interface module is used for the subsystem and/or the preset terminal to initiate a data interaction request; and the system transmission tool module transmits the request to the server.
9. The data sharing system according to claim 6, further comprising an authentication authorization module;
the authentication authorization module is a trusted access gateway externally connected with a trust security system and used for authenticating the authority of the data interaction personnel.
10. The data sharing system of claim 6, further comprising a monitoring module;
the monitoring module is used for detecting the health state of other modules in the data sharing system and giving an alarm when any one of the other modules of the data sharing system is abnormal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010202530.XA CN111431896A (en) | 2020-03-20 | 2020-03-20 | Data sharing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010202530.XA CN111431896A (en) | 2020-03-20 | 2020-03-20 | Data sharing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111431896A true CN111431896A (en) | 2020-07-17 |
Family
ID=71548326
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010202530.XA Pending CN111431896A (en) | 2020-03-20 | 2020-03-20 | Data sharing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111431896A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112306579A (en) * | 2020-11-12 | 2021-02-02 | 北京轩宇信息技术有限公司 | Data transmission system and method |
| CN112738167A (en) * | 2020-12-18 | 2021-04-30 | 福建新大陆软件工程有限公司 | File service opening method, device, equipment and medium based on API gateway |
| CN113037743A (en) * | 2021-03-05 | 2021-06-25 | 杭州奕锐电子有限公司 | Encryption method and system for cloud server file |
| CN115001872A (en) * | 2022-08-03 | 2022-09-02 | 深圳润方创新技术有限公司 | Electronic drawing board system for drawing by multiple persons and processing method |
| CN115510433A (en) * | 2022-11-04 | 2022-12-23 | 杭州未名信科科技有限公司 | Data open security visual supervision system, method and storage medium |
| CN115906142A (en) * | 2023-03-09 | 2023-04-04 | 广东维信智联科技有限公司 | Enterprise online interactive data management method |
| CN116866058A (en) * | 2023-07-29 | 2023-10-10 | 广州未来技术有限公司 | Data center safety management method |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350722A (en) * | 2008-07-24 | 2009-01-21 | 上海众恒信息产业有限公司 | Apparatus and method for controlling data security of information system |
| CN101369887A (en) * | 2007-08-13 | 2009-02-18 | 北京万网志成科技有限公司 | E-mail enciphered transmission method |
| CN103078960A (en) * | 2013-02-06 | 2013-05-01 | 杭州电子科技大学 | System for exchanging and sharing data of confidential electronic files |
| CN106027632A (en) * | 2016-05-16 | 2016-10-12 | 北京小米移动软件有限公司 | Data transmission method and device |
| CN107273725A (en) * | 2017-05-14 | 2017-10-20 | 四川盛世天成信息技术有限公司 | A kind of data back up method and system for classified information |
| CN109040070A (en) * | 2018-08-02 | 2018-12-18 | 深圳前海微众银行股份有限公司 | Document sending method, equipment and computer readable storage medium |
| CN110084048A (en) * | 2019-03-22 | 2019-08-02 | 福建省农村信用社联合社 | A kind of implementation method of bank's unified user management |
| CN110166403A (en) * | 2018-01-23 | 2019-08-23 | 广东七洲科技股份有限公司 | A kind of safety method of key and ciphertext separated transmission |
| CN110197058A (en) * | 2019-04-15 | 2019-09-03 | 杭州恩牛网络技术有限公司 | Unified internal control method for managing security, system, medium and electronic equipment |
| CN110430247A (en) * | 2019-07-15 | 2019-11-08 | 苏州市环亚数据技术有限公司 | A kind of resource management platform based on big data |
| CN110599327A (en) * | 2019-09-02 | 2019-12-20 | 四川新网银行股份有限公司 | Method for automatically generating and sending banking report |
| US20200050686A1 (en) * | 2018-08-13 | 2020-02-13 | Citrix Systems, Inc. | Distributed Security Analysis for Shared Content |
| CN110807210A (en) * | 2019-11-04 | 2020-02-18 | 北京联想协同科技有限公司 | Information processing method, platform, system and computer storage medium |
| CN110868397A (en) * | 2019-10-15 | 2020-03-06 | 中国直升机设计研究所 | Method and system for exchanging multipoint data of enterprise in different places |
-
2020
- 2020-03-20 CN CN202010202530.XA patent/CN111431896A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101369887A (en) * | 2007-08-13 | 2009-02-18 | 北京万网志成科技有限公司 | E-mail enciphered transmission method |
| CN101350722A (en) * | 2008-07-24 | 2009-01-21 | 上海众恒信息产业有限公司 | Apparatus and method for controlling data security of information system |
| CN103078960A (en) * | 2013-02-06 | 2013-05-01 | 杭州电子科技大学 | System for exchanging and sharing data of confidential electronic files |
| CN106027632A (en) * | 2016-05-16 | 2016-10-12 | 北京小米移动软件有限公司 | Data transmission method and device |
| CN107273725A (en) * | 2017-05-14 | 2017-10-20 | 四川盛世天成信息技术有限公司 | A kind of data back up method and system for classified information |
| CN110166403A (en) * | 2018-01-23 | 2019-08-23 | 广东七洲科技股份有限公司 | A kind of safety method of key and ciphertext separated transmission |
| CN109040070A (en) * | 2018-08-02 | 2018-12-18 | 深圳前海微众银行股份有限公司 | Document sending method, equipment and computer readable storage medium |
| US20200050686A1 (en) * | 2018-08-13 | 2020-02-13 | Citrix Systems, Inc. | Distributed Security Analysis for Shared Content |
| CN110084048A (en) * | 2019-03-22 | 2019-08-02 | 福建省农村信用社联合社 | A kind of implementation method of bank's unified user management |
| CN110197058A (en) * | 2019-04-15 | 2019-09-03 | 杭州恩牛网络技术有限公司 | Unified internal control method for managing security, system, medium and electronic equipment |
| CN110430247A (en) * | 2019-07-15 | 2019-11-08 | 苏州市环亚数据技术有限公司 | A kind of resource management platform based on big data |
| CN110599327A (en) * | 2019-09-02 | 2019-12-20 | 四川新网银行股份有限公司 | Method for automatically generating and sending banking report |
| CN110868397A (en) * | 2019-10-15 | 2020-03-06 | 中国直升机设计研究所 | Method and system for exchanging multipoint data of enterprise in different places |
| CN110807210A (en) * | 2019-11-04 | 2020-02-18 | 北京联想协同科技有限公司 | Information processing method, platform, system and computer storage medium |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112306579A (en) * | 2020-11-12 | 2021-02-02 | 北京轩宇信息技术有限公司 | Data transmission system and method |
| CN112306579B (en) * | 2020-11-12 | 2023-09-01 | 北京轩宇信息技术有限公司 | Data transmission system and method |
| CN112738167A (en) * | 2020-12-18 | 2021-04-30 | 福建新大陆软件工程有限公司 | File service opening method, device, equipment and medium based on API gateway |
| CN113037743A (en) * | 2021-03-05 | 2021-06-25 | 杭州奕锐电子有限公司 | Encryption method and system for cloud server file |
| CN115001872A (en) * | 2022-08-03 | 2022-09-02 | 深圳润方创新技术有限公司 | Electronic drawing board system for drawing by multiple persons and processing method |
| CN115510433A (en) * | 2022-11-04 | 2022-12-23 | 杭州未名信科科技有限公司 | Data open security visual supervision system, method and storage medium |
| CN115906142A (en) * | 2023-03-09 | 2023-04-04 | 广东维信智联科技有限公司 | Enterprise online interactive data management method |
| CN116866058A (en) * | 2023-07-29 | 2023-10-10 | 广州未来技术有限公司 | Data center safety management method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111431896A (en) | Data sharing method and system | |
| US11695555B2 (en) | Federated key management | |
| AU2017204853B2 (en) | Data security service | |
| US7716467B1 (en) | Encryption gateway service | |
| CA2899014C (en) | Policy enforcement with associated data | |
| US10210341B2 (en) | Delayed data access | |
| US11372993B2 (en) | Automatic key rotation | |
| US11902262B2 (en) | System and method for encryption, storage and transmission of digital information | |
| US10708244B2 (en) | System and method for encryption, storage and transmission of digital information | |
| CN107483495B (en) | Big data cluster host management method, management system and server | |
| CN115221538B (en) | Encryption method and system suitable for financial data | |
| US20130311385A1 (en) | Third Party Security Monitoring & Audit | |
| WO2021146801A1 (en) | Secure data transfer system | |
| CN103746899A (en) | Mail reading system and method | |
| CN116527365A (en) | System and method for realizing air traffic control heterogeneous data sharing | |
| CN114143222A (en) | Internet of things key equipment cloud testing method for typical application of smart city |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200717 |
|
| RJ01 | Rejection of invention patent application after publication |