CN111815303A - Approval system for data file circulation - Google Patents

Approval system for data file circulation Download PDF

Info

Publication number
CN111815303A
CN111815303A CN202010946395.XA CN202010946395A CN111815303A CN 111815303 A CN111815303 A CN 111815303A CN 202010946395 A CN202010946395 A CN 202010946395A CN 111815303 A CN111815303 A CN 111815303A
Authority
CN
China
Prior art keywords
approval
module
examination
output
stage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010946395.XA
Other languages
Chinese (zh)
Inventor
杨湘渝
王海森
李芹芹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhixiang Technology Co Ltd
Original Assignee
Beijing Zhixiang Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhixiang Technology Co Ltd filed Critical Beijing Zhixiang Technology Co Ltd
Priority to CN202010946395.XA priority Critical patent/CN111815303A/en
Publication of CN111815303A publication Critical patent/CN111815303A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Abstract

The invention discloses an approval system for data file circulation, which comprises: a plurality of examination and approval modules that cascade each other, every examination and approval module correspondence sets up a first preset result, and every examination and approval module all includes: at least one policy rule execution module and a cascade rule execution module; each strategy rule execution module is correspondingly provided with at least one strategy condition and a second preset result, the strategy rule execution module is used for processing the approval request according to the strategy conditions to obtain a judgment result to be output of the current-stage approval module, each cascade rule execution module is correspondingly provided with a cascade rule, and the cascade rule execution module is used for outputting a final judgment result according to the corresponding cascade rule. By adopting the invention, any complex logic rule judgment system can be constructed by using a plurality of approval modules, and the logic processing capacity which is equal to the complex strategy rule which can be realized by program coding is provided.

Description

Approval system for data file circulation
Technical Field
The invention relates to the field of computer data security, in particular to an approval system for data file circulation.
Background
In a computer data security system, different protection zones are set based on a network segment isolation technology and can be used for managing and controlling data resource access of different security levels. The computing resources and data files within the protected area are only accessible by users authorized to access the protected area and are not accessible by unauthorized users. Meanwhile, the authorized user can only access and use the data file within the protection area, and the data file cannot be transferred to other areas outside the protection area.
However, in practical application scenarios, an authorized user often needs to transfer data files within a protected area to outside the protected area or into another protected area. In the related art, a system data security administrator is generally required to perform file transfer operations according to security regulations. In an environment with high security level requirements, the transfer application is also manually approved by the relevant approver.
Disclosure of Invention
The embodiment of the invention provides an approval system for data file circulation, which is used for solving the problem that in the prior art, the data circulation in different protection areas is complicated to approve.
The system for approving the data file circulation comprises the following components:
a plurality of examination and approval modules that cascade each other, every examination and approval module corresponds and sets up a first preset result, every examination and approval module all includes: at least one policy rule execution module and a cascade rule execution module;
each policy rule execution module is correspondingly provided with at least one policy condition and a second preset result, and the policy rule execution module is used for:
when the approval request meets all policy conditions of the current policy rule execution module, taking a second preset result corresponding to the current policy rule execution module as a judgment result to be output of the current-stage approval module;
when the approval request does not meet all the strategy conditions of the current strategy rule execution module, transferring the approval request to the next-stage strategy rule execution module for approval or taking a first preset result corresponding to the current-stage approval module as a judgment result to be output of the current-stage approval module;
the to-be-output judgment result comprises: approval is passed or refused;
each cascade rule execution module is correspondingly provided with a cascade rule and is used for outputting a final judgment result according to the corresponding cascade rule;
the cascading rules include:
when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are passed, switching to the examination and approval module at the next stage, and when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are rejected, outputting approval rejection; alternatively, the first and second electrodes may be,
when the judgment result to be output of the current-stage approval module is approval refusal, switching to the next-stage approval module, and when the judgment result to be output of the current-stage approval module is approval passing, outputting approval passing; alternatively, the first and second electrodes may be,
no matter what the judgment result to be output of the examination and approval module at the current stage is, the next examination and approval module is switched to.
According to some embodiments of the invention, at least one of the policy conditions comprises:
whether the sender of the approval request is in a specified user list;
whether the sender of the approval request belongs to a specified user group list;
whether the data file to be transferred in the approval request belongs to a specified file type list or not;
whether the number of the data files to be transferred in the approval request is within a specified number range or not is judged;
whether the size of a single data file to be transferred in the approval request is within a specified numerical range or not is judged;
a date range within which the policy rule enforcement module takes effect;
whether the approval request occurs within a set period of time.
According to some embodiments of the invention, the concatenation rule further comprises:
when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are passed, manual examination and approval are switched to, and when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are rejected, examination and approval rejection is output; alternatively, the first and second electrodes may be,
when the judgment result to be output of the examination and approval module at the current stage is examination and approval refusal, manual examination and approval are switched in, and when the judgment result to be output of the examination and approval module at the current stage is examination and approval pass, examination and approval pass is output; alternatively, the first and second electrodes may be,
and (4) turning to manual examination and approval no matter what the judgment result to be output of the examination and approval module at the current stage is.
According to some embodiments of the invention, the approval system further comprises:
and the analysis module is used for determining the number of judgment results according to preset data file circulation safety rules so as to determine the number of the approval modules, correspondingly setting a corresponding first preset result for each approval module, setting a corresponding cascade rule for each cascade rule execution module in the approval modules, and setting a corresponding strategy condition and a second preset result for each strategy rule execution module in each approval module.
By adopting the embodiment of the invention, through setting different policy rules and cascade rules, any complex logic rule judgment system can be constructed by using a plurality of approval modules, the setting method is simple and clear, the method is very suitable for converting the security policy described by general semantics into an execution system capable of being actually operated, the logic processing capacity equivalent to the complex policy rules which can be realized by program coding is provided, the functionality and the usability of the file transfer security approval system are greatly enhanced, the concise and clear user interface is convenient to design, and a visual security policy configuration tool is provided for a system user.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. In the drawings:
FIG. 1 is a schematic structural diagram of an approval system for data file circulation according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of an approval system for data file circulation according to an embodiment of the present invention;
FIG. 3 is a block diagram of a policy rule enforcement module according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
As shown in fig. 1, an approval system for data file circulation according to an embodiment of the present invention includes:
the plurality of examination and approval modules which are cascaded mutually can be understood that the plurality of examination and approval modules have a sequence in the examination and approval process, and the examination and approval request is firstly examined and approved in the first-stage examination and approval module and then is sequentially transmitted to the next-stage examination and approval module until a judgment result can be output. Every module of approving corresponds and sets up a first preset result, and every module of approving all includes: at least one policy rule execution module and a cascade rule execution module; here, at least one policy rule execution module also has a sequence in the process of approval, and the approval request is firstly approved in the first-stage policy rule execution module and then is sequentially transmitted to the next-stage policy rule execution module until the decision result to be output can be output.
Each strategy rule execution module is correspondingly provided with at least one strategy condition and a second preset result, and the strategy rule execution module is used for:
when the approval request meets all policy conditions of the current policy rule execution module, taking a second preset result corresponding to the current policy rule execution module as a judgment result to be output of the current-stage approval module;
when the approval request does not meet all the strategy conditions of the current strategy rule execution module, the approval request is transferred to the next-stage strategy rule execution module for approval or a first preset result corresponding to the current-stage approval module is used as a judgment result to be output of the current-stage approval module;
the judgment result to be output comprises: approval is passed or refused;
each cascade rule execution module is correspondingly provided with a cascade rule and is used for outputting a final judgment result according to the corresponding cascade rule;
the cascading rules include:
when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are passed, switching to the examination and approval module at the next stage, and when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are rejected, outputting approval rejection; alternatively, the first and second electrodes may be,
when the judgment result to be output of the current-stage approval module is approval refusal, switching to the next-stage approval module, and when the judgment result to be output of the current-stage approval module is approval passing, outputting approval passing; alternatively, the first and second electrodes may be,
no matter what the judgment result to be output of the examination and approval module at the current stage is, the next examination and approval module is switched to.
By adopting the embodiment of the invention, through setting different policy rules and cascade rules, any complex logic rule judgment system can be constructed by using a plurality of approval modules, the setting method is simple and clear, the method is very suitable for converting the security policy described by general semantics into an execution system capable of being actually operated, the logic processing capacity equivalent to the complex policy rules which can be realized by program coding is provided, the functionality and the usability of the file transfer security approval system are greatly enhanced, the concise and clear user interface is convenient to design, and a visual security policy configuration tool is provided for a system user.
On the basis of the above-described embodiment, various modified embodiments are further proposed, and it is to be noted herein that, in order to make the description brief, only the differences from the above-described embodiment are described in the various modified embodiments.
According to some embodiments of the invention, the at least one policy condition comprises at least one of:
whether the sender of the approval request is in a specified user list;
whether the sender of the approval request belongs to a specified user group list;
whether the data file to be transferred in the approval request belongs to a specified file type list or not;
whether the number of the data files to be transferred in the approval request is within a specified number range or not is judged;
whether the size of a single data file to be transferred in the approval request is within a specified numerical range or not is examined;
a date range within which the policy rule enforcement module takes effect;
whether the approval request occurs within a set period of time.
It should be noted that the policy condition may also be set as other conditions, and may be specifically set according to actual approval requirements, and the above conditions are merely examples and are not limitations of the embodiments of the present invention.
According to some embodiments of the invention, the concatenation rule may further comprise:
when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are passed, manual examination and approval are switched to, and when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are rejected, examination and approval rejection is output; alternatively, the first and second electrodes may be,
when the judgment result to be output of the examination and approval module at the current stage is examination and approval refusal, manual examination and approval are switched in, and when the judgment result to be output of the examination and approval module at the current stage is examination and approval pass, examination and approval pass is output; alternatively, the first and second electrodes may be,
and (4) turning to manual examination and approval no matter what the judgment result to be output of the examination and approval module at the current stage is.
According to some embodiments of the invention, the approval system further comprises:
and the analysis module is used for determining the number of judgment results according to preset data file circulation safety rules so as to determine the number of the approval modules, correspondingly setting a corresponding first preset result for each approval module, setting a corresponding cascade rule for each cascade rule execution module in the approval modules, and setting a corresponding strategy condition and a second preset result for each strategy rule execution module in each approval module.
The following describes in detail an approval system for data file circulation according to an embodiment of the present invention in a specific embodiment with reference to fig. 1 to 3. It is to be understood that the following description is illustrative only and is not intended to be in any way limiting. All similar structures and similar variations thereof adopted by the invention are intended to fall within the scope of the invention.
The traditional inspection task processing system can only compare a plurality of attributes of an inspection object with a policy rule to determine the conformity of the inspection object, establish an inspection task according to the inspection result and carry out the inspection work by an inspection task executive staff. Different security systems have different security policies, which relate to the user attribute of the application submitter, the operation time, the file attribute to be transferred, the transfer destination, the approval process and the like.
In a complex security management scenario, multiple security policies may be enforced simultaneously, and different logical decision relationships may be employed. Such as all security policies being passed to be allowed, or any security policy being passed to be allowed, etc. The execution priority of different security policies also differs, as do the expected execution rules when different security policies meet or violate. The complexity and diversity of the decision conditions and logic of the approval strategy make the traditional examination task processing system difficult to adapt to the requirement of the application approval strategy in the field of data security. The inbound/outbound rule processing mechanism adopted by the firewall and other systems can only set respective independent white list or black list rules, and the rules cannot be combined, so that complex policy rule execution logic is difficult to form. When the prior art is used for solving the problem, only corresponding policy processing program codes can be written for specific application scenes to realize complex approval policy logic, so that the development and maintenance cost of a system is increased undoubtedly, the use of a system user is inconvenient, and the system is difficult to adapt to occasions where policy rules need to be adjusted and modified frequently.
As shown in fig. 1, the present invention provides an approval system for data file circulation, which is composed of a plurality of cascaded approval modules. Each approval module processes the input approval request according to the set strategy rule to obtain the judgment result to be output of the current stage, and directly obtains the final judgment result according to the set cascade mode, or transmits the final judgment result to the next stage approval module or the manual approval execution module.
Each approval module can set a plurality of respective strategy rules, the strategy rules cover various attribute definitions related to file circulation in a data security scene, and the plurality of strategy rules can be combined into complex strategy logic. Multiple approval modules and/or manual approval modules can be used for constructing a system with any complex policy rule logic in a plurality of cascading modes.
The examination and approval module can be configured into an application mode of directly outputting a judgment result, and can also be used as a front module for manual examination and approval to preprocess examination and approval input, so that preprocessing information is generated to be referred by manual examination and approval executive personnel, and the manual examination and approval work is simplified.
Specifically, the approval module comprises: a plurality of policy rule enforcement modules and a cascading rule enforcement module. Each strategy rule execution module corresponds to one strategy rule, each strategy rule comprises a plurality of strategy conditions and a second preset result when all the strategy conditions of the strategy rule execution module are met, and the examination and approval module correspondingly sets a first preset result appointed in the default strategy rule. Each cascade rule execution module is correspondingly provided with a cascade rule.
As shown in fig. 2, the policy rule executing module is configured to process a plurality of policy conditions set by the policy rule executing module: if all the started strategy conditions in the strategy rule execution module are simultaneously met, setting a second preset result as a judgment result to be output of the current-stage approval module; if all the started strategy conditions in the strategy rule execution module are not met at the same time, switching to the next strategy rule execution module, and obtaining a judgment result to be output of the current-stage approval module by the next strategy rule execution module; and if all the opened strategy conditions in the current-stage approval module are not simultaneously met, setting the judgment result to be output of the current-stage approval module as a first preset result specified in the default strategy rule.
As shown in fig. 3, the policy conditions may include:
the user: whether the sender is in a specified user list;
a user group: whether the sender belongs to a specified user group list;
the file type: whether the data file to be transferred belongs to a specified file type list or not;
the number of files: whether the number of the data files to be transferred is more than or equal to or less than a set value or not;
single file size: whether the size of a single data file to be transferred is larger than or equal to or smaller than a set value or not is judged;
the effective date of the strategy is as follows: the date range within which the policy takes effect;
operable time: whether the data flow application occurs in a set time period or not.
Other information related to the file stream.
The cascade rule determines the processing mode of the judgment result to be output of the current-stage approval module:
if the cascade rule is 'passing and then transferring to the next stage', when the judgment result to be output of the current stage approval module is approval passing, transferring to the next stage approval module; when the judgment result to be output of the examination and approval module at the current stage is examination and approval rejection, the final examination and approval result is directly set as examination and approval rejection, and the next-stage examination and approval is not carried out;
if the cascade rule is 'transferring to the next stage after refusing', when the judgment result to be output of the current stage of approval module is approval refusing, transferring to the next stage of approval module; when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are passed, the final examination and approval result is directly set as that examination and approval are passed, and the next-stage examination and approval are not carried out;
if the cascade rule is 'transferred to the next stage', the next stage approval module is transferred to no matter what the judgment result to be output of the current stage approval module is.
The method for implementing the complex approval strategy by the approval system for data file circulation according to the embodiment of the invention is demonstrated by examples.
The security policy for a certain department file export is as follows (note: the "department manager" user belongs to the "department user" user group):
department members (non-managers) export file security policies:
PM1, file can not be exported in non-working time;
PM2 source program files such as h, c, hpp, cpp, py and the like cannot be exported;
PM 3: when non-source program files are exported in working time, and when the size of the files is smaller than 1M and the number of the files is smaller than 10, the export application automatically passes through; otherwise, the application is transferred to manual examination and approval.
The department manager exports a file security policy:
PL 1: no export time restrictions and file type restrictions;
PL 2: when the file size is less than 10M and the number of files is less than 50, the export application automatically passes through. Otherwise, the application is transferred to manual examination and approval.
The above approval strategy requires the generation of 3 possible approval result modes: automatic rejection, automatic passage, manual transfer, thus requiring two levels of approval modules.
The first-level approval module A generates an automatic refused approval result:
policy rules AR 1:
the strategy conditions are as follows:
user = department manager
And (4) approval results: approval pass
Policy rules AR 2:
the strategy conditions are as follows:
user group = department member
Operable time = non-operating time
And (4) approval results: refusal of approval
Policy rules AR 3:
the strategy conditions are as follows:
user group = department member
File type = c, h, cpp, hpp, py..
And (4) approval results: refusal of approval
Default rule AR 0:
and (4) approval results: approval pass
Cascade rule AS: by after-turning to the next stage
The second-stage approval module B generates an approval result which is automatically passed:
policy rule BR 1:
the strategy conditions are as follows:
user = department manager
File size <10M
Number of files <50
And (4) approval results: approval pass
Policy rule BR 2:
user group = department member
File size <1M
Number of files <10
And (4) approval results: approval pass
Default rule BR 0:
and (4) approval results: refusal of approval
Cascading rule BS: turning to the next stage after refusing
When the approval module processes input of the approval request, the processing flow is as follows:
for department members, the approval request violating the security policy PM1 or PM2 is judged AS approval rejection by the policy rule AR2 or AR3 in the first-stage approval module a, and since the cascade rule AS of a passes the next stage, the approval rejection is directly output AS the result of the whole approval. The approval requests which do not violate the safety policies PM1 and PM2 are judged AS approved by the default rule AR0, and then are transferred to the second-level approval module B for processing by the cascading rule AS.
The policy rule AR1 will transfer the approval request of the department manager directly to module B, implementing the approval policy set by PL 1.
In the second-stage approval module B, the approval request conforming to the security policy PL2 or PM3 is judged to be approved by the policy rule BR1 or BR2, and the approval is directly output as the whole approval result because the cascade rule BS of the module B rejects and then transfers to the next stage. An approval request which does not conform to the security policy PL2 or PM3 is judged as approval rejection by the default rule BR0, and then the request is shifted to manual approval by the cascading rule BS.
Therefore, by setting different automatic approval strategy rules and cascade rules, any complex logic rule judgment system can be constructed by using a plurality of approval modules, the setting method is simple and clear, the method is very suitable for converting the safety strategy described by general semantics into an execution system capable of being actually operated, a simple and clear user interface is convenient to design, and a visual safety strategy configuration tool is provided for a system user. The embodiment of the invention is verified based on the single machine, cluster and distributed test environment of the intelligent security platform of the security shield, and the method can effectively improve the approval efficiency.
It should be noted that the above-mentioned embodiments are only preferred embodiments of the present invention, and are not intended to limit the present invention, and those skilled in the art can make various modifications and changes. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
In addition, although some embodiments described herein include some features included in other embodiments instead of others, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. The particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. For example, in the claims, any of the claimed embodiments may be used in any combination.

Claims (4)

1. An approval system for data file circulation, comprising:
a plurality of examination and approval modules that cascade each other, every examination and approval module corresponds and sets up a first preset result, every examination and approval module all includes: at least one policy rule execution module and a cascade rule execution module;
each policy rule execution module is correspondingly provided with at least one policy condition and a second preset result, and the policy rule execution module is used for:
when the approval request meets all policy conditions of the current policy rule execution module, taking a second preset result corresponding to the current policy rule execution module as a judgment result to be output of the current-stage approval module;
when the approval request does not meet all the strategy conditions of the current strategy rule execution module, transferring the approval request to the next-stage strategy rule execution module for approval or taking a first preset result corresponding to the current-stage approval module as a judgment result to be output of the current-stage approval module;
the to-be-output judgment result comprises: approval is passed or refused;
each cascade rule execution module is correspondingly provided with a cascade rule and is used for outputting a final judgment result according to the corresponding cascade rule;
the cascading rules include:
when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are passed, switching to the examination and approval module at the next stage, and when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are rejected, outputting approval rejection; alternatively, the first and second electrodes may be,
when the judgment result to be output of the current-stage approval module is approval refusal, switching to the next-stage approval module, and when the judgment result to be output of the current-stage approval module is approval passing, outputting approval passing; alternatively, the first and second electrodes may be,
no matter what the judgment result to be output of the examination and approval module at the current stage is, the next examination and approval module is switched to.
2. The system for approving a flow of data files of claim 1, wherein at least one of said policy conditions comprises:
whether the sender of the approval request is in a specified user list;
whether the sender of the approval request belongs to a specified user group list;
whether the data file to be transferred in the approval request belongs to a specified file type list or not;
whether the number of the data files to be transferred in the approval request is within a specified number range or not is judged;
whether the size of a single data file to be transferred in the approval request is within a specified numerical range or not is judged;
a date range within which the policy rule enforcement module takes effect;
whether the approval request occurs within a set period of time.
3. The system for approving a flow of data files of claim 1, wherein the cascading rules further comprise:
when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are passed, manual examination and approval are switched to, and when the judgment result to be output of the examination and approval module at the current stage is that examination and approval are rejected, examination and approval rejection is output; alternatively, the first and second electrodes may be,
when the judgment result to be output of the examination and approval module at the current stage is examination and approval refusal, manual examination and approval are switched in, and when the judgment result to be output of the examination and approval module at the current stage is examination and approval pass, examination and approval pass is output; alternatively, the first and second electrodes may be,
and (4) turning to manual examination and approval no matter what the judgment result to be output of the examination and approval module at the current stage is.
4. The approval system of data file circulation of claim 1, wherein the approval system further comprises:
and the analysis module is used for determining the number of judgment results according to preset data file circulation safety rules so as to determine the number of the approval modules, correspondingly setting a corresponding first preset result for each approval module, setting a corresponding cascade rule for each cascade rule execution module in the approval modules, and setting a corresponding strategy condition and a second preset result for each strategy rule execution module in each approval module.
CN202010946395.XA 2020-09-10 2020-09-10 Approval system for data file circulation Pending CN111815303A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010946395.XA CN111815303A (en) 2020-09-10 2020-09-10 Approval system for data file circulation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010946395.XA CN111815303A (en) 2020-09-10 2020-09-10 Approval system for data file circulation

Publications (1)

Publication Number Publication Date
CN111815303A true CN111815303A (en) 2020-10-23

Family

ID=72860061

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010946395.XA Pending CN111815303A (en) 2020-09-10 2020-09-10 Approval system for data file circulation

Country Status (1)

Country Link
CN (1) CN111815303A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113452722A (en) * 2021-08-30 2021-09-28 统信软件技术有限公司 User isolation method, data transmission method, computing device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101082970A (en) * 2007-07-05 2007-12-05 山东浪潮齐鲁软件产业股份有限公司 Method for realizing government affairs examination and approval workflow engines system
CN101702215A (en) * 2009-11-06 2010-05-05 山东浪潮电子政务软件有限公司 Design method for setting dependence item in operating room in working flow
CN104391730A (en) * 2014-08-03 2015-03-04 浙江网新恒天软件有限公司 Software source code language translation system and method
CN108279879A (en) * 2018-01-25 2018-07-13 北京卓越智软科技有限公司 Applied software development method towards engine

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101082970A (en) * 2007-07-05 2007-12-05 山东浪潮齐鲁软件产业股份有限公司 Method for realizing government affairs examination and approval workflow engines system
CN101702215A (en) * 2009-11-06 2010-05-05 山东浪潮电子政务软件有限公司 Design method for setting dependence item in operating room in working flow
CN104391730A (en) * 2014-08-03 2015-03-04 浙江网新恒天软件有限公司 Software source code language translation system and method
CN108279879A (en) * 2018-01-25 2018-07-13 北京卓越智软科技有限公司 Applied software development method towards engine

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113452722A (en) * 2021-08-30 2021-09-28 统信软件技术有限公司 User isolation method, data transmission method, computing device and storage medium
CN113452722B (en) * 2021-08-30 2022-01-21 统信软件技术有限公司 User isolation method, data transmission method, computing device and storage medium

Similar Documents

Publication Publication Date Title
US9411977B2 (en) System and method for enforcing role membership removal requirements
McCullough A hookup theorem for multilevel security
Ahmed et al. Protection of sensitive data in zero trust model
CN111726353A (en) Sensitive data grading protection method and grading protection system based on numerical control system
US8141160B2 (en) Mitigating and managing privacy risks using planning
Huang et al. Formal specification and verification of modular security policy based on colored Petri nets
Lamba et al. Analyzing and fixing cyber security threats for supply chain management
Habrat Legal challenges of digitalization and automation in the context of Industry 4.0
CN111815303A (en) Approval system for data file circulation
Guttman et al. Information flow in operating systems: Eager formal methods
Rajamäki et al. Information sharing models for early warning systems of cybersecurity intelligence
CN113052696B (en) Financial business task processing method, device, computer equipment and storage medium
Du et al. Towards an analysis of software supply chain risk management
Le et al. Consistency-based integration of multi-stakeholder recommender systems with feature model configuration
Kupfersberger et al. Security-driven information flow modelling for component integration in complex environments
Li et al. Reaching agreement in security policy negotiation
US20040236747A1 (en) Data processing systems
Wedde et al. Cooperative role-based administration
Liu et al. A multi-tenant usage access model for cloud computing
Varadharajan Hook-up property for information flow secure nets
Bench-Capon Whatever Happened to Hypotheticals?
Zhang Research on Industry and Commerce Management System Based on Computer Big Data algorithm
Xu et al. A theorem on grid access control
Zhang et al. A Network Business Security Model Based on Developed BLP Model in Electric Power Enterprise
Dindarian Development of Enterprise Resilience Framework (ERF)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201023

RJ01 Rejection of invention patent application after publication