CN112328982A - Data access control method, device, equipment and storage medium - Google Patents

Data access control method, device, equipment and storage medium Download PDF

Info

Publication number
CN112328982A
CN112328982A CN202011175329.3A CN202011175329A CN112328982A CN 112328982 A CN112328982 A CN 112328982A CN 202011175329 A CN202011175329 A CN 202011175329A CN 112328982 A CN112328982 A CN 112328982A
Authority
CN
China
Prior art keywords
data
access
user
determining
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011175329.3A
Other languages
Chinese (zh)
Inventor
耿贵宁
唐会芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou 360 Intelligent Security Technology Co Ltd
Original Assignee
Suzhou 360 Intelligent Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou 360 Intelligent Security Technology Co Ltd filed Critical Suzhou 360 Intelligent Security Technology Co Ltd
Priority to CN202011175329.3A priority Critical patent/CN112328982A/en
Publication of CN112328982A publication Critical patent/CN112328982A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of data access, and discloses a data access control method, a data access control device, data access control equipment and a storage medium. The method comprises the steps that when a data access request is received, data information to be accessed and a data access identifier of a user are determined according to the data access request; acquiring an access authority level corresponding to the data access identifier; determining a data authority level corresponding to the data information to be accessed; matching the access permission level with the data permission level; and when the access authority level is matched with the data authority level, displaying the data information to be accessed. In the invention, before data is operated, the data access request is subjected to security authentication, the access authority level is matched with the data authority level, data display is carried out after the level matching is passed, and data access is carried out in a safe state, so that the technical problems of lack of an effective security protection method for a large amount of complex data and data access network security are solved.

Description

Data access control method, device, equipment and storage medium
Technical Field
The present invention relates to the field of data access technologies, and in particular, to a data access control method, apparatus, device, and storage medium.
Background
With the continuous development of informatization, data is highly centralized and exponentially increased, and each industry has the characteristics of large data scale, wide coverage, multiple application types, relation to personal privacy and sensitive information and the like. The aggregation and application of industrial data enable the data value to be continuously improved, and the risks to which the data face are more and more. In order to practically guarantee the data rights and interests of industries, strengthen data security management and guarantee the safe operation of systems in various industries, safety protection on data access is imperative on the basis of data classification. At present, an effective safety protection method is lacked aiming at a large amount of complex data, and the safety problem of a data access network exists.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a data access control method, a data access control device, data access control equipment and a storage medium, and aims to solve the technical problem that a large amount of complex data lack an effective security protection method and have data access network security.
In order to achieve the above object, the present invention provides a data access control method, including:
when a data access request is received, determining to-be-accessed data information and a data access identifier of a user according to the data access request;
acquiring an access authority level corresponding to the data access identifier;
determining a data authority level corresponding to the data information to be accessed;
matching the access permission level with the data permission level;
and when the access authority level is matched with the data authority level, displaying the data information to be accessed.
Optionally, the step of determining the information of the data to be accessed and the data access identifier of the user according to the data access request includes:
acquiring keyword information, user identity identification information and verification information from the data access request;
determining data information to be accessed according to the keyword information;
verifying the user identification information and the verification information;
and when the user identification information and the verification information pass verification, determining a data access identifier of the user according to the data access request.
Optionally, the step of determining the data access identifier of the user according to the data access request includes:
searching the basic attribute of the user according to the data access request;
and acquiring the authority associated data in the basic attribute, and determining the data access identifier of the user according to the authority associated data.
Optionally, the step of obtaining the access permission level corresponding to the data access identifier includes:
determining the basic access authority of the user according to the data access identifier;
determining the dimension access authority of the user according to a preset user access authority strategy;
determining an access authorization strategy of a user according to the basic access authority and the dimensionality access authority;
and determining the access authority level of the user based on the access authorization strategy.
Optionally, the step of determining the basic access right of the user according to the data access identifier includes:
acquiring user grading information through the data access identifier;
determining the access authority of the user to the coarse-grained data service by verifying the level matching relationship between the user grading information and the data service;
and taking the access authority of the coarse-grained data service as the basic access authority of the user.
Optionally, the step of determining the dimension access right of the user according to the preset user access right policy includes:
grouping users and data services respectively according to a preset user access authority strategy to obtain an intersection relation between a user group and a data service group;
determining the access authority of the user to the fine-grained data service according to the intersection relation;
and taking the access authority of the fine-grained data service as the dimension access authority of the user.
Optionally, the step of determining the data authority level corresponding to the to-be-accessed data information includes:
acquiring a corresponding relational database according to the information of the data to be accessed;
and determining the data authority level according to the relational database.
Optionally, before the step of obtaining the corresponding relational database according to the information of the data to be accessed, the method further includes:
determining data to be classified of a target vertical industry, and performing feature extraction on the data to be classified to obtain feature extraction information of the data to be classified;
grading through a data grading model according to the feature extraction information to obtain the data grade of the data to be graded;
and generating a relational database according to the data to be graded and the data grade.
Optionally, the step of determining, when receiving a data access request, data information to be accessed and a data access identifier of a user according to the data access request includes:
when a data access request is received, judging whether the data access request meets a preset safety request or not;
and when the data access request meets the preset safety request, determining the information of the data to be accessed and the data access identifier of the user according to the data access request.
Optionally, after the step of determining whether the data access request meets a preset security request, the method further includes:
when the data access request does not meet the preset security request, determining information of data to be accessed according to the data access request;
determining a data authority level corresponding to the data information to be accessed;
and determining a security protection strategy corresponding to the data authority level according to a preset security strategy, and intercepting the data access request according to the security protection strategy.
Optionally, the step of matching the access permission level with the data permission level includes:
comparing the level value of the access permission level with the level value of the data permission level;
determining that the access permission level matches the data permission level when the level value of the access permission level is higher than or equal to the level value of the data permission level.
Optionally, after the step of comparing the level value of the access permission level with the level value of the data permission level, the method further includes:
and when the grade value of the access authority grade is lower than the grade value of the data authority grade, determining that the access authority grade is not matched with the data authority grade, and intercepting the data access request.
In order to achieve the above object, the present invention also provides a data access control device, including:
the determining module is used for determining the information of the data to be accessed and the data access identifier of the user according to the data access request when the data access request is received;
the acquisition module is used for acquiring the access authority level corresponding to the data access identifier;
the determining module is further configured to determine a data permission level corresponding to the to-be-accessed data information;
the matching module is used for matching the access authority level with the data authority level;
and the display module is used for displaying the data information to be accessed when the access authority level is matched with the data authority level.
Optionally, the determining module is further configured to obtain keyword information, user identification information, and verification information from the data access request;
the determining module is further configured to determine information of data to be accessed according to the keyword information;
the determining module is further configured to verify the user identification information and the verification information;
the determining module is further configured to determine a data access identifier of the user according to the data access request when the user identification information and the verification information are verified.
Optionally, the determining module is further configured to search for a basic attribute of the user according to the data access request;
the determining module is further configured to obtain the permission associated data in the basic attribute, and determine the data access identifier of the user according to the permission associated data.
Optionally, the obtaining module is further configured to determine a basic access right of the user according to the data access identifier;
the acquisition module is also used for determining the dimension access authority of the user according to a preset user access authority strategy;
the acquisition module is further used for determining an access authorization strategy of the user according to the basic access authority and the dimension access authority;
the obtaining module is further configured to determine an access permission level of the user based on the access authorization policy.
Optionally, the obtaining module is further configured to obtain user rating information through the data access identifier;
the acquisition module is also used for determining the access authority of the user to the coarse-grained data service by verifying the level matching relationship between the user grading information and the data service;
the obtaining module is further configured to use the access right of the coarse-grained data service as a basic access right of the user.
Optionally, the obtaining module is further configured to group the user and the data service respectively according to a preset user access right policy, so as to obtain an intersection relationship between the user group and the data service group;
the acquisition module is further used for determining the access authority of the user to the fine-grained data service according to the intersection relation;
the obtaining module is further configured to use the access right of the fine-grained data service as a dimension access right of a user.
Further, to achieve the above object, the present invention also proposes a data access control device including: a memory, a processor and a data access control program stored on the memory and executable on the processor, the data access control program being configured with steps implementing a data access control method as described above.
Furthermore, to achieve the above object, the present invention also proposes a storage medium having stored thereon a data access control program, which when executed by a processor, implements the steps of the data access control method as described above.
When a data access request is received, determining information of data to be accessed and a data access identifier of a user according to the data access request; acquiring an access authority level corresponding to the data access identifier; determining a data authority level corresponding to the data information to be accessed; matching the access permission level with the data permission level; and when the access authority level is matched with the data authority level, displaying the data information to be accessed. According to the invention, before the data is operated, the data access request is subjected to security authentication, the access authority level corresponding to the data access identifier is matched with the data authority level, and the data is displayed after the level matching is passed, so that the data access is ensured to be carried out in a safe state, the security of the data during the access can be improved, and the technical problem that the data access network security exists due to the lack of an effective security protection method for a large amount of complex data is solved.
Drawings
Fig. 1 is a schematic structural diagram of a data access control device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a data access control method according to the present invention;
FIG. 3 is a flowchart illustrating a second embodiment of a data access control method according to the present invention;
FIG. 4 is a flowchart illustrating a data access control method according to a third embodiment of the present invention;
FIG. 5 is a schematic diagram of the levels of electronic tax data in accordance with one embodiment of the present invention;
fig. 6 is a block diagram showing the structure of a data access control device according to a first embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a data access control device in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the data access control apparatus may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory, or may be a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the architecture shown in fig. 1 does not constitute a limitation of the data access control device and may include more or fewer components than those shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a storage medium, may include therein an operating system, a network communication module, a user interface module, and a data access control program.
In the data access control apparatus shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the data access control device of the present invention may be provided in a data access control device that calls a data access control program stored in the memory 1005 through the processor 1001 and executes a data access control method provided by an embodiment of the present invention.
An embodiment of the present invention provides a data access control method, and referring to fig. 2, fig. 2 is a schematic flowchart of a first embodiment of a data access control method according to the present invention.
In this embodiment, the data access control method includes the following steps:
step S10: and when a data access request is received, determining the information of the data to be accessed and the data access identifier of the user according to the data access request.
It should be noted that the execution subject of this embodiment is the data access control device, and the data access control device may be an electronic device such as a personal computer or a server, which is not limited in this embodiment. When a data access request is received, determining information of data to be accessed according to the data access request may be implemented in various ways, which is described below by taking a natural language processing way as an example, and of course, may also be implemented in other ways, which is not limited in this embodiment. Specifically, key word information is obtained from the data access request, and the data information to be accessed is determined according to the key word information.
It is easy to understand that when a data access request is received, the user identity needs to be verified, and user identity identification information and verification information can be acquired from the data access request; verifying the user identification information and the verification information; and when the user identification information and the verification information pass verification, determining a data access identifier of the user according to the data access request.
It should be understood that, when a data access request is received, determining data information to be accessed according to the data access request may be implemented in various ways, which is described below by taking an authority association way as an example, and of course, may also be implemented in other ways, which is not limited in this embodiment. Specifically, the basic attribute of the user is searched according to the data access request; and acquiring the authority associated data in the basic attribute, and determining the data access identifier of the user according to the authority associated data.
It is easy to understand that, in order to improve the security of data, when a data access request is received, whether the data access request meets a preset security request may be determined in a variety of ways, which is described below by taking one way as an example, of course, other ways may also be used, and this embodiment is not limited thereto. The preset security request can mean that the access request does not contain attack information, virus information and the like, and when the data access request meets the preset security request, the data information to be accessed and the data access identifier of the user are determined according to the data access request; when the data access request does not meet the preset security request, determining the information of the data to be accessed according to the data access request; determining a data authority level corresponding to the data information to be accessed; and determining a security protection strategy corresponding to the data authority level according to a preset security strategy, and intercepting the data access request according to the security protection strategy.
Step S20: and acquiring the access authority level corresponding to the data access identifier.
It should be noted that, in order to improve data access security, the access permission level corresponding to the data access identifier may be set to include two types of access permissions, the access permission level corresponding to the data access identifier is obtained, and the basic access permission of the user is determined according to the data access identifier. And determining the dimension access authority of the user according to a preset user access authority strategy. And determining an access authorization strategy of the user according to the basic access authority and the dimension access authority. And determining the access authority level of the user based on the access authorization strategy.
It is easy to understand that the basic access right of the user is determined according to the data access identification: acquiring user grading information through the data access identifier; determining the access authority of the user to the coarse-grained data service by verifying the level matching relationship between the user grading information and the data service; and taking the access authority of the coarse-grained data service as the basic access authority of the user. Determining the dimension access authority of the user according to a preset user access authority strategy: grouping users and data services respectively according to a preset user access authority strategy to obtain an intersection relation between a user group and a data service group; determining the access authority of the user to the fine-grained data service according to the intersection relation; and taking the access authority of the fine-grained data service as the dimension access authority of the user.
Specifically, the data access object may be a data service with a relatively coarse granularity, that is, the data access object is applicable to a certain class of data services or data services belonging to a certain domain, for example, a specific application module or a certain class of information entry may be performed in a hierarchical manner, and for finer data right control, for example, access to a specific different data resource under a certain entry, the data access object belongs to content requiring further authorization, in this case, the basic access right is the first step of access right verification, and the access right of the user to the fine-grained data services may be determined by means of group authorization and access control on the basis of the hierarchy, so as to further improve the security of data access.
Step S30: and determining the data authority level corresponding to the data information to be accessed.
It should be understood that, the embodiment may obtain the corresponding relational database through the data information to be accessed; and determining the data authority level according to the relational database. The process of establishing the relational database may be: determining data to be classified of a target vertical industry, and performing feature extraction on the data to be classified to obtain feature extraction information of the data to be classified; grading through a data grading model according to the feature extraction information to obtain the data grade of the data to be graded; and generating a relational database according to the data to be graded and the data grade.
It is easy to understand that the relational database itself also provides a security protection mechanism for the data stored in the database, and under the dual protection of the access permission level matching the data permission level and the security protection mechanism provided by the relational database, the security of the permission management for the data is improved.
Step S40: and matching the access permission level with the data permission level.
It should be noted that, the level value of the access permission level may be compared with the level value of the data permission level; determining that the access permission level matches the data permission level when the level value of the access permission level is higher than or equal to the level value of the data permission level. For example, the level values of the access permission levels may be level I, level II, level III, and the like, the data permission levels may be level I, level II, level III, and the like, and the access permission level and the data permission level may be represented in other manners, which is not limited in this embodiment.
Step S50: and when the access authority level is matched with the data authority level, displaying the data information to be accessed.
It should be understood that the access permission level is determined to match the data permission level when the level value of the access permission level is higher than or equal to the level value of the data permission level. For example, the level value of the access authority level is level III, the data authority level is level I, and at this time, the level value of the access authority level is level III higher than the level value of the data authority level I, the access authority level is considered to be matched with the data authority level, and the data information to be accessed is displayed.
It is easily understood that, when the level value of the access right level is lower than the level value of the data right level, it is determined that the access right level does not match the data right level, and the data access request is intercepted. For example, if the level value of the access permission level is level I, the data permission level is level III, and at this time, if the level value of the access permission level I is lower than the level value of the data permission level III, the access permission level is considered not to match the data permission level, and the user does not have permission to access the data to be accessed, the data access request is intercepted.
In the embodiment, when a data access request is received, data information to be accessed and a data access identifier of a user are determined according to the data access request; acquiring an access authority level corresponding to the data access identifier; determining a data authority level corresponding to the data information to be accessed; matching the access permission level with the data permission level; and when the access authority level is matched with the data authority level, displaying the data information to be accessed. In the embodiment, before data is operated, the data access request is subjected to security authentication, the access permission level corresponding to the data access identifier is matched with the data permission level, data display is performed after the level matching is passed, the data is guaranteed to be accessed in a safe state, the security of the data during access can be improved, and therefore the technical problem that the data access network security is caused due to the fact that an effective security protection method is lacked for a large amount of complex data is solved.
Referring to fig. 3, fig. 3 is a flowchart illustrating a data access control method according to a second embodiment of the present invention. Based on the first embodiment, in step S20, the data access control method in this embodiment specifically includes:
step S201: and determining the basic access authority of the user according to the data access identifier.
It should be noted that the data access object may be a data service with a relatively coarse granularity, that is, it is applicable to a certain class of data services or data services belonging to a certain domain, for example, a specific application module or a certain class of information entry may be performed in a hierarchical manner, and for a more refined data right control, for example, access to a specific different data resource under a certain entry, it belongs to a content that needs further authorization.
Specifically, user grading information is obtained through the data access identifier; determining the access authority of the user to the coarse-grained data service by verifying the level matching relationship between the user grading information and the data service; and taking the access authority of the coarse-grained data service as the basic access authority of the user.
Step S202: and determining the dimension access authority of the user according to a preset user access authority strategy.
It is easy to understand that, the users and the data services are respectively grouped according to the preset user access authority strategy so as to obtain the intersection relationship between the user groups and the data service groups; determining the access authority of the user to the fine-grained data service according to the intersection relation; and taking the access authority of the fine-grained data service as the dimension access authority of the user.
It should be noted that, the fine-grained data services are grouped in multiple ways, group names can be freely set and added from the management interface, a group and its distribution items, for example, an access user and a fine-grained data service, are in a many-to-many relationship, one access user can belong to multiple groups, one fine-grained data service can belong to multiple groups, there may be multiple access users or fine-grained data services in one group, users with intersecting groups and fine-grained data services have access and access permissions, that is, the access permissions of the fine-grained data services are used as the dimension access permissions of users.
Step S203: and determining an access authorization strategy of the user according to the basic access authority and the dimension access authority.
It should be noted that, in order to improve data access security, the access permission level corresponding to the data access identifier may be set to include two types of access permissions, a basic access permission and a dimension access permission, and an access authorization policy of the user is determined according to the basic access permission and the dimension access permission, where the access authorization policy of the user may be an access permission level with a lower permission level selected from the basic access permission and the dimension access permission, and the access authorization policy of the user may also adopt other policies, which is not limited in this embodiment.
Step S204: and determining the access authority level of the user based on the access authorization strategy.
It should be understood that, if the access authorization policy of the user is an access authorization level with a lower authorization level selected from the basic access authorization and the dimensional access authorization, the access authorization level of the user is determined based on the access authorization policy, for example, the basic access authorization is level I, the dimensional access authorization is level III, and the access authorization level of the end user is level I.
The embodiment determines the basic access authority of the user according to the data access identifier; determining the dimension access authority of the user according to a preset user access authority strategy; determining an access authorization strategy of a user according to the basic access authority and the dimensionality access authority; and determining the access authority level of the user based on the access authorization strategy. In this embodiment, the basic access right is the first step of the access right verification, and the access right of the user to the fine-grained data service can be determined by means of group authorization and access control on the basis of classification, so that the security of data access is further improved. The access permission level corresponding to the data access identifier is matched with the data permission level, data display is carried out after the level matching is passed, the data access is ensured to be carried out in a safe state, the safety of the data during access can be improved, and therefore the technical problem that the safety of a data access network is caused by the lack of an effective safety protection method aiming at a large amount of complex data is solved.
Referring to fig. 4, fig. 4 is a flowchart illustrating a data access control method according to a third embodiment of the present invention. Based on the first embodiment, in step S30, the data access control method in this embodiment specifically includes:
step S301: and acquiring a corresponding relational database according to the information of the data to be accessed.
It should be noted that, the process of establishing the relational database may be: determining data to be classified of a target vertical industry, and performing feature extraction on the data to be classified to obtain feature extraction information of the data to be classified; grading through a data grading model according to the feature extraction information to obtain the data grade of the data to be graded; and generating a relational database according to the data to be graded and the data grade. And generating a relational database by the data to be determined and the data grade, wherein the corresponding relation between the data and the data grade exists.
It is easy to understand that the relational database itself also provides a security protection mechanism for the data stored in the database, and under the dual protection of the access permission level matching the data permission level and the security protection mechanism provided by the relational database, the security of the permission management for the data is improved.
Specifically, the embodiment is described with tax information, and the target industry vertical may also be other industries, which is not limited in this embodiment. The target vertical industry can be an electronic tax bureau, undetermined level data of the electronic tax bureau are obtained, feature extraction can be carried out according to a qualitative analysis method, and four influence feature extraction information, namely influence object feature information, influence range feature information, influence degree feature information and data sensitivity of the undetermined level data are obtained to determine the data security level.
It should be understood that the characteristic information of the affected object is determined according to the object which is possibly affected after the security attribute of the data to be graded is damaged; determining the characteristic information of the influence range according to the possible influence range after the safety attribute of the data to be graded is damaged; determining influence degree characteristic information according to the possible influence degree of the damaged security attribute of the data to be graded; determining data sensitivity of the data to be graded, wherein the data sensitivity refers to the grade of core data, sensitive data, controlled data and personal information involved in the data. The personal information can be divided into personal sensitive information and non-personal sensitive information, and the data sensitivity can be divided into 4 levels, namely, extremely high, medium and low. And calculating the data grade through the model based on the four impact feature extraction information, inputting the four impact feature extraction information into the data grading model, and calculating to obtain the data grade of the data to be graded. Through an expert scoring method and experimental verification, in the four pieces of influence characteristic extraction information, influence object characteristic information and influence degree characteristic information have a large influence on the data grading result, and therefore, the influence object characteristic information and the influence degree characteristic information occupy a large weight, wherein a data grading model is influence object characteristic information × 0.45+ influence range characteristic information × 0.05+ influence degree characteristic information × 0.45+ data sensitivity × 0.05, the weight can be adjusted according to the actual condition, and the embodiment is not limited to this.
Specifically, the characteristic information of the affected object generally refers to internal organization, external organization or natural person of the system affected after the data security attribute is destroyed. The characteristic information of the influence object can be divided into four levels, namely, extremely high, medium and low, which respectively correspond to organizations or natural persons at the national level, the provincial level (industry level), the city level and the prefecture level. The influence range characteristic information generally refers to the scale and the number of the affected organizations or natural persons after the data security attribute is damaged. The characteristic information of the influence range can be divided into four levels, namely, extremely high, medium and low, which respectively correspond to the scale of national level, provincial level (industry level), city level and county level organization or the corresponding order of magnitude of natural people. The characteristic information of the degree of influence generally refers to the degree of influence on the system and related organization services after the data security attribute is damaged, and the degree of damage to national security, social order, public benefits and the legal rights and interests of citizens, legal people and other organizations. The characteristic information of the degree of influence can be divided into 4 levels, namely, extremely high, medium and low.
Step S302: and determining the data authority level according to the relational database.
It should be noted that, the corresponding relational database is obtained according to the information of the data to be accessed, and the data authority level of the information of the data to be accessed can be obtained according to the corresponding relationship between the data in the relational database and the data level. Referring to fig. 5, fig. 5 is a schematic diagram of the levels of the electronic tax data according to an embodiment of the present invention, for example, the data information to be accessed is invoice data (invoice claimed, old verified, and issued), and the corresponding data level is 3 levels.
In the embodiment, a corresponding relational database is obtained according to the information of the data to be accessed; and determining the data authority level according to the relational database. In the embodiment, the level of the data is determined by a normative and clear method, which is helpful for a vertical industry organization to determine a data security protection strategy and a control measure which are to be taken by the data in each link of the life cycle of the data according to different levels of the data, so that the data management and security protection level is improved, and the integrity, confidentiality, availability, controllability and non-repudiation of the data are ensured. The access permission level corresponding to the data access identifier is matched with the data permission level, data display is carried out after the level matching is passed, the data access is ensured to be carried out in a safe state, the safety of the data during access can be improved, and therefore the technical problem that the safety of a data access network is caused by the lack of an effective safety protection method aiming at a large amount of complex data is solved.
Furthermore, an embodiment of the present invention further provides a storage medium, where a data access control program is stored on the storage medium, and the data access control program is executed by a processor to perform the steps of the data access control method described above.
Since the storage medium adopts all technical solutions of all the embodiments, at least all the beneficial effects brought by the technical solutions of the embodiments are achieved, and no further description is given here.
Referring to fig. 6, fig. 6 is a block diagram of a first embodiment of the data access control device according to the present invention.
As shown in fig. 6, the data access control apparatus according to the embodiment of the present invention includes:
the determining module 10 is configured to determine, when a data access request is received, data information to be accessed and a data access identifier of a user according to the data access request.
It should be noted that, when a data access request is received, determining data information to be accessed according to the data access request may be implemented in a variety of ways, which is described below by taking a natural language processing way as an example, and of course, may also be implemented in other ways, which is not limited in this embodiment. Specifically, key word information is obtained from the data access request, and the data information to be accessed is determined according to the key word information.
It is easy to understand that when a data access request is received, the user identity needs to be verified, and user identity identification information and verification information can be acquired from the data access request; verifying the user identification information and the verification information; and when the user identification information and the verification information pass verification, determining a data access identifier of the user according to the data access request.
It should be understood that, when a data access request is received, determining data information to be accessed according to the data access request may be implemented in various ways, which is described below by taking an authority association way as an example, and of course, may also be implemented in other ways, which is not limited in this embodiment. Specifically, the basic attribute of the user is searched according to the data access request; and acquiring the authority associated data in the basic attribute, and determining the data access identifier of the user according to the authority associated data.
It is easy to understand that, in order to improve the security of data, when a data access request is received, whether the data access request meets a preset security request may be determined in a variety of ways, which is described below by taking one way as an example, of course, other ways may also be used, and this embodiment is not limited thereto. The preset security request can mean that the access request does not contain attack information, virus information and the like, and when the data access request meets the preset security request, the data information to be accessed and the data access identifier of the user are determined according to the data access request; when the data access request does not meet the preset security request, determining the information of the data to be accessed according to the data access request; determining a data authority level corresponding to the data information to be accessed; and determining a security protection strategy corresponding to the data authority level according to a preset security strategy, and intercepting the data access request according to the security protection strategy.
And an obtaining module 20, configured to obtain an access permission level corresponding to the data access identifier.
It should be noted that, in order to improve data access security, the access permission level corresponding to the data access identifier may be set to include two types of access permissions, the access permission level corresponding to the data access identifier is obtained, and the basic access permission of the user is determined according to the data access identifier. And determining the dimension access authority of the user according to a preset user access authority strategy. And determining an access authorization strategy of the user according to the basic access authority and the dimension access authority. And determining the access authority level of the user based on the access authorization strategy.
It is easy to understand that the basic access right of the user is determined according to the data access identification: acquiring user grading information through the data access identifier; determining the access authority of the user to the coarse-grained data service by verifying the level matching relationship between the user grading information and the data service; and taking the access authority of the coarse-grained data service as the basic access authority of the user. Determining the dimension access authority of the user according to a preset user access authority strategy: grouping users and data services respectively according to a preset user access authority strategy to obtain an intersection relation between a user group and a data service group; determining the access authority of the user to the fine-grained data service according to the intersection relation; and taking the access authority of the fine-grained data service as the dimension access authority of the user.
Specifically, the data access object may be a data service with a relatively coarse granularity, that is, the data access object is applicable to a certain class of data services or data services belonging to a certain domain, for example, a specific application module or a certain class of information entry may be performed in a hierarchical manner, and for finer data right control, for example, access to a specific different data resource under a certain entry, the data access object belongs to content requiring further authorization, in this case, the basic access right is the first step of access right verification, and the access right of the user to the fine-grained data services may be determined by means of group authorization and access control on the basis of the hierarchy, so as to further improve the security of data access.
The determining module 10 is further configured to determine a data permission level corresponding to the to-be-accessed data information.
It should be understood that, the embodiment may obtain the corresponding relational database through the data information to be accessed; and determining the data authority level according to the relational database. The process of establishing the relational database may be: determining data to be classified of a target vertical industry, and performing feature extraction on the data to be classified to obtain feature extraction information of the data to be classified; grading through a data grading model according to the feature extraction information to obtain the data grade of the data to be graded; and generating a relational database according to the data to be graded and the data grade.
It is easy to understand that the relational database itself also provides a security protection mechanism for the data stored in the database, and under the dual protection of the access permission level matching the data permission level and the security protection mechanism provided by the relational database, the security of the permission management for the data is improved.
A matching module 30, configured to match the access permission level with the data permission level.
It should be noted that, the level value of the access permission level may be compared with the level value of the data permission level; determining that the access permission level matches the data permission level when the level value of the access permission level is higher than or equal to the level value of the data permission level. For example, the level values of the access permission levels may be level I, level II, level III, and the like, the data permission levels may be level I, level II, level III, and the like, and the access permission level and the data permission level may be represented in other manners, which is not limited in this embodiment.
And the display module 40 is configured to display the information of the data to be accessed when the access permission level is matched with the data permission level.
It should be understood that the access permission level is determined to match the data permission level when the level value of the access permission level is higher than or equal to the level value of the data permission level. For example, the level value of the access authority level is level III, the data authority level is level I, and at this time, the level value of the access authority level is level III higher than the level value of the data authority level I, the access authority level is considered to be matched with the data authority level, and the data information to be accessed is displayed.
It is easily understood that, when the level value of the access right level is lower than the level value of the data right level, it is determined that the access right level does not match the data right level, and the data access request is intercepted. For example, if the level value of the access permission level is level I, the data permission level is level III, and at this time, if the level value of the access permission level I is lower than the level value of the data permission level III, the access permission level is considered not to match the data permission level, and the user does not have permission to access the data to be accessed, the data access request is intercepted.
The data access control device of the embodiment includes: the determining module 10 is configured to determine, when a data access request is received, to-be-accessed data information and a data access identifier of a user according to the data access request; an obtaining module 20, configured to obtain an access permission level corresponding to the data access identifier; the determining module 10 is further configured to determine a data permission level corresponding to the to-be-accessed data information; a matching module 30, configured to match the access permission level with the data permission level; and the display module 40 is configured to display the information of the data to be accessed when the access permission level is matched with the data permission level. In the embodiment, before data is operated, the data access request is subjected to security authentication, the access permission level corresponding to the data access identifier is matched with the data permission level, data display is performed after the level matching is passed, the data is guaranteed to be accessed in a safe state, the security of the data during access can be improved, and therefore the technical problem that the data access network security is caused due to the fact that an effective security protection method is lacked for a large amount of complex data is solved.
In an embodiment, the determining module 10 is further configured to obtain keyword information, user identification information, and verification information from the data access request;
the determining module 10 is further configured to determine information of data to be accessed according to the keyword information;
the determining module 10 is further configured to verify the user identification information and the verification information;
the determining module 10 is further configured to determine a data access identifier of the user according to the data access request when the user identification information and the verification information are verified.
In an embodiment, the determining module 10 is further configured to find a basic attribute of the user according to the data access request;
the determining module 10 is further configured to obtain the authority associated data in the basic attribute, and determine the data access identifier of the user according to the authority associated data.
In an embodiment, the obtaining module 20 is further configured to determine a basic access right of the user according to the data access identifier;
the obtaining module 20 is further configured to determine a dimension access right of the user according to a preset user access right policy;
the obtaining module 20 is further configured to determine an access authorization policy of the user according to the basic access right and the dimension access right;
the obtaining module 20 is further configured to determine an access permission level of the user based on the access authorization policy.
In an embodiment, the obtaining module 20 is further configured to obtain user rating information through the data access identifier;
the obtaining module 20 is further configured to determine an access right of the user to the coarse-grained data service by verifying a level matching relationship between the user classification information and the data service;
the obtaining module 20 is further configured to use the access right of the coarse-grained data service as a basic access right of the user.
In an embodiment, the obtaining module 20 is further configured to group the users and the data services respectively according to a preset user access right policy, so as to obtain an intersection relationship between the user group and the data service group;
the obtaining module 20 is further configured to determine, according to the intersection relationship, an access right of the user to the fine-grained data service;
the obtaining module 20 is further configured to use the access right of the fine-grained data service as a dimension access right of a user.
In an embodiment, the determining module 10 is further configured to obtain a corresponding relational database according to the information of the data to be accessed;
the determining module 10 is further configured to determine a data permission level according to the relational database.
In an embodiment, the determining module 10 is further configured to determine data to be ranked of a target vertical industry, and perform feature extraction on the data to be ranked to obtain feature extraction information of the data to be ranked;
the determining module 10 is further configured to perform grade division through a data grading model according to the feature extraction information to obtain a data grade of the data to be graded;
the determining module 10 is further configured to generate a relational database according to the data to be ranked and the data rank.
In an embodiment, the determining module 10 is further configured to, when receiving a data access request, determine whether the data access request meets a preset security request;
the determining module 10 is further configured to execute a step of determining information of data to be accessed and a data access identifier of a user according to the data access request when the data access request meets the preset security request.
In an embodiment, the determining module 10 is further configured to determine, when the data access request does not satisfy the preset security request, data information to be accessed according to the data access request;
the determining module 10 is further configured to determine a data permission level corresponding to the to-be-accessed data information;
the determining module 10 is further configured to determine a security protection policy corresponding to the data permission level according to a preset security policy, and intercept the data access request according to the security protection policy.
In an embodiment, the matching module 30 is further configured to compare the level value of the access permission level with the level value of the data permission level;
the matching module 30 is further configured to determine that the access permission level matches the data permission level when the level value of the access permission level is higher than or equal to the level value of the data permission level.
In an embodiment, the matching module 30 is further configured to determine that the access permission level does not match the data permission level and intercept the data access request when the level value of the access permission level is lower than the level value of the data permission level.
Other embodiments or specific implementation manners of the data access control apparatus according to the present invention may refer to the above-mentioned embodiments of the data access control method, and details are not described herein.
It should be understood that the above is only an example, and the technical solution of the present invention is not limited in any way, and in a specific application, a person skilled in the art may set the technical solution as needed, and the present invention is not limited thereto.
It should be noted that the above-described work flows are only exemplary, and do not limit the scope of the present invention, and in practical applications, a person skilled in the art may select some or all of them to achieve the purpose of the solution of the embodiment according to actual needs, and the present invention is not limited herein.
In addition, the technical details that are not described in detail in this embodiment may refer to the data access control method provided in any embodiment of the present invention, and are not described herein again.
Further, it is to be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g. Read Only Memory (ROM)/RAM, magnetic disk, optical disk), and includes several instructions for enabling a terminal device (e.g. a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
The invention discloses A1 and a data access control method, wherein the data access control method comprises the following steps:
when a data access request is received, determining to-be-accessed data information and a data access identifier of a user according to the data access request;
acquiring an access authority level corresponding to the data access identifier;
determining a data authority level corresponding to the data information to be accessed;
matching the access permission level with the data permission level;
and when the access authority level is matched with the data authority level, displaying the data information to be accessed.
A2, the data access control method of A1, wherein the step of determining the data information to be accessed and the data access identification of the user according to the data access request includes:
acquiring keyword information, user identity identification information and verification information from the data access request;
determining data information to be accessed according to the keyword information;
verifying the user identification information and the verification information;
and when the user identification information and the verification information pass verification, determining a data access identifier of the user according to the data access request.
A3, the data access control method of A2, wherein the step of determining the data access identity of the user according to the data access request comprises:
searching the basic attribute of the user according to the data access request;
and acquiring the authority associated data in the basic attribute, and determining the data access identifier of the user according to the authority associated data.
A4, the data access control method as in a1, wherein the step of obtaining the access permission level corresponding to the data access identifier comprises:
determining the basic access authority of the user according to the data access identifier;
determining the dimension access authority of the user according to a preset user access authority strategy;
determining an access authorization strategy of a user according to the basic access authority and the dimensionality access authority;
and determining the access authority level of the user based on the access authorization strategy.
A5, the data access control method of A4, wherein the step of determining the basic access right of the user according to the data access identification comprises:
acquiring user grading information through the data access identifier;
determining the access authority of the user to the coarse-grained data service by verifying the level matching relationship between the user grading information and the data service;
and taking the access authority of the coarse-grained data service as the basic access authority of the user.
A6, the data access control method according to A4, wherein the step of determining the dimension access right of the user according to the preset user access right policy comprises:
grouping users and data services respectively according to a preset user access authority strategy to obtain an intersection relation between a user group and a data service group;
determining the access authority of the user to the fine-grained data service according to the intersection relation;
and taking the access authority of the fine-grained data service as the dimension access authority of the user.
A7, as in any one of a1 to a6, the step of determining the data authority level corresponding to the to-be-accessed data information includes:
acquiring a corresponding relational database according to the information of the data to be accessed;
and determining the data authority level according to the relational database.
A8, the method for controlling data access as in a7, wherein before the step of obtaining the corresponding relational database according to the information of the data to be accessed, the method further comprises:
determining data to be classified of a target vertical industry, and performing feature extraction on the data to be classified to obtain feature extraction information of the data to be classified;
grading through a data grading model according to the feature extraction information to obtain the data grade of the data to be graded;
and generating a relational database according to the data to be graded and the data grade.
A9, the method for controlling data access as any one of a1 to A8, wherein the step of determining the data information to be accessed and the data access identifier of the user according to the data access request when the data access request is received comprises:
when a data access request is received, judging whether the data access request meets a preset safety request or not;
and when the data access request meets the preset safety request, determining the information of the data to be accessed and the data access identifier of the user according to the data access request.
A10, the data access control method as in a9, further comprising, after the step of determining whether the data access request satisfies a predetermined security request:
when the data access request does not meet the preset security request, determining information of data to be accessed according to the data access request;
determining a data authority level corresponding to the data information to be accessed;
and determining a security protection strategy corresponding to the data authority level according to a preset security strategy, and intercepting the data access request according to the security protection strategy.
A11, the method of any one of a1 to a10, wherein the step of matching the access permission level with the data permission level comprises:
comparing the level value of the access permission level with the level value of the data permission level;
determining that the access permission level matches the data permission level when the level value of the access permission level is higher than or equal to the level value of the data permission level.
A12, the data access control method as in a11, further comprising, after the step of comparing the level value of the access right level with the level value of the data right level:
and when the grade value of the access authority grade is lower than the grade value of the data authority grade, determining that the access authority grade is not matched with the data authority grade, and intercepting the data access request.
The invention also discloses B13, a data access control device, the data access control device includes:
the determining module is used for determining the information of the data to be accessed and the data access identifier of the user according to the data access request when the data access request is received;
the acquisition module is used for acquiring the access authority level corresponding to the data access identifier;
the determining module is further configured to determine a data permission level corresponding to the to-be-accessed data information;
the matching module is used for matching the access authority level with the data authority level;
and the display module is used for displaying the data information to be accessed when the access authority level is matched with the data authority level.
B14, the data access control device as described in B13, the determining module further configured to obtain keyword information, user identification information and verification information from the data access request;
the determining module is further configured to determine information of data to be accessed according to the keyword information;
the determining module is further configured to verify the user identification information and the verification information;
the determining module is further configured to determine a data access identifier of the user according to the data access request when the user identification information and the verification information are verified.
B15, the data access control device as described in B14, the determining module is further used for searching the basic attribute of the user according to the data access request;
the determining module is further configured to obtain the permission associated data in the basic attribute, and determine the data access identifier of the user according to the permission associated data.
B16, the data access control device as described in B13, the obtaining module is further used for determining the basic access right of the user according to the data access identification;
the acquisition module is also used for determining the dimension access authority of the user according to a preset user access authority strategy;
the acquisition module is further used for determining an access authorization strategy of the user according to the basic access authority and the dimension access authority;
the obtaining module is further configured to determine an access permission level of the user based on the access authorization policy.
B17, the data access control device as described in B16, the obtaining module is further used for obtaining user rating information through the data access identification;
the acquisition module is also used for determining the access authority of the user to the coarse-grained data service by verifying the level matching relationship between the user grading information and the data service;
the obtaining module is further configured to use the access right of the coarse-grained data service as a basic access right of the user.
The B18, the data access control apparatus as described in B16, the obtaining module is further configured to group users and data services respectively according to a preset user access right policy, so as to obtain an intersection relationship between a user group and a data service group;
the acquisition module is further used for determining the access authority of the user to the fine-grained data service according to the intersection relation;
the obtaining module is further configured to use the access right of the fine-grained data service as a dimension access right of a user.
C19, a data access control device, the data access control device comprising: a memory, a processor and a data access control program stored on the memory and executable on the processor, the data access control program being configured with steps implementing a data access control method as described above.
D20, a storage medium having stored thereon a data access control program which, when executed by a processor, implements the steps of a data access control method as described above.

Claims (10)

1. A data access control method, characterized in that the data access control method comprises:
when a data access request is received, determining to-be-accessed data information and a data access identifier of a user according to the data access request;
acquiring an access authority level corresponding to the data access identifier;
determining a data authority level corresponding to the data information to be accessed;
matching the access permission level with the data permission level;
and when the access authority level is matched with the data authority level, displaying the data information to be accessed.
2. The data access control method of claim 1, wherein the step of determining the data information to be accessed and the data access identifier of the user according to the data access request comprises:
acquiring keyword information, user identity identification information and verification information from the data access request;
determining data information to be accessed according to the keyword information;
verifying the user identification information and the verification information;
and when the user identification information and the verification information pass verification, determining a data access identifier of the user according to the data access request.
3. The data access control method of claim 2, wherein the step of determining a data access identification of the user based on the data access request comprises:
searching the basic attribute of the user according to the data access request;
and acquiring the authority associated data in the basic attribute, and determining the data access identifier of the user according to the authority associated data.
4. The data access control method of claim 1, wherein the step of obtaining the access permission level corresponding to the data access identifier comprises:
determining the basic access authority of the user according to the data access identifier;
determining the dimension access authority of the user according to a preset user access authority strategy;
determining an access authorization strategy of a user according to the basic access authority and the dimensionality access authority;
and determining the access authority level of the user based on the access authorization strategy.
5. The data access control method of claim 4, wherein the step of determining the basic access rights of the user based on the data access identification comprises:
acquiring user grading information through the data access identifier;
determining the access authority of the user to the coarse-grained data service by verifying the level matching relationship between the user grading information and the data service;
and taking the access authority of the coarse-grained data service as the basic access authority of the user.
6. The data access control method of claim 4, wherein the step of determining the dimension access right of the user according to the preset user access right policy comprises:
grouping users and data services respectively according to a preset user access authority strategy to obtain an intersection relation between a user group and a data service group;
determining the access authority of the user to the fine-grained data service according to the intersection relation;
and taking the access authority of the fine-grained data service as the dimension access authority of the user.
7. The data access control method according to any one of claims 1 to 6, wherein the step of determining the data authority level corresponding to the data information to be accessed comprises:
acquiring a corresponding relational database according to the information of the data to be accessed;
and determining the data authority level according to the relational database.
8. A data access control device, characterized in that the data access control device comprises:
the determining module is used for determining the information of the data to be accessed and the data access identifier of the user according to the data access request when the data access request is received;
the acquisition module is used for acquiring the access authority level corresponding to the data access identifier;
the determining module is further configured to determine a data permission level corresponding to the to-be-accessed data information;
the matching module is used for matching the access authority level with the data authority level;
and the display module is used for displaying the data information to be accessed when the access authority level is matched with the data authority level.
9. A data access control device characterized in that the data access control device comprises: memory, a processor and a data access control program stored on the memory and executable on the processor, the data access control program being configured with steps to implement a data access control method according to any one of claims 1 to 7.
10. A storage medium having stored thereon a data access control program which, when executed by a processor, implements the steps of the data access control method of any one of claims 1 to 7.
CN202011175329.3A 2020-10-28 2020-10-28 Data access control method, device, equipment and storage medium Withdrawn CN112328982A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011175329.3A CN112328982A (en) 2020-10-28 2020-10-28 Data access control method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011175329.3A CN112328982A (en) 2020-10-28 2020-10-28 Data access control method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112328982A true CN112328982A (en) 2021-02-05

Family

ID=74296255

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011175329.3A Withdrawn CN112328982A (en) 2020-10-28 2020-10-28 Data access control method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112328982A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109978094A (en) * 2019-03-28 2019-07-05 尤尼泰克(嘉兴)信息技术有限公司 A kind of information graduation rendering method and device based on two dimensional code
CN113411297A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 Situation awareness defense method and system based on attribute access control
CN114244583A (en) * 2021-11-30 2022-03-25 珠海大横琴科技发展有限公司 Data processing method and device based on mobile client
CN115103456A (en) * 2022-04-28 2022-09-23 成都交投智慧停车产业发展有限公司 PDA intelligent docking method and intelligent docking system
CN115658799A (en) * 2022-10-18 2023-01-31 日本电产(韶关)有限公司 Production data display method and system
WO2023029414A1 (en) * 2021-08-30 2023-03-09 华为云计算技术有限公司 Data analysis method and apparatus
CN116522369A (en) * 2023-07-03 2023-08-01 湖南马栏山视频先进技术研究院有限公司 Data protection method and data fence system

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109978094A (en) * 2019-03-28 2019-07-05 尤尼泰克(嘉兴)信息技术有限公司 A kind of information graduation rendering method and device based on two dimensional code
CN113411297A (en) * 2021-05-07 2021-09-17 上海纽盾科技股份有限公司 Situation awareness defense method and system based on attribute access control
WO2023029414A1 (en) * 2021-08-30 2023-03-09 华为云计算技术有限公司 Data analysis method and apparatus
CN114244583A (en) * 2021-11-30 2022-03-25 珠海大横琴科技发展有限公司 Data processing method and device based on mobile client
CN115103456A (en) * 2022-04-28 2022-09-23 成都交投智慧停车产业发展有限公司 PDA intelligent docking method and intelligent docking system
CN115103456B (en) * 2022-04-28 2023-08-18 成都交投智慧停车产业发展有限公司 PDA intelligent docking method and intelligent docking system
CN115658799A (en) * 2022-10-18 2023-01-31 日本电产(韶关)有限公司 Production data display method and system
CN115658799B (en) * 2022-10-18 2023-08-15 尼得科电机(韶关)有限公司 Production data display method and system
CN116522369A (en) * 2023-07-03 2023-08-01 湖南马栏山视频先进技术研究院有限公司 Data protection method and data fence system
CN116522369B (en) * 2023-07-03 2023-09-19 湖南马栏山视频先进技术研究院有限公司 Data protection method and data fence system

Similar Documents

Publication Publication Date Title
CN112328982A (en) Data access control method, device, equipment and storage medium
CN107403106B (en) Database fine-grained access control method based on terminal user
KR102514325B1 (en) Model training system and method, storage medium
CN108122109B (en) Electronic credential identity management method and device
CN108243175B (en) Access control method and device based on bucket policy
JP5707250B2 (en) Database access management system, method, and program
CN110851872B (en) Risk assessment method and device for private data leakage
CN111625809B (en) Data authorization method and device, electronic equipment and storage medium
CN109992986B (en) Desensitization processing method and device for sensitive data
US20210103649A1 (en) Project-based permission system
CN107194272A (en) Database-access rights application method and device
CN113468576B (en) Role-based data security access method and device
KR20110022104A (en) System and method for securing dbms with data obfuscation
CN114422197A (en) Permission access control method and system based on policy management
CN114372098A (en) Platform and method for protecting and mining power data middling station private data based on privileged account management
WO2020220881A1 (en) Method, apparatus and device for auditing operation code, and computer-readable storage medium
CN109670339B (en) Ontology-based privacy protection-oriented access control method and device
CN114205118B (en) Data access control analysis method based on data security method category
JP4723930B2 (en) Compound access authorization method and apparatus
Prasetyo et al. Development of project document management system based on data governance with DAMA International framework
CN114238273A (en) Database management method, device, equipment and storage medium
CN115935328A (en) Resource access control method, device, equipment and storage medium
CN114493901A (en) Data access application processing method and device, computer equipment and storage medium
CN110717192B (en) Big data security oriented access control method based on Key-Value accelerator
El Ouazzani et al. Dynamic management of data warehouse security levels based on user profiles

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210205

WW01 Invention patent application withdrawn after publication