CN112632103A - Data fine-grained management and control method - Google Patents

Data fine-grained management and control method Download PDF

Info

Publication number
CN112632103A
CN112632103A CN202011539278.8A CN202011539278A CN112632103A CN 112632103 A CN112632103 A CN 112632103A CN 202011539278 A CN202011539278 A CN 202011539278A CN 112632103 A CN112632103 A CN 112632103A
Authority
CN
China
Prior art keywords
data
administrator
words
visitor
fine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011539278.8A
Other languages
Chinese (zh)
Inventor
李朋林
朱静熹
盛俊杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Tongtai Information Technology Co ltd
Original Assignee
Shanghai Tongtai Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Tongtai Information Technology Co ltd filed Critical Shanghai Tongtai Information Technology Co ltd
Priority to CN202011539278.8A priority Critical patent/CN112632103A/en
Publication of CN112632103A publication Critical patent/CN112632103A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/243Natural language query formulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/28Databases characterised by their database models, e.g. relational or object models
    • G06F16/284Relational databases
    • G06F16/285Clustering or classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Abstract

The invention belongs to the technical field of data management and control, in particular to a data fine-grained management and control method, which aims at solving the problems that the existing data management and control is inconvenient for classified management and data viewing information record storage cannot be realized at the same time, the following scheme is proposed and comprises the following steps: s1: setting administrator authority and visitor authority; s2: logging in a network database; s3: inputting or viewing data; s4: classifying, storing and deleting the data; s5: setting high-sensitivity words, sensitive words and conventional words; s6: setting deeper one-level encryption for sensitive words and highly sensitive words; s7: if the login is confirmed, the user can check. The invention can classify and encrypt the data, increases the data security, limits the visit of the visitor to the data, designs sensitive or highly sensitive words to be authenticated, strengthens the data security control, and simultaneously can store and classify the visitor information for the convenience of checking by the administrator.

Description

Data fine-grained management and control method
Technical Field
The invention relates to the technical field of data management and control, in particular to a data fine-grained management and control method.
Background
The method is characterized in that a fine-grained model is a popular way that objects in a business model are subdivided to obtain a more scientific and reasonable object model, a plurality of objects are visually divided, granularity is a database noun, granularity in the field of computers refers to the minimum value of system memory expansion increment, the granularity problem is the most important aspect of designing a data warehouse, and the granularity refers to the level of the refinement or comprehensive degree of data stored in a data unit of the data warehouse. The higher the refinement degree is, the smaller the granularity level is; conversely, the lower the degree of refinement, the larger the granularity level. The granularity of data is a design problem, and granularity operation is an emerging Information processing operation model, which relates to the processing of complex Information entities (i.e. Information particles), includes the abstraction of data and the process of deriving knowledge from Information. Generally, information particles are usually a set of entities on a numerical level, which are integrated by similarity, functional proximity, indistinguishability, and consistency.
The existing data management and control is not convenient for classification management, and meanwhile, data can not be checked, recorded and stored.
Disclosure of Invention
The invention aims to solve the defects that the existing data management and control is inconvenient to classify and manage and data viewing information record storage cannot be realized at the same time, and provides a data fine-grained management and control method.
In order to achieve the purpose, the invention adopts the following technical scheme:
a data fine-grained management and control method comprises the following steps:
s1: setting administrator authority and visitor authority;
s2: logging in a network database;
s3: inputting or viewing data;
s4: classifying, storing and deleting the data;
s5: setting high-sensitivity words, sensitive words and conventional words;
s6: setting deeper one-level encryption for sensitive words and highly sensitive words;
s7: if the login is confirmed, the user can check; if the login can not be confirmed, prompting to quit, and simultaneously storing login information;
s8: the administrator can automatically pop up visitor information when logging in next time.
Preferably, in S3, the administrator can re-edit and input the database after logging in the web database, and the visitor can only check the database by logging in the web database.
Preferably, the input data is classified according to different types in S4, and is stored in different files, and the unsafe or unhealthy data material is deleted.
Preferably, the classification mode includes data information size, data industry and data year.
Preferably, in S5 and S6, the high-sensitivity vocabulary, the sensitive vocabulary and the regular vocabulary are set in the data, the first-level encryption is set for the sensitive vocabulary, and the second-level encryption is set for the high-sensitivity vocabulary.
Preferably, in S7, the encrypted file can be checked if the login is correct, and exits if the login is not correct, and the visitor information is saved, and if the login is not successful for multiple times, the system not only saves the visitor information, but also notifies the administrator of checking in a short message manner.
Preferably, the administrator logs in the network database in S8 to automatically pop up the last visitor information and arrange the last visitor information according to time.
Preferably, the last visitor information is popped up when the visitor information is successfully or unsuccessfully accessed, so that the visitor information can be conveniently checked by an administrator, and meanwhile, the visitor information can be manually or automatically deleted or stored by the administrator.
Compared with the prior art, the invention has the advantages that:
(1) the scheme can classify the data and encrypt the data in a classified manner, so that the data security is improved;
(2) can restrict the visitor to the visit of data, design sensitive or highly sensitive vocabulary needs authenticate, strengthen data security management and control, can save the categorised range with visitor's information simultaneously, makes things convenient for the administrator to look over.
Drawings
Fig. 1 is a schematic structural diagram of a fine-grained data management and control method provided by the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Example one
Referring to fig. 1, a data fine-grained management and control method includes the following steps:
s1: setting administrator authority and visitor authority;
s2: logging in a network database;
s3: inputting or viewing data;
s4: classifying, storing and deleting the data;
s5: setting high-sensitivity words, sensitive words and conventional words;
s6: setting deeper one-level encryption for sensitive words and highly sensitive words;
s7: if the login is confirmed, the user can check; if the login can not be confirmed, prompting to quit, and simultaneously storing login information;
s8: the administrator can automatically pop up visitor information when logging in next time.
In this embodiment, in S3, the administrator can re-edit and input the database after logging in the network database, and the visitor can only check the database when logging in the network database.
In this embodiment, in S4, the input data is classified according to different types, and stored in different files, and the unsafe or unhealthy data is deleted.
In this embodiment, the classification mode includes data information size, data industry, and data year.
In this embodiment, in S5 and S6, the high-sensitivity vocabulary, the sensitive vocabulary, and the normal vocabulary are set in the data, the first-level encryption is set for the sensitive vocabulary, and the second-level encryption is set for the high-sensitivity vocabulary.
In this embodiment, the encrypted file in S7 can be checked if the login is correct, and if the login is not correct, the encrypted file is exited and the visitor information is saved, and if the login is not successful for many times, the system not only saves the visitor information, but also notifies the administrator of checking in a short message manner.
In this embodiment, when the administrator logs in the network database in S8, the last visitor information may be automatically popped up, and the last visitor information may be arranged according to time.
In the embodiment, last-time visitor information is popped up when the visitor succeeds or fails in access, so that the visitor information can be conveniently checked by an administrator, and meanwhile, the visitor information can be manually or automatically deleted or stored by the administrator.
Example two
Referring to fig. 1, a data fine-grained management and control method includes the following steps:
s1: setting administrator authority and visitor authority;
s2: logging in a network database;
s3: inputting or viewing data;
s4: classifying, storing and deleting the data;
s5: setting high-sensitivity words, sensitive words and conventional words;
s6: setting deeper one-level encryption for sensitive words and highly sensitive words;
s7: if the login is confirmed, the user can check; if the login can not be confirmed, prompting to quit, and simultaneously storing login information;
s8: the administrator can automatically pop up visitor information when logging in next time.
In this embodiment, in S3, the administrator can re-edit and input the database after logging in the network database, and the visitor can only check the database when logging in the network database.
In this embodiment, in S4, the input data is classified according to different types, and stored in different files, and the unsafe or unhealthy data is deleted.
In this embodiment, the classification manner includes data information size, data industry, data year, encryption of data according to the data division result, identity authentication, access control, security audit, tracking, and allocation of corresponding security protection tools for forensics, and performs security protection.
In this embodiment, in S5 and S6, the high-sensitivity vocabulary, the sensitive vocabulary, and the normal vocabulary are set in the data, the first-level encryption is set for the sensitive vocabulary, and the second-level encryption is set for the high-sensitivity vocabulary.
In this embodiment, in S7, if the encrypted file is correctly logged in, the encrypted file can be checked, if the encrypted file is not correctly logged in, the encrypted file is logged out, and the information of the visitor is stored, if the encrypted file is not correctly logged in, the system not only stores the information of the visitor, but also notifies the administrator to check in a short message manner, and the database protection server determines whether the access request contains an illegal access through a mirrored flow analysis statement; if the illegal access is not contained and the accessed data column is public data, returning access request data; if the illegal access is not contained and the accessed data column is high sensitive data, sensitive data or internal data, a secret value corresponding to the high sensitive data, the sensitive data or the internal data is sent to the visitor, the database protection server generates a decryption key of the data column according to the secret value and a corresponding column key, decrypts the corresponding data column in the database server by using the decryption key, and returns access request data.
In this embodiment, when the administrator logs in the network database in S8, the last visitor information may be automatically popped up, and arranged according to time, log information generated by the visitor is collected, and normalized, so as to establish a secure view of the life cycle of the data.
In the embodiment, last-time visitor information is popped up when the visitor succeeds or fails in access, so that the visitor information can be conveniently checked by an administrator, and meanwhile, the visitor information can be manually or automatically deleted or stored by the administrator.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (8)

1. A data fine-grained management and control method is characterized by comprising the following steps:
s1: setting administrator authority and visitor authority;
s2: logging in a network database;
s3: inputting or viewing data;
s4: classifying, storing and deleting the data;
s5: setting high-sensitivity words, sensitive words and conventional words;
s6: setting deeper one-level encryption for sensitive words and highly sensitive words;
s7: if the login is confirmed, the user can check; if the login can not be confirmed, prompting to quit, and simultaneously storing login information;
s8: the administrator can automatically pop up visitor information when logging in next time.
2. The method for fine-grained data control according to claim 1, wherein in S3, after logging in the web database, the administrator can re-edit and input the database, and the visitor can only check the database by logging in the web database.
3. The method for fine-grained data management and control according to claim 1, wherein in S4, the input data are classified according to different types, stored in different files, and deleted for unsafe or unhealthy data.
4. The method for managing and controlling the fine granularity of the data according to claim 3, wherein the classification mode comprises data information size, data industry and data year.
5. The method for fine-grained management and control of data according to claim 1, wherein in the steps S5 and S6, highly sensitive words, sensitive words and regular words are set in the data, a first-level encryption is set for the sensitive words, and a second-level encryption is set for the highly sensitive words.
6. The method for fine-grained data management and control according to claim 1, wherein in S7, the encrypted file can be checked if it is logged in correctly, and if it is not logged in correctly, the encrypted file is logged out, and the visitor information is saved, and if it is not logged in successfully for many times, the system not only saves the visitor information, but also notifies the administrator of checking in a short message manner.
7. The method for fine-grained management and control of data according to claim 1, wherein in S8, when logging in the network database, the administrator can automatically pop up the last visitor information and arrange the last visitor information according to time.
8. The method for fine-grained management and control of data according to claim 7, wherein the last visitor information, access success or failure, pops up to facilitate the view of an administrator, and the administrator can delete or save the visitor information manually or automatically.
CN202011539278.8A 2020-12-23 2020-12-23 Data fine-grained management and control method Pending CN112632103A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011539278.8A CN112632103A (en) 2020-12-23 2020-12-23 Data fine-grained management and control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011539278.8A CN112632103A (en) 2020-12-23 2020-12-23 Data fine-grained management and control method

Publications (1)

Publication Number Publication Date
CN112632103A true CN112632103A (en) 2021-04-09

Family

ID=75321672

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011539278.8A Pending CN112632103A (en) 2020-12-23 2020-12-23 Data fine-grained management and control method

Country Status (1)

Country Link
CN (1) CN112632103A (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070294539A1 (en) * 2006-01-27 2007-12-20 Imperva, Inc. Method and system for transparently encrypting sensitive information
US20150026462A1 (en) * 2013-03-15 2015-01-22 Dataguise, Inc. Method and system for access-controlled decryption in big data stores
CN104780175A (en) * 2015-04-24 2015-07-15 广东电网有限责任公司信息中心 Hierarchical classification access authorization management method based on roles
CN104809405A (en) * 2015-04-24 2015-07-29 广东电网有限责任公司信息中心 Structural data asset leakage prevention method based on hierarchical classification
CN105991411A (en) * 2015-02-13 2016-10-05 深圳积友聚乐科技有限公司 Social method and social network system
CN106778325A (en) * 2016-11-24 2017-05-31 杭州领点科技有限公司 A kind of information privacy system and its operating method
CN109005161A (en) * 2018-07-18 2018-12-14 安徽云图信息技术有限公司 A kind of data safety monitoring system and its access monitoring method
CN110119629A (en) * 2019-04-19 2019-08-13 国家电网有限公司 Private data management and data safety unified platform
US10817619B1 (en) * 2017-12-05 2020-10-27 Jagannadha babu Kolli Method and system for securing data stored in a cloud-based software system
CN111967024A (en) * 2020-07-10 2020-11-20 苏州浪潮智能科技有限公司 File sensitive data protection method and device

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070294539A1 (en) * 2006-01-27 2007-12-20 Imperva, Inc. Method and system for transparently encrypting sensitive information
US20150026462A1 (en) * 2013-03-15 2015-01-22 Dataguise, Inc. Method and system for access-controlled decryption in big data stores
CN105991411A (en) * 2015-02-13 2016-10-05 深圳积友聚乐科技有限公司 Social method and social network system
CN104780175A (en) * 2015-04-24 2015-07-15 广东电网有限责任公司信息中心 Hierarchical classification access authorization management method based on roles
CN104809405A (en) * 2015-04-24 2015-07-29 广东电网有限责任公司信息中心 Structural data asset leakage prevention method based on hierarchical classification
CN106778325A (en) * 2016-11-24 2017-05-31 杭州领点科技有限公司 A kind of information privacy system and its operating method
US10817619B1 (en) * 2017-12-05 2020-10-27 Jagannadha babu Kolli Method and system for securing data stored in a cloud-based software system
CN109005161A (en) * 2018-07-18 2018-12-14 安徽云图信息技术有限公司 A kind of data safety monitoring system and its access monitoring method
CN110119629A (en) * 2019-04-19 2019-08-13 国家电网有限公司 Private data management and data safety unified platform
CN111967024A (en) * 2020-07-10 2020-11-20 苏州浪潮智能科技有限公司 File sensitive data protection method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李自清;: "基于网络的数据库敏感数据加密模型研究", 计算机测量与控制, no. 05 *
杨永群;黄勤龙;刘越毅;: "基于分类的应用数据安全管控平台研究与实现", 网络空间安全, no. 5 *

Similar Documents

Publication Publication Date Title
US10171239B2 (en) Single use recovery key
US20190012440A1 (en) Security Device, Methods, and Systems for Continuous Authentication
US20200193067A1 (en) Event-based display information protection system
CN101310286B (en) Improved single sign on
US8601531B1 (en) System authorization based upon content sensitivity
JP3748155B2 (en) File management system with falsification prevention / detection function
US8176060B2 (en) Online tool for registering media
JP2020053091A (en) Individual number management device, individual number management method, and individual number management program
Vieira et al. Towards a security benchmark for database management systems
CN113132311B (en) Abnormal access detection method, device and equipment
US20210133079A1 (en) Validation of log files using blockchain system
CN107665316A (en) A kind of computer BIOS design method based on certification and credible measurement
US10313371B2 (en) System and method for controlling and monitoring access to data processing applications
CN112084474A (en) Enterprise archive management method, system, storage medium and electronic equipment
US11425143B2 (en) Sleeper keys
US11429714B2 (en) Centralized privacy management system for automatic monitoring and handling of personal data across data system platforms
US20120089849A1 (en) Cookie management system and method
JP4723930B2 (en) Compound access authorization method and apparatus
US10003464B1 (en) Biometric identification system and associated methods
CN112632103A (en) Data fine-grained management and control method
CN111199049A (en) File authority management method and device
KR102310912B1 (en) Biometric Identification System and its operating method
US20220255962A1 (en) Systems and methods for creation, management, and storage of honeyrecords
US8627072B1 (en) Method and system for controlling access to data
CN113343257A (en) Computer software protection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination