CN112632103A - Data fine-grained management and control method - Google Patents
Data fine-grained management and control method Download PDFInfo
- Publication number
- CN112632103A CN112632103A CN202011539278.8A CN202011539278A CN112632103A CN 112632103 A CN112632103 A CN 112632103A CN 202011539278 A CN202011539278 A CN 202011539278A CN 112632103 A CN112632103 A CN 112632103A
- Authority
- CN
- China
- Prior art keywords
- data
- administrator
- words
- visitor
- fine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000007726 management method Methods 0.000 claims abstract description 14
- 238000013523 data management Methods 0.000 claims abstract description 8
- 239000002245 particle Substances 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/243—Natural language query formulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
- G06F16/285—Clustering or classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Mathematical Physics (AREA)
- Medical Informatics (AREA)
- Artificial Intelligence (AREA)
- Computational Linguistics (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of data management and control, in particular to a data fine-grained management and control method, which aims at solving the problems that the existing data management and control is inconvenient for classified management and data viewing information record storage cannot be realized at the same time, the following scheme is proposed and comprises the following steps: s1: setting administrator authority and visitor authority; s2: logging in a network database; s3: inputting or viewing data; s4: classifying, storing and deleting the data; s5: setting high-sensitivity words, sensitive words and conventional words; s6: setting deeper one-level encryption for sensitive words and highly sensitive words; s7: if the login is confirmed, the user can check. The invention can classify and encrypt the data, increases the data security, limits the visit of the visitor to the data, designs sensitive or highly sensitive words to be authenticated, strengthens the data security control, and simultaneously can store and classify the visitor information for the convenience of checking by the administrator.
Description
Technical Field
The invention relates to the technical field of data management and control, in particular to a data fine-grained management and control method.
Background
The method is characterized in that a fine-grained model is a popular way that objects in a business model are subdivided to obtain a more scientific and reasonable object model, a plurality of objects are visually divided, granularity is a database noun, granularity in the field of computers refers to the minimum value of system memory expansion increment, the granularity problem is the most important aspect of designing a data warehouse, and the granularity refers to the level of the refinement or comprehensive degree of data stored in a data unit of the data warehouse. The higher the refinement degree is, the smaller the granularity level is; conversely, the lower the degree of refinement, the larger the granularity level. The granularity of data is a design problem, and granularity operation is an emerging Information processing operation model, which relates to the processing of complex Information entities (i.e. Information particles), includes the abstraction of data and the process of deriving knowledge from Information. Generally, information particles are usually a set of entities on a numerical level, which are integrated by similarity, functional proximity, indistinguishability, and consistency.
The existing data management and control is not convenient for classification management, and meanwhile, data can not be checked, recorded and stored.
Disclosure of Invention
The invention aims to solve the defects that the existing data management and control is inconvenient to classify and manage and data viewing information record storage cannot be realized at the same time, and provides a data fine-grained management and control method.
In order to achieve the purpose, the invention adopts the following technical scheme:
a data fine-grained management and control method comprises the following steps:
s1: setting administrator authority and visitor authority;
s2: logging in a network database;
s3: inputting or viewing data;
s4: classifying, storing and deleting the data;
s5: setting high-sensitivity words, sensitive words and conventional words;
s6: setting deeper one-level encryption for sensitive words and highly sensitive words;
s7: if the login is confirmed, the user can check; if the login can not be confirmed, prompting to quit, and simultaneously storing login information;
s8: the administrator can automatically pop up visitor information when logging in next time.
Preferably, in S3, the administrator can re-edit and input the database after logging in the web database, and the visitor can only check the database by logging in the web database.
Preferably, the input data is classified according to different types in S4, and is stored in different files, and the unsafe or unhealthy data material is deleted.
Preferably, the classification mode includes data information size, data industry and data year.
Preferably, in S5 and S6, the high-sensitivity vocabulary, the sensitive vocabulary and the regular vocabulary are set in the data, the first-level encryption is set for the sensitive vocabulary, and the second-level encryption is set for the high-sensitivity vocabulary.
Preferably, in S7, the encrypted file can be checked if the login is correct, and exits if the login is not correct, and the visitor information is saved, and if the login is not successful for multiple times, the system not only saves the visitor information, but also notifies the administrator of checking in a short message manner.
Preferably, the administrator logs in the network database in S8 to automatically pop up the last visitor information and arrange the last visitor information according to time.
Preferably, the last visitor information is popped up when the visitor information is successfully or unsuccessfully accessed, so that the visitor information can be conveniently checked by an administrator, and meanwhile, the visitor information can be manually or automatically deleted or stored by the administrator.
Compared with the prior art, the invention has the advantages that:
(1) the scheme can classify the data and encrypt the data in a classified manner, so that the data security is improved;
(2) can restrict the visitor to the visit of data, design sensitive or highly sensitive vocabulary needs authenticate, strengthen data security management and control, can save the categorised range with visitor's information simultaneously, makes things convenient for the administrator to look over.
Drawings
Fig. 1 is a schematic structural diagram of a fine-grained data management and control method provided by the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Example one
Referring to fig. 1, a data fine-grained management and control method includes the following steps:
s1: setting administrator authority and visitor authority;
s2: logging in a network database;
s3: inputting or viewing data;
s4: classifying, storing and deleting the data;
s5: setting high-sensitivity words, sensitive words and conventional words;
s6: setting deeper one-level encryption for sensitive words and highly sensitive words;
s7: if the login is confirmed, the user can check; if the login can not be confirmed, prompting to quit, and simultaneously storing login information;
s8: the administrator can automatically pop up visitor information when logging in next time.
In this embodiment, in S3, the administrator can re-edit and input the database after logging in the network database, and the visitor can only check the database when logging in the network database.
In this embodiment, in S4, the input data is classified according to different types, and stored in different files, and the unsafe or unhealthy data is deleted.
In this embodiment, the classification mode includes data information size, data industry, and data year.
In this embodiment, in S5 and S6, the high-sensitivity vocabulary, the sensitive vocabulary, and the normal vocabulary are set in the data, the first-level encryption is set for the sensitive vocabulary, and the second-level encryption is set for the high-sensitivity vocabulary.
In this embodiment, the encrypted file in S7 can be checked if the login is correct, and if the login is not correct, the encrypted file is exited and the visitor information is saved, and if the login is not successful for many times, the system not only saves the visitor information, but also notifies the administrator of checking in a short message manner.
In this embodiment, when the administrator logs in the network database in S8, the last visitor information may be automatically popped up, and the last visitor information may be arranged according to time.
In the embodiment, last-time visitor information is popped up when the visitor succeeds or fails in access, so that the visitor information can be conveniently checked by an administrator, and meanwhile, the visitor information can be manually or automatically deleted or stored by the administrator.
Example two
Referring to fig. 1, a data fine-grained management and control method includes the following steps:
s1: setting administrator authority and visitor authority;
s2: logging in a network database;
s3: inputting or viewing data;
s4: classifying, storing and deleting the data;
s5: setting high-sensitivity words, sensitive words and conventional words;
s6: setting deeper one-level encryption for sensitive words and highly sensitive words;
s7: if the login is confirmed, the user can check; if the login can not be confirmed, prompting to quit, and simultaneously storing login information;
s8: the administrator can automatically pop up visitor information when logging in next time.
In this embodiment, in S3, the administrator can re-edit and input the database after logging in the network database, and the visitor can only check the database when logging in the network database.
In this embodiment, in S4, the input data is classified according to different types, and stored in different files, and the unsafe or unhealthy data is deleted.
In this embodiment, the classification manner includes data information size, data industry, data year, encryption of data according to the data division result, identity authentication, access control, security audit, tracking, and allocation of corresponding security protection tools for forensics, and performs security protection.
In this embodiment, in S5 and S6, the high-sensitivity vocabulary, the sensitive vocabulary, and the normal vocabulary are set in the data, the first-level encryption is set for the sensitive vocabulary, and the second-level encryption is set for the high-sensitivity vocabulary.
In this embodiment, in S7, if the encrypted file is correctly logged in, the encrypted file can be checked, if the encrypted file is not correctly logged in, the encrypted file is logged out, and the information of the visitor is stored, if the encrypted file is not correctly logged in, the system not only stores the information of the visitor, but also notifies the administrator to check in a short message manner, and the database protection server determines whether the access request contains an illegal access through a mirrored flow analysis statement; if the illegal access is not contained and the accessed data column is public data, returning access request data; if the illegal access is not contained and the accessed data column is high sensitive data, sensitive data or internal data, a secret value corresponding to the high sensitive data, the sensitive data or the internal data is sent to the visitor, the database protection server generates a decryption key of the data column according to the secret value and a corresponding column key, decrypts the corresponding data column in the database server by using the decryption key, and returns access request data.
In this embodiment, when the administrator logs in the network database in S8, the last visitor information may be automatically popped up, and arranged according to time, log information generated by the visitor is collected, and normalized, so as to establish a secure view of the life cycle of the data.
In the embodiment, last-time visitor information is popped up when the visitor succeeds or fails in access, so that the visitor information can be conveniently checked by an administrator, and meanwhile, the visitor information can be manually or automatically deleted or stored by the administrator.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (8)
1. A data fine-grained management and control method is characterized by comprising the following steps:
s1: setting administrator authority and visitor authority;
s2: logging in a network database;
s3: inputting or viewing data;
s4: classifying, storing and deleting the data;
s5: setting high-sensitivity words, sensitive words and conventional words;
s6: setting deeper one-level encryption for sensitive words and highly sensitive words;
s7: if the login is confirmed, the user can check; if the login can not be confirmed, prompting to quit, and simultaneously storing login information;
s8: the administrator can automatically pop up visitor information when logging in next time.
2. The method for fine-grained data control according to claim 1, wherein in S3, after logging in the web database, the administrator can re-edit and input the database, and the visitor can only check the database by logging in the web database.
3. The method for fine-grained data management and control according to claim 1, wherein in S4, the input data are classified according to different types, stored in different files, and deleted for unsafe or unhealthy data.
4. The method for managing and controlling the fine granularity of the data according to claim 3, wherein the classification mode comprises data information size, data industry and data year.
5. The method for fine-grained management and control of data according to claim 1, wherein in the steps S5 and S6, highly sensitive words, sensitive words and regular words are set in the data, a first-level encryption is set for the sensitive words, and a second-level encryption is set for the highly sensitive words.
6. The method for fine-grained data management and control according to claim 1, wherein in S7, the encrypted file can be checked if it is logged in correctly, and if it is not logged in correctly, the encrypted file is logged out, and the visitor information is saved, and if it is not logged in successfully for many times, the system not only saves the visitor information, but also notifies the administrator of checking in a short message manner.
7. The method for fine-grained management and control of data according to claim 1, wherein in S8, when logging in the network database, the administrator can automatically pop up the last visitor information and arrange the last visitor information according to time.
8. The method for fine-grained management and control of data according to claim 7, wherein the last visitor information, access success or failure, pops up to facilitate the view of an administrator, and the administrator can delete or save the visitor information manually or automatically.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011539278.8A CN112632103A (en) | 2020-12-23 | 2020-12-23 | Data fine-grained management and control method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011539278.8A CN112632103A (en) | 2020-12-23 | 2020-12-23 | Data fine-grained management and control method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112632103A true CN112632103A (en) | 2021-04-09 |
Family
ID=75321672
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011539278.8A Pending CN112632103A (en) | 2020-12-23 | 2020-12-23 | Data fine-grained management and control method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112632103A (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070294539A1 (en) * | 2006-01-27 | 2007-12-20 | Imperva, Inc. | Method and system for transparently encrypting sensitive information |
US20150026462A1 (en) * | 2013-03-15 | 2015-01-22 | Dataguise, Inc. | Method and system for access-controlled decryption in big data stores |
CN104780175A (en) * | 2015-04-24 | 2015-07-15 | 广东电网有限责任公司信息中心 | Hierarchical classification access authorization management method based on roles |
CN104809405A (en) * | 2015-04-24 | 2015-07-29 | 广东电网有限责任公司信息中心 | Structural data asset leakage prevention method based on hierarchical classification |
CN105991411A (en) * | 2015-02-13 | 2016-10-05 | 深圳积友聚乐科技有限公司 | Social method and social network system |
CN106778325A (en) * | 2016-11-24 | 2017-05-31 | 杭州领点科技有限公司 | A kind of information privacy system and its operating method |
CN109005161A (en) * | 2018-07-18 | 2018-12-14 | 安徽云图信息技术有限公司 | A kind of data safety monitoring system and its access monitoring method |
CN110119629A (en) * | 2019-04-19 | 2019-08-13 | 国家电网有限公司 | Private data management and data safety unified platform |
US10817619B1 (en) * | 2017-12-05 | 2020-10-27 | Jagannadha babu Kolli | Method and system for securing data stored in a cloud-based software system |
CN111967024A (en) * | 2020-07-10 | 2020-11-20 | 苏州浪潮智能科技有限公司 | File sensitive data protection method and device |
-
2020
- 2020-12-23 CN CN202011539278.8A patent/CN112632103A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070294539A1 (en) * | 2006-01-27 | 2007-12-20 | Imperva, Inc. | Method and system for transparently encrypting sensitive information |
US20150026462A1 (en) * | 2013-03-15 | 2015-01-22 | Dataguise, Inc. | Method and system for access-controlled decryption in big data stores |
CN105991411A (en) * | 2015-02-13 | 2016-10-05 | 深圳积友聚乐科技有限公司 | Social method and social network system |
CN104780175A (en) * | 2015-04-24 | 2015-07-15 | 广东电网有限责任公司信息中心 | Hierarchical classification access authorization management method based on roles |
CN104809405A (en) * | 2015-04-24 | 2015-07-29 | 广东电网有限责任公司信息中心 | Structural data asset leakage prevention method based on hierarchical classification |
CN106778325A (en) * | 2016-11-24 | 2017-05-31 | 杭州领点科技有限公司 | A kind of information privacy system and its operating method |
US10817619B1 (en) * | 2017-12-05 | 2020-10-27 | Jagannadha babu Kolli | Method and system for securing data stored in a cloud-based software system |
CN109005161A (en) * | 2018-07-18 | 2018-12-14 | 安徽云图信息技术有限公司 | A kind of data safety monitoring system and its access monitoring method |
CN110119629A (en) * | 2019-04-19 | 2019-08-13 | 国家电网有限公司 | Private data management and data safety unified platform |
CN111967024A (en) * | 2020-07-10 | 2020-11-20 | 苏州浪潮智能科技有限公司 | File sensitive data protection method and device |
Non-Patent Citations (2)
Title |
---|
李自清;: "基于网络的数据库敏感数据加密模型研究", 计算机测量与控制, no. 05 * |
杨永群;黄勤龙;刘越毅;: "基于分类的应用数据安全管控平台研究与实现", 网络空间安全, no. 5 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10171239B2 (en) | Single use recovery key | |
US10606988B2 (en) | Security device, methods, and systems for continuous authentication | |
US20200193067A1 (en) | Event-based display information protection system | |
US8601531B1 (en) | System authorization based upon content sensitivity | |
CN101310286B (en) | Improved single sign on | |
JP3748155B2 (en) | File management system with falsification prevention / detection function | |
US8176060B2 (en) | Online tool for registering media | |
JP2020053091A (en) | Individual number management device, individual number management method, and individual number management program | |
Vieira et al. | Towards a security benchmark for database management systems | |
US11803461B2 (en) | Validation of log files using blockchain system | |
CN113132311B (en) | Abnormal access detection method, device and equipment | |
CN107665316A (en) | A kind of computer BIOS design method based on certification and credible measurement | |
JP4585925B2 (en) | Security design support method and support device | |
US10313371B2 (en) | System and method for controlling and monitoring access to data processing applications | |
CN112084474A (en) | Enterprise archive management method, system, storage medium and electronic equipment | |
US11425143B2 (en) | Sleeper keys | |
US11429714B2 (en) | Centralized privacy management system for automatic monitoring and handling of personal data across data system platforms | |
US20120089849A1 (en) | Cookie management system and method | |
JP4723930B2 (en) | Compound access authorization method and apparatus | |
US10003464B1 (en) | Biometric identification system and associated methods | |
CN112632103A (en) | Data fine-grained management and control method | |
CN113343257A (en) | Computer software protection method | |
CN112836221A (en) | Multi-security-level partitioned portable solid state disk and design method thereof | |
CN111199049A (en) | File authority management method and device | |
CN116488820B (en) | Electronic data security method based on data acquisition analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210409 |