CN112800480A - User data protection method for security computer - Google Patents
User data protection method for security computer Download PDFInfo
- Publication number
- CN112800480A CN112800480A CN202110376358.4A CN202110376358A CN112800480A CN 112800480 A CN112800480 A CN 112800480A CN 202110376358 A CN202110376358 A CN 202110376358A CN 112800480 A CN112800480 A CN 112800480A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- privacy protection
- module
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The invention discloses a user data protection method of a security computer, which comprises the following steps that a user submits a data request, the trusted third party receives the user request, acquires the privacy protection scheme of the user, the data operation management module of the service provider converts the data operation instruction into an operation instruction for operating the physical view, and the service provider executes the operation instruction, in the data operation process, a user only needs to write an instruction for operating the application view, the data operation conversion module rewrites the user operation instruction into an instruction for operating the logic storage view, the design can enable the next layer to be transparent to the previous layer, not only can enable users to be more convenient, but also can reduce the coupling degree among all modules, and is beneficial to changing functions.
Description
Technical Field
The invention relates to a protection method, in particular to a user data protection method of a security computer, and belongs to the technical field of computer data protection.
Background
The arrival of cloud computing breaks through the conventional fact that computer resources can only be used independently in the past, and the utilization rate of the computer resources is improved. Through cloud computing, the purpose of managing computer resources in a centralized manner and distributing the computer resources as required is achieved, and therefore the software and hardware cost is saved for users.
The database service is used as an application of cloud computing, except for incomplete credibility of a service provider, another big characteristic of cloud storage is that multiple users are not possible, the database service cannot be designed for a certain user or a class of users, in order to reduce cost, the database service is bound to be oriented to the multiple users, namely, a storage system, and users in multiple fields and multiple industries can rent, so that privacy protection requirements of different users are bound to be greatly different, how to meet the privacy protection requirements of different users with great difference is the problem that all cloud storage systems including the database service must solve, in order to solve the problem that the privacy protection requirements of multiple users are different, a privacy protection customizing system is provided, through the system, users can make corresponding privacy protection schemes under the guidance of the system according to the privacy protection requirements of the users, and selecting a proper privacy protection method, but not solving the problem that the function of the database is influenced due to the barrier caused by the privacy protection measure to data operation.
The existing privacy protection architecture based on the trusted third party designs core modules such as an individualized privacy customization module, a three-party interaction management module, a privacy protection measure implementation module and a data storage module, and defines the functions of each module. Through the division of labor and cooperation among the modules, the important problem that the privacy protection requirement in the database service is diversified is solved, but for the problem that an incomplete credible service provider steals the privacy of user data, the existing privacy protection architecture is difficult to work, and in addition, the existing privacy protection architecture is not provided with a function for processing the operation request of the user data, so that the use of the function of the database is inevitably influenced.
Disclosure of Invention
The invention aims to provide a user data protection method of a security computer, which aims to solve the problem that the existing privacy protection architecture is difficult to work for an incomplete trusted service provider to steal the privacy of user data, and in addition, the existing privacy protection architecture is not designed with a function of processing a user data operation request, which inevitably influences the use of the function of a database.
In order to achieve the purpose, the invention provides the following technical scheme: a user data protection method of a security computer comprises the following specific steps:
s1: a user submits a data request, and a trusted third party receives the user request to acquire a privacy protection scheme of the user;
s2: the trusted third party converts the operation instruction of the user into an instruction of an operation logic view to obtain a logic storage view;
s3: a data operation management module of a service provider converts a data operation instruction into an operation instruction for operating a physical view to obtain a physical storage view;
s4: the service provider executes the operation instruction, obtains an operation result and converts the operation result into a logic view format;
s5: the trusted third party converts the result into an application view format;
s6: and acquiring an operation result.
As a preferred technical solution of the present invention, the trusted third party includes a three-party interaction management module, a privacy protection module, a personalized privacy customization module, a privacy protection enforcement module, a privacy policy management module, and a data operation loop module, wherein,
personalized privacy customization module: the function of the method is to interact with the user and recommend a proper privacy protection method to the user according to the data and privacy protection requirements of the user;
the personalized privacy protection implementation module: the method has the main function of implementing privacy protection measures on the data of the user according to the personalized privacy protection scheme of the user;
a privacy policy management module: the system is responsible for storing and managing key data information generated in the process of adopting an individualized privacy protection scheme and implementing privacy protection measures for user data;
a data operation swivel module: and processing a data operation request of a user.
As a preferred technical solution of the present invention, the service provider includes a data storage management module and a data operation management module, wherein the data storage management module is mainly responsible for data storage, management and maintenance.
As a preferred technical solution of the present invention, in step S1, when the user submits data to the trusted third party, the original data view is in a canonical format for the user to submit data.
As a preferred technical solution of the present invention, in step S2, the logical view format is a data model that is reorganized after a personalized privacy protection implementation module in the trusted third party platform implements privacy protection measures on data of a user.
As a preferred technical solution of the present invention, in step S4, the physical storage view is a user data model that is reorganized by the data operation management module according to the data characteristics of the user to allocate a storage space for user data after the service provider receives a data storage request submitted by the trusted third party platform.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention relates to a user data protection method of a security computer, which improves a privacy protection architecture formed by a trusted third party of a user and a service provider, and migrates an individualized privacy customization function and a privacy protection measure implementation function to a trusted third party platform, so that the customization and implementation processes of the whole privacy protection measure are executed on the trusted third party platform, a privacy protection scheme of the user is also stored in the trusted third party platform, an incomplete trusted facilitator cannot acquire the individualized privacy protection scheme of the user, only data after the privacy protection measure is implemented can be seen by the incomplete trusted facilitator, and the incomplete trusted facilitator is effectively prevented from stealing the privacy of the user.
2. The invention relates to a user data protection method of a security computer.A data operation conversion module is arranged under a trusted third party, in the data operation process, a user only needs to write an instruction for operating an application view, and the data operation conversion module rewrites the user operation instruction into an instruction for operating a logic storage view.
Drawings
FIG. 1 is a schematic process diagram of the present invention;
fig. 2 is a schematic structural diagram of a trusted third party according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, the present invention provides a technical solution of a user data protection method for a secure computer: a user data protection method of a security computer comprises the following specific steps:
s1: the method comprises the steps that a user submits a data request, a trusted third party receives the user request and obtains a privacy protection scheme of the user, wherein the user can be an individual or an enterprise, most of the cases are the enterprise, the user rents a database service through a network, in a privacy protection architecture based on the trusted third party, the user is a thin client, the user does not need to consider and participate in the specific implementation of privacy protection measures, the user only needs to submit own data and privacy protection requirements, under the recommendation of a system, the privacy protection strategy of the user is selected, other privacy protection work is transparent to the user as far as possible except the selection of the privacy protection strategy, the user feels that the database service is used and a local database is used, and convenience is provided for the user;
s2: the method comprises the steps that a trusted third party converts an operation instruction of a user into an instruction of an operation logic view to obtain a logic storage view, specifically, the trusted third party is a key for privacy protection in database service, and the trusted third party needs to strictly check the relationship because the service provider is not completely trusted and the user privacy data are not completely exposed to the service provider, and can be a mechanism or a system which is dominated by people;
s3: a data operation management module of a service provider converts a data operation instruction into an operation instruction for operating a physical view to obtain a physical storage view, and particularly, the service provider is a provider of database services, provides software and hardware for the database services, and manages and maintains data of users;
s4: the service provider executes the operation instruction, obtains an operation result and converts the operation result into a logic view format;
s5: the trusted third party converts the result into an application view format;
s6: and acquiring an operation result.
The trusted third party comprises a three-party interaction management module, a privacy protection module, a personalized privacy customization module, a privacy protection implementation module, a privacy policy management module and a data operation loop module, wherein,
personalized privacy customization module: the function of the method is to interact with the user and recommend a proper privacy protection method to the user according to the data and privacy protection requirements of the user;
specifically, in the actual database service, due to the characteristics of multiple users, the privacy protection requirements of the users are greatly different, different privacy protection requirements inevitably have different privacy protection methods, the same privacy protection requirements can also be met by different privacy protection methods, and the privacy protection effects achieved by different privacy protection methods are greatly different, the influence on the performance of the database is very different, the privacy policy selection module needs to refer to various factors, recommend a reasonable privacy protection method for the user, inform the user at the same time, what influence the user will have by selecting different methods, because the user may not have the related knowledge of privacy protection, the advantages and disadvantages of various privacy protection methods cannot be known, and the personalized privacy customization module displays different influences of different privacy protection methods on the user, so that the user can conveniently select the privacy protection method which is most suitable for the user.
The personalized privacy protection implementation module: the method has the main function of implementing privacy protection measures on the data of the user according to the personalized privacy protection scheme of the user;
specifically, the protection measure may be database encryption or data block storage, and the specific measure is determined according to a user personalized privacy protection scheme.
A privacy policy management module: the system is responsible for storing and managing key data information generated in the process of adopting an individualized privacy protection scheme and implementing privacy protection measures for user data;
specifically, key data information such as a key in a database encryption process and a random number sequence in a data block storage method directly relate to data privacy security of a user, because of incomplete credibility of a service provider, the data are leaked to the service provider, so that privacy protection measures are similar to those of a nominal form, and a privacy policy management module needs to strictly authorize use of a personalized privacy protection scheme for protecting the user privacy of the user and key data generated in a privacy protection measure implementation process.
A data operation swivel module: and processing a data operation request of a user.
The service provider comprises a data storage management module and a data operation management module, wherein the data storage management module is mainly responsible for data storage, management and maintenance.
In step S1, when the user submits data to the trusted third party, the original data view is in the canonical format of the data submitted by the user.
Specifically, the original application data view is a representation of user original data when privacy protection measures are not taken, the original application data view is a data view which is required to be operated by a user when the user is developing and using the application, with the help of the view, the user does not need to know the influence of the privacy protection measures on the user's application of the user, the user directly uses an original SQL statement, the data stored in a service provider is operated like the data which is not taken any privacy protection measures in a local database, the user does not need to know the use of the privacy protection measures of database services during the application development process, the programming difficulty in the application development process of the user is reduced, the development efficiency of the user application is improved, and the quality of a user application system is improved.
In step S2, the logical view format is a data model reorganized after the personalized privacy protection implementation module in the trusted third party platform implements privacy protection measures on the user' S data, wherein, after the trusted third party implements the privacy protection measure on the user data, the trusted third party needs to reorganize the user data, then the data is sent to the service provider for storage, the logic storage view is the data sent to the service provider by the trusted third party, then in the process of executing the data operation of the user, the data operation conversion module converts the operation request of the user into the operation instruction of the operation logic storage view according to the privacy protection scheme of the user, the data operation conversion module does not need to know how the data of the user is stored in the service provider, i.e. the storage of user data in the service provider is transparent to the data manipulation conversion module.
In step S4, the physical storage view is that after the service provider receives the data storage request submitted by the trusted third party platform, the data operation management module performs, according to the data characteristics of the user, to allocate memory space for user data, the reorganized user data model, specifically, in the process of executing user data operation, after receiving operation request, the data operation management module at service provider needs to convert the request instruction into operation instruction for operating physical storage view, and then executing a data operation request, wherein in order to realize the transparentization of the upper layer, each layer needs to use a standard format of data exchange between the upper layer of the operation result conversion layer and the layer, namely, a service provider sends a logical storage view of the result conversion layer to a trusted third-party platform, and the trusted third-party platform continues to speak the result and converts the result into an original application view to a user.
When the method is used specifically, after a user submits a data request, an individualized privacy protection customizing module located in a credible third party recommends a plurality of feasible privacy protection schemes to the user according to the data and privacy protection requirements of the user, after the user selects one scheme, the individualized privacy protection implementing module implements privacy protection measures on the user data, and in the process, the individualized privacy protection scheme of the user is transmitted to a privacy policy management module located in the credible third party and is stored and managed by the module; and the data subjected to the privacy protection measures are delivered to a data storage management module of the service provider for storage.
In the description of the present invention, it is to be understood that the indicated orientations or positional relationships are based on the orientations or positional relationships shown in the drawings and are only for convenience in describing the present invention and simplifying the description, but are not intended to indicate or imply that the indicated devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and are not to be construed as limiting the present invention.
In the present invention, unless otherwise explicitly specified or limited, for example, it may be fixedly attached, detachably attached, or integrated; can be mechanically or electrically connected; the terms may be directly connected or indirectly connected through an intermediate, and may be communication between two elements or interaction relationship between two elements, unless otherwise specifically limited, and the specific meaning of the terms in the present invention will be understood by those skilled in the art according to specific situations.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (6)
1. A user data protection method of a security computer is characterized by comprising the following specific steps:
s1: a user submits a data request, and a trusted third party receives the user request to acquire a privacy protection scheme of the user;
s2: the trusted third party converts the operation instruction of the user into an instruction of an operation logic view to obtain a logic storage view;
s3: a data operation management module of a service provider converts a data operation instruction into an operation instruction for operating a physical view to obtain a physical storage view;
s4: the service provider executes the operation instruction, obtains an operation result and converts the operation result into a logic view format;
s5: the trusted third party converts the result into an application view format;
s6: and acquiring an operation result.
2. A method of securing user data of a computer according to claim 1, wherein: the trusted third party comprises a three-party interaction management module, a privacy protection module, a personalized privacy customization module, a privacy protection implementation module, a privacy policy management module and a data operation loop module, wherein,
personalized privacy customization module: the function of the method is to interact with the user and recommend a proper privacy protection method to the user according to the data and privacy protection requirements of the user;
the personalized privacy protection implementation module: the method has the main function of implementing privacy protection measures on the data of the user according to the personalized privacy protection scheme of the user;
a privacy policy management module: the system is responsible for storing and managing key data information generated in the process of adopting an individualized privacy protection scheme and implementing privacy protection measures for user data;
a data operation swivel module: and processing a data operation request of a user.
3. A method of securing user data of a computer according to claim 1, wherein: the service provider comprises a data storage management module and a data operation management module, wherein the data storage management module is mainly responsible for data storage, management and maintenance.
4. A method of securing user data of a computer according to claim 1, wherein: in step S1, when the user submits data to the trusted third party, the original data view is in the canonical format of the data submitted by the user.
5. A method of securing user data of a computer according to claim 1, wherein: in step S2, the logical view format is a data model that is reorganized after the personalized privacy protection implementation module in the trusted third-party platform implements privacy protection measures on the user' S data.
6. A method of securing user data of a computer according to claim 3, wherein: in step S4, the physical storage view is a user data model that is reorganized by the data operation management module according to the data characteristics of the user to allocate a storage space to the user data after the service provider receives the data storage request submitted by the trusted third-party platform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110376358.4A CN112800480A (en) | 2021-04-08 | 2021-04-08 | User data protection method for security computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110376358.4A CN112800480A (en) | 2021-04-08 | 2021-04-08 | User data protection method for security computer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112800480A true CN112800480A (en) | 2021-05-14 |
Family
ID=75817335
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110376358.4A Pending CN112800480A (en) | 2021-04-08 | 2021-04-08 | User data protection method for security computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112800480A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114726846A (en) * | 2022-04-24 | 2022-07-08 | 南京联迪信息系统股份有限公司 | Data sharing method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108200089A (en) * | 2018-02-07 | 2018-06-22 | 腾讯云计算(北京)有限责任公司 | Implementation method, device, system and the storage medium of information security |
| US20180336371A1 (en) * | 2017-05-16 | 2018-11-22 | Apple Inc. | Techniques for enabling a software application to access files at a computing device while enforcing privacy measures |
-
2021
- 2021-04-08 CN CN202110376358.4A patent/CN112800480A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180336371A1 (en) * | 2017-05-16 | 2018-11-22 | Apple Inc. | Techniques for enabling a software application to access files at a computing device while enforcing privacy measures |
| CN108200089A (en) * | 2018-02-07 | 2018-06-22 | 腾讯云计算(北京)有限责任公司 | Implementation method, device, system and the storage medium of information security |
Non-Patent Citations (1)
| Title |
|---|
| 胡勇: "数据组合隐私保护方法的研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114726846A (en) * | 2022-04-24 | 2022-07-08 | 南京联迪信息系统股份有限公司 | Data sharing method and system |
| CN114726846B (en) * | 2022-04-24 | 2023-09-29 | 南京联迪信息系统股份有限公司 | Data sharing method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2510466B1 (en) | Delegated and restricted asset-based permissions management for co-location facilities | |
| CN101631116B (en) | Distributed dual-license and access control method and system | |
| JP2021534512A (en) | DAG-based transaction processing methods and systems in distributed ledgers | |
| CN102082821B (en) | Method and system for safely accessing cross-resource pool resources based on federal center | |
| CN102053969A (en) | Web ERP (enterprise resource planning) user right management system | |
| US10979432B1 (en) | Hosted communication channels on communication platform | |
| CN101977184B (en) | Multi-identity selection landing device and service system | |
| US20120278861A1 (en) | Method for securely creating a new user identity within an existing cloud account in a cloud computing system | |
| CN112702402A (en) | System, method, device, processor and storage medium for realizing government affair information resource sharing and exchange based on block chain technology | |
| CN113821564A (en) | Heterogeneous parallel block chain and on-chain data and under-chain contract cooperation method thereof | |
| CN110134930A (en) | Electronic contract management method, device, computer equipment and storage medium | |
| CN104580081A (en) | Integrated SSO (single sign on) system | |
| CN102880897A (en) | Application data sharing method of smart card and smart card | |
| CN111339177A (en) | SAP platform-based data export method and system | |
| CN112800480A (en) | User data protection method for security computer | |
| CN110189440A (en) | A kind of smart lock monitoring equipment and its method based on block chain | |
| US11756031B1 (en) | Multicurrency blockchain platform and method of use | |
| CN115906127A (en) | Joint computing system and method for government-enterprise privacy protection | |
| CN110852634A (en) | Data storage method, storage device, server, readable storage medium and equipment | |
| WO2023197403A1 (en) | Distributed storage service process system, and method for using same | |
| CN114298694A (en) | Block chain service platform management method and device, computer equipment and storage medium | |
| CN115145976A (en) | Data processing method and device based on block chain, computer equipment and medium | |
| CN102542370A (en) | Role management and implementation method for electronic commerce platform of cross-region tourist distribution center | |
| Sabbioni et al. | A decentralized architecture for dynamic and federated access control facilitating smart tourism services | |
| CN109165485A (en) | A kind of decryption system and method for service transaction system of networking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210514 |
|
| RJ01 | Rejection of invention patent application after publication |