CN113783861A - Information security control method and device based on edge calculation and storage medium - Google Patents
Information security control method and device based on edge calculation and storage medium Download PDFInfo
- Publication number
- CN113783861A CN113783861A CN202111022441.8A CN202111022441A CN113783861A CN 113783861 A CN113783861 A CN 113783861A CN 202111022441 A CN202111022441 A CN 202111022441A CN 113783861 A CN113783861 A CN 113783861A
- Authority
- CN
- China
- Prior art keywords
- information
- data information
- database
- authority
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000004364 calculation method Methods 0.000 title claims abstract description 20
- 238000012795 verification Methods 0.000 claims description 19
- 230000005540 biological transmission Effects 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 9
- 230000004048 modification Effects 0.000 claims description 9
- 238000012986 modification Methods 0.000 claims description 9
- 238000012550 audit Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an information security control method, device and storage medium based on edge calculation, and the information security control method based on edge calculation comprises the following steps: the user side sends access request information to a database of the server side; accessing to a database to be accessed by a user side according to request information sent by the user side; judging the operation authority of the user end to the data information in the accessed database; and performing corresponding operation on the data information in the database according to the operation authority. The invention integrates the edge calculation into the information security protection of the power grid data, obviously improves the information security performance, reduces the labor intensity of manual audit and ensures the information security.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to an information security control method and apparatus based on edge calculation, and a storage medium.
Background
Edge computing means that an open platform integrating network, computing, storage and application core capabilities is adopted on one side close to an object or a data source to provide nearest-end services nearby. The application program is initiated at the edge side, so that a faster network service response is generated, and the basic requirements of the industry in the aspects of real-time business, application intelligence, safety, privacy protection and the like are met.
The information security of the power grid data relates to the vital interests of millions of power grid users, and if leakage occurs, property security of the power grid users can be lost, but the existing power grid data security protection and audit mainly depends on manual work or the protection level is low, so that the information security of the power grid data is poor.
Disclosure of Invention
The invention provides an information security control method, an information security control device and a storage medium for edge calculation, which are used for fusing the edge calculation into the information security protection of power grid data, obviously improving the information security performance, reducing the labor intensity of manual audit and ensuring the information security.
The technical scheme of the invention is as follows:
an information security control method based on edge calculation comprises the following specific steps:
the user side sends access request information to a database of the server side;
accessing to a database to be accessed by a user side according to request information sent by the user side;
judging the operation authority of the user end to the data information in the accessed database;
and performing corresponding operation on the data information in the database according to the operation authority.
Optionally, the request information needs to be analyzed by an edge computing device when accessing the database to be accessed by the user side, and the edge computing device corresponds to the database of the administration server side.
Optionally, the access request information sent by the user end includes a device MAC address of the user end and an intranet IP address bound to the device MAC address.
The method for judging the operation authority is that,
finding a corresponding authority list stored by the server according to the equipment MAC address and the intranet IP address in the request information;
returning authority selection information and verification information of corresponding authority to the user side after acquiring the authority list;
selecting authority information at a user side and inputting corresponding verification information;
the server side compares the authority selection information with corresponding verification information;
when the permission selection information is inconsistent with the corresponding verification information, the server side refuses to access the database and carries out illegal intrusion early warning;
and when the authority selection information is consistent with the corresponding verification information, the server side agrees to access the database and opens the corresponding operation authority to the user side according to the authority selection information.
Optionally, the corresponding operation on the data information in the database includes data information reading, data information modification, and data information transmission.
Optionally, the data information reading and the data information modifying are performed by a user side, the edge computing device corresponding to the data information transmission operation first analyzes the transmissible level of the target data information, and then determines the permission of the device receiving the transmitted data information according to the transmissible level, if the permission of the device receiving the data information is not satisfied, the data information is rejected for transmission, and if the permission of the device receiving the data information is satisfied, the data information is transmitted to the device receiving the data information and the transmitted data information is encrypted into a security mode format which cannot be copied and modified.
Optionally, when the data information in the database is correspondingly operated, the server records the operation on the data information and the operation time.
An information security control device based on edge calculation comprises a user terminal device, a server terminal database and an edge calculation device,
the user terminal equipment sends access request information to a database of a server terminal;
the server-side equipment is provided with a server-side database, and the server-side database is provided with corresponding edge computing equipment;
the server side equipment judges the operation authority of the user side on the data information in the accessed database;
and the user terminal equipment performs corresponding operation on the data information in the database according to the operation authority.
The user side equipment and the server side equipment both comprise a processor and a memory.
A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, causes the processor to carry out the steps of the method described above.
Compared with the prior art, the invention has the beneficial effects that: the edge calculation is fused into the information security protection, the workload of auditors can be greatly reduced, the accuracy of data information security transmission is improved, and powerful guarantee is provided for reducing the risk of information security divulgence.
Drawings
FIG. 1 is a schematic view of the apparatus of the present invention.
Fig. 2 is a flowchart of an information security control method according to the present invention.
FIG. 3 is a flowchart of a method for determining operation authority according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, the embodiment provides an information security control apparatus based on edge computing, which includes a user end device 1, a server end device 2, a server end database 3 and an edge computing device 4,
the user end equipment 1 sends access request information to a database of a server end;
the server-side equipment 2 is provided with a server-side database 3, and the server-side database 3 is provided with corresponding edge computing equipment 4;
the server-side equipment 2 judges the operation authority of the user side on the data information in the accessed database;
and the user end equipment 1 performs corresponding operation on the data information in the database according to the operation authority.
The user side equipment and the server side equipment both comprise a processor and a memory.
The processor may be a general purpose Central Processing Unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits configured to control the execution of programs in accordance with the teachings of the present application.
The memory is used for storing application program codes for executing the scheme of the application and is controlled by the processor to execute. The memory is also used for storing the pre-stored MAC address of the user end equipment, the intranet IP address bound with the MAC address of the equipment, the authority selection information, the verification information of the corresponding authority and the judgment method flow of the operation authority.
As shown in fig. 2, the present embodiment provides an information security control method based on edge calculation, which includes the following specific steps:
s1, a user side sends access request information to a database of a server side;
s2, accessing to a database to be accessed by the user side according to request information sent by the user side;
s3, judging the operation authority of the user end on the data information in the accessed database;
and S4, performing corresponding operation on the data information in the database according to the operation authority.
When the database to be accessed by the user side needs to be accessed, the request information needs to be analyzed through the edge computing equipment, and the edge computing equipment correspondingly governs the database of the server side.
The access request information sent by the user side comprises a user side equipment MAC address and an intranet IP address bound with the equipment MAC address.
The user end device 1 may be a computer device or a mobile office device (PAD) inside the power grid system, and the user end device 1 has a unique MAC address, and the MAC address is bound with an IP address of a network inside the power grid system and corresponds to the MAC address of the user end device of the user a one to one, for example, the MAC address of the user end device of the user a is AX-XX, and the corresponding IP address is ax.xx.xx.
As shown in fig. 3, the method for determining the operation authority in this embodiment is,
s100, finding a corresponding authority list stored in a server according to the equipment MAC address and the intranet IP address in the request information;
s200, returning authority selection information and verification information of corresponding authority to the user side after acquiring the authority list;
s300, selecting authority information at a user side and inputting corresponding verification information;
s400, the server side compares the authority selection information with corresponding verification information;
s500, when the authority selection information is inconsistent with the corresponding verification information, the server side refuses to access the database and carries out illegal intrusion early warning;
s600, the server side agrees to access the database when the authority selection information is consistent with the corresponding verification information, and opens the corresponding operation authority to the user side according to the authority selection information.
The corresponding operation on the data information in the database comprises data information reading, data information modification and data information transmission.
The permission list corresponds to the following table with the request information:
| MAC address | IP address | Authority |
| AX-XX-XX-XX-XX-XX | AX.XX.XX.XX | Data information reading, data information modifying, data information transmitting |
| AX-XX-XX-XX-XX-X1 | AX.XX.X0.XX | Data information reading and data information transmission |
| BX-XX-XX-XX-1X-XX | BX.XX.X1.XX | Data information transmission |
| BX-XX-XX-XX-2X-XX | BX.XX.XX.X0 | Data information reading |
| CX-XX-XX-XX-XX-XX | CX.XX.XX.2X | Data information reading, data information modifying, data information transmitting |
| CX-XX-XX-XX-X2-XX | CX.X2.XX.XX | Data information reading and data information modification |
| DX-XX-XX-XX-XX-XX | DX.XX.1X.XX | Data information reading |
| DX-XX-XX-X1-XX-XX | DX.X0.XX.XX | Data information reading and data information transmission |
The server-side equipment analyzes that the MAC address of the user-side equipment of the user A is AX-XX-XX-XX-XX-XX through the edge computing equipment, the corresponding IP address is AX.XX.XX.XX, then the corresponding operation authority is data information reading, data information modification and data information transmission, at this time, the user-side equipment of the user A of the server-side equipment box sends verification information, the verification information can be an operation password of the user A stored in the storage or fingerprint or face identification information of the user A, and after the user-side equipment of the user A inputs the operation password or the fingerprint or face identification information passes verification, the user-side equipment can carry out data information reading, data information modification and data information transmission operation on the data information. Through the step, the data information can be verified for the second time, and other users who do not meet the operation authority can be prevented from illegally operating the data information through the user side equipment of the user who meets the authority.
The data information reading and data information modification are operated through a user terminal, the corresponding edge computing equipment analyzes the transmissible level of the target data information during the data information transmission operation, then the authority of the equipment for receiving the transmitted data information is judged according to the transmissible level, if the authority of the equipment for receiving the data information is not satisfied, the transmission is refused, if the authority of the equipment for receiving the data information is satisfied, the data information is transmitted to the equipment for receiving the data information, and the transmitted data information is encrypted into a safe mode format which can not be copied and modified.
In the embodiment, the edge computing device firstly analyzes the transmission grade of the target data information as that the target data information can be transmitted by an internal network or copied by an internal encryption movable storage device, at this time, the user end device judges the MAC address of the connected movable storage device or judges the MAC address and the IP address of the user end device of the target transmission and sends the judgment result to the server end device, the transmission which does not meet the requirement can be refused by the server end device to be transmitted, the data information which meets the requirement can be encrypted by the server end device into a security mode format which can not be copied and modified after being transmitted to the internal encryption movable storage device, and the data information which is transmitted to other user end devices is only displayed in a readable form.
In order to further ensure the information security, when the corresponding operation is performed on the data information in the database, the server side records what operation is performed on the data information and the time of the operation. The operation can quickly find the leakage event and the user side with the problem when the information leakage occurs, and find the related responsible person.
According to the information safety control method, the information safety control device and the storage medium for the edge calculation, the edge calculation is fused into the information safety protection of the power grid data, the information safety performance is obviously improved, the labor intensity of manual audit is reduced, and the information safety is ensured.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.
Claims (10)
1. An information security control method based on edge calculation is characterized by comprising the following specific steps:
the user side sends access request information to a database of the server side;
accessing to a database to be accessed by a user side according to request information sent by the user side;
judging the operation authority of the user end to the data information in the accessed database;
and performing corresponding operation on the data information in the database according to the operation authority.
2. The method according to claim 1, wherein the request information needs to be analyzed by an edge computing device when accessing the database to be accessed by the user side, and the edge computing device corresponds to the database of the administration server side.
3. The information security control method based on edge computing according to claim 2, wherein the access request information sent by the user side includes a device MAC address of the user side and an intranet IP address bound to the device MAC address.
4. The information security control method based on edge calculation as claimed in claim 3, wherein the operation authority is determined by,
finding a corresponding authority list stored by the server according to the equipment MAC address and the intranet IP address in the request information;
returning authority selection information and verification information of corresponding authority to the user side after acquiring the authority list;
selecting authority information at a user side and inputting corresponding verification information;
the server side compares the authority selection information with corresponding verification information;
when the permission selection information is inconsistent with the corresponding verification information, the server side refuses to access the database and carries out illegal intrusion early warning;
and when the authority selection information is consistent with the corresponding verification information, the server side agrees to access the database and opens the corresponding operation authority to the user side according to the authority selection information.
5. The information security control method based on edge calculation as claimed in claim 3, wherein the corresponding operation performed on the data information in the database includes data information reading, data information modification and data information transmission.
6. The method according to claim 5, wherein the data information reading and data information modification are performed by a user side, the edge computing device corresponding to the data information transmission operation first analyzes the transmittable level of the target data information, then determines the authority of the device receiving the transmitted data information according to the transmittable level, refuses the transmission if the authority of the device receiving the data information is not satisfied, and transmits the data information to the device receiving the data information and encrypts the transmitted data information into a secure mode format incapable of being copied and modified if the authority of the device receiving the data information is satisfied.
7. The method for controlling information security based on edge computing according to any one of claims 1 to 6, characterized in that the corresponding operation on the data information in the database is recorded at the server side, and what kind of operation and time of operation are performed on the data information are recorded.
8. An information security control device based on edge calculation is characterized in that the device comprises a user end device, a server end database and an edge calculation device,
the user terminal equipment sends access request information to a database of a server terminal;
the server-side equipment is provided with a server-side database, and the server-side database is provided with corresponding edge computing equipment;
the server side equipment judges the operation authority of the user side on the data information in the accessed database;
and the user terminal equipment performs corresponding operation on the data information in the database according to the operation authority.
9. The apparatus of claim 8, wherein the client device and the server device each comprise a processor and a memory.
10. A computer-readable storage medium, having a computer program stored thereon, which, when executed by a processor, causes the processor to carry out the steps of the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111022441.8A CN113783861A (en) | 2021-09-01 | 2021-09-01 | Information security control method and device based on edge calculation and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111022441.8A CN113783861A (en) | 2021-09-01 | 2021-09-01 | Information security control method and device based on edge calculation and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113783861A true CN113783861A (en) | 2021-12-10 |
Family
ID=78840681
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111022441.8A Pending CN113783861A (en) | 2021-09-01 | 2021-09-01 | Information security control method and device based on edge calculation and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113783861A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116319118A (en) * | 2023-05-26 | 2023-06-23 | 北京博瑞翔伦科技发展有限公司 | Edge calculation digital security control method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108629201A (en) * | 2018-04-24 | 2018-10-09 | 山东华软金盾软件股份有限公司 | A method of database illegal operation is blocked |
| CN112463393A (en) * | 2020-12-14 | 2021-03-09 | 国网辽宁省电力有限公司抚顺供电公司 | Power distribution Internet of things edge computing architecture design method based on Mongo cluster technology |
-
2021
- 2021-09-01 CN CN202111022441.8A patent/CN113783861A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108629201A (en) * | 2018-04-24 | 2018-10-09 | 山东华软金盾软件股份有限公司 | A method of database illegal operation is blocked |
| CN112463393A (en) * | 2020-12-14 | 2021-03-09 | 国网辽宁省电力有限公司抚顺供电公司 | Power distribution Internet of things edge computing architecture design method based on Mongo cluster technology |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116319118A (en) * | 2023-05-26 | 2023-06-23 | 北京博瑞翔伦科技发展有限公司 | Edge calculation digital security control method and system |
| CN116319118B (en) * | 2023-05-26 | 2023-07-21 | 北京博瑞翔伦科技发展有限公司 | Edge calculation digital security control method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101881045B1 (en) | System and method for providing medical information based on block chain | |
| CN109274652B (en) | Identity information verification system, method and device and computer storage medium | |
| EP3014847B1 (en) | Secure hybrid file-sharing system | |
| CN107483495B (en) | Big data cluster host management method, management system and server | |
| CN111914293B (en) | Data access right verification method and device, computer equipment and storage medium | |
| KR20160121775A (en) | THIRD PARTY'S SECURITY AUTHENTICATION SYSTEM BETWEEN MOBILE DEVICE AND IoT DEVICES AND METHOD THEREOF | |
| CN112673600A (en) | Multi-security authentication system and method between mobile phone terminal and IoT (Internet of things) equipment based on block chain | |
| US20200076588A1 (en) | Security authentication system for generating secure key by combining multi-user authentication elements and security authentication method therefor | |
| US11611587B2 (en) | Systems and methods for data privacy and security | |
| CN114844673B (en) | Data security management method | |
| CN112272089B (en) | Cloud host login method, device, equipment and computer readable storage medium | |
| CN111680308B (en) | File sharing method, method for controlling shared file, device and terminal thereof | |
| CN112651010A (en) | Method and device for verifying sliding verification code, computer equipment and medium | |
| CN113783861A (en) | Information security control method and device based on edge calculation and storage medium | |
| CN108810084B (en) | Mobile-based device service system using encrypted code offload | |
| CN107888548A (en) | A kind of Information Authentication method and device | |
| CN110290125B (en) | Data security system based on block chain and data security processing method | |
| US10615975B2 (en) | Security authentication method for generating secure key by combining authentication elements of multi-users | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium | |
| CN111078649A (en) | Block chain-based on-cloud file storage method and device and electronic equipment | |
| CN105376242A (en) | Cloud terminal data access authentication method, cloud terminal data access authentication system and cloud terminal management system | |
| CN114006735B (en) | Data protection method, device, computer equipment and storage medium | |
| CN112883394B (en) | Block chain-based big data security processing method and system | |
| KR20110054778A (en) | Document security system having an enhanced security and operating method thereof | |
| WO2020228564A1 (en) | Application service method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211210 |