CN114741725A - Industrial Internet data authority management system and method - Google Patents

Industrial Internet data authority management system and method Download PDF

Info

Publication number
CN114741725A
CN114741725A CN202210360729.4A CN202210360729A CN114741725A CN 114741725 A CN114741725 A CN 114741725A CN 202210360729 A CN202210360729 A CN 202210360729A CN 114741725 A CN114741725 A CN 114741725A
Authority
CN
China
Prior art keywords
data
management server
production
database
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210360729.4A
Other languages
Chinese (zh)
Other versions
CN114741725B (en
Inventor
李鸿峰
贾昌武
黄筱炼
谭国豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Xuanyu Technology Co ltd
Original Assignee
Shenzhen Xuanyu Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Xuanyu Technology Co ltd filed Critical Shenzhen Xuanyu Technology Co ltd
Priority to CN202210360729.4A priority Critical patent/CN114741725B/en
Publication of CN114741725A publication Critical patent/CN114741725A/en
Application granted granted Critical
Publication of CN114741725B publication Critical patent/CN114741725B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Human Resources & Organizations (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Automation & Control Theory (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • General Factory Administration (AREA)

Abstract

The invention provides an industrial internet data authority management system and a method, comprising a production database for storing production data, a production management server connected with the production database and used for executing production plan control and management, one or more flexible manufacturing units connected with the production management server and used for executing production tasks, and a data authority management server connected between the production management server and an association server, wherein the association server comprises one or more of a purchase management server, a marketing management server, a financial management server and a human resource management server, the association server is connected with at least one association database, the data authority management server is used for managing the authority of the association server to access the production database and the authority of the production management server to access the association database, the information security of the industrial internet can be improved.

Description

Industrial Internet data authority management system and method
Technical Field
The invention relates to the technical field of industrial manufacturing, in particular to an industrial internet data authority management system and method.
Background
With the progress of information technology, various management systems providing convenience for various links of industrial production are increasing, in order to break a data island and fully utilize various data information to analyze and optimize production, manufacturing and management processes, more and more industrial manufacturing enterprises tend to build an industrial manufacturing management system integrating purchase, production, transportation, storage, operation, sales, finance and human administration on the basis of an industrial internet, and some industrial manufacturing enterprises select a scheme of hosting the management system and a database thereof on a cloud service platform connected to a public network, but the scheme is not favorable for information security management of the enterprises. In order to solve the information security problem, some industrial manufacturing enterprises choose to install the management system and the database thereof in intranet equipment, but the scheme is not suitable for enterprises working in many places. Although the safety problem of the external network environment can be solved by adopting the scheme of erecting a physical private line or a VPN private network, in an industrial manufacturing system, the information safety problem often occurs in the internal network environment, particularly in the rise and development of the current intelligent manufacturing, intelligent sensing and control technologies, field devices mostly adopt short-distance wireless communication technologies such as wifi, bluetooth, RFID, infrared communication technologies and the like for communication, and the coverage range of the short-distance wireless communication networks is often easily utilized as a breakthrough of the information safety of the industrial internet, so that the short-distance wireless communication networks of the field devices are directly broken to acquire the network access authority so as to steal the data in the database.
Disclosure of Invention
The invention provides an industrial internet data authority management system and method based on the problems, and the industrial internet data authority management system and method can improve the information security of the industrial internet.
In view of the above, a first aspect of the present invention provides an industrial internet data authority management system, including a production database for storing production data, a production management server connected to the production database for performing production plan control and management, one or more flexible manufacturing units connected to the production management server for performing production tasks, and a data authority management server connected between the production management server and an association server, the association server including one or more of a purchase management server, a marketing management server, a financial management server, and a human resources management server, the association server being connected to at least one association database, the data authority management server being used for managing authority of the association server to access the production database and authority of the production management server to access the association database, the data rights management server is configured to:
s230: receiving a request for acquiring the associated database data sent by the production management server;
s240: determining whether the requested data range is within a preset data acquisition authority range of the production management server;
s250: if so, generating a data acquisition approval application table and sending the data acquisition approval application table to related approving personnel of the corresponding associated server for approval;
s260: when the approval result is that the approval is passed, receiving the data sent by the corresponding associated server;
s270: forwarding the data to the production management server for storage to the production database.
Further, in the above-mentioned industrial internet data right management system, after the step of the production management server building the database and the data table in the production database, the data right management server is configured to:
s210: acquiring a database address, a database name and a data table name which need to be synchronized from a production management server;
s220: and storing the database address, the database name and the data table name.
Further, in the above-mentioned industrial internet data right management system, in the step where the data right management server determines whether the requested data range is within a preset data acquisition right range of the production management server, the data right management server is configured to:
s241: determining whether the database address, the database name and the data table name in the request for acquiring the associated database data sent by the production management server are matched with the database address, the database name and the data table name stored by the data authority management server, if so, executing the step S250, and if not, executing the following steps:
s242: obtaining device information initiating the request from the production server;
s243: and sending warning information to a manager of the production server, wherein the warning information comprises the equipment information.
Further, in the above-mentioned industrial internet data right management system, the data right management server is configured to:
s281: constructing a first discrete sequence { xi1,2, …, n, the first discrete sequence consisting of all the fields of the data range stored in the relational database required for performing production plan control and management, x being the field name, n being the number of all the fields of the data range stored in the relational database required for performing production plan control and management;
s282: construction of a second discrete sequence t (x)i) I ═ 1,2, …, n }, and t (x) in the second discrete sequencei) Obtaining, for the data rights management server, each field x in the corresponding first discrete sequence from the production management serveriA life cycle when the production management server executes a production plan;
s283: construction of a third discrete sequence s (x)j) J ═ 1,2, …, m }, and the third discreteSequencing each field x requested by the production management server from the associated database at the timejNumber of corresponding data records returned, where m<n;
S284: establishing a data validity model E based on the first discrete sequence and the second discrete sequencei=Fei[xi,t(xi)],i=1,2,…,n;
S285: establishing a data-valid period model T ═ F based on the first, second, and third discrete sequencest[xi,t(xi),sk(xj)],i=1,2,…,n,j=1,2,…,mkAnd k is 1,2, …, wherein l is the number of times the production management server requests data from the associated database.
Further, in the above-mentioned industrial internet data right management system, in the step of determining whether the requested data range is within a preset data acquisition right range of the production management server, the data right management server is configured to:
s291: acquiring the field name { x) requested by the production management server to the associated databasej,j=1,2,…,m};
S292: determining whether a data usage period corresponding to the data volume requested by the production management server to the associated database meets a preset condition or not according to the data valid period model, and intercepting the request if the data usage period does not meet the preset condition;
s293: when the data utilization period corresponding to the data quantity requested by the production management server to the associated database meets a preset condition, determining the data validity E of each field requested by the production management server to the associated database according to the data validity modelj=Fej[xj,t(xj)],j=1,2,…,m;
S294: eliminating the data validity E in the request of the production management server to the associated databasejField of 0.
A second aspect of the present invention provides an industrial internet data right management method applied to an industrial internet data right management system including a production database for storing production data, a production management server connected to the production database for performing production plan control and management, one or more flexible manufacturing units connected to the production management server for performing production tasks, and a data right management server connected between the production management server and an association server including one or more of a purchase management server, a marketing management server, a financial management server, and a human resource management server, the association server being connected to at least one association database, the data authority management server is used for managing the authority of the associated server to access the production database and the authority of the production management server to access the associated database, and the industrial internet data authority management method comprises the following steps:
s230: receiving a request for acquiring the associated database data sent by the production management server;
s240: determining whether the requested data range is within a preset data acquisition authority range of the production management server;
s250: if so, generating a data acquisition approval application table and sending the data acquisition approval application table to related approving personnel of the corresponding associated server for approval;
s260: when the approval result is that the approval is passed, receiving the data sent by the corresponding associated server;
s270: forwarding the data to the production management server for storage to the production database.
Further, in the above method for managing data authority of industrial internet, after the step of the production management server establishing the database and the data table in the production database, the method further includes:
s210: acquiring a database address, a database name and a data table name which need to be synchronized from a production management server;
s220: and storing the database address, the database name and the data table name.
Further, in the above method for managing data authority of industrial internet, the step of determining, by the data authority management server, whether the requested data range is within a preset data acquisition authority range of the production management server specifically includes:
s241: determining whether the database address, the database name and the data table name in the request for acquiring the associated database data sent by the production management server are matched with the database address, the database name and the data table name stored by the data authority management server, if so, executing the step S250, and if not, executing the following steps:
s242: obtaining device information initiating the request from the production server;
s243: and sending warning information to a manager of the production server, wherein the warning information comprises the equipment information.
Further, in the above method for managing industrial internet data right, the method further includes:
s281: constructing a first discrete sequence { xi1,2, …, n, the first discrete sequence consisting of all the fields of the data range stored in the relational database required for performing production plan control and management, x being the field name, n being the number of all the fields of the data range stored in the relational database required for performing production plan control and management;
s282: construction of a second discrete sequence t (x)i) I ═ 1,2, …, n }, and t (x) in the second discrete sequencei) Obtaining, for the data rights management server, each field x in the corresponding first discrete sequence from the production management serveriA life cycle when the production management server executes a production plan;
s283: construction of a third discrete sequence s (x)j) J-1, 2, …, m, said third discrete sequence being defined by said sequenceEach field x requested by the production management server from the associated database at the current timejNumber of corresponding data records returned, where m<n;
S284: establishing a data validity model E based on the first discrete sequence and the second discrete sequencei=Fei[xi,t(xi)],i=1,2,…,n;
S285: establishing a data-valid period model T ═ F based on the first, second, and third discrete sequencest[xi,t(xi),sk(xj)],i=1,2,…,n,j=1,2,…,mkAnd k is 1,2, …, l, wherein l is the number of times the production management server requests data from the association database.
Further, in the above method for managing data authority of industrial internet, the step of determining whether the requested data range is within a preset data acquisition authority range of the production management server specifically includes:
s291: acquiring the field name { x) requested by the production management server to the associated databasej,j=1,2,…,m};
S292: determining whether a data usage period corresponding to the data volume requested by the production management server to the associated database meets a preset condition or not according to the data valid period model, and intercepting the request if the data usage period does not meet the preset condition;
s293: when the data utilization period corresponding to the data quantity requested by the production management server to the associated database meets a preset condition, determining the data validity E of each field requested by the production management server to the associated database according to the data validity modelj=Fej[xj,t(xj)],j=1,2,…,m;
S294: eliminating the data validity E in the request of the production management server to the associated databasejA field of 0.
The invention provides an industrial internet data authority management system and a method, comprising a production database for storing production data, a production management server connected with the production database and used for executing production plan control and management, one or more flexible manufacturing units connected with the production management server and used for executing production tasks, and a data authority management server connected between the production management server and an association server, wherein the association server comprises one or more of a purchase management server, a marketing management server, a financial management server and a human resource management server, the association server is connected with at least one association database, the data authority management server is used for managing the authority of the association server to access the production database and the authority of the production management server to access the association database, the information security of the industrial internet can be improved.
Drawings
FIG. 1 is a schematic block diagram of an industrial Internet data rights management system provided in one embodiment of the present invention;
FIG. 2 is a schematic flow chart diagram of a method for managing industrial Internet data rights according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart diagram of a method for managing industrial Internet data rights according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of an industrial internet data right management method according to an embodiment of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced otherwise than as specifically described herein, and thus the scope of the present invention is not limited by the specific embodiments disclosed below.
In the description of the present invention, the terms "plurality" or "a plurality" refer to two or more, and unless otherwise specifically limited, the terms "upper", "lower", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are merely for convenience in describing the present invention and simplifying the description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus should not be construed as limiting the present invention. The terms "connected", "mounted", "fixed", and the like are to be construed broadly and may include, for example, fixed connections, detachable connections, or integral connections; may be directly connected or indirectly connected through an intermediate. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description herein, reference to the term "one embodiment," "some embodiments," "specific examples," or the like, means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
An industrial internet data right management system and method provided according to some embodiments of the present invention will be described with reference to fig. 1 to 4.
As shown in fig. 1, a first aspect of the present invention provides an industrial internet data right management system, comprising a production database for storing production data, a production management server connected to the production database for performing production plan control and management, one or more flexible manufacturing units connected to the production management server for performing production tasks, and a data right management server connected between the production management server and an associated server, the association server comprises one or more of a purchase management server, a marketing management server, a financial management server and a human resource management server, the associated server is connected with at least one associated database, and the data authority management server is used for managing the authority of the associated server for accessing the production database and the authority of the production management server for accessing the associated database.
In the technical solution of the embodiment of the present invention, the correlation server is used to run service programs of various management platforms of an enterprise, such as a purchase management platform, a marketing management platform, a financial management platform, a human resource management platform, and the like, and in some embodiments of the present invention, the correlation server includes a purchase management server, a marketing management server, a financial management server, and a human resource management server, each correlation server is connected to a corresponding correlation database, for example, the purchase management server is connected to the purchase database, the marketing management server is connected to the marketing database, and the like, and a database of each service module is only connected to a corresponding service management server, so that servers of each service module are prevented from directly accessing databases across service modules, thereby ensuring data security of each service module. Similarly, in order to ensure the data security of the production module, the production database is connected to the production management server, and the production management server is responsible for data interaction between the production database and other devices. In the technical solution of the embodiment of the present invention, in order to further ensure the data security of the production module, a data authority management server is further provided between the production management server and the management servers of other business modules, and is used for controlling data interaction between the other business modules and the production module.
In some embodiments of the present invention, the data authority management system further includes an authority database connected to the data authority management server, and configured to store access authorities of the production database and the association database, where the data authority management server controls data interaction between other service modules and production modules according to the access authorities of the production database and the association database stored in the authority database.
As shown in fig. 2, in the above-mentioned industrial internet data right management system, the data right management server is configured to:
s230: and receiving a request for acquiring the associated database data sent by the production management server. In order to implement smooth operation of the production business, the production management server needs to retrieve data of other business modules in some cases, for example, when the production management server makes a production plan or performs a production plan schedule, the production management server needs to rely on the human condition of workers, such as vacation condition, shift schedule condition, attendance check-in condition, etc., while the data of vacation examination and approval, shift schedule, attendance check-in, etc., of the workers are all in the human resource database, and the production management server needs to retrieve from the human resource database. In the technical scheme of the invention, the request for the production management server to call the associated database data is sent to the data authority management server, and the data authority management server calls and forwards the data.
S240: and determining whether the requested data range is within a preset data acquisition authority range of the production management server. In the technical scheme of the embodiment of the invention, the production management server and the associated server access the production database and the associated database in a cross-service mode through the data authority management server to carry out unified management on the authority of the production management server and the associated server, thereby avoiding the complicated authority configuration in each database. Different business modules have different access rights in the production database and the associated database according to business requirements, and the data acquisition right range comprises the range of data tables in different business module databases and also comprises the data volume acquired from the cross-business module database at a time.
S250: and determining that the data acquisition approval application table is generated and sent to the relevant approval personnel of the corresponding associated server for approval. For example, when the production management server requests to acquire data of the human resource management database, the data authority management server automatically generates a human resource data application table and initiates a data acquisition approval process, where the human resource data application table at least includes a data application program such as a production plan scheduling program of the production management server, an application time such as an initiation date of the data acquisition approval process, an application data range such as vacation, shift or attendance check-in data of a production department, and the like. And the production management server sends the application form in the data acquisition approval process to an administrator, a responsible person and/or an information safety manager of the human resource service module for approval. Furthermore, different approval roles can be set for each different service module, the approval role responsible for acquiring the approval process of the data of the single service module is more familiar with the data of the service module, and the data which does not meet the service requirement or exceed the authority range of the service module can be prevented from being acquired by the cross-service module.
S260: and when the approval result is that the approval is passed, receiving the data sent by the corresponding associated server. When the data acquisition approval process passes, the data authority management server sends a data acquisition request to the associated server, such as a human resource management server, according to the request of the production management server, and acquires corresponding data from the human resource database through the human resource management server.
S270: forwarding the data to the production management server for storage to the production database. In order to avoid that the production management server frequently initiates repeated data acquisition requests to the data authority management server, necessary data of cross-service modules can be stored in the production database. The production management server has two types of high-frequency demand data and low-frequency demand data according to different demand scenes for the data of other service modules. For example, the vacation data, the scheduling data, the attendance check-in data and the like or the material inventory and the like in the front are high-frequency demand data which need to be frequently updated, otherwise, the production plan cannot be executed easily. For the data with high frequency requirement, the production management server needs to request synchronization from the associated database, such as human resource database, through the data authority management server with high frequency and periodicity. Further, in some embodiments of the present invention, a passive update may be used for low frequency demand data, such as organization structure, compensation welfare standards, and the like. The data authority management server or the authority database stores a low-frequency requirement data range in the production management server, the last synchronization time of each data record and the data change time of each data record in the corresponding association database, and the data authority management server periodically confirms information change to the association server, namely, when the data change time of the data record stored in the data authority management server or the authority database is inconsistent with the data record change time of the corresponding association server, the data authority management server requests to acquire the corresponding data record from the association database and sends the corresponding data record to the production management server for storage.
As shown in fig. 3, in the above-mentioned industrial internet data authority management system, before the step of the data authority management server receiving the request for obtaining the associated database data sent by the production management server, the production management server is configured to:
s110: determining data ranges stored in the associated database required for performing production plan control and management;
s120: acquiring structures and original data of a database and a data table corresponding to the data range through the data authority management server;
s130: establishing the database and a data table in the production database;
s140: and periodically sending a request for acquiring the data of the associated database to the data authority management server so as to synchronize the data of the database and the data table.
Further, in the above-mentioned industrial internet data right management system, after the step of the production management server building the database and the data table in the production database, the data right management server is configured to:
s210: acquiring a database address, a database name and a data table name which need to be synchronized from a production management server;
s220: and storing the database address, the database name and the data table name.
Due to the reasons of enterprise production management mode change, enterprise production management process optimization and the like, the data demand range of the production management server to other business modules is not constant, and the adoption of a mode of manually presetting the data range can cause that the subsequent change configuration is very complicated, the efficiency is low, and even the production process of an enterprise can be influenced. In the technical solution of the embodiment of the present invention, the data right management server divides the requirement of the production management server for obtaining data from the associated database into two phases, namely, an initialization phase and a data synchronization phase. In the initialization stage, after the production management server dynamically determines a data range which is required by executing production plan control and management and is stored in the associated database, the production management server acquires structures and original data of a corresponding database and a corresponding data table in the associated database through the data authority management server, a part of the database and the data table which correspond to the associated database are established in the production database, and the data authority management server stores a corresponding database address, a corresponding database name and a corresponding data table name in the authority database so as to complete initialization of the data authority. In the technical solution of the embodiment of the present invention, the initialization stage needs to be executed under the supervision of a manager of the data authority management server, and the step of acquiring the structures and the original data of the database and the data table corresponding to the data range needs to be confirmed by the manager of the data authority management server, for example, after a confirmation password or a fingerprint or face information of the manager is input, data transmission can be executed. In the data synchronization stage, the production management server executes the step 230 to initiate a data synchronization request to the data authority management server according to a corresponding cycle according to different properties of the required data.
As shown in fig. 4, in the above-mentioned industrial internet data right management system, in the step that the data right management server determines whether the requested data range is within a preset data acquisition right range of the production management server, the data right management server is configured to:
s241: determining whether the database address, the database name and the data table name in the request for acquiring the associated database data sent by the production management server are matched with the database address, the database name and the data table name stored by the data authority management server, if so, executing the step S250, and if not, executing the following steps:
s242: obtaining device information initiating the request from the production server;
s243: and sending warning information to a manager of the production server, wherein the warning information comprises the equipment information.
In other embodiments of the present invention, the data authority management system further includes an authority database, and the database address, the database name, and the data table name may be further stored in the authority database. In the technical solution of the foregoing embodiment, when the request for acquiring the associated database data sent by the production management server does not match the data authority range pre-stored in the data authority management server or the authority database, there is a possibility that a malicious program or a person steals the data in the associated database by using the production server, at this time, the data authority management server acquires, through the production management server, device information connected to the production management server to send the data acquisition request, where the device information includes one or more of a name, a device type, a device ID, an IP address, and an MAC address of the device, and sends these pieces of information to a manager of the production server to send warning information, and notifies the manager of the production server to perform a troubleshooting on the malicious program or person according to the device information in the warning information, thereby eliminating the risk of data leakage.
Further, in the above-mentioned industrial internet data right management system, the data right management server is configured to:
s310: receiving a request for acquiring the data of the production database sent by the associated server;
s320: acquiring equipment information for initiating the request from the associated server;
s330: and sending warning information to the management role of the associated server, wherein the warning information comprises the equipment information.
The production data report forms required by management and decision making provided for the enterprise management layer can be directly produced and obtained in the production management server, and the data in the production database is not required to be analyzed after being obtained by other business modules. In the technical solution of the embodiment of the present invention, any request for acquiring the production database data, which is not from the production management server, is considered as an illegal request, once the data right management server receives the request for acquiring the production database data, which is sent from the association server, there is a possibility that a malicious program or a person steals data in the production database by using the association server, at this time, the data right management server obtains, through the association management server, device information connected to the association management server to send the data acquisition request, where the device information includes one or more of a name, a device type, a device ID, an IP address, and a MAC address of the device, and sends the information to a manager of the association server to send warning information, and informing the management personnel of the associated server to check the malicious programs or personnel according to the equipment information in the warning information, thereby eliminating the risk of data leakage.
Further, in the above-mentioned industrial internet data right management system, the data right management server is configured to:
s281: constructing a first discrete sequence { xi1,2, …, n, the first discrete sequence consisting of all the fields of the data range stored in the relational database required for performing production plan control and management, x being the field name, n being the number of all the fields of the data range stored in the relational database required for performing production plan control and management;
s282: construction of a second discrete sequence t (x)i) I ═ 1,2, …, n }, and t (x) in the second discrete sequencei) Obtaining, for the data rights management server, each field x in the corresponding first discrete sequence from the production management serveriA life cycle when the production management server executes a production plan;
s283: constructing a third discrete sequence s (x)j) J-1, 2, …, m, each field x of the third discrete sequence being requested by the production management server from the association database at the current timejNumber of corresponding data records returned, where m<n;
S284: establishing a data validity model E based on the first discrete sequence and the second discrete sequencei=Fei[xi,t(xi)],i=1,2,…,n;
S285: establishing a data-valid period model T ═ F based on the first, second, and third discrete sequencest[xi,t(xi),sk(xj)],i=1,2,…,n,j=1,2,…,mkAnd k is 1,2, …, l, wherein l is the number of times the production management server requests data from the association database.
Further, in the above-mentioned industrial internet data right management system, in the step of determining whether the requested data range is within a preset data acquisition right range of the production management server, the data right management server is configured to:
s291: acquiring the field name { x) requested by the production management server to the associated databasej,j=1,2,…,m};
S292: determining whether a data usage period corresponding to the data volume requested by the production management server to the associated database meets a preset condition or not according to the data valid period model, and intercepting the request if the data usage period does not meet the preset condition;
s293: when the data utilization period corresponding to the data quantity requested by the production management server to the associated database meets a preset condition, determining the data validity E of each field requested by the production management server to the associated database according to the data validity modelj=Fej[xj,t(xj)],j=1,2,…,m;
S294: eliminating the data validity E in the request of the production management server to the associated databasejField of 0.
The second aspect of the invention provides an industrial internet data authority management method, which is applied to an industrial internet data authority management system. As shown in fig. 1, the industrial internet data authority management system includes a production database for storing production data, a production management server connected to the production database for performing production plan control and management, one or more flexible manufacturing units connected to the production management server for performing production tasks, and a data authority management server connected between the production management server and an associated server, the association server comprises one or more of a purchase management server, a marketing management server, a financial management server and a human resource management server, the associated server is connected with at least one associated database, and the data authority management server is used for managing the authority of the associated server for accessing the production database and the authority of the production management server for accessing the associated database.
In the technical solution of the embodiment of the present invention, the association server is used to run service programs of various management platforms of an enterprise, such as a purchase management platform, a marketing management platform, a financial management platform, a human resource management platform, and the like, and in some embodiments of the present invention, the association server includes a purchase management server, a marketing management server, a financial management server, and a human resource management server, each association server is connected to a corresponding association database, for example, the purchase management server is connected to the purchase database, the marketing management server is connected to the marketing database, and the like, and the database of each service module is only connected to a corresponding service management server, so that servers of each service module are prevented from directly accessing the database across the service modules, and thus data security of each service module is ensured. Similarly, in order to ensure the data security of the production module, the production database is connected to the production management server, and the production management server is responsible for data interaction between the production database and other devices. In the technical scheme of the embodiment of the invention, in order to further ensure the data security of the production module, a data authority management server is also arranged between the production management server and the management servers of other business modules and is used for controlling the data interaction between the other business modules and the production module.
In some embodiments of the present invention, the data authority management system further includes an authority database connected to the data authority management server, and configured to store the access authority of the production database and the associated database, where the data authority management server controls data interaction between other business modules and production modules according to the access authority of the production database and the associated database stored in the authority database.
As shown in fig. 2, the industrial internet data right management method includes:
s230: and receiving a request for acquiring the associated database data sent by the production management server. In order to implement smooth operation of the production business, the production management server needs to retrieve data of other business modules in some cases, for example, when the production management server makes a production plan or performs a production plan schedule, the production management server needs to rely on the human condition of workers, such as vacation condition, shift schedule condition, attendance check-in condition, etc., while the data of vacation examination and approval, shift schedule, attendance check-in, etc., of the workers are all in the human resource database, and the production management server needs to retrieve from the human resource database. In the technical scheme of the invention, the request for the production management server to call the associated database data is sent to the data authority management server, and the data authority management server calls and forwards the data.
S240: and determining whether the requested data range is within a preset data acquisition authority range of the production management server. In the technical scheme of the embodiment of the invention, the production management server and the associated server access the production database and the associated database in a cross-service mode through the data authority management server to carry out unified management on the authority of the production management server and the associated server, thereby avoiding the complicated authority configuration in each database. Different business modules have different access rights in the production database and the associated database according to business requirements, and the data acquisition right range comprises the range of data tables in different business module databases and also comprises the data volume acquired from the cross-business module database at a time.
S250: and determining that the data acquisition approval application table is generated and sent to the relevant approval personnel of the corresponding associated server for approval. For example, when the production management server requests to acquire data of the human resource management database, the data authority management server automatically generates a human resource data application table and initiates a data acquisition approval process, where the human resource data application table at least includes a data application program such as a production plan scheduling program of the production management server, an application time such as an initiation date of the data acquisition approval process, an application data range such as vacation, shift or attendance check-in data of a production department, and the like. And the production management server sends the application form in the data acquisition approval process to an administrator, a responsible person and/or an information safety manager of the human resource service module for approval. Furthermore, different approval roles can be set for each different service module, the approval role responsible for acquiring the approval process of the data of the single service module is more familiar with the data of the service module, and the data which does not meet the service requirement or exceed the authority range of the service module can be prevented from being acquired by the cross-service module.
S260: and when the approval result is that the approval is passed, receiving the data sent by the corresponding associated server. When the data acquisition approval process passes, the data authority management server sends a data acquisition request to the associated server, such as a human resource management server, according to the request of the production management server, and acquires corresponding data from the human resource database through the human resource management server.
S270: forwarding the data to the production management server for storage to the production database. In order to avoid that the production management server frequently initiates repeated data acquisition requests to the data authority management server, necessary data of cross-service modules can be stored in the production database. The production management server has two types of high-frequency demand data and low-frequency demand data according to different demand scenes for the data of other business modules. For example, the vacation data, the scheduling data, the attendance check-in data and the like or the material inventory and the like in the front are high-frequency demand data which need to be frequently updated, otherwise, the production plan cannot be executed easily. For the data with high frequency requirement, the production management server needs to request synchronization from the associated database, such as human resource database, through the data authority management server with high frequency and periodicity. Further, in some embodiments of the present invention, a passive update may be used for low frequency demand data, such as organization structure, compensation welfare standards, and the like. The data authority management server or the authority database stores a low-frequency requirement data range in the production management server, the last synchronization time of each data record and the data change time of each data record in the corresponding association database, and the data authority management server periodically confirms information change to the association server, namely, when the data change time of the data record stored in the data authority management server or the authority database is inconsistent with the data record change time of the corresponding association server, the data authority management server requests to acquire the corresponding data record from the association database and sends the corresponding data record to the production management server for storage.
As shown in fig. 3, in the above-mentioned industrial internet data authority management method, before the step of the data authority management server receiving the request for obtaining the associated database data sent by the production management server, the method further includes:
s110: determining data ranges stored in the associated database required for performing production plan control and management;
s120: acquiring structures and original data of a database and a data table corresponding to the data range through the data authority management server;
s130: establishing the database and a data table in the production database;
s140: and periodically sending a request for acquiring the data of the associated database to the data authority management server so as to synchronize the data of the database and the data table.
Further, in the above method for managing data authority of industrial internet, after the step of the production management server establishing the database and the data table in the production database, the method further includes:
s210: acquiring a database address, a database name and a data table name which need to be synchronized from a production management server;
s220: and storing the database address, the database name and the data table name.
Due to the reasons of enterprise production management mode change, enterprise production management process optimization and the like, the data demand range of the production management server for other business modules is not constant, and the adoption of a mode of manually presetting the data range can cause that the subsequent change and configuration are very complicated, the efficiency is low, and even the production process of an enterprise can be influenced. In the technical solution of the embodiment of the present invention, the data right management server divides the requirement of the production management server for obtaining data from the associated database into two phases, namely, an initialization phase and a data synchronization phase. In the initialization stage, after the production management server dynamically determines a data range which is required by executing production plan control and management and is stored in the associated database, the production management server acquires structures and original data of a corresponding database and a corresponding data table in the associated database through the data authority management server, a part of the database and the data table which correspond to the associated database are established in the production database, and the data authority management server stores a corresponding database address, a corresponding database name and a corresponding data table name in the authority database so as to complete initialization of the data authority. In the technical solution of the embodiment of the present invention, the initialization stage needs to be executed under the supervision of a manager of the data authority management server, and the step of acquiring the structures and the original data of the database and the data table corresponding to the data range needs to be confirmed by the manager of the data authority management server, for example, after a confirmation password or a fingerprint or face information of the manager is input, data transmission can be executed. In the data synchronization stage, the production management server executes the step 230 to initiate a data synchronization request to the data authority management server according to different properties of the required data and according to a corresponding period.
As shown in fig. 4, in the above-mentioned industrial internet data authority management method, the step of determining, by the data authority management server, whether the requested data range is within a preset data acquisition authority range of the production management server specifically includes:
s241: determining whether the database address, the database name and the data table name in the request for acquiring the associated database data sent by the production management server are matched with the database address, the database name and the data table name stored by the data authority management server, if so, executing the step S250, and if not, executing the following steps:
s242: obtaining device information initiating the request from the production server;
s243: and sending warning information to a manager of the production server, wherein the warning information comprises the equipment information.
In other embodiments of the present invention, the data authority management system further includes an authority database, and the database address, the database name, and the data table name may be further stored in the authority database. In the technical solution of the foregoing embodiment, when the request for acquiring the associated database data sent by the production management server does not match the data authority range pre-stored in the data authority management server or the authority database, there is a possibility that a malicious program or a person steals the data in the associated database by using the production server, at this time, the data authority management server acquires, through the production management server, device information connected to the production management server to send the data acquisition request, where the device information includes one or more of a name, a device type, a device ID, an IP address, and an MAC address of the device, and sends these pieces of information to a manager of the production server to send warning information, and notifies the manager of the production server to perform a troubleshooting on the malicious program or person according to the device information in the warning information, thereby eliminating the risk of data leakage.
Further, in the above method for managing industrial internet data right, the method further includes:
s310: receiving a request for acquiring the data of the production database sent by the associated server;
s320: acquiring equipment information for initiating the request from the associated server;
s330: and sending warning information to the management role of the associated server, wherein the warning information comprises the equipment information.
The production data report forms required by management and decision making provided for the enterprise management layer can be directly produced and obtained in the production management server, and the data in the production database is not required to be analyzed after being obtained by other business modules. In the technical solution of the embodiment of the present invention, any request for acquiring the production database data that does not originate from the production management server is considered as an illegal request, and once the data right management server receives the request for acquiring the production database data that originates from the association server, there is a possibility that a malicious program or a person steals data in the production database by using the association server, at this time, the data right management server acquires, through the association management server, device information that is connected to the association management server to transmit the data acquisition request, where the device information includes one or more of a name of the device, a device type, a device ID, an IP address, and a MAC address, and transmits the information to a manager of the association server to send warning information, and informing a manager of the associated server to check the malicious program or personnel according to the equipment information in the warning information, thereby eliminating the risk of data leakage.
Further, in the above method for managing industrial internet data right, the method further includes:
constructing a first discrete sequence { xi1,2, …, n, the first discrete sequence consisting of all the fields of the data range stored in the relational database required for performing production plan control and management, x being the field name, n being the number of all the fields of the data range stored in the relational database required for performing production plan control and management;
construction of a second discrete sequence t (x)i) I ═ 1,2, …, n }, and t (x) in the second discrete sequencei) Obtaining, for the data rights management server, each field x in the corresponding first discrete sequence from the production management serveriA life cycle when the production management server executes a production plan;
construction of a third discrete sequence s (x)j) J-1, 2, …, m, each field x of the third discrete sequence being requested by the production management server from the association database at the current timejNumber of corresponding data records returned, where m<n;
Establishing a data validity model E based on the first discrete sequence and the second discrete sequencei=Fei[xi,t(xi)],i=1,2,…,n;
Establishing a data-valid period model T ═ F based on the first, second, and third discrete sequencest[xi,t(xi),sk(xj)],i=1,2,…,n,j=1,2,…,mkAnd k is 1,2, …, l, wherein l is the number of times the production management server requests data from the association database.
Further, in the above method for managing data authority of industrial internet, the step of determining whether the requested data range is within a preset data acquisition authority range of the production management server specifically includes:
acquiring the field name { x) requested by the production management server to the associated databasej,j=1,2,…,m};
Determining whether a data usage period corresponding to the data volume requested by the production management server to the associated database meets a preset condition or not according to the data valid period model, and intercepting the request if the data usage period does not meet the preset condition;
when the data validity period corresponding to the data quantity requested by the production management server to the associated database meets a preset condition, determining that the production management server requests the associated database according to the data validity modelData validity of each fieldj=Fej[xj,t(xj)],j=1,2,…,m;
Eliminating the data validity E in the request of the production management server to the associated databasejField of 0.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
While embodiments in accordance with the invention have been described above, these embodiments are not intended to be exhaustive or to limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated. The invention is limited only by the claims and their full scope and equivalents.

Claims (10)

1. An industrial Internet data authority management system, comprising a production database for storing production data, a production management server connected to the production database for performing production plan control and management, one or more flexible manufacturing units connected to the production management server for performing production tasks, and a data authority management server connected between the production management server and association servers, the association servers including one or more of a procurement management server, a marketing management server, a financial management server, a human resources management server, the association servers being connected to at least one association database, the data authority management server being for managing the authority of the association servers to access the production database and the authority of the production management server to access the association database, the data rights management server is configured to:
s230: receiving a request for acquiring the associated database data sent by the production management server;
s240: determining whether the requested data range is within a preset data acquisition authority range of the production management server;
s250: if so, generating a data acquisition approval application table and sending the data acquisition approval application table to related approving personnel of the corresponding associated server for approval;
s260: when the approval result is that the approval is passed, receiving the data sent by the corresponding associated server;
s270: forwarding the data to the production management server for storage to the production database.
2. The industrial internet data rights management system of claim 1, wherein after the step of the production management server building the database and data table in the production database, the data rights management server is configured to:
s210: acquiring a database address, a database name and a data table name which need to be synchronized from a production management server;
s220: and storing the database address, the database name and the data table name.
3. The industrial internet data right management system according to claim 2, wherein in the step of the data right management server determining whether the requested data range is within a preset data acquisition right range of the production management server, the data right management server is configured to:
s241: determining whether the database address, the database name and the data table name in the request for acquiring the associated database data sent by the production management server are matched with the database address, the database name and the data table name stored by the data authority management server, if so, executing the step S250, and if not, executing the following steps:
s242: obtaining device information initiating the request from the production server;
s243: and sending warning information to a manager of the production server, wherein the warning information comprises the equipment information.
4. The industrial internet data rights management system of claim 1, wherein the data rights management server is configured to:
s281: constructing a first discrete sequence { xi1,2, …, n, the first discrete sequence consisting of all the fields of the data range stored in the relational database required for performing production plan control and management, x being the field name, n being the number of all the fields of the data range stored in the relational database required for performing production plan control and management;
s282: construction of a second discrete sequence t (x)i) I ═ 1,2, …, n }, and t (x) in the second discrete sequencei) Obtaining, for the data rights management server, each field x in the corresponding first discrete sequence from the production management serveriA life cycle when the production management server executes a production plan;
s283: construction of a third discrete sequence s (x)j) J-1, 2, …, m, each field x of the third discrete sequence being requested by the production management server from the associated database at the current timejNumber of corresponding data records returned, where m<n;
S284: establishing a data validity model E based on the first discrete sequence and the second discrete sequencei=Fei[xi,t(xi)],i=1,2,…,;
S285: establishing a data-valid period model T ═ F based on the first, second, and third discrete sequencest[xi,t(xi),sk(xj)],i=1,2,…,n,j=1,2,…,mkAnd k is 1,2, …, l, wherein l is the number of times the production management server requests data from the association database.
5. The industrial internet data authority management system according to claim 4, wherein in the step of determining whether the requested data range is within a preset data acquisition authority range of the production management server, the data authority management server is configured to:
s291: acquiring the field name { x) requested by the production management server to the associated databasej,j=1,2,…,m};
S292: determining whether a data usage period corresponding to the data volume requested by the production management server to the associated database meets a preset condition or not according to the data valid period model, and intercepting the request if the data usage period does not meet the preset condition;
s293: when the data utilization period corresponding to the data quantity requested by the production management server to the associated database meets a preset condition, determining the data validity E of each field requested by the production management server to the associated database according to the data validity modelj=Fej[xj,(xj)],j=1,2,…,m;
S294: eliminating the data validity E in the request of the production management server to the associated databasejField of 0.
6. An industrial internet data authority management method is applied to an industrial internet data authority management system, the industrial internet data authority management system comprises a production database for storing production data, a production management server connected with the production database and used for executing production plan control and management, one or more flexible manufacturing units connected with the production management server and used for executing production tasks, and a data authority management server connected between the production management server and an associated server, the associated server comprises one or more of a purchase management server, a marketing management server, a financial management server and a human resource management server, and the associated server is connected with at least one associated database, the data authority management server is used for managing the authority of the associated server to access the production database and the authority of the production management server to access the associated database, and the industrial internet data authority management method comprises the following steps:
s230: receiving a request for acquiring the associated database data sent by the production management server;
s240: determining whether the requested data range is within a preset data acquisition authority range of the production management server;
s250: if so, generating a data acquisition approval application table and sending the data acquisition approval application table to related approving personnel of the corresponding associated server for approval;
s260: when the approval result is that the approval is passed, receiving the data sent by the corresponding associated server;
s270: forwarding the data to the production management server for storage to the production database.
7. The industrial internet data authority management method according to claim 6, further comprising, after the step of the production management server building the database and the data table in the production database:
s210: acquiring a database address, a database name and a data table name which need to be synchronized from a production management server;
s220: and storing the database address, the database name and the data table name.
8. The method for managing the industrial internet data authority according to claim 7, wherein the step of the data authority management server determining whether the requested data range is within a preset data acquisition authority range of the production management server specifically comprises:
s241: determining whether the database address, the database name and the data table name in the request for acquiring the associated database data sent by the production management server are matched with the database address, the database name and the data table name stored by the data authority management server, if so, executing the step S250, and if not, executing the following steps:
s242: obtaining device information initiating the request from the production server;
s243: and sending warning information to a manager of the production server, wherein the warning information comprises the equipment information.
9. The industrial internet data right management method according to claim 6, further comprising:
s281: constructing a first discrete sequence { xi1,2, …, n, the first discrete sequence consisting of all the fields of the data range stored in the relational database required for performing production plan control and management, x being the field name, n being the number of all the fields of the data range stored in the relational database required for performing production plan control and management;
s282: construction of a second discrete sequence t (x)i) I ═ 1,2, …, n }, t (x) in said second discrete sequencei) Obtaining, for the data rights management server, each field x in the corresponding first discrete sequence from the production management serveriA life cycle when the production management server executes a production plan;
s283: construction of a third discrete sequence s (x)j) J-1, 2, …, m, each field x of the third discrete sequence being requested by the production management server from the association database at the current timejNumber of corresponding data records returned, where m<n;
S284: establishing a data validity model E based on the first discrete sequence and the second discrete sequencei=Fei[xi,t(xi)],i=1,2,…,;
S285: establishing a data-valid period model T ═ F based on the first, second, and third discrete sequencest[xi,t(xi),sk(xj)],i=1,2,…,n,j=1,2,…,mkAnd k is 1,2, …, where l is the number of times the production management server requests data from the association database.
10. The industrial internet data authority management method according to claim 6, wherein the step of determining whether the requested data range is within a preset data acquisition authority range of the production management server specifically comprises:
s291: acquiring the field name { x) requested by the production management server to the associated databasej,j=1,2,…,m};
S292: determining whether a data usage period corresponding to the data volume requested by the production management server to the associated database meets a preset condition or not according to the data valid period model, and intercepting the request if the data usage period does not meet the preset condition;
s293: when the data utilization period corresponding to the data quantity requested by the production management server to the associated database meets a preset condition, determining the data validity E of each field requested by the production management server to the associated database according to the data validity modelj=Fej[xj,t(xj)],j=1,2,…,m;
S294: eliminating the request of the production management server to the associated databaseData validity EjField of 0.
CN202210360729.4A 2022-04-07 2022-04-07 Industrial Internet data authority management system and method Active CN114741725B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210360729.4A CN114741725B (en) 2022-04-07 2022-04-07 Industrial Internet data authority management system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210360729.4A CN114741725B (en) 2022-04-07 2022-04-07 Industrial Internet data authority management system and method

Publications (2)

Publication Number Publication Date
CN114741725A true CN114741725A (en) 2022-07-12
CN114741725B CN114741725B (en) 2022-11-08

Family

ID=82279969

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210360729.4A Active CN114741725B (en) 2022-04-07 2022-04-07 Industrial Internet data authority management system and method

Country Status (1)

Country Link
CN (1) CN114741725B (en)

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145228A (en) * 2007-10-12 2008-03-19 成都方程式电子有限公司 Production management system and safety implementation method
CN101964081A (en) * 2010-09-13 2011-02-02 中国恩菲工程技术有限公司 Production information system based on factory management infrastructure platform
CN102622677A (en) * 2012-03-21 2012-08-01 深圳市全民安全生产研究院有限公司 Enterprise safety production management method
CN104346383A (en) * 2013-07-31 2015-02-11 上海云端广告有限公司 Data access control method and system
CN104571001A (en) * 2013-10-29 2015-04-29 株式会社安川电机 INDUSTRIAL EQUIPMENT MANAGEMENT SYSTEM, INDUSTRIAL EQUIPMENT MANAGEMENT SERVER, and INDUSTRIAL EQUIPMENT MANAGEMENT METHOD
CN106164923A (en) * 2014-04-11 2016-11-23 Avl里斯脱有限公司 For transmitting the apparatus and method of data
EP3376403A1 (en) * 2015-12-31 2018-09-19 Huawei Technologies Co., Ltd. Method of accessing distributed database and device providing distributed data service
CN109656912A (en) * 2018-12-13 2019-04-19 成都四方伟业软件股份有限公司 Data model management-control method, device and server
CN109714349A (en) * 2018-12-29 2019-05-03 国网电子商务有限公司 Dynamic defending system and method, the internet platform of industry internet
CN110765481A (en) * 2019-09-11 2020-02-07 珠海格力电器股份有限公司 Authority control method, authority control system, readable storage medium and terminal device
WO2021001425A1 (en) * 2019-07-02 2021-01-07 Siemens Aktiengesellschaft Method and arrangement for providing data from an industrial automation arrangement to an external arrangement
AU2020104272A4 (en) * 2020-12-23 2021-03-11 Hunan Tian He Guo Yun Technology Co., Ltd. Blockchain-based industrial internet data security monitoring method and system
CN112632575A (en) * 2020-12-22 2021-04-09 平安普惠企业管理有限公司 Authority management method and device of business system, computer equipment and storage medium
CN112926068A (en) * 2021-02-25 2021-06-08 平安普惠企业管理有限公司 Authority management method, management server, service server and readable storage medium
CN112949993A (en) * 2021-02-03 2021-06-11 浙江富安莱科技有限公司 Sharing collaboration platform and method for one-wire-flow intelligent production line
CN113596154A (en) * 2021-07-29 2021-11-02 深圳市玄羽科技有限公司 Big data-based intelligent Internet of things management and control platform and management and control method
CN114218605A (en) * 2021-12-14 2022-03-22 中国建设银行股份有限公司 Data access control method, device, equipment and storage medium

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145228A (en) * 2007-10-12 2008-03-19 成都方程式电子有限公司 Production management system and safety implementation method
CN101964081A (en) * 2010-09-13 2011-02-02 中国恩菲工程技术有限公司 Production information system based on factory management infrastructure platform
CN102622677A (en) * 2012-03-21 2012-08-01 深圳市全民安全生产研究院有限公司 Enterprise safety production management method
CN104346383A (en) * 2013-07-31 2015-02-11 上海云端广告有限公司 Data access control method and system
CN104571001A (en) * 2013-10-29 2015-04-29 株式会社安川电机 INDUSTRIAL EQUIPMENT MANAGEMENT SYSTEM, INDUSTRIAL EQUIPMENT MANAGEMENT SERVER, and INDUSTRIAL EQUIPMENT MANAGEMENT METHOD
CN106164923A (en) * 2014-04-11 2016-11-23 Avl里斯脱有限公司 For transmitting the apparatus and method of data
EP3376403A1 (en) * 2015-12-31 2018-09-19 Huawei Technologies Co., Ltd. Method of accessing distributed database and device providing distributed data service
CN109656912A (en) * 2018-12-13 2019-04-19 成都四方伟业软件股份有限公司 Data model management-control method, device and server
CN109714349A (en) * 2018-12-29 2019-05-03 国网电子商务有限公司 Dynamic defending system and method, the internet platform of industry internet
WO2021001425A1 (en) * 2019-07-02 2021-01-07 Siemens Aktiengesellschaft Method and arrangement for providing data from an industrial automation arrangement to an external arrangement
CN110765481A (en) * 2019-09-11 2020-02-07 珠海格力电器股份有限公司 Authority control method, authority control system, readable storage medium and terminal device
CN112632575A (en) * 2020-12-22 2021-04-09 平安普惠企业管理有限公司 Authority management method and device of business system, computer equipment and storage medium
AU2020104272A4 (en) * 2020-12-23 2021-03-11 Hunan Tian He Guo Yun Technology Co., Ltd. Blockchain-based industrial internet data security monitoring method and system
CN112949993A (en) * 2021-02-03 2021-06-11 浙江富安莱科技有限公司 Sharing collaboration platform and method for one-wire-flow intelligent production line
CN112926068A (en) * 2021-02-25 2021-06-08 平安普惠企业管理有限公司 Authority management method, management server, service server and readable storage medium
CN113596154A (en) * 2021-07-29 2021-11-02 深圳市玄羽科技有限公司 Big data-based intelligent Internet of things management and control platform and management and control method
CN114218605A (en) * 2021-12-14 2022-03-22 中国建设银行股份有限公司 Data access control method, device, equipment and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
KEVIN WALLIS 等: "Adaption of a Privilege Management Infrastructure (PMI) Approach to Industry 4.0", 《2017 5TH INTERNATIONAL CONFERENCE ON FUTURE INTERNET OF THINGS AND CLOUD WORKSHOPS (FICLOUDW)》 *
张亚兵 等: "工业互联网中增强安全的云存储数据访问控制方案", 《计算机应用研究》 *
熊剑锋: "统一权限系统在工业互联网平台多系统中的应用", 《工业控制计算机》 *

Also Published As

Publication number Publication date
CN114741725B (en) 2022-11-08

Similar Documents

Publication Publication Date Title
US11769117B2 (en) Building automation system with fault analysis and component procurement
US11768004B2 (en) HVAC device registration in a distributed building management system
CN102947797B (en) The online service using directory feature extending transversely accesses and controls
EP2510473B1 (en) Unified user login for co-location facilities
US9197639B2 (en) Method for sharing data of device in M2M communication and system therefor
US8229785B2 (en) Mobile network dynamic workflow exception handling system
CN110140096A (en) Online, offline and mixing license building automation system for distributed edge device
CN104135381B (en) Hierarchical service management and system
KR20170020311A (en) Wireless sensor network
US10963575B2 (en) Access control governance using mapped vector spaces
US20130057384A1 (en) Method and apparatus for surveillance system peering
CN102045337A (en) Apparatus and methods for managing network resources
CN110521188A (en) Distributed transaction management in web services layer
CN103348328A (en) System and method for monitoring and managing data center resources in real time
US20170279688A1 (en) Method, device and system for providing device application software management service in internet of things
JP7402924B2 (en) Systems, methods, apparatus, and computer program products for managing and synchronizing independent computing resources
CN108111334B (en) Integration system and method of network application node
CN111950019A (en) Block chain-based Internet of things access control system and method
CN104135378A (en) Method of management control of Internet of Things gateways and management control entity for Internet of Things gateways
CN112100585A (en) Authority management method, device and storage medium
CN109637639A (en) A kind of hospital bed Added Management information system
WO2015149531A1 (en) Internet of things terminal firmware management method, device and general service entity
CN101594386B (en) Method and device for constructing reliable virtual organization based on distributed strategy verification
Lata et al. Security and privacy issues in fog computing environment
CN114741725B (en) Industrial Internet data authority management system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant