CN115145941B - Information management method, system and computer readable storage medium - Google Patents

Information management method, system and computer readable storage medium Download PDF

Info

Publication number
CN115145941B
CN115145941B CN202211068358.9A CN202211068358A CN115145941B CN 115145941 B CN115145941 B CN 115145941B CN 202211068358 A CN202211068358 A CN 202211068358A CN 115145941 B CN115145941 B CN 115145941B
Authority
CN
China
Prior art keywords
intelligence
output
threat
threat intelligence
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211068358.9A
Other languages
Chinese (zh)
Other versions
CN115145941A (en
Inventor
王云赫
徐彬
薛锋
任政
童兆丰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing ThreatBook Technology Co Ltd
Original Assignee
Beijing ThreatBook Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing ThreatBook Technology Co Ltd filed Critical Beijing ThreatBook Technology Co Ltd
Priority to CN202211068358.9A priority Critical patent/CN115145941B/en
Publication of CN115145941A publication Critical patent/CN115145941A/en
Application granted granted Critical
Publication of CN115145941B publication Critical patent/CN115145941B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2457Query processing with adaptation to user needs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computational Linguistics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an intelligence management method, an intelligence management system and a computer readable storage medium. The method comprises the following steps: periodically acquiring threat intelligence updating data from a plurality of intelligence sources, storing the threat intelligence updating data into a local memory for a local security module to use, and filing the acquired threat intelligence updating data into a database for storage according to the corresponding data sources and the acquisition time in real time; based on an output strategy configured by a user, periodically screening corresponding threat intelligence updating data from the database and transmitting the threat intelligence updating data to other equipment serving as a client; and the other equipment utilizes the acquired threat intelligence update data to carry out security defense. The information management scheme provided by the invention not only can be used for filing and managing third-party threat information, but also can be used for enabling information of other equipment in a safe and customized manner.

Description

Information management method, system and computer readable storage medium
Technical Field
The invention relates to the field of information security, in particular to an information management method, system and computer readable storage medium which can collect threat information update data of each information source in time and can endow information for other equipment (especially equipment in the same unit) in a customized mode.
Background
With the development of IT technology and communication technology, the network environment is becoming more complex. Especially, the application of technologies such as cloud computing, virtualization and the like enables the host boundary, the network boundary and the communication boundary to become more fuzzy, enhances the concealment of network attack, and also prompts a plurality of new attack targets and new attack means.
In order to deal with a variety of attack means on the network, protect sensitive information or valuable information, and prevent information assets from being stolen, tampered and illegally utilized, many network security companies gradually master and informationize a certain amount of ways and methods for identifying different network attacks based on information and experiences such as historical attacks, known bugs and attack methods. Such an information-based method and method for identifying a network attack is called security intelligence, and is also called threat intelligence update data. Some of the commercial security information, which has high accuracy, fast update, wide coverage and needs a certain cost, is called high-value security information. Since the security information owned by any security company cannot be complete, there must be some security information owned by others or companies but not owned by others. Therefore, for enterprises needing network security defense, the accuracy, the coverage and the timeliness of information updating of the information of each company are concerned. Only if the safety information of the selected safety company is updated quickly, accurately and widely, the safety information can help the selected safety company to resist network attack to the maximum extent and prevent the information assets of the selected safety company from being stolen or damaged. Therefore, it is desirable that the defender can use the information of more than one security company to form a defense system in which multiple information mutually make up for each other. In addition, most defense parties need to protect not only self information assets but also information assets of downstream organizations, and therefore the technical problem to be solved is solved by acquiring threat intelligence update data of various intelligence sources in time and safely transmitting safety intelligence to level equipment and downstream equipment in the defense parties.
Disclosure of Invention
In order to meet the requirement that a defender hopes to synthesize a plurality of intelligence sources and obtains threat intelligence updating data with wide coverage and high accuracy in time. The invention provides an intelligence management method, an intelligence management system and a computer readable storage medium.
The information management system can collect and manage threat information updating data of various information sources in time, and can safely and timely give the acquired information updating data to clients needing defense in a customized mode.
A first aspect of the invention provides an intelligence management system. The system comprises: a Threat Intelligence Platform (TIP) device and several clients. The threat intelligence platform apparatus includes: the system comprises an information acquisition module, an information output module and a database. The intelligence acquisition module periodically acquires threat intelligence update data from a plurality of intelligence sources, stores the threat intelligence update data into a local memory for use by the local security module, and files the acquired threat intelligence update data into a database in real time according to the corresponding data sources and the acquisition time for storage. And the intelligence output module outputs corresponding threat intelligence updating data to the plurality of clients based on an output strategy configured by a user. And the plurality of clients perform security defense by using the acquired threat intelligence update data. The period of threat intelligence update data obtained by the intelligence obtaining module from a specific intelligence source can be adjusted/set according to actual requirements.
Further, the configuration content of the output strategy comprises a target client terminal for receiving corresponding threat intelligence updating data, and the intelligence output module supports a plurality of output strategies simultaneously.
Further, the configuration content of the output policy further includes: output intelligence limit parameters, encryption configuration parameters and output frequency. And the information output module periodically screens threat information updating data which is in accordance with the output information limited parameter in the specific output strategy from the database according to the output frequency in the specific output strategy, encrypts the threat information updating data according to an encryption mode specified by the encryption configuration parameter in the specific output strategy, generates a threat information updating file to be transmitted, and stores the threat information updating file to a corresponding storage path for a related client to obtain.
Further, the encryption configuration parameters include: encryption algorithm, encryption key, encrypted output file name and compression format. The information output module encrypts threat information updating data screened out from the database by adopting an encryption algorithm and an encryption key set by encryption configuration parameters in a specific output strategy to generate a threat information updating file to be transmitted, wherein the output file name and the compression format are specified by the encryption configuration parameters in the specific output strategy, and the threat information updating file to be transmitted is stored in a corresponding storage path for being acquired by a related client.
Further, the output intelligence defining parameters include: intelligence source, output field, acquisition time range and threat level. And the intelligence source in the output intelligence limiting parameter is used for limiting the acquisition intelligence source for outputting threat intelligence updating data. And the output field is used for limiting the field of each piece of threat intelligence in the output threat intelligence updating data. The parameter of the time range is used for limiting the time range of the output threat intelligence updating data before the current output moment. And the threat level is used for limiting the threat level of each piece of intelligence in the output threat intelligence updating data.
Furthermore, the intelligence output module also determines to acquire threat intelligence update data which is defined by the output intelligence limiting parameters from the database in a full amount mode or an increment mode based on whether the value of the parameter of the acquisition time range is set or not, and encrypts the threat intelligence update data to generate a threat data update file for outputting. The concrete implementation is as follows: if the acquisition time range parameter is not set, acquiring threat information updating data meeting the limitation of other parameters in the output information limiting parameters from the database in a full mode according to the output frequency configured by a specific output strategy to encrypt, and generating a threat information updating file to be transmitted to output; and if not, acquiring threat intelligence update data which is within the parameter value of the acquisition time range from the current output moment and accords with the limit of other parameters in the output intelligence limit parameters from the database in an incremental mode according to the output frequency configured by the specific output strategy, encrypting the threat intelligence update data, generating a threat intelligence update file to be transmitted, and outputting the threat intelligence update file.
Further, before storing the threat intelligence update data in a local memory and a database, the intelligence acquisition module identifies the threat level of each piece of threat intelligence in the threat intelligence update data, and files each piece of threat intelligence in the database after adding corresponding threat level identification information to the threat intelligence for storage.
A second aspect of the invention provides a threat intelligence management method. The method comprises the following steps: periodically acquiring threat intelligence updating data from a plurality of intelligence sources by utilizing computer equipment, storing the threat intelligence updating data into a local memory for a local security module to use, and filing the acquired threat intelligence updating data into a database for storing according to the corresponding data source and the acquisition time in real time; screening corresponding threat intelligence updating data from the database based on an output strategy configured by a user, and transmitting the threat intelligence updating data to other equipment serving as a client; and the other equipment performs security defense by using the acquired threat intelligence updating data. The details of the implementation of the information management method are the same as the processing of obtaining and outputting the updated threat information data by the threat information management system, and are not described again here.
A third aspect of the invention provides a computer-readable storage medium. The computer-readable storage medium has stored thereon program code that, when executed by a computer, implements the above-described threat intelligence management method.
The information management scheme provided by the invention not only can timely collect and manage data update of various information sources, but also can quickly and accurately provide threat information update data for the interior of a defense enterprise and other clients of upstream and downstream organizations so as to timely and comprehensively enhance the defense capability of a defense party on threats such as network attack, information stealing and the like.
Drawings
FIG. 1 is a diagram of an intelligence management system framework provided by the present invention.
Fig. 2 is a schematic diagram of the content of the output policy in the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages solved by the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, the intelligence management system provided by the present invention includes: threat intelligence platform device (TIP device) and several clients (client 1, client 2 shown in fig. 1). The threat intelligence platform apparatus includes: the system comprises an information acquisition module, an information output module and a database. The intelligence acquisition module is used for periodically acquiring threat intelligence updating data from a plurality of intelligence sources, storing the threat intelligence updating data into a local memory for use by the local security module, and meanwhile, filing the threat intelligence updating data into the database for persistent storage according to the acquired data source and the acquisition time corresponding to the specific threat intelligence updating data. In addition, in order to facilitate the user to manage the database, the intelligence acquisition module is also provided with an interface for configuring/operating the database. The intelligence acquisition module acquires the period of threat intelligence update data from a specific intelligence source, and can be adjusted/set according to actual requirements. For example, the intelligence acquisition module may be configured to acquire threat intelligence update data from a corresponding intelligence source at a frequency of every 30 minutes.
The intelligence output module outputs corresponding threat intelligence update data to the plurality of clients based on a plurality of output strategies (an output strategy 1 and an output strategy 2 shown in fig. 1) configured by a user, namely the intelligence output module simultaneously supports a plurality of output strategies. In order to facilitate the user to set the output strategy in the intelligence output module, an interface for the user to configure the output strategy is also arranged in the database. Preferably, the configuration content of the output policy includes specifying a target client to receive corresponding threat intelligence update data. And the plurality of clients perform security defense by using the acquired threat intelligence update data. Preferably, the plurality of clients are other devices different from the TIP device, or computer security applications or computer protection software provided on different devices.
As shown in fig. 2, the configuration content of the output policy includes: output information limiting parameters, encryption configuration parameters and output frequency. The output intelligence defining parameters include: intelligence source, output field, time range and threat level of output threat intelligence. The encryption configuration parameters include: encrypting mode parameters, outputting files and compression formats; the encryption mode parameters comprise: a selected encryption algorithm, an encryption key, or a parameter that generates an encryption key. Preferably, the encryption key or a parameter for generating the encryption key may be set as a variable (e.g., a variable related to time/date) to enhance security of encrypted data transmission, so as to avoid a potential security hazard of data leakage caused by using fixed key encryption.
The information output module periodically screens threat information updating data which is defined by output information limiting parameters in a specific output strategy from the database according to the output frequency set in the specific output strategy, encrypts the threat information updating data according to an encryption mode specified by encryption configuration parameters in the specific output strategy to generate a threat information updating file to be transmitted, wherein the output file name and the compression format are specified by the encryption configuration parameters in the specific output strategy, and stores the threat information updating file to be transmitted to a corresponding storage path for a relevant client to obtain. Preferably, the TIP device generates a URL for each threat intelligence update file to be transmitted generated by the output policy, and the client calls (for example, through a browser) the corresponding URL to download the corresponding threat intelligence update data update file. In addition, in the embodiment shown in fig. 1, the TIP device further receives authentication/permission credential information of the client, and is configured to perform permission authentication on the client device accessing the TIP device, so as to prevent an illegal client device from accessing the TIP device to obtain threat intelligence update data.
Furthermore, the intelligence source in the output intelligence limited parameter is used for limiting the acquisition intelligence source for outputting threat intelligence updating data; the output field is used for limiting the field of each piece of threat intelligence in the output threat intelligence updating data; the parameter of the time range is used for limiting the time range of the output threat intelligence updating data before the current output moment. And the intelligence output module also determines whether to encrypt threat intelligence update data which is in accordance with the limit of the output intelligence limiting parameter and is obtained from the database in a full mode or an incremental mode based on the configuration value of the parameter of the acquisition time range, generates a threat intelligence update file to be transmitted and outputs the update file. In one embodiment, if the value of the parameter of the acquisition time range is not set, the intelligence output module acquires threat intelligence update data meeting the limit of the output intelligence limiting parameter from the database in a full mode according to the configured output frequency, encrypts the threat intelligence update data, generates a threat intelligence update file to be transmitted and outputs the threat intelligence update file; and if not, the information output module acquires threat information updating data which is within the acquisition time range parameter value from the current output moment and accords with the limitation of other parameters in the output information limiting parameters from the database in an increment mode according to the configured output frequency, encrypts the threat information updating data, generates a threat information updating file to be transmitted and outputs the threat information updating file.
Further, before storing the threat intelligence update data in a local memory and a database, the intelligence acquisition module identifies the threat level of each piece of threat intelligence in the threat intelligence update data, attaches corresponding threat level identification information to each piece of threat intelligence, and files the threat intelligence into the database for storage. Preferably, the intelligence acquisition module updates a specific field (a field for identifying threat severity) of each piece of threat intelligence in the data according to the threat intelligence, and maps the threat level of each piece of intelligence to one of severe, high, medium, low and basic information according to a built-in rule.
Correspondingly, the invention also provides a threat information management method. The method comprises the following steps: periodically acquiring threat intelligence updating data from a plurality of intelligence sources by using computer equipment, storing the threat intelligence updating data into a local memory for a local security module to use, and filing the acquired threat intelligence updating data into a database for storage according to the corresponding data source and the acquisition time in real time; screening corresponding threat intelligence updating data from the database based on an output strategy configured by a user, and transmitting the threat intelligence updating data to other equipment serving as a client; and the other equipment utilizes the acquired threat intelligence update data to carry out security defense. The details of the implementation of the information management method are the same as the processing of obtaining and outputting the updated threat information data by the threat information management system, and are not described again here.
The third aspect of the present invention also provides a computer-readable storage medium. The computer-readable storage medium has stored thereon program code that, when executed by a computer, implements the above-described threat intelligence management method. The computer-readable storage media types include, but are not limited to, ROM, RAM, and optical disks on which information is recorded.
The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same. Although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims (5)

1. An intelligence management system, the system comprising: a Threat Intelligence Platform (TIP) device and a number of clients; the threat intelligence platform apparatus includes: the system comprises an information acquisition module, an information output module and a database;
the intelligence acquisition module periodically acquires threat intelligence update data from a plurality of intelligence sources, stores the threat intelligence update data into a local memory for use by the local security module, and files the acquired threat intelligence update data into a database for storage according to the corresponding acquisition data source and acquisition time in real time; before storing the obtained threat intelligence updating data in a local memory and a database, the intelligence obtaining module also identifies the threat level of each threat intelligence in the obtained threat intelligence updating data, adds corresponding threat level identification information to each threat intelligence and then files the threat intelligence into the database for storage;
the intelligence output module outputs corresponding threat intelligence updating data to the plurality of clients based on the output strategy configured by the user, and simultaneously supports a plurality of output configuration strategies;
the configuration content of the output strategy comprises: outputting an intelligence limiting parameter, encrypting a configuration parameter, outputting a frequency and specifying a target client for receiving corresponding threat intelligence updating data; the output intelligence defining parameters include: the threat level parameter is used for limiting the threat level of each piece of information in the output threat information updating data; the encryption configuration parameters include: an encryption algorithm, an encryption key, an encrypted output file name and a compression format;
the information output module periodically screens threat information updating data which is in accordance with the output information limited parameter limit in the specific output strategy from the database according to the output frequency in the specific output strategy; and encrypting according to an encryption mode specified by the encryption configuration parameters in the specific output strategy, generating an output file name specified by the encryption configuration parameters in the specific output strategy and storing the threat information update file to be transmitted in a compressed format into a corresponding storage path so as to be obtained by a corresponding target client for security defense.
2. The intelligence management system of claim 1, wherein the intelligence output module further determines to obtain threat intelligence update data complying with the output intelligence restriction parameter from the database in a full or incremental manner for encrypted output based on whether the value of the acquisition time range parameter is set; the concrete implementation is as follows: if the value of the acquisition time range parameter is not set, acquiring threat information updating data which accords with other parameter limits in the output information limiting parameters from the database in a full mode according to the output frequency configured by a specific output strategy for encryption output; otherwise, acquiring threat intelligence updating data which is within the parameter value of the acquisition time range from the current output moment and accords with the limit of other parameters in the output intelligence limiting parameters from the database in an incremental mode according to the output frequency configured by the specific output strategy, and carrying out encryption output.
3. A threat intelligence management method, the method comprising: periodically acquiring threat intelligence updating data from a plurality of intelligence sources by using computer equipment, storing the threat intelligence updating data into a local memory for a local security module to use, and filing the acquired threat intelligence updating data into a database for storage according to the corresponding acquired data source and the acquisition time in real time; before storing the obtained threat intelligence update data in a local memory and a database, identifying the threat level of each piece of threat intelligence in the obtained threat intelligence update data, adding corresponding threat level identification information to each piece of threat intelligence, and filing the threat level identification information into the database for storage;
configuring a plurality of output strategies, wherein the configuration content of the output strategies comprises the following steps: outputting information limiting parameters, encrypting configuration parameters, outputting frequency and appointing target client-side equipment for receiving corresponding threat information updating data; the output intelligence defining parameters include: the threat level parameter is used for limiting the threat level of each piece of information in the output threat information updating data; the encryption configuration parameters include: an encryption algorithm, an encryption key, an encrypted output file name and a compression format;
and setting the computer equipment to periodically screen threat intelligence updating data which is defined by output intelligence limiting parameters in a specific output strategy from the database according to the output frequency specified in the specific output strategy, encrypting according to an encryption mode specified by encryption configuration parameters in the specific output strategy, generating an output file name specified by the encryption configuration parameters in the specific output strategy and a threat intelligence updating file to be transmitted in a compressed format, and storing the output file name and the threat intelligence updating file to be transmitted in the corresponding storage path for the corresponding target client equipment to obtain for security defense.
4. The threat intelligence management method of claim 3, the method further comprising: and determining whether to set the value of the acquisition time range parameter, and acquiring threat intelligence update data which is in accordance with the output intelligence limiting parameter limitation from the database in a full amount mode or an increment mode for encryption output, wherein the specific implementation is as follows: if the value of the acquisition time range parameter is not set, the threat intelligence platform equipment acquires threat intelligence update data which is in accordance with the limit of the output intelligence limiting parameter from the database in a full mode according to the configured output frequency, and encrypts and outputs the threat intelligence update data; otherwise, the threat intelligence platform equipment acquires threat intelligence updating data which is within the acquisition time range parameter value from the current output moment and accords with other parameter limitations in the output intelligence limiting parameters from the database in an increment mode according to the configured output frequency, and encrypts and outputs the threat intelligence updating data.
5. A computer-readable storage medium having stored thereon program code that, when executed by a computer, implements the threat intelligence management method of any of claims 3-4.
CN202211068358.9A 2022-09-02 2022-09-02 Information management method, system and computer readable storage medium Active CN115145941B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211068358.9A CN115145941B (en) 2022-09-02 2022-09-02 Information management method, system and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211068358.9A CN115145941B (en) 2022-09-02 2022-09-02 Information management method, system and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN115145941A CN115145941A (en) 2022-10-04
CN115145941B true CN115145941B (en) 2022-12-16

Family

ID=83416074

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211068358.9A Active CN115145941B (en) 2022-09-02 2022-09-02 Information management method, system and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN115145941B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116781432B (en) * 2023-08-24 2024-05-28 北京微步在线科技有限公司 Information data updating method and device, computer equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114417329A (en) * 2021-12-08 2022-04-29 国家电网有限公司信息通信分公司 Threat information production and analysis method based on federal learning
CN114500048A (en) * 2022-01-26 2022-05-13 南方电网数字电网研究院有限公司 External threat information analysis method and system based on network security

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9118702B2 (en) * 2011-05-31 2015-08-25 Bce Inc. System and method for generating and refining cyber threat intelligence data
WO2017221088A1 (en) * 2016-06-23 2017-12-28 Logdog Information Security Ltd. Distributed user-centric cyber security for online-services

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114417329A (en) * 2021-12-08 2022-04-29 国家电网有限公司信息通信分公司 Threat information production and analysis method based on federal learning
CN114500048A (en) * 2022-01-26 2022-05-13 南方电网数字电网研究院有限公司 External threat information analysis method and system based on network security

Also Published As

Publication number Publication date
CN115145941A (en) 2022-10-04

Similar Documents

Publication Publication Date Title
US10614233B2 (en) Managing access to documents with a file monitor
CN111164948B (en) Managing network security vulnerabilities using blockchain networks
US6499110B1 (en) Method and apparatus for facilitating information security policy control on a per security engine user basis
CN109740363B (en) Document grading desensitization encryption method
CN112270012B (en) Device, method and system for distributed data security protection
EP2866411A1 (en) Method and system for detecting unauthorized access to and use of network resources with targeted analytics
CN110889130B (en) Database-based fine-grained data encryption method, system and device
CN109600366A (en) The method and device of protection user data privacy based on block chain
US11489660B2 (en) Re-encrypting data on a hash chain
CN115145941B (en) Information management method, system and computer readable storage medium
CN114207615A (en) System and method for maintaining an immutable data access log with privacy
US7454791B1 (en) Method and system for checking the security on a distributed computing environment
US20210209246A1 (en) Blockchain Network to Protect Identity Data Attributes Using Data Owner-Defined Policies
KR102542213B1 (en) Real-time encryption/decryption security system and method for data in network based storage
CN115221538B (en) Encryption method and system suitable for financial data
CN113794735B (en) Sensitive data security protection method in SAAS system scene
CN114861144A (en) Data authority processing method based on block chain
US20210320791A1 (en) Systems and methods for adaptive recursive descent data redundancy
KR101993723B1 (en) Security policy automation support system and method
US20220100900A1 (en) Modifying data items
CN117993017B (en) Data sharing system, method, device, computer equipment and storage medium
CN117459327B (en) Cloud data transparent encryption protection method, system and device
US20220385683A1 (en) Threat management using network traffic to determine security states
Longzhu et al. Research and exploration of the data security compliance inspection technology based on the large-scale call platform of the customer service center
CN117993017A (en) Data sharing system, method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant