CN115514585B - Database security management method and system - Google Patents

Database security management method and system Download PDF

Info

Publication number
CN115514585B
CN115514585B CN202211471329.7A CN202211471329A CN115514585B CN 115514585 B CN115514585 B CN 115514585B CN 202211471329 A CN202211471329 A CN 202211471329A CN 115514585 B CN115514585 B CN 115514585B
Authority
CN
China
Prior art keywords
data
management
management user
request
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211471329.7A
Other languages
Chinese (zh)
Other versions
CN115514585A (en
Inventor
刘欣华
张章
刘杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Digital Zhongzhi Technology Co ltd
Original Assignee
Beijing Digital Zhongzhi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Digital Zhongzhi Technology Co ltd filed Critical Beijing Digital Zhongzhi Technology Co ltd
Priority to CN202211471329.7A priority Critical patent/CN115514585B/en
Publication of CN115514585A publication Critical patent/CN115514585A/en
Application granted granted Critical
Publication of CN115514585B publication Critical patent/CN115514585B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the field of data security, and discloses a database security management method and a database security management system, which comprise a data user dividing module, a data acquisition request module, a storage response module and a data acquisition response module, wherein the data user dividing module is used for protecting the data security of a database, particularly protecting the data content with higher security risk level.

Description

Database security management method and system
Technical Field
The invention relates to the field related to data security, in particular to a database security management method and a database security management system.
Background
Data security is an important issue for high-efficiency groups such as enterprises and various organizations, and particularly for data content with high authority and high security level, which is important for the groups, the security determines the future trend of the groups to a certain extent, and the leakage of the data content has a very verification effect on the groups.
In the prior art, the security processing of the database content is mostly performed through various encryption modes, although the data encryption mode with higher security level can provide higher security level, the security processing is still realized based on the direct data content processing of the server data, and the real existence of the key can generate the risk that the data is reversely decrypted.
Disclosure of Invention
The present invention is directed to a database security management method and system, so as to solve the problems set forth in the background art.
In order to achieve the purpose, the invention provides the following technical scheme:
a database security management system, comprising:
the data user classification module is used for setting a plurality of management user grades according to the risk grade of the data, each management user corresponds to a unique security identification code, the risk grade corresponds to the management user grade, and different management user grades are used for representing access authority grades of different risk grade data;
the data acquisition request module is used for acquiring and responding to a data reading request so as to acquire the risk level of corresponding data, acquiring a communicable management user list corresponding to the risk level through a preset user management program, randomly selecting a preset number of management users, generating a data forwarding request containing the data reading request, and forwarding the data forwarding request to a data repository through a management user side corresponding to the selected management user, wherein the data forwarding request also contains a security identification code of the corresponding management user;
the repository response module is used for acquiring the data forwarding requests forwarded by the multiple management user sides, acquiring corresponding data contents based on the data reading requests, encrypting the data contents by taking the multiple security identification codes as keys, and splitting the encrypted data contents into the forwarding subdata with the same number as that of the management users;
and the data acquisition response module is used for acquiring the forwarding subdata which is forwarded after the verification of the management user side, recombining the plurality of forwarding subdata, decrypting the recombined data according to a key consisting of a plurality of safety identification codes, generating data content and sending the data content to the request user side.
As a further scheme of the invention: still include the management user authentication module, specifically include:
the identity display unit is used for acquiring identity authentication information of a corresponding requester according to the data reading request and displaying the identity authentication information through the management user side, wherein the identity authentication information is used for representing the access authority level of the requester on the data content and the basic identity information of the user;
the management negotiation unit is used for establishing an online authentication conference chat window, setting a plurality of corresponding management users as conference participants of an authentication conference, recording the conference chat window and generating an authentication conference record;
and the request authentication unit is used for generating a forwarding authentication request and acquiring feedback information of the management user when the management user side acquires the forwarding subdata, and forwarding the forwarding subdata and a preset safety identification code if the forwarding subdata passes the feedback information, wherein the safety identification code is used for generating a secret key.
As a further scheme of the invention: the system also comprises a data security association module;
the data security association module is used for generating a data security log through a security recording program when a data reading request is acquired, and recording security information in a data reading request response process, wherein the security information recorded by the data security log comprises the data reading request, a requester and a management user corresponding to the data reading request, and the authentication conference record.
As a further scheme of the invention: the data acquisition request module also comprises a requester authentication unit;
and the requester authentication unit is used for generating and sending a biological authentication request when the data reading request is acquired, acquiring a biological verification feedback from a requesting user terminal, identifying and judging the identity of the requester at the requesting user terminal according to the biological verification feedback, and responding to the data reading request if the judgment result shows that the identity of the requester is consistent with that of the requesting user terminal.
As a further scheme of the invention: the data acquisition request module further comprises:
a user list obtaining unit, configured to obtain information of a plurality of management user terminals corresponding to the management user level and the risk level, generate and send a communication verification data segment, obtain a communication state with the management user terminal according to a feedback result of the verification data segment, and generate a management user list;
and the management communication verification unit is used for sending the biological authentication requests to the management user sides corresponding to the selected management users, and if the biological authentication requests do not pass through the management user sides, reselecting the management users and the corresponding management terminals through the management user list.
The embodiment of the invention aims to provide a database security management method, which comprises the following steps:
setting a plurality of management user grades according to the risk grade of the data, wherein each management user corresponds to a unique security identification code, the risk grade corresponds to the management user grade, and different management user grades are used for representing access rights to different risk grade data;
acquiring and responding to a data reading request to acquire a risk level of corresponding data, acquiring a communicable management user list corresponding to the risk level through a preset user management program, randomly selecting a preset number of management users, generating a data forwarding request containing the data reading request, and forwarding the data forwarding request to a data repository through a management user side corresponding to the selected management user, wherein the data forwarding request comprises a security identification code of the corresponding management user;
acquiring the data forwarding requests forwarded by a plurality of management user terminals, acquiring corresponding data contents based on the data reading requests, encrypting the data contents by using a plurality of security identification codes as keys, and splitting the encrypted data contents into forwarding subdata with the same number as that of the management users;
and acquiring the forwarding subdata which is forwarded after verification by the management user side, recombining the plurality of forwarding subdata, decrypting the recombined data according to a key consisting of a plurality of safety identification codes to generate data content, and sending the data content to the request user side.
As a further scheme of the invention: further comprising the steps of:
acquiring identity authentication information corresponding to a requester according to a data reading request, and displaying the identity authentication information through a management user side, wherein the identity authentication information is used for representing the access authority level of the requester on data content and user basic identity information;
establishing an online authentication conference chat window, setting a plurality of corresponding management users as conference participants of an authentication conference, recording the conference chat window, and generating an authentication conference record;
and when the management user side acquires the forwarding subdata, generating a forwarding authentication request, acquiring feedback information of the management user, and if the feedback information passes through the forwarding authentication request, forwarding the forwarding subdata and a preset safety identification code, wherein the safety identification code is used for generating a secret key.
As a further scheme of the invention: further comprising the steps of:
when a data reading request is acquired, generating a data security log through a security recording program, and recording security information in a data reading request response process, wherein the security information recorded by the data security log comprises the data reading request, a requester and a management user corresponding to the data reading request, and the authentication conference record.
As a still further scheme of the invention: the step of obtaining and responding to a data read request further comprises:
and when the data reading request is acquired, generating and sending a biological authentication request, acquiring a biological verification feedback from a requesting user terminal, identifying and judging the identity of a requester at the requesting user terminal according to the biological verification feedback, and responding to the data reading request if the judgment result is that the identity of the requester is consistent with that of the requesting user terminal.
As a further scheme of the invention: the step of obtaining a communicable management user list corresponding to the risk level through a preset user management program and randomly selecting a preset number of management users further includes:
acquiring a plurality of management user side information corresponding to the management user level and the risk level, generating and sending a communication verification data segment, acquiring a communication state with the management user side according to a feedback result of the verification data segment, and generating a management user list;
and sending biological authentication requests to the management user sides corresponding to the selected management users, and if the biological authentication requests fail to pass through the management user sides, reselecting the management users and the corresponding management terminals through the management user list.
Compared with the prior art, the invention has the beneficial effects that: the method is used for protecting the data security of the database, particularly protecting the data content with higher security risk level, and a scattered node type data indirect reading mode authenticated by a multi-management device is set, so that potential safety hazards possibly generated by direct access of a requester to the database content can be effectively avoided, the data content is encrypted and fragmented, and the data security level can be further improved.
Drawings
FIG. 1 is a block diagram of a database security management system;
FIG. 2 is a block diagram of a management user authentication module in a database security management system;
fig. 3 is a flow chart of a database security management method.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The following detailed description of specific embodiments of the present invention is provided in connection with specific embodiments.
As shown in fig. 1, a database security management system provided for an embodiment of the present invention includes the following steps:
the data user classification module 100 is configured to set multiple management user classes according to risk classes of data, where each management user corresponds to a unique security identifier, the risk classes correspond to the management user classes, and different management user classes are used to represent access permission classes for data with different risk classes.
A data obtaining request module 300, configured to obtain and respond to a data reading request to obtain a risk level of corresponding data, obtain a communicable management user list corresponding to the risk level through a preset user management program, randomly select a preset number of management users, generate a data forwarding request including the data reading request, and forward the data forwarding request to a data repository through a management user side corresponding to the selected management user, where the data forwarding request further includes a security identifier of the corresponding management user.
The repository response module 500 is configured to obtain the data forwarding requests forwarded by multiple management user terminals, obtain corresponding data content based on the data reading requests, encrypt the data content by using the multiple security identifiers as keys, and split the encrypted data content into forwarding sub-data having the same number as that of the management user.
The data obtaining response module 700 is configured to obtain the forwarding subdata forwarded after verification by the management user side, recombine the multiple forwarding subdata, decrypt the recombined data according to a key composed of multiple security identification codes, generate data content, and send the data content to the requesting user side.
In the embodiment, a database security management system is provided, which is used for protecting data security of a database, especially for protecting data content with a higher security risk level, and by setting a distributed node type data indirect reading mode authenticated by a multi-management device, potential safety hazards possibly generated by direct access of a requester to the database content can be effectively avoided, and the data content is encrypted and fragmented, so that the data security level can be further improved; specifically, data related to different contents respectively correspond to different security levels, each level corresponds to a certain number of distributed security management personnel, the management personnel are different from management personnel of a database in general, but personnel with access processing authority on the data generate a request when a requester needs to acquire server data, the request is sent to a front end (not a database) of the server, the front end selects a certain number of communicable management users, and sends data forwarding requests to each management user end respectively, at the moment, a plurality of management user ends respectively establish links with the database of the server, the database encrypts corresponding data contents and then divides the data contents into a plurality of fragments, and the fragments are forwarded to the requester through each management user end, and in the process, the fragments need of manual review of the management user ends, so that the data security can be effectively ensured, and when the requester acquires the data and a key are incomplete, the contents of the data can not be known, and the important data contents can be protected.
As shown in fig. 2, as another preferred embodiment of the present invention, the present invention further includes a management user authentication module 900, which specifically includes:
the identity display unit 901 is configured to obtain identity authentication information of a corresponding requester according to the data reading request, and display the identity authentication information through the management user side, where the identity authentication information is used to represent the access permission level of the requester on the data content and the basic identity information of the user.
The management negotiation unit 902 is configured to establish an online authentication conference chat window, set a plurality of corresponding management users as participants of an authentication conference, record the conference chat window, and generate an authentication conference record.
A request authentication unit 903, configured to generate a forwarding authentication request when the management user side obtains the forwarding subdata, and obtain feedback information of the management user, and if the forwarding subdata passes the feedback information, forward the forwarding subdata and a preset security identification code, where the security identification code is used to generate a secret key.
In this embodiment, a management user authentication module 900 is introduced, which is set by attaching to a management user side, and can determine the identity of a requester, and primarily screen whether the requester has a level authority for acquiring request data, the management negotiation unit 902 and the request authentication unit 903 function as relevant units for response determination of the request, and management users can exchange information through a conference chat window, and can also respond and feed back to a forwarding authentication request through the request authentication unit, so as to pass or reject access acquisition of data.
As another preferred embodiment of the invention, the system further comprises a data security association module;
the data security association module is used for generating a data security log through a security recording program when a data reading request is acquired, and recording security information in a data reading request response process, wherein the security information recorded by the data security log comprises the data reading request, a requester and a management user corresponding to the data reading request, and the authentication conference record.
In this embodiment, the data security association module functions as a security recording program arranged in parallel, and can record the data request and the personnel and equipment involved in the response process to generate a security log for tracing the subsequent data request acquisition and management judgment processes, thereby facilitating responsibility division of data security problems and data security problem search.
As another preferred embodiment of the present invention, the data acquisition request module 300 further includes a requester authentication unit;
and the requester authentication unit is used for generating and sending a biological authentication request when the data reading request is acquired, acquiring a biological verification feedback from a requesting user terminal, identifying and judging the identity of the requester at the requesting user terminal according to the biological verification feedback, and responding to the data reading request if the judgment result shows that the identity of the requester is consistent with that of the requesting user terminal.
In this embodiment, in the process of requesting data through the terminal device, there is a case where another person performs a request instead of a device user, and since the data content in the application scenario of the present application has a data security level and is invisible to all people, it is necessary to perform identity authentication on the sender of the request in a biometric authentication manner, so as to ensure the security of the data content.
As another preferred embodiment of the present invention, the data obtaining request module 300 further includes:
and the user list acquisition unit is used for acquiring a plurality of management user side information corresponding to the management user level and the risk level, generating and sending a communication verification data segment, acquiring a communication state of the management user side according to a feedback result of the verification data segment, and generating a management user list.
And the management communication verification unit is used for sending the biological authentication requests to the management user sides corresponding to the selected management users, and if the biological authentication requests do not pass through the management user sides, reselecting the management users and the corresponding management terminals through the management user list.
In this embodiment, the generation of the management user list and the selection verification of the management user are described here, in order to ensure that the data reading request can be responded in real time, the data of the management user needs to be larger than the data of the management user selected once, so that a response effect covered in the working time is achieved under a certain management allocation, and when the management user is selected, it needs to be determined whether the management user can perform an authentication response, so that the verification is performed by the management communication verification unit.
As shown in fig. 3, the present invention further provides a database security management method, which comprises the following steps:
s200, setting a plurality of management user grades according to the risk grade of the data, wherein each management user corresponds to a unique security identification code, the risk grade corresponds to the management user grade, and different management user grades are used for representing access rights to different risk grade data.
S400, acquiring and responding to a data reading request to acquire a risk level of corresponding data, acquiring a communicable management user list corresponding to the risk level through a preset user management program, randomly selecting a preset number of management users, generating a data forwarding request containing the data reading request, and forwarding the data forwarding request to a data repository through a management user side corresponding to the selected management user, wherein the data forwarding request comprises a security identification code of the corresponding management user.
S600, the data forwarding requests forwarded by a plurality of management user terminals are obtained, corresponding data contents are obtained based on the data reading requests, the plurality of security identification codes are used as keys to encrypt the data contents, and the encrypted data contents are divided into the forwarding subdata with the same number as that of the management user.
S800, obtaining the forwarding subdata which is forwarded after the verification of the management user side, recombining the plurality of forwarding subdata, decrypting the recombined data according to a secret key consisting of a plurality of safety identification codes, generating data content, and sending the data content to the request user side.
As another preferred embodiment of the present invention, further comprising the steps of:
and acquiring identity authentication information corresponding to the requester according to the data reading request, and displaying the identity authentication information through a management user side, wherein the identity authentication information is used for representing the access authority level of the requester on the data content and the basic identity information of the user.
Establishing an online authentication conference chat window, setting a plurality of corresponding management users as conference participants of an authentication conference, recording the conference chat window, and generating an authentication conference record.
And when the management user side acquires the forwarding subdata, generating a forwarding authentication request, acquiring feedback information of the management user, and if the feedback information passes through the forwarding authentication request, forwarding the forwarding subdata and a preset safety identification code, wherein the safety identification code is used for generating a secret key.
As another preferred embodiment of the present invention, further comprising the steps of:
when a data reading request is acquired, generating a data security log through a security recording program, and recording security information in a data reading request response process, wherein the security information recorded by the data security log comprises the data reading request, a requester and a management user corresponding to the data reading request, and the authentication conference record.
As another preferred embodiment of the present invention, the step of obtaining and responding to a data read request further includes:
and when the data reading request is acquired, generating and sending a biological authentication request, acquiring a biological verification feedback from a requesting user terminal, identifying and judging the identity of a requester at the requesting user terminal according to the biological verification feedback, and responding to the data reading request if the judgment result is that the identity of the requester is consistent with that of the requesting user terminal.
As another preferred embodiment of the present invention, the step of obtaining a communicable management user list corresponding to the risk level through a preset user management program, and randomly selecting a preset number of management users further includes:
acquiring a plurality of management user side information corresponding to the management user level and the risk level, generating and sending a communication verification data segment, acquiring a communication state with the management user side according to a feedback result of the verification data segment, and generating a management user list.
And sending biological authentication requests to the management user sides corresponding to the selected management users, and if the biological authentication requests fail to pass through the management user sides, reselecting the management users and the corresponding management terminals through the management user list.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (10)

1. A database security management system, comprising:
the data user classification module is used for setting a plurality of management user grades according to the risk grade of the data, each management user corresponds to a unique security identification code, the risk grade corresponds to the management user grade, and different management user grades are used for representing access authority grades of different risk grade data;
the data acquisition request module is used for acquiring and responding to a data reading request so as to acquire the risk level of corresponding data, acquiring a communicable management user list corresponding to the risk level through a preset user management program, randomly selecting a preset number of management users, generating a data forwarding request containing the data reading request, and forwarding the data forwarding request to a data repository through a management user side corresponding to the selected management user, wherein the data forwarding request also contains a security identification code of the corresponding management user;
the repository response module is used for acquiring the data forwarding requests forwarded by the management user terminals, acquiring corresponding data contents based on the data reading requests, encrypting the data contents by taking the security identification codes as keys, and splitting the encrypted data contents into the forwarding subdata with the same number as that of the management user;
and the data acquisition response module is used for acquiring the forwarding subdata which is forwarded after the verification of the management user side, recombining the plurality of forwarding subdata, decrypting the recombined data according to a key consisting of a plurality of safety identification codes, generating data content and sending the data content to the request user side.
2. The database security management system according to claim 1, further comprising a management user authentication module, specifically comprising:
the identity display unit is used for acquiring identity authentication information of a corresponding requester according to the data reading request and displaying the identity authentication information through the management user side, wherein the identity authentication information is used for representing the access authority level of the requester on the data content and the basic identity information of the user;
the management negotiation unit is used for establishing an online authentication conference chat window, setting a plurality of corresponding management users as conference participants of an authentication conference, recording the conference chat window and generating an authentication conference record;
and the request authentication unit is used for generating a forwarding authentication request when the management user side acquires the forwarding subdata and acquiring feedback information of the management user, and forwarding the forwarding subdata and a preset safety identification code if the feedback information passes through the feedback information, wherein the safety identification code is used for generating a secret key.
3. The database security management system according to claim 2, further comprising a data security association module;
the data security association module is used for generating a data security log through a security recording program when a data reading request is obtained, and recording security information in a data reading request response process, wherein the security information recorded by the data security log comprises the data reading request, a requester and a management user corresponding to the data reading request, and the authentication conference record.
4. The database security management system according to claim 1, wherein the data acquisition request module further comprises a requester authentication unit;
and the requester authentication unit is used for generating and sending a biological authentication request when the data reading request is acquired, acquiring a biological verification feedback from a requesting user terminal, identifying and judging the identity of the requester at the requesting user terminal according to the biological verification feedback, and responding to the data reading request if the judgment result shows that the identity of the requester is consistent with that of the requesting user terminal.
5. The database security management system according to claim 1, wherein the data acquisition request module further comprises:
a user list obtaining unit, configured to obtain information of a plurality of management user terminals corresponding to the management user level and the risk level, generate and send a communication verification data segment, obtain a communication state with the management user terminal according to a feedback result of the verification data segment, and generate a management user list;
and the management communication verification unit is used for sending the biological authentication request to the management user sides corresponding to the selected management users, and if the biological authentication request does not pass through the management user sides, reselecting the management users and the corresponding management terminals through the management user list.
6. A database security management method is characterized by comprising the following steps:
setting a plurality of management user grades according to the risk grade of the data, wherein each management user corresponds to a unique security identification code, the risk grade corresponds to the management user grade, and different management user grades are used for representing access rights to different risk grade data;
acquiring and responding to a data reading request to acquire a risk level of corresponding data, acquiring a communicable management user list corresponding to the risk level through a preset user management program, randomly selecting a preset number of management users, generating a data forwarding request containing the data reading request, and forwarding the data forwarding request to a data repository through a management user side corresponding to the selected management user, wherein the data forwarding request comprises a security identification code of the corresponding management user;
acquiring the data forwarding requests forwarded by a plurality of management user terminals, acquiring corresponding data contents based on the data reading requests, encrypting the data contents by using a plurality of security identification codes as keys, and splitting the encrypted data contents into forwarding subdata with the same number as that of the management users;
and acquiring the forwarded subdata verified by the management user side, recombining the plurality of the forwarded subdata, decrypting the recombined data according to a key consisting of a plurality of the safety identification codes to generate data content, and sending the data content to the request user side.
7. The database security management method according to claim 6, further comprising the steps of:
acquiring identity authentication information corresponding to a requester according to a data reading request, and displaying the identity authentication information through a management user side, wherein the identity authentication information is used for representing the access authority level of the requester on data content and user basic identity information;
establishing an online authentication conference chat window, setting a plurality of corresponding management users as conference participants of an authentication conference, recording the conference chat window, and generating an authentication conference record;
and when the management user side acquires the forwarding subdata, generating a forwarding authentication request, acquiring feedback information of the management user, and if the feedback information passes through the forwarding authentication request, forwarding the forwarding subdata and a preset safety identification code, wherein the safety identification code is used for generating a secret key.
8. The database security management method according to claim 7, further comprising the steps of:
when a data reading request is acquired, generating a data security log through a security recording program, and recording security information in a data reading request response process, wherein the security information recorded by the data security log comprises the data reading request, a requester and a management user corresponding to the data reading request, and the authentication conference record.
9. The database security management method of claim 6, wherein the step of obtaining and responding to the data reading request further comprises:
and when the data reading request is acquired, generating and sending a biological authentication request, acquiring a biological verification feedback from a requesting user terminal, identifying and judging the identity of a requester at the requesting user terminal according to the biological verification feedback, and responding to the data reading request if the judgment result is that the identity of the requester is consistent with that of the requesting user terminal.
10. The database security management method of claim 6, wherein the step of obtaining a communicable management user list corresponding to the risk level through a preset user management program and randomly selecting a preset number of management users further comprises:
acquiring a plurality of management user side information corresponding to the management user level and the risk level, generating and sending a communication verification data segment, acquiring a communication state with the management user side according to a feedback result of the verification data segment, and generating a management user list;
and sending biological authentication requests to the management user sides corresponding to the selected management users, and if the biological authentication requests fail to pass through the management user sides, reselecting the management users and the corresponding management terminals through the management user list.
CN202211471329.7A 2022-11-23 2022-11-23 Database security management method and system Active CN115514585B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211471329.7A CN115514585B (en) 2022-11-23 2022-11-23 Database security management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211471329.7A CN115514585B (en) 2022-11-23 2022-11-23 Database security management method and system

Publications (2)

Publication Number Publication Date
CN115514585A CN115514585A (en) 2022-12-23
CN115514585B true CN115514585B (en) 2023-03-24

Family

ID=84513746

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211471329.7A Active CN115514585B (en) 2022-11-23 2022-11-23 Database security management method and system

Country Status (1)

Country Link
CN (1) CN115514585B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115935440B (en) * 2023-03-10 2023-05-09 北京阿玛西换热设备制造有限公司 Database security management method and system
CN117332453B (en) * 2023-11-30 2024-02-23 山东街景智能制造科技股份有限公司 Safety management system for product database

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7161465B2 (en) * 2003-04-08 2007-01-09 Richard Glee Wood Enhancing security for facilities and authorizing providers
CN101425903A (en) * 2008-07-16 2009-05-06 冯振周 Trusted network architecture based on identity
CN101515931B (en) * 2009-03-24 2012-09-19 北京理工大学 Method for enhancing the database security based on agent way
CN102724175B (en) * 2011-08-26 2015-09-09 北京天地互连信息技术有限公司 The telecommunication safety management framework of ubiquitous green community net control and method
CN103441986B (en) * 2013-07-29 2017-05-17 中国航天科工集团第二研究院七〇六所 Data resource security control method in thin client mode
CN109525570B (en) * 2018-11-06 2021-01-12 东南大学 Group client-oriented data layered security access control method

Also Published As

Publication number Publication date
CN115514585A (en) 2022-12-23

Similar Documents

Publication Publication Date Title
CN115514585B (en) Database security management method and system
CN109361669B (en) Identity authentication method, device and equipment of communication equipment
CN113067699B (en) Data sharing method and device based on quantum key and computer equipment
KR101809974B1 (en) A system for security certification generating authentication key combinating multi-user element and a method thereof
KR20200028880A (en) Multiple security authentication system and method between blockchain-based mobile terminals and IoT devices
US20190005258A1 (en) A method for encrypting data and a method for decrypting data
CN115118419B (en) Data transmission method of security chip, security chip device, equipment and medium
CN114092039A (en) Configurable process approval method and system based on block chain
CN113761488A (en) Content network copyright tracing encryption system and encryption method
CN110011959B (en) Data storage method, data query method and system
CN114172747A (en) Method and system for group members to obtain authentication certificate based on digital certificate
CN107888548A (en) A kind of Information Authentication method and device
CN111510288B (en) Key management method, electronic device and storage medium
KR101809976B1 (en) A method for security certification generating authentication key combinating multi-user element
CN110807210A (en) Information processing method, platform, system and computer storage medium
CN115208666A (en) Safety data security encryption method and system
CN115862895A (en) Online chronic disease inquiry management method and device based on Internet cloud platform
CN105376242A (en) Cloud terminal data access authentication method, cloud terminal data access authentication system and cloud terminal management system
CN115134150A (en) Block chain-based data acquisition method and system, storage medium and electronic device
CN114500104A (en) Data desensitization method, system, computer device and storage medium
CN110086627B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp
CN114124515A (en) Bidding transmission method, key management method, user verification method and corresponding device
CN111600721A (en) Asset management system, method and device based on multi-user voting mechanism
US6493823B1 (en) Instrument for making secure data exchanges
CN111541708A (en) Identity authentication method based on power distribution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant