CN116467745A - Data query method, device, equipment and storage medium - Google Patents
Data query method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN116467745A CN116467745A CN202310420833.2A CN202310420833A CN116467745A CN 116467745 A CN116467745 A CN 116467745A CN 202310420833 A CN202310420833 A CN 202310420833A CN 116467745 A CN116467745 A CN 116467745A
- Authority
- CN
- China
- Prior art keywords
- time period
- data
- source terminal
- target
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 230000006399 behavior Effects 0.000 claims description 39
- 238000004590 computer program Methods 0.000 claims description 14
- 238000012544 monitoring process Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010191 image analysis Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Social Psychology (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a data query method, a device, equipment and a computer readable storage medium, wherein the method comprises the steps of obtaining behavior data sent by a source terminal and a data query request of a first target time period; determining the data access authority of the source terminal according to the behavior data; determining a second target time period according to the data access authority; under the condition that the first target time period and the second target time period meet preset conditions, acquiring data generated and/or stored by the target terminal in the first target time period; the data generated by the target terminal in the first target time period is sent to the source terminal, and the data generated and/or stored by the target terminal which can be accessed by the source terminal in the target time period is determined according to the behavior data by acquiring the behavior data of the source terminal, so that the safety of the source terminal when the data of the target terminal are accessed is improved, and the risk of data leakage is reduced.
Description
Technical Field
The present disclosure relates to the field of data security technologies, and in particular, to a data query method, apparatus, device, and computer readable storage medium.
Background
In network platform management, there are typically different levels of users and administrators. In order to ensure the information and data security of the platform, a common method is to set different authorities for users of different grades. For example, in a financial information management platform, a tenant is generally set, a user can be created under the tenant, a device can be created under the user, and the tenant, the user, and the device all store corresponding financial information, such as flow information. The tenant only manages all users subordinate to the tenant, and can view the data and information of the user, and the user only can view the information and data of the equipment managed by the tenant.
In the above topological structure, although information leakage among different tenants, users and devices can be avoided, and some information leakage risks are reduced, in a network system, the access authority of the terminal is determined only through the identity information corresponding to the access request of the terminal, and the risk of data leakage is still quite high under the condition that the information of the terminal is stolen by other people to log in successfully and inquire data.
Disclosure of Invention
The main objective of the present application is to provide a data query method, apparatus, device and computer readable storage medium, which aim to improve security of data access and reduce risk of data leakage.
In a first aspect, the present application provides a data query method, including the steps of: acquiring behavior data sent by a source terminal and a data query request of a first target time period;
determining the data access authority of the source terminal according to the behavior data;
determining a second target time period according to the data access authority;
acquiring data generated and/or stored by a target terminal in the first target time period under the condition that the first target time period and the second target time period meet preset conditions;
and sending the data generated by the target terminal in the first target time period to the source terminal.
In a second aspect, the present application further provides a data query device, where the data query device includes:
the request acquisition module is used for acquiring behavior data sent by the source terminal and a data query request of a first target time period;
the permission determining module is used for determining the data access permission of the source terminal according to the behavior data;
the time period determining module is used for determining a second target time period according to the data access authority;
the data acquisition module is used for acquiring data generated and/or stored by the target terminal in the first target time period under the condition that the first target time period and the second target time period meet preset conditions;
And the data sending module is used for sending the data generated by the target terminal in the first target time period to the source terminal.
In a third aspect, the present application also provides a computer device comprising a processor, a memory, and a computer program stored on the memory and executable by the processor, wherein the computer program when executed by the processor implements the steps of the data querying method as described above.
In a fourth aspect, the present application also provides a computer readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of a data query method as described above.
The application provides a data query method, a device, equipment and a computer readable storage medium, wherein the method comprises the steps of obtaining behavior data sent by a source terminal and a data query request of a first target time period; determining the data access authority of the source terminal according to the behavior data; determining a second target time period according to the data access authority; acquiring data generated and/or stored by a target terminal in the first target time period under the condition that the first target time period and the second target time period meet preset conditions; the data generated by the target terminal in the first target time period is sent to the source terminal, and the method and the device for generating and/or storing the data in the target time period by acquiring the behavior data of the source terminal and determining the target terminal which can be accessed by the source terminal according to the behavior data, so that the safety of the source terminal when accessing the data of the target terminal is improved, and the risk of data leakage is reduced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a data query method provided in an embodiment of the present application;
fig. 2 is a schematic view of a scenario of a data query method according to an embodiment of the present application;
FIG. 3 is a schematic block diagram of a data query device according to an embodiment of the present application;
fig. 4 is a schematic block diagram of a computer device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The flow diagrams depicted in the figures are merely illustrative and not necessarily all of the elements and operations/steps are included or performed in the order described. For example, some operations/steps may be further divided, combined, or partially combined, so that the order of actual execution may be changed according to actual situations.
The embodiment of the application provides a data query method, a data query device, computer equipment and a computer readable storage medium. The data query method can be applied to terminal equipment, and the terminal equipment can be electronic equipment such as a tablet computer, a notebook computer, a desktop computer and the like. The cloud server can be applied to a server, and can be a single server or a cloud server for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDNs), basic cloud computing services such as big data and artificial intelligence platforms and the like.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.
Referring to fig. 1, fig. 1 is a flow chart of a data query method according to an embodiment of the present application.
As shown in fig. 1, the data query method includes steps S101 to S105.
Step S101, behavior data sent by a source terminal and a data query request of a first target time period are obtained.
For example, when the source terminal needs to perform data query, the behavior data may be sent to request for data query, and in this application, if the source terminal does not send the behavior data, the data query request of the source terminal may be rejected.
By way of example, the behavior data includes, but is not limited to, login information of the source terminal, physical address of the source terminal, and access traffic, it being understood that the access right of the source terminal may be determined by the behavior data of the source terminal.
The data query request of the first target time period is used for indicating that the target terminal which needs to be queried by the source terminal generates and/or stores data in the first target time period so as to achieve the purpose of data query.
And step S102, determining the data access authority of the source terminal according to the behavior data.
The data access authority of the source terminal can be determined according to the behavior data of the source terminal, so that the source terminal is forbidden to query the data when the source terminal information is stolen and other people want to query the data after logging in, and data leakage is avoided.
In some embodiments, the behavior data includes login information of the source terminal; the determining the data access authority of the source terminal according to the behavior data comprises the following steps: determining whether preset login information which is the same as the login information of the source terminal exists in a preset login information base; if the preset login information exists, determining that the data access authority of the source terminal is the first-level authority.
Alternatively, the login information of the source terminal may be a login IP, where the login IP may be used to indicate a current login location of the source terminal, for example, a location of a city where the source terminal is located, so as to determine whether the source terminal is logged in a common login location according to the login IP.
It can be understood that the login IP sent by the source terminal may be compared with the IP information in the preset login information base, for example, the login information base is traversed to obtain all the IP information in the login information base, and whether the preset IP information identical to the login IP sent by the source terminal exists in the login information base is determined.
For example, if the login information base has preset IP information identical to the login IP sent by the source terminal, it may be determined that the data access authority of the source terminal is a first level authority, where the first level authority is used to indicate that the source terminal may access data generated and/or stored by the target terminal in all time periods.
In some embodiments, if the login information of the source terminal is different from the preset login information in the preset login information base, determining that the data access permission of the source terminal is the second level permission.
The login information base is traversed, if the preset IP information identical to the login IP sent by the source terminal cannot be queried in the login information base, it can be determined that the current login IP of the source terminal is not trusted, and the data access authority of the source terminal is determined to be a second level authority, wherein the second level authority is used for indicating that the source terminal can only access data generated and/or stored by the target terminal in a preset time period.
In some embodiments, the behavior data includes a physical address of the source terminal; the determining the data access authority of the source terminal according to the behavior data comprises the following steps: determining whether a preset address identical to the physical address of the source terminal exists in a preset physical address library; if the preset address exists, determining that the data access authority of the source terminal is the first-level authority.
Alternatively, the physical address of the source terminal may be the MAC (Media Access Control Address) address of the source terminal.
It will be appreciated that the physical address sent by the source terminal may be compared with addresses in a predetermined physical address library, for example, by traversing the physical address library to obtain all addresses in the physical address library, and determining whether there is the same address as the physical address sent by the source terminal.
For example, if the physical address stock is at the same address as the physical address sent by the source terminal, the data access right of the source terminal may be determined to be the first level right.
In some embodiments, if the physical address of the source terminal is different from the preset address in the preset physical address library, determining that the data access right of the source terminal is the second level right.
By way of example, the physical address library is traversed, and if the same preset address as the physical address of the source terminal cannot be queried in the physical address library, it may be determined that the current physical address of the source terminal is not trusted, and the data access right of the source terminal is determined to be the second level right.
In some embodiments, the behavior data includes login information of the source terminal and a physical address of the source terminal.
It can be understood that if the behavior data includes the login information of the source terminal and the physical address of the source terminal, it can be determined whether the preset login information base has the same information as the login information of the source terminal and whether the preset physical address base has the same preset address as the physical address of the source terminal, so as to determine the data access authority of the source terminal. For example, when the login information base has the same information as the login information of the source terminal and the physical address base has the same preset address as the physical address of the source terminal, determining that the data access authority of the source terminal is the first-level authority; for another example, when the login information base cannot inquire the same information as the login information of the source terminal or the physical address base cannot inquire the same preset address as the physical address of the source terminal, the data access authority of the source terminal is determined to be the second-level authority.
The data access authority of the source terminal is determined through the login information and/or the physical address of the source terminal, so that the security of data query of the source terminal to the target terminal is improved.
Step S103, determining a second target time period according to the data access authority.
For example, after determining the data access authority of the source terminal, it may be determined in which time period the target terminal can query to generate and/or store data according to the data access authority, so as to implement query on the data of the target terminal.
In some embodiments, the determining the second target period according to the data access rights includes: determining that the second target time period is at least one of a current time period, a first historical time period and a second historical time period under the condition that the data access authority of the source terminal is a first level authority; determining that the second target time period is a current time period and a second historical time period under the condition that the data access authority of the source terminal is a second level authority; determining that the second target time period is a second historical time period under the condition that the data access authority of the source terminal is a third level authority; determining the second target time period as the current time period under the condition that the data access authority of the source terminal is the fourth-level authority; under the condition that the data access authority of the source terminal is the fifth level authority, prohibiting the source terminal from inquiring the data generated and/or stored by the target terminal; the current time period is used for indicating a time period corresponding to the current time to the first time; the first historical time period is used for indicating a time period corresponding to the second time to the third time; the second historical time period is used for indicating a time period corresponding to the fourth time to the fifth time; the first time is earlier than or equal to the second time, the second time is earlier than the third time, the third time is earlier than or equal to the fourth time, and the fourth time is earlier than the fifth time.
For example, the data corresponding to the current time period is only a certain time point or a short time period, so that the data confidentiality degree is weak; the data corresponding to the first historical time period can reflect the most direct data of the target terminal facility trend, so that the confidentiality degree of the data is highest among the three data; the data corresponding to the second historical time period is relatively long in time for data generation, so that the confidentiality degree of the data can be considered to be weakest among the three data, for example, the data on the target terminal is the data corresponding to the transaction system, and in recent time, namely the data corresponding to the first historical time period, the running data of the electronic payment of a company or a person stored on the target terminal in recent time can be reflected, and the fund condition in recent time of the company or the person can be reflected, so that the confidentiality degree of the data is highest; the data corresponding to the current time period can only inquire a plurality of pieces of stream data, and the fund condition in the recent period of a company or a person can not be analyzed; meanwhile, the data corresponding to the second historical time period is too long, so that the reference property is not large, and the lowest confidentiality degree can be determined; and determining the data access authority of the source terminal through the rule of the data confidentiality degree and the behavior data of the source terminal, so as to allow the source terminal to inquire the data in the time period corresponding to the data access authority.
The time period and/or the time can be preset, for example, the current time period is set as a time period corresponding to the time before the current time to 24 hours; the first historical time is a time period corresponding to a time before 24 hours to a time before 3 months; the second historical time is a time period corresponding to the time before 3 months to the time of generating and/or storing data for the first time; it will be appreciated that the granularity of the above time periods and/or moments may be adjusted from case to case, for example, according to the characteristics of the service data, which is not limited in this application.
In a specific implementation process, 5 levels of permissions may be set, where the second target time period corresponding to the first level of permissions is at least one of the current time period, the first historical time period, and the second historical time period, that is, the second target time period corresponding to the first level of permissions can query data generated and/or stored at any time or time period from the current time to the time when the data is generated and/or stored for the first time, that is, can query all data generated and/or stored by the target terminal.
The second target time period corresponding to the second level authority is a current time period and a second historical time period, that is, if the source terminal is the second level authority, the data generated and/or stored by the target terminal in the current time period and/or in a relatively long time period can be queried.
The second target time period corresponding to the third level authority is a second historical time period, that is, the source terminal can only inquire the data generated and/or stored in the time period of which the target terminal is longer.
The second target time period corresponding to the fourth level authority is the current time period, that is, the source terminal can only inquire the data generated and/or stored in the last period of time of the target terminal, for example, the data generated and/or stored in 24 hours by the target terminal.
And the second target time period corresponding to the fifth level permission is zero, namely, if the source terminal is the fifth level permission, the data of the target terminal cannot be queried.
It can be understood that through the above data confidentiality analysis and the corresponding data access authority setting, the data generated and/or stored by the target terminal can be divided, and the data generated and/or stored by the target terminal which can be queried by the source terminal in the second target time period can be determined according to the data access authority, so that the security of the data generated and/or stored by the target terminal is improved.
Step S104, when the first target time period and the second target time period meet a preset condition, acquiring data generated and/or stored in the first target time period by the target terminal.
The method includes the steps of determining whether the first target time period and the second target time period meet a preset condition after determining the second target time period according to the data access authority of the source terminal, and acquiring data generated and/or stored by the target terminal in the first target time period under the condition that the first target time period and the second target time period meet the preset condition.
In some embodiments, the preset conditions include: the start time of the first target period is equal to or later than the start time of the second target period, and the end time of the first target period is equal to or earlier than the end time of the second target period.
It can be appreciated that, when the first target time period falls within the range of the second target time period, it is determined that the first target time period and the second target time period meet the preset condition.
For example, if the first target period is 4 months to 6 months, and the second target period is 3 months to 12 months, it is determined that the first target period and the second target period meet the preset condition.
For another example, the first target time period is 1 month ago to 2 months ago, and the second target time period is 3 months ago to 12 months ago, it is determined that the first target time period and the second target time period do not meet the preset condition.
In other embodiments, if there is a time period in which the first target time period coincides with the second target time period, the time period of the overlapping portion is determined as the first target time period, that is, data generated and/or stored by the target terminal in the overlapping time period is acquired.
For example, the first target period is 1 month before to 6 months, the second target period is 4 months before to 12 months before, and the overlapping portion is present 4 months before to 6 months before, then the overlapping portion may be regarded as the first target period, that is, the updated first target period is 4 months before to 6 months before, and thus, the data generated and/or stored by the target terminal in the first target period is acquired, and the data generated and/or stored by the target terminal before 4 months before to 6 months is acquired.
It can be understood that, in the case that the data access right of the source terminal is one of the first level right to the fourth level right, and the first target time period and the second target time period conform to the preset condition, the source terminal can only query the corresponding data in the target terminal.
The directivity and the safety of the data query can be improved through the determined first target time period and the determined second target time period.
Step S105, transmitting data generated by the target terminal in the first target period to the source terminal.
The data generated and/or stored by the target terminal in the first target time period is obtained, and then the data generated by the target terminal in the first target time period is sent to the source terminal, so that the data query of the source terminal to the target terminal is realized.
As shown in fig. 2, fig. 2 is a schematic diagram of a data query provided in an embodiment of the present application, where a target terminal may directly obtain behavior data sent by a source terminal and a data query request in a first target period, and execute the steps S101 to S105, and after determining rights and data to be sent, send data generated and/or stored in the first target period to the source terminal, so as to implement data query of the source terminal. In other embodiments, the server may obtain the behavior data of the source terminal and the data query request of the first target period, and execute the steps S101 to S105 on the server, and after determining the permission and the data to be sent, the server obtains the data generated and/or stored by the target terminal in the first target period from the target terminal, and sends the data generated and/or stored by the target terminal in the first target period to the source terminal, so as to implement the data query of the source terminal.
In some embodiments, the method further comprises: monitoring the access flow of the source terminal; and under the condition that the data access authority of the source terminal is the Nth level authority, if the access flow of the source terminal is larger than the flow threshold corresponding to the Nth level authority, the data access authority of the source terminal is adjusted to be the (n+1) th level authority, and N is a positive integer larger than zero.
In an exemplary case, when the data access right of the source terminal is determined to be the nth level right, the source terminal may query the target data of the target terminal, and at the same time, monitor the access flow of the source terminal, it may be understood that, in a process that the server obtains the target data of the target terminal and sends the target data to the source terminal, a corresponding flow may be generated, and in a similar manner, in a process that the target terminal directly sends the target data to the source terminal, a corresponding flow may also be generated, and monitor the flows, thereby implementing monitoring of the access flow of the source terminal.
For example, if the access flow of the source terminal is greater than the flow threshold corresponding to the nth level permission, the data access permission of the source terminal needs to be adjusted, and optionally, the data access permission of the source terminal is adjusted to the n+1th level permission, where N is a positive integer greater than zero. In a specific implementation process, the data access rights mentioned in the foregoing embodiments may be combined, and optionally, N is a positive integer greater than 0 and less than or equal to 5.
For example, when the data access authority of the source terminal is determined to be the first level authority, and when the access flow of the source terminal is greater than the flow threshold corresponding to the first level authority, the data access authority of the source terminal is adjusted to be the second level authority, so that the data access authority of the source terminal is adjusted according to the access flow.
In some embodiments, the flow threshold corresponding to the n+1st level of authority is less than the flow threshold corresponding to the N level of authority.
By way of example, after the data access authority is adjusted, the flow threshold is also adjusted, so that the access flow of the source terminal is reduced, and after the access flow of the source terminal is reduced, the speed of uploading and downloading the data of the source terminal can be limited. For many business scenarios, when the downloaded data does not meet the requirements, the downstream tasks will be adjusted accordingly. For example, the task of the source terminal is a corresponding downstream image analysis application, and when the frame rate is reduced, the downstream adjusts the data acquisition speed to be 1/2 of the original data acquisition speed, so that the data acquisition speed does not reach the maximum value. For another example, the data uploading service, the normal data uploading speed can meet 1-path concurrency under the fifth level authority, and when malicious uploading exists, the malicious data uploading behavior can be limited by the method.
Optionally, the flow threshold corresponding to the n+1th level authority is 80% of the flow threshold corresponding to the N level authority.
In some embodiments, the operation instruction of the source terminal may be acquired, if the operation instruction of the source terminal is not acquired within the preset period of time, the connection with the source terminal is disconnected, and after the disconnection and when the source terminal sends the operation instruction again, steps S101 to S105 need to be performed again.
For example, if the source terminal does not perform any operation within a preset period of time, for example, 10 minutes, the source terminal may be disconnected, for example, the user logs out of the system on the source terminal, and when the user wants to query the data again, the data access authority of the source terminal needs to be determined again, so that the security of data query is improved.
According to the data query method provided by the embodiment, the behavior data sent by the source terminal and the data query request of the first target time period are obtained; determining the data access authority of the source terminal according to the behavior data; determining a second target time period according to the data access authority; acquiring data generated and/or stored by a target terminal in the first target time period under the condition that the first target time period and the second target time period meet preset conditions; and sending the data generated by the target terminal in the first target time period to the source terminal. The data access authority is determined by utilizing the behavior data of the source terminal, so that the data of the target terminal which can be queried by the source terminal can be determined according to the first target time period and the data access authority, and the security of data query is improved.
Referring to fig. 3, fig. 3 is a schematic diagram of a data query device according to an embodiment of the present application, where the data query device may be configured in a server or a terminal, for executing the foregoing data query method.
As shown in fig. 3, the data query device includes: a request acquisition module 110, a rights determination module 120, a time period determination module 130, a data acquisition module 140, a data transmission module 150.
The request acquisition module 110 is configured to acquire behavior data sent by the source terminal and a data query request of a first target time period.
And the permission determining module 120 is used for determining the data access permission of the source terminal according to the behavior data.
The time period determining module 130 is configured to determine a second target time period according to the data access right.
The data obtaining module 140 is configured to obtain, when the first target time period and the second target time period meet preset conditions, data generated and/or stored by the target terminal in the first target time period.
And a data sending module 150, configured to send data generated by the target terminal in the first target period to the source terminal.
Illustratively, the rights determination module 120 includes a login information determination sub-module and/or a physical address determination sub-module.
And the login information determining sub-module is used for determining whether preset login information which is the same as the login information of the source terminal exists in a preset login information base.
And the physical address determination submodule is used for determining whether a preset address which is the same as the physical address of the source terminal exists in a preset physical address library.
The permission determining module 120 is further configured to determine that the data access permission of the source terminal is a first level permission if the preset login information exists; and/or if the preset address exists, determining that the data access authority of the source terminal is the first-level authority.
The permission determining module 120 is further configured to determine that the data access permission of the source terminal is a second level permission if the login information of the source terminal is different from the preset login information in the preset login information base; and/or if the physical address of the source terminal is different from the preset address in the preset physical address library, determining that the data access authority of the source terminal is the second-level authority.
The data query device further comprises a flow monitoring module and a permission adjusting module.
The flow monitoring module is used for monitoring the access flow of the source terminal;
And the permission adjustment module is used for adjusting the data access permission of the source terminal to be the n+1th level permission if the access flow of the source terminal is greater than the flow threshold corresponding to the N level permission under the condition that the data access permission of the source terminal is the N level permission, wherein N is a positive integer greater than zero.
Illustratively, the data querying device further includes a flow threshold adjustment module;
and the flow threshold adjustment module is used for adjusting the flow threshold corresponding to the Nth level to the flow threshold corresponding to the Nth+1 level when the data access permission is adjusted from the Nth level to the Nth+1 level, wherein the flow threshold corresponding to the Nth+1 level permission is smaller than the flow threshold corresponding to the Nth level permission.
The data query device further comprises a preset condition determining module;
the preset condition determining module is used for determining that the starting time of the first target time period is equal to or later than the starting time of the second target time period and the ending time of the first target time period is equal to or earlier than the ending time of the second target time period, and the first target time period and the second target time period meet preset conditions.
The time period determining module 130 is further configured to determine that the second target time period is at least one of a current time period, a first historical time period, and a second historical time period when the data access right of the source terminal is a first level right;
Determining that the second target time period is a current time period and a second historical time period under the condition that the data access authority of the source terminal is a second level authority;
determining that the second target time period is a second historical time period under the condition that the data access authority of the source terminal is a third level authority;
determining the second target time period as the current time period under the condition that the data access authority of the source terminal is the fourth-level authority;
under the condition that the data access authority of the source terminal is the fifth level authority, prohibiting the source terminal from inquiring the data generated and/or stored by the target terminal;
the current time period is used for indicating a time period corresponding to the current time to the first time; the first historical time period is used for indicating a time period corresponding to the second time to the third time; the second historical time period is used for indicating a time period corresponding to the fourth time to the fifth time; the first time is earlier than or equal to the second time, the second time is earlier than the third time, the third time is earlier than or equal to the fourth time, and the fourth time is earlier than the fifth time.
Referring to fig. 4, fig. 4 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device may be a server or a terminal.
As shown in fig. 4, the computer device includes a processor, a memory, and a network interface connected by a system bus, wherein the memory may include a storage medium and an internal memory.
The storage medium may store an operating system and a computer program. The computer program comprises program instructions that, when executed, cause a processor to perform any of a number of data query methods.
The processor is used to provide computing and control capabilities to support the operation of the entire computer device.
The internal memory provides an environment for the execution of a computer program in a storage medium that, when executed by a processor, causes the processor to perform any of a number of data query methods.
The network interface is used for network communication such as transmitting assigned tasks and the like. Those skilled in the art will appreciate that the structures shown in FIG. 4 are block diagrams only and do not constitute a limitation of the computer device on which the present aspects apply, and that a particular computer device may include more or less components than those shown, or may combine some of the components, or have a different arrangement of components.
It should be appreciated that the processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Wherein in one embodiment the processor is configured to run a computer program stored in the memory to implement the steps of:
acquiring behavior data sent by a source terminal and a data query request of a first target time period;
determining the data access authority of the source terminal according to the behavior data;
determining a second target time period according to the data access authority;
acquiring data generated and/or stored by a target terminal in the first target time period under the condition that the first target time period and the second target time period meet preset conditions;
And sending the data generated by the target terminal in the first target time period to the source terminal.
In one embodiment, the processor, when implementing determining the data access rights of the source terminal from the behavior data, is configured to implement:
determining whether preset login information which is the same as the login information of the source terminal exists in a preset login information base;
if the preset login information exists, determining that the data access authority of the source terminal is a first-level authority; and/or
Determining whether a preset address identical to the physical address of the source terminal exists in a preset physical address library;
if the preset address exists, determining that the data access authority of the source terminal is the first-level authority.
In one embodiment, the processor, when implementing the data query method, is further configured to implement:
if the login information of the source terminal is different from the preset login information in the preset login information base, determining that the data access authority of the source terminal is a second-level authority; and/or
If the physical address of the source terminal is different from the preset address in the preset physical address library, determining that the data access authority of the source terminal is the second-level authority.
In one embodiment, the processor, when implementing the data query method, is further configured to implement:
monitoring the access flow of the source terminal;
and under the condition that the data access authority of the source terminal is the Nth level authority, if the access flow of the source terminal is larger than the flow threshold corresponding to the Nth level authority, the data access authority of the source terminal is adjusted to be the (n+1) th level authority, and N is a positive integer larger than zero.
In one embodiment, the processor, when implementing the data query method, is further configured to implement:
the flow threshold corresponding to the (N+1) -th level authority is smaller than the flow threshold corresponding to the (N) -th level authority.
In one embodiment, the processor, when implementing the preset condition determination, is configured to implement:
and if the starting time of the first target time period is equal to or later than the starting time of the second target time period and the ending time of the first target time period is equal to or earlier than the ending time of the second target time period, determining that the first target time period and the second target time period meet the preset condition.
In one embodiment, the processor, when implementing the determination of the second target time period according to the data access rights, is configured to implement:
Determining that the second target time period is at least one of a current time period, a first historical time period and a second historical time period under the condition that the data access authority of the source terminal is a first level authority;
determining that the second target time period is a current time period and a second historical time period under the condition that the data access authority of the source terminal is a second level authority;
determining that the second target time period is a second historical time period under the condition that the data access authority of the source terminal is a third level authority;
determining the second target time period as the current time period under the condition that the data access authority of the source terminal is the fourth-level authority;
under the condition that the data access authority of the source terminal is the fifth level authority, prohibiting the source terminal from inquiring the data generated and/or stored by the target terminal;
the current time period is used for indicating a time period corresponding to the current time to the first time; the first historical time period is used for indicating a time period corresponding to the second time to the third time; the second historical time period is used for indicating a time period corresponding to the fourth time to the fifth time; the first time is earlier than or equal to the second time, the second time is earlier than the third time, the third time is earlier than or equal to the fourth time, and the fourth time is earlier than the fifth time.
It should be noted that, for convenience and brevity of description, the specific working process of the data query described above may refer to the corresponding process in the foregoing embodiment of the data query control method, which is not described herein again.
Embodiments of the present application also provide a computer readable storage medium, where a computer program is stored, where the computer program includes program instructions, and a method implemented when the program instructions are executed may refer to various embodiments of the data query method of the present application.
The computer readable storage medium may be an internal storage unit of the computer device according to the foregoing embodiment, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, which are provided on the computer device.
It is to be understood that the terminology used in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments. While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of querying data, comprising:
acquiring behavior data sent by a source terminal and a data query request of a first target time period;
determining the data access authority of the source terminal according to the behavior data;
determining a second target time period according to the data access authority;
acquiring data generated and/or stored by a target terminal in the first target time period under the condition that the first target time period and the second target time period meet preset conditions;
and sending the data generated by the target terminal in the first target time period to the source terminal.
2. The data query method of claim 1, wherein the behavior data comprises login information of the source terminal and/or a physical address of the source terminal; the determining the data access authority of the source terminal according to the behavior data comprises the following steps:
determining whether preset login information which is the same as the login information of the source terminal exists in a preset login information base;
if the preset login information exists, determining that the data access authority of the source terminal is a first-level authority; and/or
Determining whether a preset address identical to the physical address of the source terminal exists in a preset physical address library;
If the preset address exists, determining that the data access authority of the source terminal is the first-level authority.
3. The data query method of claim 2, wherein the method further comprises:
if the login information of the source terminal is different from the preset login information in the preset login information base, determining that the data access authority of the source terminal is a second-level authority; and/or
If the physical address of the source terminal is different from the preset address in the preset physical address library, determining that the data access authority of the source terminal is the second-level authority.
4. A data query method as claimed in any one of claims 1 to 3, wherein the method further comprises:
monitoring the access flow of the source terminal;
and under the condition that the data access authority of the source terminal is the Nth level authority, if the access flow of the source terminal is larger than the flow threshold corresponding to the Nth level authority, the data access authority of the source terminal is adjusted to be the (n+1) th level authority, and N is a positive integer larger than zero.
5. The data query method of claim 4, wherein the method further comprises:
The flow threshold corresponding to the (N+1) -th level authority is smaller than the flow threshold corresponding to the (N) -th level authority.
6. The data query method according to any one of claims 1 to 3, wherein the preset condition includes:
the start time of the first target period is equal to or later than the start time of the second target period, and the end time of the first target period is equal to or earlier than the end time of the second target period.
7. A data querying method as claimed in any one of claims 1 to 3, wherein said determining a second target time period based on said data access rights comprises:
determining that the second target time period is at least one of a current time period, a first historical time period and a second historical time period under the condition that the data access authority of the source terminal is a first level authority;
determining that the second target time period is a current time period and a second historical time period under the condition that the data access authority of the source terminal is a second level authority;
determining that the second target time period is a second historical time period under the condition that the data access authority of the source terminal is a third level authority;
Determining the second target time period as the current time period under the condition that the data access authority of the source terminal is the fourth-level authority;
under the condition that the data access authority of the source terminal is the fifth level authority, prohibiting the source terminal from inquiring the data generated and/or stored by the target terminal;
the current time period is used for indicating a time period corresponding to the current time to the first time; the first historical time period is used for indicating a time period corresponding to the second time to the third time; the second historical time period is used for indicating a time period corresponding to the fourth time to the fifth time; the first time is earlier than or equal to the second time, the second time is earlier than the third time, the third time is earlier than or equal to the fourth time, and the fourth time is earlier than the fifth time.
8. A data query device, the data query device comprising:
the request acquisition module is used for acquiring behavior data sent by the source terminal and a data query request of a first target time period;
the permission determining module is used for determining the data access permission of the source terminal according to the behavior data;
The time period determining module is used for determining a second target time period according to the data access authority;
the data acquisition module is used for acquiring data generated and/or stored by the target terminal in the first target time period under the condition that the first target time period and the second target time period meet preset conditions;
and the data sending module is used for sending the data generated by the target terminal in the first target time period to the source terminal.
9. A computer device comprising a processor, a memory, and a computer program stored on the memory and executable by the processor, wherein the computer program when executed by the processor implements the steps of the data querying method according to any of claims 1 to 7.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program, wherein the computer program, when executed by a processor, implements the steps of the data query method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310420833.2A CN116467745A (en) | 2023-04-14 | 2023-04-14 | Data query method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310420833.2A CN116467745A (en) | 2023-04-14 | 2023-04-14 | Data query method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116467745A true CN116467745A (en) | 2023-07-21 |
Family
ID=87183879
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310420833.2A Pending CN116467745A (en) | 2023-04-14 | 2023-04-14 | Data query method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116467745A (en) |
-
2023
- 2023-04-14 CN CN202310420833.2A patent/CN116467745A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9769266B2 (en) | Controlling access to resources on a network | |
| US9148435B2 (en) | Establishment of a trust index to enable connections from unknown devices | |
| US9313604B1 (en) | Network service request throttling system | |
| US9787655B2 (en) | Controlling access to resources on a network | |
| US9647993B2 (en) | Multi-repository key storage and selection | |
| US10986095B2 (en) | Systems and methods for controlling network access | |
| CN109286620B (en) | User right management method, system, device and computer readable storage medium | |
| US20180218133A1 (en) | Electronic document access validation | |
| US9225682B2 (en) | System and method for a facet security framework | |
| CN116467745A (en) | Data query method, device, equipment and storage medium | |
| US20220255970A1 (en) | Deploying And Maintaining A Trust Store To Dynamically Manage Web Browser Extensions On End User Computing Devices | |
| US11411813B2 (en) | Single user device staging | |
| CN115242433A (en) | Data processing method, system, electronic device and computer readable storage medium | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| US20210044589A1 (en) | Access control | |
| CN112311716A (en) | Data access control method and device based on openstack and server | |
| CN116049860B (en) | Access control method, device, computer equipment and storage medium | |
| US11316949B2 (en) | Access management to user related data | |
| US11720507B2 (en) | Event-level granular control in an event bus using event-level policies | |
| CN116305218B (en) | Data link tracking and data updating method, device and data management system | |
| CN110233814B (en) | Intelligent virtual private network system for industrial Internet of things | |
| CN115587374A (en) | Trust value-based dynamic access control method and control system thereof | |
| CN117729036A (en) | Cloud resource access method, system, equipment and medium | |
| CN117714118A (en) | Dynamic weighting method, device, storage medium, processor and computer equipment | |
| CN114745316A (en) | Routing method, apparatus, device, medium and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |