CN116582352A - Intelligent digital supervision method and system for data interaction - Google Patents

Intelligent digital supervision method and system for data interaction Download PDF

Info

Publication number
CN116582352A
CN116582352A CN202310691734.8A CN202310691734A CN116582352A CN 116582352 A CN116582352 A CN 116582352A CN 202310691734 A CN202310691734 A CN 202310691734A CN 116582352 A CN116582352 A CN 116582352A
Authority
CN
China
Prior art keywords
data
unit
acquisition unit
negotiable
data acquisition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310691734.8A
Other languages
Chinese (zh)
Other versions
CN116582352B (en
Inventor
毛南平
吴军
金华锋
胡瑶波
姜雪霁
钱程
袁少波
王家凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ningbo Yongyao Power Investment Group Co ltd
Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Ningbo Yongyao Power Investment Group Co ltd
Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ningbo Yongyao Power Investment Group Co ltd, Ningbo Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Ningbo Yongyao Power Investment Group Co ltd
Priority to CN202310691734.8A priority Critical patent/CN116582352B/en
Publication of CN116582352A publication Critical patent/CN116582352A/en
Application granted granted Critical
Publication of CN116582352B publication Critical patent/CN116582352B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of data processing, in particular to an intelligent digital supervision method and system for data interaction, which solve the problems: in order to solve the problem that data circulation is inconvenient due to the fact that different data adopt the same acquisition mode in a data transmission platform, the embodiment of the invention provides an intelligent digital supervision method for data interaction, and the supervision method comprises the following steps: establishing a data transmission platform, wherein the data transmission platform stores negotiable data, and the negotiable data comprises a general data file and an encrypted data file; the data acquisition unit sends a data use application to the supervision module, and the supervision module judges whether the data acquisition unit has the acquisition permission of the data uploading unit, operates the negotiable data according to the acquisition permission, and gives different acquisition permission to the data acquisition unit according to the unit type of the data acquisition unit.

Description

Intelligent digital supervision method and system for data interaction
Technical Field
The invention relates to the technical field of data processing, in particular to an intelligent digital supervision method and system for data interaction.
Background
The method is characterized in that a scene of data opening exists among different units, all parties of the data open the data to a user, the user utilizes the data and all the data of the user to perform fusion operation to realize a new application scene, so that the data plays a new role and creates a new value, at present, in the data opening process, all parties of the data lack a supervision means for opening the use condition of the data, although a platform for data interaction exists, in the data interaction process, different data cannot be classified, so that all the data are required to be acquired by using the same acquisition mode, the data acquisition is complicated due to the excessively high encryption degree, and the encrypted data cannot be effectively protected due to the excessively low encryption degree.
Disclosure of Invention
The invention solves the problems that: in a data transmission platform, different data adopt the same acquisition mode, resulting in the problem of inconvenient data circulation.
In order to solve the above problems, an embodiment of the present invention provides an intelligent digital supervision method for data interaction, where the supervision method includes: establishing a data transmission platform, wherein the data transmission platform stores negotiable data, and the negotiable data comprises a general data file and an encrypted data file; the data acquisition unit sends a data use application to the supervision module, and the supervision module acquires a data uploading unit of the negotiable data from the data transmission platform and judges whether the data acquisition unit has the acquisition authority of the data uploading unit or not; if yes, decrypting the encrypted data file to obtain a decrypted data file, sending the universal data file and the decrypted data file to a data acquisition unit, and recording the operation behavior of the data acquisition unit on the circulated data to form an operation record table; acquiring an operable range of the circulated data from the data transmission platform, and controlling the use of the circulated data by the data acquisition unit according to the operable range and the operation record table; if not, the supervision module acquires the unit types of the data uploading unit and the data acquisition unit, sends a data acquisition application to the data uploading unit according to the unit types, and gives the operation authority corresponding to the data acquisition unit; the data uploading unit receives the data acquisition application and examines and approves the data acquisition application to obtain an examination and approval result; and sending the approval result to a supervision module, and operating the negotiable data according to the approval result by the data acquisition unit.
Compared with the prior art, the technical effect achieved by adopting the technical scheme is as follows: the data transmission platform is built, each unit can store data in the platform, meanwhile, data files uploaded by other units can be acquired, the monitoring module is arranged, the data uploading unit performs pretreatment on the disclosure degree of the data when uploading the data, all acquisition applications are prevented from being sent to the data uploading unit, the processing of the data uploading unit on the circulated data is reduced, meanwhile, different acquisition authorities are given to the universal data files and the encrypted data files, the data uploading unit can disclose different data according to different data acquisition units, confidentiality of the circulated data is improved, the operation record table is set, the operation of the circulated data by the data acquisition unit is visualized, the monitoring of the circulated data by the data uploading unit is facilitated, and the leakage of the circulated data is avoided.
In one embodiment of the present invention, an operable range of the negotiable data is obtained from the data transmission platform, and the use of the negotiable data by the data obtaining unit is controlled according to the operable range and the operation record table, which specifically includes: comparing the operation behaviors in the operation record table with the operable range, and judging whether the data acquisition unit has abnormal behaviors exceeding the operable range or not; if yes, sending out alarm information according to the abnormal behavior, and sending the alarm information to a data uploading unit; the data uploading unit controls the acquisition of the negotiable data according to the alarm information; if not, the operation time of the data acquisition unit to the negotiable data is acquired from the operation record table, and the negotiable data is automatically closed after the operation time exceeds the second target time.
Compared with the prior art, the technical effect achieved by adopting the technical scheme is as follows: the abnormal behavior of the data acquisition unit is detected through the operation record table, so that the data uploading unit can better control the negotiable data according to the alarm information, the time of using the negotiable data each time by the data acquisition unit is limited by setting the second target time, the long-time use of the data acquisition unit is avoided, the negligence of the negotiable data protection is avoided, and finally the negligence of negotiable data is caused.
In one embodiment of the present invention, the data uploading unit controls the acquisition of the negotiable data according to the alarm information, and specifically includes: when the data uploading unit processes the alarm information, the negotiable data is controlled according to the processing result; when the data uploading unit does not process the alarm information, the number of the received alarm information is recorded, and when the number of the alarm information received in the first target time exceeds a first alarm threshold value, the data uploading unit locks the negotiable data.
Compared with the prior art, the technical effect achieved by adopting the technical scheme is as follows: the setting of the first alarm threshold value enables the data uploading unit to be free of the need of providing special personnel for management and control in the aspect of managing the negotiable data, improves the standardization of the negotiable data operation of the data acquisition unit, further increases the convenience of negotiable data management and control, and enables data interaction among the units to be more convenient.
In one embodiment of the present invention, if not, the supervision module acquires a unit type of the data uploading unit and the data acquiring unit, sends a data acquiring application to the data uploading unit according to the unit type, and gives an operation right corresponding to the data acquiring unit, which specifically includes: when the data acquisition unit and the data uploading unit belong to the same family unit, the data acquisition unit can acquire a universal data file and send a decryption application to the data uploading unit through the supervision module; when the data acquisition unit and the data uploading unit do not belong to different groups of units, a decryption application and a general application are sent to the data uploading unit through a supervision module.
Compared with the prior art, the technical effect achieved by adopting the technical scheme is as follows: through the setting of the same group unit, the circulation of the universal data file is more convenient, the same group unit is convenient to use the data, the data play a new role, a new value is created, the decryption application and the universal application are separately set, the data uploading unit can endow different operation authorities according to different data acquisition units, and the universal data file can circulate on the premise of ensuring that the encrypted data file is not leaked.
In one embodiment of the present invention, the approval result is sent to the supervision module, and the data acquisition unit operates the negotiable data according to the approval result, which specifically includes: when the data uploading unit agrees with the general application, the data acquisition unit acquires the operation authority of the general data file; when the data uploading unit agrees to the decryption application, the data acquisition unit acquires a first key of the encrypted data file; the data acquisition unit decrypts the encrypted data file using the first key and performs different decryption processes according to the unit type.
Compared with the prior art, the technical effect achieved by adopting the technical scheme is as follows: the data acquisition unit obtains different operation authorities for the negotiable data according to different examination and approval results of the data uploading unit, so that the negotiable data can be monitored more conveniently by the data uploading unit.
In one embodiment of the present invention, the data acquisition unit decrypts the encrypted data file using the first key, and performs different decryption processes according to the unit type, specifically including: when the data acquisition unit belongs to the same family unit, the data acquisition unit needs to input user information for acquiring the encrypted data file before using the first key, and after the supervision module passes the verification, the decrypted file is obtained; when the data acquisition unit does not belong to the same family unit, the data acquisition unit monitors the encrypted data file according to the acquisition times of the data acquisition unit before using the first key. When the data acquisition unit acquires the encrypted data file for the first time, providing corresponding user information for the data uploading unit, and performing video monitoring on the operation behavior; when the data acquisition unit has acquired the encrypted data file, providing corresponding user information for the data uploading unit, and calling a user list of the acquired encrypted data file; when the user information is in the user list, the user can directly decrypt the encrypted data file, and when the user is not in the user list, the operation behavior of the user is monitored in a video mode; wherein video surveillance must not be suspended during use of the decrypted file.
Compared with the prior art, the technical effect achieved by adopting the technical scheme is as follows: the setting of video monitoring enables a user operating the decryption file to record by the data acquisition unit, and the acquisition times of the data acquisition unit are combined, so that the difficulty in acquiring the decryption file by the data acquisition unit is reduced while the decryption file is not leaked, the data uploading unit can rapidly transmit data to the data acquisition unit, and the interactivity of the negotiable data is improved while the negotiable data supervision is ensured.
In one embodiment of the present invention, the approval result is sent to the supervision module, and the data acquisition unit operates the negotiable data according to the approval result, and further includes: the data acquisition unit modifies the negotiable data according to the operation authority to obtain modified data; and sending the modified data to a data uploading unit, and judging whether the modified data needs to replace the circulated data or not by the data uploading unit.
Compared with the prior art, the technical effect achieved by adopting the technical scheme is as follows: the data acquisition unit can modify the universal data file considered to have errors by the user, and after the data uploading unit is confirmed, the universal data file is stored in the data transmission platform, so that the accuracy of the circulated data is further improved.
In one embodiment of the present invention, the present invention further provides an intelligent digital supervision system for data interaction, where the digital supervision system is used to implement the intelligent digital supervision method described in the foregoing embodiment, and the digital supervision system includes: the data storage module is used for storing the circulated data; the data transmission module is used for transmitting the circulated data and the approval result; the visual supervision module is used for consulting the operation record table; the data proxy module is used for giving operation authority, and the intelligent digital supervision system for data interaction has all technical characteristics of the intelligent digital supervision method and is not described in detail herein.
Drawings
For a clearer description of the technical solutions of the embodiments of the present invention, the drawings to be used in the description of the embodiments will be briefly introduced, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art;
FIG. 1 is a flow chart of an intelligent digital supervision method according to the present invention;
FIG. 2 is a second flowchart of the intelligent digital supervision method according to the present invention;
FIG. 3 is a third flowchart of the intelligent digital supervision method according to the present invention;
FIG. 4 is a flow chart of a fourth method of intelligent digital supervision according to the present invention;
FIG. 5 is a schematic diagram of the internal modules of the intelligent digital supervision system of the present invention;
reference numerals illustrate:
100-a digital supervision system; 110-a data storage module; 120-a data transmission module; 130-a visual supervision module; 140-data proxy module.
Detailed Description
In order that the above objects, features and advantages of the invention will be readily understood, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings.
[ first embodiment ]
Referring to fig. 1, in a specific embodiment, the present invention provides an intelligent digital supervision method for data interaction, the supervision method comprising:
s100, a data transmission platform is established, wherein the data transmission platform stores negotiable data, and the negotiable data comprises a general data file and an encrypted data file;
s200, the data acquisition unit sends a data use application to the supervision module, and the supervision module acquires a data uploading unit of the negotiable data from the data transmission platform and judges whether the data acquisition unit has the acquisition authority of the data uploading unit;
s300, if yes, decrypting the encrypted data file to obtain a decrypted data file, sending the universal data file and the decrypted data file to a data acquisition unit, and recording the operation behavior of the data acquisition unit on the circulated data to form an operation record table;
s310, acquiring an operable range of the circulated data from the data transmission platform, and controlling the use of the circulated data by the data acquisition unit according to the operable range and the operation record table;
s400, if not, the supervision module acquires the unit types of the data uploading unit and the data acquisition unit, sends a data acquisition application to the data uploading unit according to the unit types, and gives the operation authority corresponding to the data acquisition unit;
s500, a data uploading unit receives a data acquisition application and examines and approves the data acquisition application to obtain an examination and approval result;
and S600, sending the approval result to a supervision module, and operating the negotiable data according to the approval result by the data acquisition unit.
In step S100, the general data file and the encrypted data file are stored in the data transmission platform, and the data uploading unit may delete and add the data uploaded by itself in real time, where the general data file is usually a file with a low importance degree, for example, a contact manner of a person responsible for related matters in the unit, a construction design of a completed project, etc., and the encrypted file is usually a file with a high importance degree, for example, an operation parameter record table of a partial device in the unit, an implementation rule of an ongoing project in the unit, etc.
In step S200, the supervision module is configured to establish a connection relationship between the data acquisition unit and the data transmission unit, where the supervision module is disposed in the data transmission platform, and a large amount of data is stored in the data transmission platform, when the data is not uploaded by the data acquisition unit, the data is used as the data acquisition unit, the data source side of the negotiable data that is desired to be acquired is used as the data uploading unit, the negotiable data can be marked when the data uploading unit uploads the negotiable data, and a part of units in the data transmission platform are selected to assign acquisition rights, so that the units can directly acquire negotiable data, and when the data acquisition unit is desired to acquire negotiable data, the supervision module first determines whether the data acquisition unit obtains the acquisition rights assigned by the data uploading unit.
In step S300, if the data uploading unit gives the data obtaining unit obtaining permission, the negotiable data is directly processed, the general data file is directly sent to the data obtaining unit, the encrypted data file is synchronously decrypted, the decrypting process is automatically completed by the supervision module, the decrypted data file is obtained after the decrypting process is completed, and then the decrypted data file is sent to the data obtaining unit.
It should be noted that, although the data acquisition unit having the acquisition right does not need to decrypt the encrypted data file, and can directly acquire the general data file and the encrypted data file, the operations performed by the data acquisition unit on the general data file and the encrypted data file are recorded in real time, and the operation behaviors include, but are not limited to: copying, modifying, deleting and downloading. Each operation behavior and the time corresponding to the occurrence of the operation behavior are recorded in the operation record table in detail, so that the data uploading unit can conveniently check later, and whether the data uploaded by the user can be disclosed to other units under the condition of no permission is judged.
In step S310, each of the negotiable data has a different operable range, and the operable range is also set by the data uploading unit when the negotiable data is uploaded, and when the data obtaining unit operates on the negotiable data, the operation behavior recorded in the operation record table is compared with the operable range in real time, so as to control the use of the negotiable data by the data obtaining unit.
In step S400, if the data uploading unit does not give the data obtaining unit corresponding obtaining authority, the data obtaining unit sends the data obtaining application, and then the supervision module sends the data uploading unit to wait for the data uploading unit to respond to the data obtaining application.
In step S500 and step S600, after the data uploading unit receives the data obtaining application, the data obtaining application is approved, and the approval result includes obtaining all operation rights, obtaining part of operation rights, and failing to obtain operation rights, where obtaining part of operation rights refers to providing the general data file to the data uploading unit.
The data transmission platform is built, each unit can store data in the platform, meanwhile, data files uploaded by other units can be acquired, the monitoring module is arranged, the data uploading unit performs pretreatment on the disclosure degree of the data when uploading the data, all acquisition applications are prevented from being sent to the data uploading unit, the processing of the data uploading unit on the circulated data is reduced, meanwhile, different acquisition authorities are given to the universal data files and the encrypted data files, the data uploading unit can disclose different data according to different data acquisition units, confidentiality of the circulated data is improved, the operation record table is set, the operation of the circulated data by the data acquisition unit is visualized, the monitoring of the circulated data by the data uploading unit is facilitated, and the leakage of the circulated data is avoided.
[ second embodiment ]
Referring to fig. 4, in a specific embodiment, the method for acquiring the operable range of the negotiable data from the data transmission platform, and controlling the usage of the negotiable data by the data acquisition unit according to the operable range and the operation record table specifically includes:
s311, comparing the operation behaviors in the operation record table with the operable range, and judging whether the data acquisition unit has abnormal behaviors exceeding the operable range;
if yes, sending out alarm information according to the abnormal behavior, and sending the alarm information to a data uploading unit; the data uploading unit controls the acquisition of the negotiable data according to the alarm information;
s312, if not, the operation time of the data acquisition unit to the circulated data is acquired from the operation record table, and when the operation time exceeds the second target time, the circulated data is automatically closed.
In step S311, each time the data acquisition unit operates on the negotiable data, the operation record table compares the operation behavior with the operability range, and determines whether the operation exceeds the operability range set by the data uploading unit.
When the data acquisition unit performs operation beyond the operable range on the negotiable data, the supervision module judges that the data acquisition unit has abnormal behavior, the abnormal behavior can be marked in the operation record table, meanwhile, the information is sent to the data uploading unit, according to different degrees of the abnormal behavior, the data uploading unit can judge whether the negotiable data has leakage risk according to alarm information, the negotiable data can be prevented from being continuously acquired by the data acquisition unit at any time, if the negotiable data is not wanted to be manually managed by the data uploading unit, the supervision module can set appointed abnormal behavior, and when the data acquisition module performs the abnormal behavior, the supervision module automatically withdraws the operation authority of the negotiable data by the data acquisition unit.
For example, the designated abnormal behavior set by the data uploading unit is downloading, the supervision module sends alarm information to other abnormal behaviors, and when the data acquisition unit wants to download the negotiable data, the data acquisition unit cannot continuously acquire the negotiable data, and the downloading instruction cannot take effect.
It should be noted that, after the data acquisition unit is canceled of the acquisition right due to the abnormal behavior, the data acquisition unit cannot continue to acquire the negotiable data until the data uploading unit grants the operation right again.
In step S312, if the data acquisition unit operates on the negotiable data according to the specification of the data uploading unit, the supervision module manages the negotiable data according to the operation time of the data acquisition unit, and when the operation time reaches the second target time, the data acquisition unit cannot continue to operate on the negotiable data, the second target time is set according to different negotiable data, and also different second target times may be set for the general data file and the encrypted data file, and in general, the second target time is 1 hour.
It should be noted that, when the operation record table records the operation of the data acquisition unit, if the data acquisition unit is found to be not operated for a long time, the supervision module locks the negotiable data, and when the data acquisition unit is operated again, the supervision module unlocks the negotiable data.
The abnormal behavior of the data acquisition unit is detected through the operation record table, so that the data uploading unit can better control the negotiable data according to the alarm information, the time of using the negotiable data each time by the data acquisition unit is limited by setting the second target time, the long-time use of the data acquisition unit is avoided, the negligence of the negotiable data protection is avoided, and finally the negligence of negotiable data is caused.
[ third embodiment ]
In a specific embodiment, the data uploading unit controls the acquisition of the negotiable data according to the alarm information, and specifically includes:
s311a, when the data uploading unit processes the alarm information, controlling the circulated data according to the processing result;
and S311b, when the data uploading unit does not process the alarm information, recording the quantity of the received alarm information, and when the quantity of the alarm information received in the first target time exceeds a first alarm threshold value, locking the negotiable data by the data uploading unit.
In step S311a, the processing of the negotiable data by the supervision module is based on the processing of the data uploading unit, and the data uploading unit can process each piece of alarm information individually and control the acquisition authority of the data acquisition unit on the negotiable data.
In step S311b, if the data uploading unit does not want to manually manage the negotiable data, the number of acquired alarm messages may be set, and when the number of alarm messages reaches the first alarm threshold, the supervision module automatically retrieves the operation authority of the negotiable data, and the data acquisition unit cannot continue to operate on the negotiable data.
For example, the first alarm threshold set by the data uploading unit is 3, when the supervision module sends the alarm information to the data uploading module for the third time, the data obtaining unit cannot continuously obtain the negotiable data, and the data uploading unit can still check the alarm information for the 3 times.
The setting of the first alarm threshold value enables the data uploading unit to be free of the need of providing special personnel for management and control in the aspect of managing the negotiable data, improves the standardization of the negotiable data operation of the data acquisition unit, further increases the convenience of negotiable data management and control, and enables data interaction among the units to be more convenient.
[ fourth embodiment ]
Referring to fig. 2, in a specific embodiment, if not, the supervision module obtains a unit type of the data uploading unit and the data obtaining unit, sends a data obtaining application to the data uploading unit according to the unit type, and gives an operation right corresponding to the data obtaining unit, which specifically includes:
s410, when the data acquisition unit and the data uploading unit belong to the same group unit, the data acquisition unit can acquire a universal data file, and a decryption application is sent to the data uploading unit through the supervision module;
s420, when the data acquisition unit and the data uploading unit do not belong to the same group unit, a decryption application and a general application are sent to the data uploading unit through the supervision module.
In step S410, the peer units are usually units of the same work type, for example, the power grid company uploads the negotiable data, the other power grid companies are peer units with respect to the negotiable data, the tap water company uploads the negotiable data, the other tap water companies are peer units with respect to the negotiable data, the peer units can be manually divided by the data uploading unit, and if the data uploading unit is not divided, the supervision module classifies the negotiable data according to the names of the units.
When the peer units acquire the negotiable data, the universal data file can be directly acquired without time limitation of acquisition, but the abnormal behavior is still detected, so that the risk of negotiable data leakage is reduced while the information circulation among the peer units is improved, and the peer units still need to send decryption application for the encrypted data file, so that the decrypted data file can be obtained after permission of the data uploading unit is obtained.
In step S420, when the data acquisition unit and the data uploading unit do not belong to the same family unit, the supervision module may simultaneously generate a decryption application and a general application to the data uploading unit, where the decryption application corresponds to an encryption application file in the negotiable data, and the general application corresponds to a general data file in the negotiable data, and when the general application passes, the decryption application needs to be confirmed separately, and when the decryption application passes, the general application automatically passes.
Through the setting of the same group unit, the circulation of the universal data file is more convenient, the same group unit is convenient to use the data, the data play a new role, a new value is created, the decryption application and the universal application are separately set, the data uploading unit can endow different operation authorities according to different data acquisition units, and the universal data file can circulate on the premise of ensuring that the encrypted data file is not leaked.
[ fifth embodiment ]
Referring to fig. 3, in a specific embodiment, the approval result is sent to the supervision module, and the data acquisition unit operates the negotiable data according to the approval result, and specifically includes:
s610, when a data uploading unit agrees with a general application, the data acquisition unit acquires the operation authority of the general data file;
s620, when the data uploading unit agrees to decrypt the application, the data acquisition unit acquires a first key of the encrypted data file;
s630, the data acquisition unit decrypts the encrypted data file by using the first key, and different decryption processes are performed according to the unit type.
In step S620, the data acquisition unit having no operation authority automatically decrypts the encrypted data file, but transmits the first key necessary for decryption to the data uploading unit, even if the decryption permission of the data uploading unit is obtained.
In step S630, different data acquisition units have different decryption requirements, and the decryption process of the encrypted file is recorded, so as to reduce the risk of leakage of the encrypted file.
The base encryption mode of the encrypted data file is KP-ABE (Key Policy AttributeBased Encryption, key policy attribute base encryption). In KP-ABE, each encrypted data file has a set of attributes that are encoded in the encrypted data file. When the access policy matches the attribute of the encrypted data file, the first key can decrypt the encrypted data file to obtain a decrypted data file. An attribute is defined for each encrypted data file and the data file is encrypted based on the attribute. And setting an access strategy for the attribute corresponding to all the encrypted data files for each data uploading unit, and generating a first key corresponding to the access strategy.
The data acquisition unit obtains different operation authorities for the negotiable data according to different examination and approval results of the data uploading unit, so that the negotiable data can be monitored more conveniently by the data uploading unit.
[ sixth embodiment ]
In a specific embodiment, the data acquisition unit decrypts the encrypted data file using the first key, and performs different decryption processes according to the unit type, which specifically includes:
s631, when the data acquisition unit belongs to the same family unit, the data acquisition unit needs to input user information for acquiring the encrypted data file before using the first key, and after the supervision module passes the verification, the decrypted file is obtained;
s632, when the data acquisition unit does not belong to the same family unit, the data acquisition unit monitors the encrypted data file according to the acquisition times of the data acquisition unit before using the first key.
In step S631, before using the first key, the peer unit needs to input user information of a user decrypting the encrypted data file, the supervision module determines whether the user information belongs to the data acquisition unit, if not, the user cannot decrypt the encrypted data file, if so, the user needs to perform face recognition, and after the recognition, the user can decrypt the encrypted data file using the first key to obtain a decrypted file;
in step S632, before the data acquisition unit other than the peer group unit uses the first key, the number of acquisitions of the data acquisition unit is first acquired, and the different acquisitions have different decryption modes, which specifically includes:
s632a, when the data acquisition unit is to acquire the encrypted data file for the first time, providing corresponding user information for the data uploading unit, and performing video monitoring on the operation behavior;
s632b, when the data acquisition unit has acquired the encrypted data file, providing corresponding user information for the data uploading unit, and calling a user list of the acquired encrypted data file; when the user information is in the user list, the user can directly decrypt the encrypted data file, and when the user is not in the user list, the operation behavior of the user is monitored in a video mode;
wherein video surveillance must not be suspended during use of the decrypted file.
In step S632a, when the encrypted data file is not acquired for the first time by the peer unit, user information of the user who performs the decryption work is submitted to the data uploading unit, and is monitored with video in real time during decryption and use of the decrypted file.
In step S632b, when the encrypted data file is decrypted, the user information for each decryption is recorded in the supervision module, after the data acquisition unit submits the user information for decryption to the data uploading unit, the supervision module compares the user information with the user list, and when the user information exists in the user list, the user can decrypt the encrypted data file only through face recognition, and when the data acquisition unit needs to add a new user for decryption, the decryption needs to be performed under the monitoring of video.
The setting of video monitoring enables a user operating the decryption file to record by the data acquisition unit, and the acquisition times of the data acquisition unit are combined, so that the difficulty in acquiring the decryption file by the data acquisition unit is reduced while the decryption file is not leaked, the data uploading unit can rapidly transmit data to the data acquisition unit, and the interactivity of the negotiable data is improved while the negotiable data supervision is ensured.
[ seventh embodiment ]
In a specific embodiment, the approval result is sent to the supervision module, and the data acquisition unit operates the negotiable data according to the approval result, and further includes:
s640, the data acquisition unit modifies the negotiable data according to the operation authority to obtain modified data;
s650, the modified data is sent to a data uploading unit, and the data uploading unit judges whether the modified data needs to replace the circulated data.
In step S640 and step S650, when the data acquisition unit uses the negotiable data, the negotiable data may be modified on the general data file according to the authority provided by the data uploading unit, and is generally used for correcting a part of obvious error data.
The data acquisition unit can modify the universal data file considered to have errors by the user, and after the data uploading unit is confirmed, the universal data file is stored in the data transmission platform, so that the accuracy of the circulated data is further improved.
[ eighth embodiment ]
Referring to fig. 5, in a specific embodiment, the present invention further provides an intelligent digital supervision system 100 for data interaction, where the digital supervision system 100 is configured to implement the intelligent digital supervision method described in the foregoing embodiment, and the digital supervision system 100 includes: the data storage module 110, the data storage module 110 is used for storing the data which can circulate; the data transmission module 120, the data transmission module 120 is used for transmitting the negotiable data and the approval result; the visual supervision module 130 is configured to refer to the operation record table by the visual supervision module 130; the data proxy module 140, the data proxy module 140 is configured to give operation authority, and the intelligent digital supervision system 100 for data interaction has all the technical features of the above intelligent digital supervision method, which are not described herein.
Although the present invention is disclosed above, the present invention is not limited thereto. Various changes and modifications may be made by one skilled in the art without departing from the spirit and scope of the invention, and the scope of the invention should be assessed accordingly to that of the appended claims.

Claims (9)

1. An intelligent digital supervision method for data interaction, the supervision method comprising:
establishing a data transmission platform, wherein the data transmission platform stores negotiable data, and the negotiable data comprises a general data file and an encrypted data file;
the data acquisition unit sends a data use application to a supervision module, and the supervision module acquires a data uploading unit of the negotiable data from the data transmission platform and judges whether the data acquisition unit has the acquisition authority of the data uploading unit or not;
if yes, decrypting the encrypted data file to obtain a decrypted data file, sending the universal data file and the decrypted data file to the data acquisition unit, and recording the operation behavior of the data acquisition unit on the negotiable data to form an operation record table;
acquiring an operable range of the circulated data from the data transmission platform, and controlling the use of the circulated data by the data acquisition unit according to the operable range and the operation record table;
if not, the supervision module acquires the unit types of the data uploading unit and the data acquisition unit, sends a data acquisition application to the data uploading unit according to the unit types, and gives the operation authority corresponding to the data acquisition unit;
the data uploading unit receives the data acquisition application and approves the data acquisition application to obtain an approval result;
and sending the approval result to the supervision module, and operating the negotiable data by the data acquisition unit according to the approval result.
2. The intelligent digital supervision method for data interaction according to claim 1, wherein the acquiring the operable range of the negotiable data from the data transmission platform, and controlling the usage of the negotiable data by the data acquisition unit according to the operable range and the operation record table, specifically comprises:
comparing the operation behaviors in the operation record table with the operable range, and judging whether the data acquisition unit has abnormal behaviors exceeding the operable range;
if yes, sending out alarm information according to the abnormal behavior, and sending the alarm information to the data uploading unit;
the data uploading unit controls the acquisition of the negotiable data according to the alarm information;
if not, the operation time of the data acquisition unit on the negotiable data is acquired from the operation record table, and when the operation time exceeds a second target time, the negotiable data is automatically closed.
3. The intelligent digital supervision method for data interaction according to claim 2, wherein the data uploading unit controls the acquisition of the negotiable data according to the alarm information, and specifically comprises:
when the data uploading unit processes the alarm information, the negotiable data is controlled according to the processing result;
when the data uploading unit does not process the alarm information, recording the quantity of the received alarm information, and when the quantity of the alarm information received in the first target time exceeds a first alarm threshold value, locking the circulated data by the data uploading unit.
4. The intelligent digital supervision method for data interaction according to claim 2, wherein if not, the supervision module obtains a unit type of the data uploading unit and the data obtaining unit, sends a data obtaining application to the data uploading unit according to the unit type, and gives the operation authority corresponding to the data obtaining unit, and specifically includes:
when the data acquisition unit and the data uploading unit belong to the same family unit, the data acquisition unit can acquire the universal data file and send a decryption application to the data uploading unit through the supervision module;
and when the data acquisition unit and the data uploading unit do not belong to the same family unit, sending the decryption application and the universal application to the data uploading unit through the supervision module.
5. The intelligent digital supervision method for data interaction according to claim 4, wherein the sending the approval result to the supervision module, and the data acquisition unit operates the negotiable data according to the approval result, specifically includes:
when the data uploading unit agrees with the general application, the data acquisition unit acquires the operation authority of the general data file;
when the data uploading unit agrees with the decryption application, the data acquisition unit acquires a first key of the encrypted data file;
the data acquisition unit decrypts the encrypted data file using the first key and performs different decryption processes according to the unit type.
6. The intelligent digital supervision method for data interaction according to claim 5, wherein the data acquisition unit decrypts the encrypted data file using the first key and performs different decryption processes according to the unit type, specifically comprising:
when the data acquisition unit belongs to the same family unit, before the first key is used, the data acquisition unit needs to input user information for acquiring the encrypted data file, and after the supervision module passes the verification, a decryption file is obtained;
and when the data acquisition unit does not belong to the same family unit, the data acquisition unit monitors the encrypted data file according to the acquisition times of the data acquisition unit before using the first key.
7. The intelligent digital supervision method for data interaction according to claim 6, wherein the supervising the user who acquires the encrypted data file according to the number of acquisitions of the data acquisition unit specifically includes:
when the data acquisition unit acquires the encrypted data file for the first time, providing the corresponding user information for the data uploading unit, and performing video monitoring on the operation behavior;
when the data acquisition unit has acquired the encrypted data file, providing the corresponding user information for the data uploading unit, and calling a user list acquired the encrypted data file;
when the user information is in the user list, the user can directly decrypt the encrypted data file, and when the user is not in the user list, the operation behavior of the user is monitored in a video mode;
wherein the video surveillance must not be suspended during use of the decrypted file.
8. The intelligent digital supervision method for data interaction according to any one of claims 1 to 7, the sending the approval result to the supervision module, the data acquisition unit operating on the negotiable data according to the approval result, further comprising:
the data acquisition unit modifies the negotiable data according to the operation authority to obtain modified data;
and sending the modified data to the data uploading unit, wherein the data uploading unit judges whether the modified data needs to replace the circulated data or not.
9. An intelligent digital supervision system for data interaction, the digital supervision system being configured to implement the intelligent digital supervision method according to any one of claims 1 to 8, wherein the digital supervision system comprises:
the data storage module is used for storing the circulated data;
the data transmission module is used for transmitting the negotiable data and the approval result;
the visual supervision module is used for consulting the operation record table;
and the data proxy module is used for giving the operation authority.
CN202310691734.8A 2023-06-13 2023-06-13 Intelligent digital supervision method and system for data interaction Active CN116582352B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310691734.8A CN116582352B (en) 2023-06-13 2023-06-13 Intelligent digital supervision method and system for data interaction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310691734.8A CN116582352B (en) 2023-06-13 2023-06-13 Intelligent digital supervision method and system for data interaction

Publications (2)

Publication Number Publication Date
CN116582352A true CN116582352A (en) 2023-08-11
CN116582352B CN116582352B (en) 2023-11-14

Family

ID=87539785

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310691734.8A Active CN116582352B (en) 2023-06-13 2023-06-13 Intelligent digital supervision method and system for data interaction

Country Status (1)

Country Link
CN (1) CN116582352B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008129803A (en) * 2006-11-20 2008-06-05 Cnac Ltd File server, program, recording medium, and management server
CN109729168A (en) * 2018-12-31 2019-05-07 浙江成功软件开发有限公司 A kind of data share exchange system and method based on block chain
KR20190081299A (en) * 2017-12-29 2019-07-09 부경대학교 산학협력단 Block chain based data access control system and method thereof
CN112270966A (en) * 2020-11-17 2021-01-26 赵淑芳 Medical data intelligent sharing and trading system based on internet finance
US11120144B1 (en) * 2018-04-12 2021-09-14 Datavant, Inc. Methods and systems providing central management of distributed de-identification and tokenization software for sharing data
KR20220082768A (en) * 2020-12-10 2022-06-17 경희대학교 산학협력단 Intelligent Video Big Data Analytics System in Cloud and Method thereof
WO2022133996A1 (en) * 2020-12-25 2022-06-30 深圳晶泰科技有限公司 Hybrid cloud computing platform-based storage method and system
CN115510433A (en) * 2022-11-04 2022-12-23 杭州未名信科科技有限公司 Data open security visual supervision system, method and storage medium
CN115766181A (en) * 2022-11-09 2023-03-07 哈尔滨工业大学 Block chain-based data sharing architecture and method for space environment ground simulation device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008129803A (en) * 2006-11-20 2008-06-05 Cnac Ltd File server, program, recording medium, and management server
KR20190081299A (en) * 2017-12-29 2019-07-09 부경대학교 산학협력단 Block chain based data access control system and method thereof
US11120144B1 (en) * 2018-04-12 2021-09-14 Datavant, Inc. Methods and systems providing central management of distributed de-identification and tokenization software for sharing data
CN109729168A (en) * 2018-12-31 2019-05-07 浙江成功软件开发有限公司 A kind of data share exchange system and method based on block chain
CN112270966A (en) * 2020-11-17 2021-01-26 赵淑芳 Medical data intelligent sharing and trading system based on internet finance
KR20220082768A (en) * 2020-12-10 2022-06-17 경희대학교 산학협력단 Intelligent Video Big Data Analytics System in Cloud and Method thereof
WO2022133996A1 (en) * 2020-12-25 2022-06-30 深圳晶泰科技有限公司 Hybrid cloud computing platform-based storage method and system
CN115510433A (en) * 2022-11-04 2022-12-23 杭州未名信科科技有限公司 Data open security visual supervision system, method and storage medium
CN115766181A (en) * 2022-11-09 2023-03-07 哈尔滨工业大学 Block chain-based data sharing architecture and method for space environment ground simulation device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
MR. PRASHANT ALKUNTE 、等: "Enhanced Security Using Shared Authority Protocol and Data Partitioning for Cloud Storage", 《2016 INTERNATIONAL CONFERENCE ON AUTOMATIC CONTROL AND DYNAMIC OPTIMIZATION TECHNIQUES (ICACDOT) 》 *
QING WANG、等: "A Multi-authority CP-ABE Scheme based on Cloud-Chain Fusion for SWIM", 《2022 IEEE INTL CONF ON PARALLEL & DISTRIBUTED PROCESSING WITH APPLICATIONS, BIG DATA & CLOUD COMPUTING, SUSTAINABLE COMPUTING & COMMUNICATIONS, SOCIAL COMPUTING & NETWORKING (ISPA/BDCLOUD/SOCIALCOM/SUSTAINCOM)》 *
王琨;陆艳军;: "数据文件安全管控技术的研究与实现", 信息安全研究, no. 01 *

Also Published As

Publication number Publication date
CN116582352B (en) 2023-11-14

Similar Documents

Publication Publication Date Title
JP3590143B2 (en) Email transfer device
US7383447B2 (en) Method for controlling database copyrights
JP2003060636A (en) Digital information security method and its system
US7835993B2 (en) License management device and method
KR20010041400A (en) Transmitting reviews with digital signatures
US20100257204A1 (en) Providing access to a data item using access graphs
JP2007188490A (en) System and method for sharing restricted electronic document
US20180307855A1 (en) Access management system, file access system, encrypting apparatus and program
US20180285583A1 (en) File encrypting apparatus, file decrypting apparatus, system and program
CN112769808B (en) Mobile fort machine for industrial local area network, operation and maintenance method thereof and computer equipment
WO2008097712A1 (en) Secure cross platform auditing
CN101271497A (en) Electric document anti-disclosure system and its implementing method
US20070183597A1 (en) Broadcast encryption based home security system
CN103503365A (en) Recording medium apparatus and controller
CN111581659B (en) Method and device for calling electronic evidence
US8234718B2 (en) Method and apparatus for forbidding use of digital content against copy control information
CN1706149A (en) Content reproduction apparatus, license issue server, and content reproduction
EP3876127A1 (en) Remote device maintenance based on distributed data storage
CN102667791A (en) Method and device for accessing control data according to provided permission information
CN114175580A (en) Enhanced secure encryption and decryption system
CN115470533A (en) Storage method and device of vehicle sensitive data, electronic equipment and storage medium
CN110602079B (en) Scientific research data uploading and storing method based on block chain technology hierarchical control
CN116582352B (en) Intelligent digital supervision method and system for data interaction
CN105247534A (en) Access control device, program and access control system
US20090205020A1 (en) Information processing apparatus, information processing system, information processing method and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant