CN117171787B - Access control method and system for special highway toll collection network mobile storage equipment - Google Patents

Access control method and system for special highway toll collection network mobile storage equipment Download PDF

Info

Publication number
CN117171787B
CN117171787B CN202311072525.1A CN202311072525A CN117171787B CN 117171787 B CN117171787 B CN 117171787B CN 202311072525 A CN202311072525 A CN 202311072525A CN 117171787 B CN117171787 B CN 117171787B
Authority
CN
China
Prior art keywords
access
data
road network
user
privacy level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311072525.1A
Other languages
Chinese (zh)
Other versions
CN117171787A (en
Inventor
雷伟
刘涛
王瑞
刘欣欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Jiaotou Xiangyang Expressway Operation Management Co ltd
Beijing Luoan Technology Co Ltd
Original Assignee
Hubei Jiaotou Xiangyang Expressway Operation Management Co ltd
Beijing Luoan Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei Jiaotou Xiangyang Expressway Operation Management Co ltd, Beijing Luoan Technology Co Ltd filed Critical Hubei Jiaotou Xiangyang Expressway Operation Management Co ltd
Priority to CN202311072525.1A priority Critical patent/CN117171787B/en
Publication of CN117171787A publication Critical patent/CN117171787A/en
Application granted granted Critical
Publication of CN117171787B publication Critical patent/CN117171787B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a method and a system for controlling access to mobile storage equipment of a highway toll private network, belonging to the field of data security, wherein the method comprises the following steps: acquiring road network data to be stored; clustering and grouping the road network data to be stored to obtain a primary road network data grouping result; performing hijacking loss evaluation on the grouping result to obtain a hijacking loss coefficient; performing privacy level evaluation on the hijacking loss coefficient to obtain a secondary road network data grouping result and a privacy level; when the privacy level of the user is smaller than or equal to the preset privacy level and the user has access user permission, allowing the user to access; when the privacy level of the user is larger than the preset privacy level, the user has access user authority, and the identity encryption verification is passed, so that the user is allowed to access. The application solves the technical problem that the security of the mobile storage device accessing the highway network data in the prior art is insufficient, and achieves the technical effects of improving the highway network data security and realizing the safe isolation and effective control of the data.

Description

Access control method and system for special highway toll collection network mobile storage equipment
Technical Field
The invention relates to the field of data security, in particular to a method and a system for controlling access of a special highway toll network mobile storage device.
Background
The construction of road networks and car networks in China rapidly progresses, and the produced and collected expressway data are rapidly increased, and the mass data relate to public safety, such as illegal access and leakage, and can cause immeasurable economic loss and social influence. The existing mobile storage device realizes data isolation and security protection of the expressway through a unified access control mechanism, all types of data are stored and access-managed by adopting the same security policy, the data cannot be subjected to differential security protection according to the types, the sensitivity and the importance of the data, and detailed access rights cannot be granted to different user roles, so that the actual requirements of the data security management of the expressway are difficult to meet.
Disclosure of Invention
The application provides a method and a system for controlling access of mobile storage equipment of a highway toll private network, aiming at solving the technical problem that the security of access of the mobile storage equipment to highway network data privacy is insufficient in the prior art.
In view of the above problems, the application provides a method and a system for controlling access to mobile storage equipment of a highway toll private network.
The first aspect of the present application provides a method for controlling access to a mobile storage device of a private highway toll network, the method comprising: obtaining road network data to be stored, wherein the road network data to be stored is road network operation data of a highway; clustering and grouping the road network data to be stored according to the service type to obtain a primary road network data grouping result; traversing the primary road network data grouping result, collecting historical access log data to perform hijacking loss evaluation, and obtaining a hijacking loss coefficient; performing privacy level evaluation on the primary road network data grouping result by traversing the hijacking loss coefficient to obtain a secondary road network data grouping result and a secondary road network data grouping privacy level, wherein the secondary road network data grouping result and the secondary road network data grouping privacy level are in one-to-one correspondence; receiving user access request information, wherein the user access request information comprises an access storage location and user identity information; when the privacy level of the secondary road network data packet accessing the storage position is smaller than or equal to a preset privacy level, if the user identity information has access user permission, allowing the user to access; when the privacy level of the second-level road network data packet is larger than the preset privacy level, if the user identity information has access user permission and the identity encryption check passes, allowing the user to access.
In another aspect of the disclosure, an access control system for a mobile storage device of a highway toll private network is provided, where the system includes: the road network data acquisition module is used for acquiring road network data to be stored, wherein the road network data to be stored is road network operation data of the expressway; the data clustering grouping module is used for clustering and grouping the road network data to be stored according to the service type to obtain a primary road network data grouping result; the hijacking loss evaluation module is used for traversing the primary road network data grouping result, collecting historical access log data for hijacking loss evaluation, and obtaining a hijacking loss coefficient; the privacy level evaluation module is used for performing privacy level evaluation on the primary road network data grouping result through traversing hijacking loss coefficients to obtain a secondary road network data grouping result and a secondary road network data grouping privacy level, wherein the secondary road network data grouping result corresponds to the secondary road network data grouping privacy level one by one; the request information receiving module is used for receiving user access request information, wherein the user access request information comprises an access storage position and user identity information; the privacy level judging module is used for allowing the user to access if the privacy level of the secondary road network data packet accessing the storage position is smaller than or equal to a preset privacy level and the user identity information has access user permission; and the identity encryption verification module is used for allowing the user to access if the user identity information has the access user permission and the identity encryption verification passes when the privacy level of the secondary road network data packet is larger than the preset privacy level.
One or more technical schemes provided by the application have at least the following technical effects or advantages:
Because the method adopts the steps of acquiring the road network data to be stored and clustering and grouping; performing hijacking loss evaluation by combining historical access log data so as to obtain a hijacking loss coefficient; performing privacy level evaluation on the primary road network data grouping result through traversing hijacking loss coefficients to obtain a secondary road network data grouping result and a secondary road network data grouping privacy level; when user access request information arrives, judging according to the privacy level of the data packet of the secondary road network and user identity information, and further allowing or rejecting the access request, the technical scheme solves the technical problem that the security of the mobile storage device for accessing the data of the highway network is insufficient in the prior art, achieves the technical effects of improving the security of the data of the highway network, and realizing the security isolation and effective control of the data.
The foregoing description is only an overview of the present application, and is intended to be implemented in accordance with the teachings of the present application in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present application more readily apparent.
Drawings
Fig. 1 is a schematic flow chart of a possible access control method of a mobile storage device of a highway toll private network according to an embodiment of the present application;
Fig. 2 is a schematic flow chart of a possible access control method for allowing a user to access a mobile storage device of a special highway toll network according to an embodiment of the present application;
fig. 3 is a schematic diagram of a possible flow for determining access behavior in an access control method for a mobile storage device of a highway toll private network according to an embodiment of the present application;
fig. 4 is a schematic diagram of a possible structure of an access control system of a mobile storage device of a highway toll private network according to an embodiment of the present application.
Reference numerals illustrate: the system comprises a road network data acquisition module 11, a data clustering and grouping module 12, a hijacking loss evaluation module 13, a privacy level evaluation module 14, a request information receiving module 15, a privacy level judgment module 16 and an identity encryption verification module 17.
Detailed Description
The technical scheme provided by the application has the following overall thought:
The embodiment of the application provides a method and a system for controlling access to mobile storage equipment of a special highway toll network. Firstly, by acquiring road network data to be stored and clustering and grouping, the data can be effectively sorted and classified, and a foundation is provided for subsequent access control. And then, carrying out hijacking loss evaluation by combining the historical access log data, and quantitatively evaluating hijacking risk by calculating a hijacking loss coefficient so as to judge the safety of the data. And then, further carrying out privacy level evaluation on the data to form a secondary road network data grouping result and a corresponding privacy level. When a user access request arrives, judging whether to allow the access request according to user identity information and the privacy level of the secondary road network data packet, realizing access control of the mobile storage device and protection of the private security of the highway road network data, effectively distinguishing the access rights of different types of data, accurately evaluating hijacking loss and the privacy level, providing an identity encryption checking mechanism, ensuring the security and the privacy of the data, and providing more reliable guarantee for the use of the mobile storage device.
Having described the basic principles of the present application, various non-limiting embodiments of the present application will now be described in detail with reference to the accompanying drawings.
Example 1
As shown in fig. 1, the embodiment of the application provides an access control method of a mobile storage device of a highway toll private network, which is applied to a safety isolation device of the mobile storage device;
A removable storage device refers to a removable storage medium such as a usb disk, a removable hard disk, an SD card, etc. for storage and transmission of data. The mobile storage equipment safety isolation device is equipment for carrying out access control and data isolation on the mobile storage equipment, and can carry out functions of key management, access control, data encryption and decryption and the like on the mobile storage equipment connected with the mobile storage equipment so as to ensure the safe storage and transmission of data.
The access control method comprises the following steps:
Step S100: obtaining road network data to be stored, wherein the road network data to be stored is road network operation data of a highway;
In the embodiment of the present application, the highway network operation data refers to various data for managing and operating highway infrastructure, including, but not limited to, highway basic information (name, number, length, number of lanes, etc.), operation authority information, toll point setting, traffic flow statistics, etc.
Firstly, arranging video monitoring equipment and vehicle detectors along the expressway for collecting vehicle and road condition information, wherein the video monitoring equipment is used for collecting video information of the expressway, and the vehicle detectors are used for detecting passing vehicle information such as license plate numbers, vehicle speeds, vehicle types and the like. Secondly, the collected video information and the vehicle detection information are subjected to structural processing, for example, the video information is analyzed to extract vehicle characteristics, the vehicle detection information is stored by using a database technology, and the information is summarized to obtain basic traffic flow information of the expressway, such as traffic flow, speed, accident vehicle number and the like of different road sections. And combining the acquired information with the expressway basic data to obtain rich road network operation data. And finally, integrating the processed data to form road network operation data of the expressway, and taking the road network operation data as road network data to be stored.
Step S200: clustering and grouping the road network data to be stored according to the service type to obtain a primary road network data grouping result;
in the embodiment of the application, after the road network data to be stored of the expressway is obtained, the data is clustered and grouped according to the service type so as to obtain a primary road network data grouping result. The service type refers to the purpose category of the road network data, and comprises traffic management, vehicle monitoring, accident handling, charge management and the like, and the content and the form contained in the road network data are different according to different service types. For example, traffic management-related data is mainly traffic flow and speed information, vehicle monitoring-related data is mainly vehicle characteristic information, and accident handling-related data is mainly accident time, place, process information, and the like.
First, each service type, such as traffic management, vehicle monitoring, accident handling, etc., contained in the road network data to be stored is identified by analyzing the content and source of the data. Secondly, extracting common characteristics of data of each service type, including data generation purposes, data updating periods, data formats and the like, wherein the data characteristics of different service types are different, and extracting the data characteristics of each service type. For example, traffic management data is updated once in 1-3 minutes in a format that is mainly based on the flow rate and average speed of vehicles, in order to monitor traffic conditions on highways. And thirdly, aggregating the data which belong to the same service type and have similar characteristics together according to the extracted characteristics to form a primary road network data grouping result. The primary road network data grouping result comprises a plurality of data groupings, and each grouping corresponds to a data set of one service type.
The data sets contained in the road network data to be stored are identified according to the service types, the data are clustered and grouped according to the characteristics of the data sets, and a primary road network data grouping result is obtained, so that massive complex data are primarily divided, a foundation is laid for subsequent hierarchical management, and the purpose of road network data classification management is achieved.
Step S300: traversing the primary road network data grouping result, collecting historical access log data to perform hijacking loss evaluation, and obtaining a hijacking loss coefficient;
In the embodiment of the application, after the primary road network data grouping result is obtained, in order to further improve the data security, the hijacking loss condition of each type of data needs to be evaluated, and the corresponding hijacking loss coefficient is obtained. Hijacking loss assessment refers to assessing the likelihood and consequences of data being illegally accessed or stolen. The possible losses after the data is hijacked include economic losses, social effects, etc. The hijacking loss coefficient is a quantization index of the hijacking loss degree of the data and is used for measuring the influence degree possibly caused by illegal access of the data.
First, traversing the data grouping result of the first-level road network, and locking each type of data and the data set contained in the data. Then, for each type of data, historical access log data is collected, wherein the historical access log data records information such as time, mode, object and the like of the type of data to be accessed, and the situation that the data is misoperation or attacked is reflected. Then, the number of normal access and abnormal access of the data in the history access log data is counted, the authority condition of the access object is identified, the reason of the abnormal access is analyzed and the like, and the possibility that the data is misoperation or accessed by an unauthorized object is primarily judged. And finally, according to the analysis result of the historical access log data, combining the sensitivity degree and influence of the data content, giving out an evaluation result of the data hijacking loss, and quantifying the evaluation result into a hijacking loss coefficient. The higher the hijacking loss factor, the greater the loss and impact that will be caused after the data is hijacked.
By analyzing the historical access log data, the data hijacking loss conditions of each class of the primary road network data grouping result are evaluated, the loss degree quantization result is given by utilizing the hijacking loss coefficient, a basis is provided for subsequent data access control and isolation, and objective and fine management and protection of data resources are facilitated.
Step S400: performing privacy level evaluation on the primary road network data grouping result by traversing the hijacking loss coefficient to obtain a secondary road network data grouping result and a secondary road network data grouping privacy level, wherein the secondary road network data grouping result and the secondary road network data grouping privacy level are in one-to-one correspondence;
In the embodiment of the application, after the hijacking loss coefficient is obtained, the privacy level evaluation is carried out on the primary road network data grouping result according to the hijacking loss coefficient so as to obtain the secondary road network data grouping result and the corresponding secondary road network data grouping privacy level. The privacy level evaluation refers to evaluating the privacy protection level of data according to the sensitivity, influence and possible loss of the data content, for example, classifying the privacy level into a public level, an internal level, a secret level, an absolute level and the like. Wherein a higher privacy level indicates that the data content is more sensitive and requires a higher level of security protection. The secondary road network data grouping result is classified more carefully based on the primary road network data grouping result, so that the data application requirements of different security levels are met. The privacy level of the data packet of the secondary road network is to evaluate the privacy protection level of each type of data in the data packet result of the secondary road network, and the privacy protection level is used for guiding the isolation and control of the data.
Firstly, traversing a primary road network data grouping result and a hijacking loss coefficient, referring to the data content and the hijacking loss coefficient of each class, constructing a virtual coordinate system, and setting different privacy levels corresponding to different areas to realize the preliminary division of the data privacy levels. Then, the loss factor of each class of data hijacking is input into the virtual coordinate system, and the area of the virtual coordinate system where the loss factor is located is judged, so that the privacy level of the data is determined. And further clustering and grouping the data sets with similar privacy levels to obtain a secondary road network data grouping result. And finally, corresponding each secondary road network data packet to the privacy level thereof to form a secondary road network data packet privacy level, and providing basis for subsequent data management and application so as to realize classification management and safety control of road network data.
Step S500: receiving user access request information, wherein the user access request information comprises an access storage location and user identity information;
In an embodiment of the present application, the user access request information includes access storage location and user identity information. Access to a storage location refers to a data storage location within a mobile storage device that a user wishes to access, being a specific file path and name. The user identity information is information for verifying the user identity, including a user name, a password, and the like.
First, when a user sends a data access request to the mobile storage device security isolation apparatus through a data interface or an application program, the mobile storage device security isolation apparatus receives access request information of the user. Then, the mobile storage equipment security isolation device analyzes the access request information and identifies the data storage location which the user wants to access and the submitted user identity information. Enabling the security isolation device to ascertain specific data corresponding to the user access request by identifying the access storage location; the security isolation device can verify the identity of the user by identifying the identity information of the user, and judge whether the user has permission to access the requested data.
By receiving and analyzing the access request information of the user, the accessed data storage position and the user identity information are identified, a foundation is laid for the access authentication and control of the user, only the access request passing the verification can be allowed, the purpose of limiting unauthorized access is achieved, and the data security is protected.
Step S600: when the privacy level of the secondary road network data packet of the access storage position is smaller than or equal to a preset privacy level, if the user identity information has access user permission, allowing a user to access;
In the embodiment of the application, after receiving and identifying the user access request information, the security isolation device judges and controls the user access request. And when the privacy level of the data accessing the storage location is smaller than or equal to a preset privacy level, and the identity of the user is verified, allowing the user to access the data. The preset privacy level is a default data access authority level preset by the security isolation device, and data smaller than or equal to the preset privacy level can be accessed by a general authorized user. Having access to the user rights means that the identity information submitted by the user can pass through the authentication mechanism of the security isolation device, indicating that the user has rights to access the data of the corresponding data storage location.
Firstly, judging whether the privacy level of a secondary road network data packet of data accessing a storage position is smaller than or equal to a preset privacy level, and when the privacy level is met, indicating that the accessed data level is smaller than or equal to the default access permission requirement set by a security isolation device, and generally authorizing a user to access. And secondly, judging whether the user identity information has the authority to access the data of the corresponding data storage position, and when the user identity information is satisfied, indicating that the identity information submitted by the user can pass identity verification, and the safety isolation device can identify that the user has the authority to access the data. When the above two conditions are met, the security isolation device will allow the user to access the data, and if one of the above two conditions is not met, the security isolation device will refuse the user's access request to the data of the data storage location.
The access request of the user is judged according to the data privacy level of the access storage location and the user identity verification result, and the access is allowed only when the preset condition is met, so that the purpose of controlling unauthorized access is achieved, and the data security of the mobile storage device is protected.
Step S700: and when the privacy level of the secondary road network data packet is larger than the preset privacy level, if the user identity information has access user permission and the identity encryption check passes, allowing the user to access.
In the embodiment of the application, when the privacy level of the second-level road network data packet of the data accessed to the storage position is larger than the preset privacy level, the security level of the data is higher than the default access authority level set by the security isolation device, and more strict access control is required. At this time, when the user identity information has access rights and can pass through the identity encryption checking mechanism set by the security isolation device, the user is allowed to access the data. The identity encryption verification means that user identity information is encrypted by an encryption mechanism arranged by a safety isolation device in the transmission and verification process, the safety isolation device verifies the encrypted information to verify the user identity, the process is realized under the cooperation of an offline processor and an offline memory of the safety isolation device, the offline memory stores a preset key library, and the offline processor encrypts and decrypts the user identity information according to the preset key library.
And when the privacy level of the second-level road network data packet of the data accessing the storage position is larger than the preset privacy level, indicating that the data is the data with high security level. Firstly judging whether the user identity information has the authority to access the data of the corresponding data storage position, and if so, indicating that the user has the authority to access the data. And judging whether the user identity information passes through an identity encryption checking mechanism set by the safety isolation device, and if so, indicating that the user identity is a trusted user. When the above conditions are met, the security isolation device allows the user to access the data, and if either condition is not met, the security isolation device will refuse the user's access request to the data.
By adopting a stricter access judgment mechanism, fine-granularity access control on high-security-level data is realized, when the privacy level of a secondary road network data packet of the data accessing a storage position is larger than a preset privacy level, access is allowed only when the identity of a user is encrypted and verified and has access rights, and therefore the high-security-level data in the mobile storage device is protected.
Further, the embodiment of the application further comprises:
step S310: extracting first service type data from the primary road network data grouping result, and extracting first attribute data from the first service type data;
Step S320: the method comprises the steps of mining a scene by using a first service type and a first attribute as data, and collecting historical access log data based on road network big data, wherein the historical access log data comprises a first private data access amount and a first confidential data access amount;
step S330: traversing the history access log data, and counting the access frequency of the private data and the access frequency of the confidential data;
step S340: cleaning the private data with the private data access frequency smaller than a first access frequency threshold value from the first private data access amount to obtain a second private data access amount;
Step S350: cleaning the private data with the access frequency smaller than a second access frequency threshold value from the first confidential data access amount to obtain a second confidential data access amount;
Step S360: setting the second private data access amount and the second confidential data access amount as the hijacking loss coefficient of the first attribute data of the first service type data.
In one possible embodiment, hijacking loss of first attribute data of first service type data of a primary road network data grouping result is evaluated, and a hijacking loss coefficient is obtained.
First, first service type data is extracted from a first-level road network data grouping result, and then first attribute data is extracted from the first service type data. Wherein the first service type data refers to a certain type of data in the first-level road network data grouping result, such as traffic management data; the first attribute data is a certain attribute of the first traffic type data, such as road segment real-time vehicle speed data. Then, the historical access log data of the access to the first service type data and the first attribute data is filtered with the first service type data and the first attribute data as constraint conditions. Secondly, analyzing an access object and an access behavior, distinguishing whether the access is private data or confidential data, and counting the times that the private data is normally accessed by an authorized user to obtain a first private data access amount; and counting the times that the confidential data are normally accessed and unauthorized accessed by the advanced authority user, and obtaining the first confidential data access amount.
Next, the log data is accessed by traversing the history, counting how frequently the private data and confidential data are accessed. And then, cleaning the private data with the access frequency lower than the first access frequency threshold value from the first private data access amount to obtain a second private data access amount, wherein the access frequency threshold value is a frequency reference value set in advance, the access amount corresponding to the access frequency lower than the threshold value is noise data, and cleaning and filtering out the data access amount with higher access frequency and more important data access amount. Similarly, the confidential data having the confidential data access frequency lower than the second access frequency threshold is purged from the first confidential data access amount to obtain a second confidential data access amount. And finally, setting the second private data access amount and the second confidential data access amount obtained by cleaning as hijacking loss coefficients of the first attribute data of the first service type data, wherein the hijacking loss coefficients are used for evaluating the loss risk of the illegal access of the data, and the larger the access amount is, the higher the hijacking loss coefficients are, so that the larger the loss of the illegal access of the data is.
And evaluating hijacking loss of the data of the first service type of the primary road network data grouping result by analyzing the historical access log data, quantifying by adopting a hijacking loss coefficient, and providing basic support for a data access management and security isolation mechanism of the mobile storage device.
Further, the embodiment of the application further comprises:
step S410: acquiring the second private data access amount and the second confidential data access amount of the hijacking loss coefficient of the first attribute data of the first service type data;
step S420: constructing a first virtual coordinate system, and defining privacy level division areas in the first virtual coordinate system by an administrator of a security isolation device of the mobile storage equipment;
Step S430: inputting the second private data access amount and the second confidential data access amount into the first virtual coordinate system, and performing privacy level evaluation based on the privacy level dividing region to acquire the data privacy level of the first attribute data of the first service type data;
step S440: and traversing the primary road network data grouping result according to the data privacy level to perform clustering grouping, and obtaining the secondary road network data grouping result and the secondary road network data grouping privacy level.
In a preferred embodiment, the privacy level of the first attribute data of the first traffic type data of the primary road network data packet result is evaluated, and the secondary road network data packet result and the privacy level are obtained.
First, a second private data access amount and a second confidential data access amount representing an access amount in a hijacking loss coefficient of first attribute data of first service type data are acquired. Then, a first virtual coordinate system is constructed. And secondly, an administrator of the security isolation device of the mobile storage device determines the classified privacy level according to the importance degree and the sensitivity degree of the data, for example, the privacy level of the data is classified into a public level, an internal level, a secret level and an absolute level. Then, an area is determined for each privacy level. For example, the disclosure level corresponds to a large area of disclosure, the secret level corresponds to a smaller secret area, the privacy level corresponds to a smallest privacy area, the area size indicates the strictness of data access control, and the smaller area indicates more strictly controlled access. And then, defining coordinate axes of a virtual coordinate system by adopting a Cartesian coordinate system, setting coordinate ranges for different areas, marking the coordinate ranges corresponding to the different areas in the virtual coordinate system, and realizing space division of data with different privacy levels. The areas are disjoint, represent isolation of data with different privacy levels, the areas are decreased from outside to inside, represent increasing of the data access control degree, and a first virtual coordinate system is obtained.
Then, the virtual coordinate system is used as a mapping model, the second privacy data access amount and the second confidential data access amount are mapped to the first virtual coordinate system, and the area of the virtual coordinate system is judged to be in, so that the privacy level of the data is judged. The access amount is large, and the access amount falls in the outer layer area and corresponds to a lower privacy level; the access amount is smaller, and the access amount falls in the inner layer area and corresponds to a higher privacy level. Thereby realizing privacy level evaluation and acquiring the data privacy level of the first attribute data of the first service type data. And finally, carrying out finer clustering grouping on the primary road network data grouping result according to the data privacy level of the first attribute data of the first service type data, and obtaining the secondary road network data grouping result and the corresponding secondary road network data grouping privacy level, namely dividing the privacy level of each data set again in the data sets of different service types, thereby providing support for classified management and safety protection of a large amount of data in the mobile storage device.
Further, as shown in fig. 2, the embodiment of the present application further includes:
Step S710: the mobile storage equipment safety isolation device is provided with an offline processor and an offline memory, wherein the offline memory is in communication connection with the offline processor, and the offline memory stores a preset key library;
Step S720: when the privacy level of the secondary road network data packet is larger than the preset privacy level, carrying out data encryption on the secondary road network data packet result based on the preset key library in the offline processor to obtain a decryption key;
step S730: and transmitting the decryption key to the authorized user client through the short message of the operator.
In one possible embodiment, when the privacy level of the secondary road network data packet in the access storage location is greater than a preset privacy level, a data encryption method is adopted to protect data security.
The mobile storage device security isolation apparatus has an offline processor and an offline memory. The off-line processor is used for processing and storing the access information received by the security isolation device to prevent unauthorized external access; the off-line memory is used for storing a preset key library and is in communication connection with the off-line processor; the preset key library stores keys for encrypting and decrypting data. When the privacy level of the secondary road network data packet corresponding to the access storage position in the user request information is larger than the preset privacy level, the security level of the data is higher, and stricter protection measures need to be adopted. At this time, the offline processor encrypts the data of the secondary road network data grouping result based on the preset key bank to generate a decryption key, so as to prevent unauthorized users from accessing the data. And then, the generated decryption key is transmitted to the authorized user client in a mode of an operator short message, and the operator short message adopts a private network channel, so that the security is high. After the authorized user client receives the decryption key, the authorized user client can decrypt the data according to the decryption key and access the data.
By adopting the data encryption technology, when the privacy level of the data packet of the secondary road network is higher than the preset privacy level, the data is encrypted and protected, unauthorized access is effectively prevented, and the access security of the data is improved.
Further, the embodiment of the application further comprises:
step S721: constructing a key update probability function:
Wherein, P (y j) represents the probability of selecting the jth key, y j belongs to a key pair of a preset key bank, f (y j) represents the frequency of selecting the jth key in a preset time zone, t (y j) represents the interval duration from the latest selected time, α is a normalized adjustment parameter, w 1 represents the weight of selecting the frequency, w 2 represents the weight of the interval duration, and w 1+w2 =1;
step S722: when a preset updating period is met, randomly selecting an updating key from the preset key library according to the key updating probability function, and carrying out encryption updating on the secondary road network data grouping result in the offline processor to obtain a decryption updating key;
Step S723: and transmitting the decryption update key to the authorized user client through the short message of the operator.
In a preferred embodiment, in order to improve the randomness and confidentiality of the key in the data encryption process, the dynamic update of the key is realized, and the key update probability function is constructed as follows: Wherein, P (y j) represents the probability of selecting the jth key, y j belongs to the key pair of the preset key library, f (y j) represents the selected frequency of the jth key in the preset time zone, t (y j) represents the interval duration of the latest selected distance from the current time zone, α is a normalization adjustment parameter used for normalizing the frequency and the time, w 1 represents the weight of the selected frequency, w 2 represents the weight of the interval duration, w 1+w2 =1, and the method is set according to the experience of an administrator. The function is used for calculating the probability of each key pair in the preset key library being selected as an updated key, the probability is related to the frequency and the interval duration of the latest selected key, and the probability is larger as the frequency is lower or the interval duration is longer. Meanwhile, an administrator can set different key updating periods according to the sensitivity degree and the importance degree of the data, the key updating period of the data with high security level is shorter, probability change is more frequent, and confidentiality is higher.
When a preset key updating period is met, the safety isolation device randomly selects a pair of key pairs in the preset key library as updating keys according to a key updating probability function, and the randomly selected keys are unpredictable, so that confidentiality is enhanced. Then, the data to be accessed by the user in the secondary road network data grouping result is encrypted in the offline processor by using the update key, and a corresponding decryption update key is generated, so that the offline processor can protect the update key from being stolen. And finally, transmitting the generated decryption update key to an authorized user client through the short message of the operator, and after receiving the decryption update key, the authorized user uses the decryption update key to decrypt and access the data.
By constructing the key updating probability function, dynamic and random updating of the key is realized, the unpredictability of the key is increased, the data confidentiality strength is improved, meanwhile, the key updating period can be configured according to the security level of the data, the higher the security level is, the higher the updating frequency is, and flexible encryption management of the data with different security levels is realized.
Further, as shown in fig. 3, the embodiment of the present application further includes:
step S810: monitoring the access behavior sequence of the user after allowing the user to access;
step S820: the visit behavior sequence is input into visit behavior baselines of visit data to carry out consistency judgment, and the number of behavior deviation points is obtained;
Step S830: when the behavior deviation quantity point is larger than or equal to the deviation quantity threshold value, temporarily closing the user access authority, and checking through the management terminal of the mobile storage equipment safety isolation device to obtain checking feedback information;
Step S840: and allowing the user to continue accessing when the verification feedback information comprises a verification passing signal.
In the embodiment of the application, after the user is allowed to access the data, the access behavior of the user is monitored and judged, and access right management and control measures are adopted when abnormality is found.
First, when a user is allowed to access data, the time, object, operation type, etc. of the user accessing the data are recorded, forming an access behavior sequence. The access behavior sequence refers to continuous operation behaviors of the user in the process of accessing the data, and reflects the access intention and habit of the user. And then, acquiring the service type and the data attribute of the access data, extracting the normal access record corresponding to the service type and the data attribute from the history access log, constructing an access behavior baseline, and reflecting the normal access mode of the corresponding data. And secondly, analyzing each access behavior in the access behavior sequence of the user, and judging whether the time sequence of the behaviors, the selection condition of the access object and the operation type are consistent with the access behavior base line. The consistency judgment of the time sequence refers to whether the access time interval and the time length of the user are in a normal range, if the access time has larger deviation, the abnormal access behavior is possibly shown; the consistency judgment of the access object selection refers to whether the data objects (such as files and folders) accessed by the user are in the range of the normal access object or not, if more access data objects exist outside the range, the abnormal access behavior is possibly shown; the consistency judgment of the operation types refers to whether the specific operations (such as reading, writing, uploading, downloading and the like) of the user are consistent with the normal operation types, and if more abnormal operation types exist, the abnormal access behavior is possibly shown. Then, the number of deviations occurring in the consistency judgment is counted, and the larger the number of the deviation points of the behavior is, the larger the deviation between the access behavior and the normal access mode is, and the higher the possibility of abnormal access is. When the number of the deviation points is larger than or equal to a preset deviation number threshold, the fact that the access behaviors of the user have larger deviation and the risk of abnormal access is indicated. At this time, the access authority of the user is temporarily closed, and the data security risk is avoided. And meanwhile, checking the abnormal access behavior through the management terminal of the mobile storage equipment safety isolation device, judging whether the abnormal access behavior belongs to normal access, and acquiring checking feedback information. If the checking feedback information comprises a checking pass signal, indicating that the access is abnormal, restoring the access authority of the user.
By monitoring and judging the data access behaviors of the user, comparing the access behavior sequence of the user with a standard access behavior base line to judge whether the access behaviors of the user are abnormal, the access safety of the data is improved, and meanwhile, a checking mechanism is provided to avoid the situation that normal access is limited due to judgment errors.
Further, the embodiment of the application further comprises:
step S821: acquiring service type characteristics and data attribute characteristics of access data;
Step S822: performing access log mining based on the service type characteristics and the data attribute characteristics to obtain positive sample access log data, wherein the positive sample access log data is a normal access record;
Step S823: according to the positive sample access log data, an access behavior sequence is obtained;
Step S824: carrying out statistics on the access frequency from single behavior to multiple behaviors on the access behavior sequence, and obtaining a plurality of sensitive frequencies of the access behavior sequence;
step S825: and adding a plurality of access behavior sequences with the sensitivity frequency of the plurality of access behavior sequences being greater than or equal to a sensitivity frequency threshold into the access behavior baseline.
In a preferred embodiment, a method of constructing an access behavior baseline for access data is preferred.
First, a service type feature and a data attribute feature of access data are acquired. The traffic type features reflect traffic scenarios of data generation and use, such as traffic management or accident handling; the data attribute features reflect specific content of the data, such as traffic flow data or accident handling records. And secondly, based on the service type characteristics and the data attribute characteristics, normal access records of the corresponding characteristics are mined in the historical access log, and the normal access records are used as positive sample access log data and are the basis for constructing an access behavior baseline. And then analyzing the specific access behaviors of the user according to the positive sample access log data, and acquiring the operation behavior sequence of the user in the normal access process to form an access behavior sequence which reflects the normal operation habit and access mode of the user to the data. And then, counting the access behavior sequences, analyzing the occurrence frequency of a single access behavior and a plurality of access behaviors, and obtaining the sensitive frequency of a plurality of access behavior sequences. And finally, adding a plurality of access behavior sequences with the sensitivity frequency being greater than or equal to a preset sensitivity frequency threshold value into an access behavior base line, wherein the access behavior sequences are a set of normal access behaviors and are used for comparing and judging whether specific access behaviors of a user are normal.
By analyzing the positive sample access log data and the access behavior sequences, a plurality of access behavior sequences with high sensitivity to the access behavior judgment are identified, and an access behavior base line containing the sequences is constructed, so that a basis is provided for judging whether the access behavior of the user is abnormal or not.
In summary, the access control method for the mobile storage device of the expressway toll private network provided by the embodiment of the application has the following technical effects:
Obtaining road network data to be stored, wherein the road network data to be stored is road network operation data of a highway; clustering and grouping the road network data to be stored according to the service type, obtaining a primary road network data grouping result, and sorting and classifying the road network data to be stored so as to facilitate subsequent access control and privacy level evaluation; traversing the primary road network data grouping result, collecting historical access log data for hijacking loss evaluation, obtaining hijacking loss coefficients, and quantifying the risk degree of hijacking so as to judge the security of the data and the risk of access authorization; performing privacy level evaluation on the primary road network data grouping result by traversing the hijacking loss coefficient to obtain a secondary road network data grouping result and a secondary road network data grouping privacy level, wherein the secondary road network data grouping result corresponds to the secondary road network data grouping privacy level one by one, and the data is further classified and grouped according to the privacy requirement and the safety requirement of the data; receiving user access request information, wherein the user access request information comprises access storage positions and user identity information, and a basis is provided by data access; when the privacy level of the secondary road network data packet accessing the storage position is smaller than or equal to a preset privacy level, if the user identity information has access user permission, allowing the user to access; when the privacy level of the data packets of the secondary road network is larger than the preset privacy level, if the user identity information has access user permission, and the identity encryption check passes, the user access is allowed, the technical effects of improving the data privacy security of the highway road network and realizing the safety isolation and effective control of the data are achieved.
Example two
Based on the same inventive concept as the access control method of the mobile storage device of the expressway toll private network in the foregoing embodiment, as shown in fig. 4, an embodiment of the present application provides an access control system of the mobile storage device of the expressway toll private network, where the system includes:
The road network data acquisition module 11 is used for acquiring road network data to be stored, wherein the road network data to be stored is road network operation data of the expressway;
The data clustering grouping module 12 is used for clustering and grouping the road network data to be stored according to the service type to obtain a primary road network data grouping result;
the hijacking loss evaluation module 13 is used for traversing the primary road network data grouping result, collecting historical access log data for hijacking loss evaluation, and obtaining a hijacking loss coefficient;
the privacy level evaluation module 14 is configured to perform privacy level evaluation on the primary road network data packet result by traversing the hijacking loss coefficient, and obtain a secondary road network data packet result and a secondary road network data packet privacy level, where the secondary road network data packet result and the secondary road network data packet privacy level are in one-to-one correspondence;
A request information receiving module 15, configured to receive user access request information, where the user access request information includes an access storage location and user identity information;
The privacy level judging module 16 is configured to allow the user to access if the privacy level of the second-level road network data packet in the access storage location is less than or equal to a preset privacy level and the user identity information has access user permission;
And the identity encryption verification module 17 is configured to allow the user to access if the privacy level of the second-level network data packet is greater than the preset privacy level and the user identity information has access user permission and the identity encryption verification passes.
Further, the hijacking loss assessment module 13 comprises the following steps:
Extracting first service type data from the primary road network data grouping result, and extracting first attribute data from the first service type data;
the method comprises the steps of mining a scene by using a first service type and a first attribute as data, and collecting historical access log data based on road network big data, wherein the historical access log data comprises a first private data access amount and a first confidential data access amount;
Traversing the history access log data, and counting the access frequency of the private data and the access frequency of the confidential data;
cleaning the private data with the private data access frequency smaller than a first access frequency threshold value from the first private data access amount to obtain a second private data access amount;
cleaning the private data with the access frequency smaller than a second access frequency threshold value from the first confidential data access amount to obtain a second confidential data access amount;
Setting the second private data access amount and the second confidential data access amount as the hijacking loss coefficient of the first attribute data of the first service type data.
Further, the privacy level evaluation module 14 includes the following steps:
Acquiring the second private data access amount and the second confidential data access amount of the hijacking loss coefficient of the first attribute data of the first service type data;
constructing a first virtual coordinate system, and defining privacy level division areas in the first virtual coordinate system by an administrator of a security isolation device of the mobile storage equipment;
Inputting the second private data access amount and the second confidential data access amount into the first virtual coordinate system, and performing privacy level evaluation based on the privacy level dividing region to acquire the data privacy level of the first attribute data of the first service type data;
and traversing the primary road network data grouping result according to the data privacy level to perform clustering grouping, and obtaining the secondary road network data grouping result and the secondary road network data grouping privacy level.
Further, the identity encryption verification module 17 comprises the following steps:
The mobile storage equipment safety isolation device is provided with an offline processor and an offline memory, wherein the offline memory is in communication connection with the offline processor, and the offline memory stores a preset key library;
When the privacy level of the secondary road network data packet is larger than the preset privacy level, carrying out data encryption on the secondary road network data packet result based on the preset key library in the offline processor to obtain a decryption key;
and transmitting the decryption key to the authorized user client through the short message of the operator.
Further, the identity encryption verification module 17 further comprises the following steps:
constructing a key update probability function:
Wherein, P (y j) represents the probability of selecting the jth key, y j belongs to a key pair of a preset key bank, f (y j) represents the frequency of selecting the jth key in a preset time zone, t (y j) represents the interval duration from the latest selected time, α is a normalized adjustment parameter, w 1 represents the weight of selecting the frequency, w 2 represents the weight of the interval duration, and w 1+w2 =1;
When a preset updating period is met, randomly selecting an updating key from the preset key library according to the key updating probability function, and carrying out encryption updating on the secondary road network data grouping result in the offline processor to obtain a decryption updating key;
and transmitting the decryption update key to the authorized user client through the short message of the operator.
Further, the embodiment of the application also comprises an access behavior judging module, which comprises the following execution steps:
Monitoring the access behavior sequence of the user after allowing the user to access;
The visit behavior sequence is input into visit behavior baselines of visit data to carry out consistency judgment, and the number of behavior deviation points is obtained;
When the behavior deviation quantity point is larger than or equal to the deviation quantity threshold value, temporarily closing the user access authority, and checking through the management terminal of the mobile storage equipment safety isolation device to obtain checking feedback information;
and allowing the user to continue accessing when the verification feedback information comprises a verification passing signal.
Further, the access behavior judging module further includes the following execution steps:
acquiring service type characteristics and data attribute characteristics of access data;
performing access log mining based on the service type characteristics and the data attribute characteristics to obtain positive sample access log data, wherein the positive sample access log data is a normal access record;
According to the positive sample access log data, an access behavior sequence is obtained;
Carrying out statistics on the access frequency from single behavior to multiple behaviors on the access behavior sequence, and obtaining a plurality of sensitive frequencies of the access behavior sequence;
And adding a plurality of access behavior sequences with the sensitivity frequency of the plurality of access behavior sequences being greater than or equal to a sensitivity frequency threshold into the access behavior baseline.
Any of the steps of the methods described above may be stored as computer instructions or programs in a non-limiting computer memory and may be called by a non-limiting computer processor to identify any method for implementing an embodiment of the present application, without unnecessary limitations.
Further, the first or second element may not only represent a sequential relationship, but may also represent a particular concept, and/or may be selected individually or in whole among a plurality of elements. It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the scope of the application. Thus, the present application is intended to include such modifications and alterations insofar as they come within the scope of the application or the equivalents thereof.

Claims (6)

1. The access control method of the special road toll network mobile storage equipment is characterized by being applied to a mobile storage equipment safety isolation device and comprising the following steps:
obtaining road network data to be stored, wherein the road network data to be stored is road network operation data of a highway;
Clustering and grouping the road network data to be stored according to the service type to obtain a primary road network data grouping result;
traversing the primary road network data grouping result, collecting historical access log data to perform hijacking loss evaluation, and obtaining a hijacking loss coefficient;
Performing privacy level evaluation on the primary road network data grouping result by traversing the hijacking loss coefficient to obtain a secondary road network data grouping result and a secondary road network data grouping privacy level, wherein the secondary road network data grouping result and the secondary road network data grouping privacy level are in one-to-one correspondence;
receiving user access request information, wherein the user access request information comprises an access storage location and user identity information;
When the privacy level of the secondary road network data packet of the access storage position is smaller than or equal to a preset privacy level, if the user identity information has access user permission, allowing a user to access;
When the privacy level of the secondary road network data packet is larger than the preset privacy level, if the user identity information has access user permission and the identity encryption check passes, allowing the user to access;
When the privacy level of the second-level road network data packet is greater than the preset privacy level, if the user identity information has access user permission and the identity encryption check passes, allowing the user to access, the method comprises the following steps:
The mobile storage equipment safety isolation device is provided with an offline processor and an offline memory, wherein the offline memory is in communication connection with the offline processor, and the offline memory stores a preset key library;
When the privacy level of the secondary road network data packet is larger than the preset privacy level, carrying out data encryption on the secondary road network data packet result based on the preset key library in the offline processor to obtain a decryption key;
Transmitting the decryption key to an authorized user client through an operator short message;
When the privacy level of the secondary road network data packet is greater than the preset privacy level, performing data encryption on the secondary road network data packet result based on the preset key bank in the offline processor to acquire a decryption key, and further comprising:
constructing a key update probability function:
wherein, Characterizing the probability of being selected for the j-th key,/>Key pair belonging to preset key store,/>Characterizing the selected frequency of the jth key in a predetermined time zone,/>Characterization of the most recently selected interval duration from the present,/>For normalizing the adjustment parameters,/>Characterization of the weight of the selected frequencies,/>Weights characterizing interval duration,/>
When a preset updating period is met, randomly selecting a pair of key pairs as updating keys in the preset key library according to the key updating probability function, and carrying out encryption updating on the secondary road network data grouping result in the offline processor to obtain a decryption updating key;
And transmitting the decryption update key to the authorized user client through an operator short message.
2. The method of claim 1, wherein traversing the primary road network data packet results, collecting historical access log data for hijacking loss assessment, obtaining hijacking loss coefficients, comprises:
Extracting first service type data from the primary road network data grouping result, and extracting first attribute data from the first service type data;
the method comprises the steps of mining a scene by using a first service type and a first attribute as data, and collecting historical access log data based on road network big data, wherein the historical access log data comprises a first private data access amount and a first confidential data access amount;
Traversing the history access log data, and counting the access frequency of the private data and the access frequency of the confidential data;
cleaning the private data with the private data access frequency smaller than a first access frequency threshold value from the first private data access amount to obtain a second private data access amount;
cleaning the private data with the access frequency smaller than a second access frequency threshold value from the first confidential data access amount to obtain a second confidential data access amount;
Setting the second private data access amount and the second confidential data access amount as the hijacking loss coefficient of the first attribute data of the first service type data.
3. The method of claim 2, wherein traversing the hijacking loss factor performs privacy level evaluation on the primary road network data packet result to obtain a secondary road network data packet result and a secondary road network data packet privacy level, wherein the secondary road network data packet result and the secondary road network data packet privacy level are in one-to-one correspondence, comprising:
Acquiring the second private data access amount and the second confidential data access amount of the hijacking loss coefficient of the first attribute data of the first service type data;
constructing a first virtual coordinate system, and defining privacy level division areas in the first virtual coordinate system by an administrator of a security isolation device of the mobile storage equipment;
Inputting the second private data access amount and the second confidential data access amount into the first virtual coordinate system, and performing privacy level evaluation based on the privacy level dividing region to acquire the data privacy level of the first attribute data of the first service type data;
and traversing the primary road network data grouping result according to the data privacy level to perform clustering grouping, and obtaining the secondary road network data grouping result and the secondary road network data grouping privacy level.
4. The method as recited in claim 1, further comprising:
Monitoring the access behavior sequence of the user after allowing the user to access;
The visit behavior sequence is input into visit behavior baselines of visit data to carry out consistency judgment, and the number of behavior deviation points is obtained;
When the behavior deviation quantity point is larger than or equal to the deviation quantity threshold value, temporarily closing the user access authority, and checking through the management terminal of the mobile storage equipment safety isolation device to obtain checking feedback information;
and allowing the user to continue accessing when the verification feedback information comprises a verification passing signal.
5. The method of claim 4, wherein the step of performing consistency determination on the access behavior base line of the access data input by the access behavior sequence, and obtaining the number of behavior deviation points, comprises the steps of:
acquiring service type characteristics and data attribute characteristics of access data;
performing access log mining based on the service type characteristics and the data attribute characteristics to obtain positive sample access log data, wherein the positive sample access log data is a normal access record;
According to the positive sample access log data, an access behavior sequence is obtained;
Carrying out statistics on the access frequency from single behavior to multiple behaviors on the access behavior sequence, and obtaining a plurality of sensitive frequencies of the access behavior sequence;
And adding a plurality of access behavior sequences with the sensitivity frequency of the plurality of access behavior sequences being greater than or equal to a sensitivity frequency threshold into the access behavior baseline.
6. The access control system for the highway tolling private network mobile storage device is characterized by being used for implementing the access control method for the highway tolling private network mobile storage device according to any one of claims 1-5, being applied to a mobile storage device safety isolation device and comprising the following steps:
the road network data acquisition module is used for acquiring road network data to be stored, wherein the road network data to be stored is road network operation data of the expressway;
the data clustering grouping module is used for clustering and grouping the road network data to be stored according to the service type to obtain a primary road network data grouping result;
the hijacking loss evaluation module is used for traversing the primary road network data grouping result, collecting historical access log data for hijacking loss evaluation and obtaining hijacking loss coefficients;
The privacy level evaluation module is used for performing privacy level evaluation on the primary road network data grouping result through traversing the hijacking loss coefficient to obtain a secondary road network data grouping result and a secondary road network data grouping privacy level, wherein the secondary road network data grouping result and the secondary road network data grouping privacy level are in one-to-one correspondence;
the system comprises a request information receiving module, a request information processing module and a user identification module, wherein the request information receiving module is used for receiving user access request information, and the user access request information comprises an access storage position and user identification information;
The privacy level judging module is used for allowing a user to access when the privacy level of the secondary road network data packet of the access storage position is smaller than or equal to a preset privacy level, and if the user identity information has access user permission;
And the identity encryption verification module is used for allowing the user to access if the privacy level of the secondary road network data packet is larger than the preset privacy level and the user identity information has the access user permission and the identity encryption verification is passed.
CN202311072525.1A 2023-08-24 2023-08-24 Access control method and system for special highway toll collection network mobile storage equipment Active CN117171787B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311072525.1A CN117171787B (en) 2023-08-24 2023-08-24 Access control method and system for special highway toll collection network mobile storage equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311072525.1A CN117171787B (en) 2023-08-24 2023-08-24 Access control method and system for special highway toll collection network mobile storage equipment

Publications (2)

Publication Number Publication Date
CN117171787A CN117171787A (en) 2023-12-05
CN117171787B true CN117171787B (en) 2024-05-31

Family

ID=88944044

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311072525.1A Active CN117171787B (en) 2023-08-24 2023-08-24 Access control method and system for special highway toll collection network mobile storage equipment

Country Status (1)

Country Link
CN (1) CN117171787B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117935388B (en) * 2024-01-29 2024-06-18 广州华南路桥实业有限公司 Expressway charging monitoring system and method based on networking

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107766745A (en) * 2017-11-14 2018-03-06 广西师范大学 Classification method for secret protection in hierarchical data issue
CN109525611A (en) * 2019-01-11 2019-03-26 新华三信息安全技术有限公司 A kind of abnormal outgoing behavioral value method and device of Intranet user
CN110941956A (en) * 2019-10-26 2020-03-31 华为技术有限公司 Data classification method, device and related equipment
CN111159706A (en) * 2019-12-26 2020-05-15 深信服科技股份有限公司 Database security detection method, device, equipment and storage medium
CN112153050A (en) * 2020-09-24 2020-12-29 周丽君 Active anti-intrusion big data network security equipment and anti-intrusion method
CN112787992A (en) * 2020-12-17 2021-05-11 福建新大陆软件工程有限公司 Method, device, equipment and medium for detecting and protecting sensitive data
CN115001684A (en) * 2022-07-18 2022-09-02 合肥工业大学 Multidimensional self-adaptive dynamic key updating method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107766745A (en) * 2017-11-14 2018-03-06 广西师范大学 Classification method for secret protection in hierarchical data issue
CN109525611A (en) * 2019-01-11 2019-03-26 新华三信息安全技术有限公司 A kind of abnormal outgoing behavioral value method and device of Intranet user
CN110941956A (en) * 2019-10-26 2020-03-31 华为技术有限公司 Data classification method, device and related equipment
CN111159706A (en) * 2019-12-26 2020-05-15 深信服科技股份有限公司 Database security detection method, device, equipment and storage medium
CN112153050A (en) * 2020-09-24 2020-12-29 周丽君 Active anti-intrusion big data network security equipment and anti-intrusion method
CN112787992A (en) * 2020-12-17 2021-05-11 福建新大陆软件工程有限公司 Method, device, equipment and medium for detecting and protecting sensitive data
CN115001684A (en) * 2022-07-18 2022-09-02 合肥工业大学 Multidimensional self-adaptive dynamic key updating method

Also Published As

Publication number Publication date
CN117171787A (en) 2023-12-05

Similar Documents

Publication Publication Date Title
CN112182519B (en) Computer storage system security access method and access system
CN117171787B (en) Access control method and system for special highway toll collection network mobile storage equipment
US10893057B2 (en) Hardware security module systems and methods
CN116962076A (en) Zero trust system of internet of things based on block chain
CN116074843B (en) Zero trust security trusted audit method for 5G dual-domain private network
CN117332433A (en) Data security detection method and system based on system integration
CN117527265B (en) Internet of things data acquisition system and method based on distributed digital identity
CN116702216B (en) Multi-level access control method and device for real estate data
CN117478441B (en) Dynamic access control method and system based on intelligent analysis of user behaviors
CN112329042A (en) Big data secure storage system and method
CN117113199A (en) File security management system and method based on artificial intelligence
CN117557270A (en) Mobile terminal secure payment management method and system
CN117272349A (en) Method, system and storage medium for protecting security of relational database
CN116915515B (en) Access security control method and system for industrial control network
CN118074979A (en) Block chain-based safety monitoring system
CN116756212A (en) Big data mining system
CN116527365A (en) System and method for realizing air traffic control heterogeneous data sharing
CN118138312B (en) Intelligent payment port encryption method and system
CN118013557B (en) File encryption method and device, computer equipment and storage medium
CN114896615B (en) Data security access system based on big data
CN112235418B (en) Cross-blockchain stable access authentication system and method
CN118504037B (en) Block chain-based electric energy meter data security management method
EP3522063B1 (en) System and method for detecting compromised data
CN118246047A (en) Document security management and control system based on space-time encryption
CN116881948A (en) Data encryption management system and method based on general database

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant