CN117592119A - Method and system for secure management of microscopic data usage - Google Patents
Method and system for secure management of microscopic data usage Download PDFInfo
- Publication number
- CN117592119A CN117592119A CN202311585787.8A CN202311585787A CN117592119A CN 117592119 A CN117592119 A CN 117592119A CN 202311585787 A CN202311585787 A CN 202311585787A CN 117592119 A CN117592119 A CN 117592119A
- Authority
- CN
- China
- Prior art keywords
- data
- result
- user
- microscopic data
- microscopic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000007726 management method Methods 0.000 claims abstract description 41
- 238000012550 audit Methods 0.000 claims abstract description 33
- 230000008569 process Effects 0.000 claims abstract description 32
- 238000002955 isolation Methods 0.000 claims abstract description 22
- 238000001514 detection method Methods 0.000 claims description 35
- 238000012015 optical character recognition Methods 0.000 claims description 30
- 238000004458 analytical method Methods 0.000 claims description 27
- 238000012545 processing Methods 0.000 claims description 19
- 230000007246 mechanism Effects 0.000 claims description 13
- 238000013527 convolutional neural network Methods 0.000 claims description 10
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 8
- 230000001105 regulatory effect Effects 0.000 claims description 7
- 238000011161 development Methods 0.000 abstract description 6
- 238000009960 carding Methods 0.000 abstract 1
- 230000006870 function Effects 0.000 description 14
- 238000012549 training Methods 0.000 description 10
- 238000011176 pooling Methods 0.000 description 9
- 230000004913 activation Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 238000011160 research Methods 0.000 description 7
- 230000008520 organization Effects 0.000 description 5
- 230000001276 controlling effect Effects 0.000 description 3
- 238000009826 distribution Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 239000000470 constituent Substances 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- ORILYTVJVMAKLC-UHFFFAOYSA-N Adamantane Natural products C1C(C2)CC3CC1CC2C3 ORILYTVJVMAKLC-UHFFFAOYSA-N 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000002542 deteriorative effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000010191 image analysis Methods 0.000 description 1
- 238000011423 initialization method Methods 0.000 description 1
- 238000012804 iterative process Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 238000009827 uniform distribution Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and a system for safely controlling microscopic data use, wherein the method comprises the following steps: s1, authenticating a use application of microscopic data proposed by a user; s2: storing the microscopic data in a physical isolation server, performing security audit on the authenticated use application, and providing microscopic data downloading; s3: and when the microscopic data passes the security audit, the method is used for carrying out result control on the downloaded microscopic data and outputting a result after the result control on the user. According to the scheme of the invention, the safety problems of the data using processes can be integrated by carding, so that the safety management of the micro data penetrates through the whole using process, the development of micro data resources is further promoted, and the safety use of the micro data is improved.
Description
Technical Field
The present invention relates to the field of data management, and more particularly to a method and system for secure management of microscopic data usage.
Background
Microscopic data is data collected for individuals, families or small areas, provides finer (e.g., family, individual, or business, etc.) information, and can more accurately evaluate the impact of policies on different individuals or groups, thereby better helping policy makers understand policy effects.
At present, the statistics department has a large amount of microscopic data which contains abundant information, and the microscopic data are precious economic and social resources and have important economic value, social value and academic research value. Under the premise of ensuring data safety, the microscopic data can be opened to academic research, so that development of scientific research can be promoted, and government decisions and the public of society can be better served.
However, at present, there is no good method for managing these microscopic data, and especially, these microscopic data can be maximally used and developed under the condition of ensuring safety.
Thus, there is a need in the art for a solution that enables efficient and secure management of microscopic data usage.
The above information disclosed in the background section is only for a further understanding of the background of the invention and therefore it may contain information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
The present invention provides a method and system for secure management of microscopic data usage. The invention can solve the safety problem of the development and use of the statistical microscopic data effectively, thereby controlling the safety of the microscopic data.
A first aspect of the present invention provides a method for secure management of microscopic data usage, the method comprising: s1, authenticating a use application of microscopic data proposed by a user; s2: storing the microscopic data in a physical isolation server, performing security audit on the authenticated use application, and providing microscopic data downloading; s3: and when the microscopic data passes the security audit, the method is used for carrying out result control on the downloaded microscopic data and outputting a result after the result control on the user.
A second aspect of the present invention provides a system for secure management of microscopic data usage, the system comprising: the application authentication subsystem is used for authenticating application of the microscopic data proposed by the user and is used for storing the physical isolation server of the microscopic data; the data downloading auditing subsystem is used for carrying out security audit on the authenticated application and providing downloading of microscopic data; and the result management and control subsystem is used for performing result management and control on the downloaded microscopic data after passing the security audit and outputting the result after the result management and control to the user.
The solution provided by the invention for safely controlling the use of the micro data can comb and integrate the safety problems of each data use process, so that the safety management of the micro data penetrates through the whole use process, the development of micro data resources is further promoted, and the safety use of the micro data is improved. In addition, the scheme of the invention can promote the research work of the microscopic data, so that the microscopic data can better serve the macroscopic decision and serve the public.
Drawings
In order to more clearly illustrate the technical solutions of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 illustrates a flow chart of a method for securely managing microscopic data usage according to an exemplary embodiment of the present invention.
FIG. 2 illustrates a flow chart of a use application approval of microscopic data according to one embodiment of the present invention.
Fig. 3 illustrates a security architecture diagram for microscopic data use according to an exemplary embodiment of the present invention.
Fig. 4 illustrates a block diagram of a data download auditing subsystem according to an exemplary embodiment of the present invention.
FIG. 5 illustrates a flow chart of staged outcome detection and management in accordance with an illustrative example of the invention.
Fig. 6 shows a block diagram of a result recognition module according to an exemplary embodiment of the invention.
FIG. 7 illustrates a flowchart for constructing and training a microscopic data detection model according to an exemplary embodiment of the present invention.
FIG. 8 is a system diagram for securely managing microscopic data usage in accordance with an exemplary embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
As used herein, the terms "first," "second," and the like may be used to describe elements in exemplary embodiments of the present invention. These terms are only used to distinguish one element from another element, and the inherent feature or sequence of the corresponding element, etc. is not limited by the terms. Unless defined otherwise, all terms (including technical or scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Those skilled in the art will understand that the devices and methods of the present invention described herein and illustrated in the accompanying drawings are non-limiting exemplary embodiments and that the scope of the present invention is defined solely by the claims. The features illustrated or described in connection with one exemplary embodiment may be combined with the features of other embodiments. Such modifications and variations are intended to be included within the scope of the present invention.
Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the drawings, detailed descriptions of related known functions or configurations are omitted so as not to unnecessarily obscure the technical gist of the present invention. In addition, throughout the description, the same reference numerals denote the same circuits, modules or units, and repetitive descriptions of the same circuits, modules or units are omitted for brevity.
Furthermore, it should be understood that one or more of the following methods or aspects thereof may be performed by at least one control unit or controller. The terms "control unit", "controller", "control module" or "master" may refer to a hardware device comprising a memory and a processor. The memory or computer-readable storage medium is configured to store program instructions, and the processor is specifically configured to execute the program instructions to perform one or more processes that will be described further below. Moreover, it should be appreciated that the following methods may be performed by including a processor in combination with one or more other components, as will be appreciated by those of ordinary skill in the art.
The invention provides a safety control scheme for counting microscopic data use, which combines the safety problems of each data use process, so that the data safety management runs through the whole use process, and provides help for further promoting data resource development and improving the safety of the counted microscopic data.
FIG. 1 illustrates a flow chart of a method for securely managing microscopic data usage according to an exemplary embodiment of the present invention.
As shown in fig. 1, the method for security management of microscopic data use includes:
s1, authenticating a use application of microscopic data proposed by a user;
s2: storing the microscopic data in a physical isolation server, performing security audit on the authenticated use application, and providing microscopic data downloading;
s3: and when the microscopic data passes the security audit, the method is used for carrying out result control on the downloaded microscopic data and outputting a result after the result control on the user.
According to one or more embodiments of the present invention, wherein in S1, the data is applied based on the entity and person real name authentication. For example, in the stage of applying and auditing microscopic data, a safe and controllable application flow is designed to control the data safety. The application of microscopic data is required to rely on institutions, the regulatory authorities define institutions or institution ranges meeting the conditions, the institutions issue data use applications, the regulatory authorities examine and approve the institutions, and after the examination and approval are passed, researchers or users in the institutions can issue data applications.
According to one or more embodiments of the present invention, for example, a researcher or a user in an organization can apply for data, but personal key information such as a mobile phone number, an identity card number and the like must be filled in, and a supervision department carries out real-name authentication on the researcher information by technical means and relies on the mobile phone number and the identity card number, so that microscopic data passing authentication can reach a pending approval list of the supervision department by using the application.
FIG. 2 illustrates a flow chart of a use application approval of microscopic data according to one embodiment of the present invention.
As shown in fig. 2, the organization fills out the application form of the microscopic data and submits the application, after the approval of the application by the monitoring department, the researchers or users in the organization fill out the application form and perform real-name authentication (for example, may perform short message authentication), after the authentication is passed, the supervision department approves the application, and after the approval is passed, the users have the authority to access the microscopic data. The supervision department sets the admittance range and standard of the institution, the use application is proposed by the institution in the range, and the supervision department approves, so that the data transmission range can be reduced, and the risk is reduced. The real name and short message authentication ensures the true information of personnel, and can effectively manage and control the data user.
In accordance with one or more embodiments of the present invention, in S2, the regulatory body sets up a microscopic data use mechanism based on access control and security audits. For example, the regulatory authorities establish a physical isolation server environment, store microscopic data, and deploy data download auditing subsystems. After a user enters a place where the micro data is used, logging in the data downloading auditing subsystem through a real-name authentication account number which is approved by the thin client, downloading the micro data, analyzing the micro data and finally forming a staged result for the user.
Fig. 3 illustrates a security architecture diagram for microscopic data use according to an exemplary embodiment of the present invention.
As shown in fig. 3, the micro data is stored in a physical isolation server in a physical isolation environment, and is connected with a designated thin client through a dedicated line, so that a data user can only enter a designated data use place to download the data, and the micro data cannot be taken away, thus forming a closed loop for the use circulation of the data. And a firewall is arranged between the thin client and the physical isolation server and is used for carrying out security management on the application from the thin client. In addition, on the framework, a physical access control layer is also constructed, so that microscopic data leakage risks can be effectively prevented.
According to one or more embodiments of the present invention, the data download auditing subsystem also builds a second layer of access control, further reinforcing the security of data usage. In the step S2, the data downloading auditing subsystem realizes IP control access, namely, a data using place is configured to a computer IP of a data user to add a white list, and the data downloading auditing subsystem is authorized to be accessed. After receiving the HTTP request, the data downloading audit subsystem acquires the request IP, judges whether the request IP is in the white list, and forbids access if the request IP is not in the white list. In addition, the data downloading audit subsystem realizes real name login authentication, and multiple security audit logins are formed by matching the real name mobile phone number registered when a user applies for data and the user name and the password. In addition, the data downloading audit subsystem also carries out the summary and management of audit logs, namely, access and use of microscopic data and log audit and summary are carried out, so that abnormal behaviors are found and processed in time, and abuse and leakage of the microscopic data are prevented.
Fig. 4 illustrates a block diagram of a data download auditing subsystem according to an exemplary embodiment of the present invention.
As shown in fig. 4, the data download auditing subsystem includes: the data downloading permission module is used for verifying the user login information and checking the user data permission; the real name login authentication module is used for verifying information of names, passwords and mobile phone verification codes input by a user; the IP access control module is used for configuring a white list for the access control of the user and checking the IP logged in by the user; and the audit log module is used for auditing and summarizing logs recorded in the data downloading authority module, the real-name login authentication module and the IP access control module so as to discover and process abnormal behaviors. The data downloading authority module, the real-name login authentication module and the IP access control module all comprise a log recording module for recording and arranging logs generated in the three modules.
In accordance with one or more embodiments of the present invention, in S3, OCR-based outcome management is implemented. For example, in microscopic data, various data formats, such as text, picture, etc., are included, and OCR (optical character recognition) is a process of analyzing, recognizing and processing (editing) text data in the microscopic data to obtain text, picture, and layout information, and at the same time, recognizing the text in the text data.
In accordance with one or more embodiments of the present invention, during the effort management stage, researchers or users in the institution write staged efforts and apply for rollout by using or developing research on applied microscopic data, by using software (e.g., text processing software, office or wps, etc.) installed on the physical isolation server side for editing the microscopic data through the thin client.
According to one or more embodiments of the present invention, due to the complex format of the editable file (e.g., word file), the multiple functions, such as hiding the form, text, etc., the staged effort approval personnel may not be able to accurately control the file content, so that there is a risk that the researchers take away the data from the effort file, and the staged effort file needs to be detected and managed by technical means.
FIG. 5 illustrates a flow chart of staged outcome detection and management in accordance with an illustrative example of the invention.
As shown in fig. 5, text data in microscopic data applied for use by a user is analyzed and recognized by OCR; and after the analysis and identification result passes, the supervision mechanism examines and approves the passed result, and after the examination and approval pass, the user obtains the passed result. For example, after a researcher submits a Word format file, the researcher submits a result detection system to detect, and the detection system calls a third party plug-in to convert the Word format into a picture, so that the risk of data leakage caused by a hiding function is eliminated. The training model is combined through the OCR technology, the picture is identified, and when the abnormal condition is detected, the detection system automatically gives an early warning, and the user cannot take away from the document.
Fig. 6 shows a block diagram of a result recognition module according to an exemplary embodiment of the invention.
As shown in fig. 6, after image processing is performed on editable data in the microscopic data, image recognition is performed, a recognition model is trained through a microscopic data set, analysis recognition processing is performed on data of a stepwise outcome in the microscopic data based on the recognition model, an OCR detection threshold is set, when the result of the analysis recognition processing passes the OCR detection threshold, it is determined that the result of the analysis recognition processing passes, and if not, a user can take away the outcome, and early warning is performed.
In accordance with one or more embodiments of the present invention, image processing, text detection, text recognition, rule configuration, rule comparison peer modules are primarily involved in OCR detection of microscopic data. The image processing is to pre-process the input picture, such as scaling, clipping, denoising, etc., to improve the recognition effect. The text detection is to use OCR algorithm to mark and detect the areas such as characters, pictures, tables and the like in the pictures, and record the number of the areas of the pictures and the tables. Text recognition is the recognition of words in areas. The rule configuration is to configure abnormal rules aiming at the risk of taking the file away from microscopic data, such as rules of the file containing sensitive information (including information such as identification card number, mobile phone number, name and the like), rules of excessive number type text of the file, rules of excessive number of file forms and the like. And the verification and identification result is that the picture detection content is verified with the rule, and when the picture detection content is found to be matched with the rule, an early warning is sent, and the user is not allowed to take away from the file.
According to one or more embodiments of the present invention, the core of the analysis and recognition processing of the order Duan Xingcheng achievement is the establishment of a recognition model, and through model training, a microscopic data detection model based on a Convolutional Neural Network (CNN) is constructed, so that statistical microscopic information such as identification card numbers, mobile phone numbers, home addresses, enterprise names, organization codes and the like is mainly detected and recognized. The convolutional neural network (Convolutional Neural Networks, abbreviated as CNN) is a neural network designed specifically for image analysis, and utilizes a spatial proximity assumption, i.e. pixels in an image have strong correlation with each other, to automatically extract meaningful features from an original image, and simultaneously reduce the number of parameters to be trained by sharing weights, thereby improving generalization capability of a model and reducing risk of overfitting.
FIG. 7 illustrates a flowchart for constructing and training a microscopic data detection model according to an exemplary embodiment of the present invention.
As shown in fig. 7, in accordance with one or more embodiments of the present invention, the microscopic data detection model is constructed and trained as follows:
s21, preparing data, wherein the prepared data set comprises input data and corresponding labels, and the labels are used for judging the type of the input data. For example, a mobile phone number data set example is shown below, which includes three pictures of mobile phone numbers, and the data set label is a mobile phone number. One data set that may be used for training typically contains tens of thousands of pictures.
S22, defining a training model stage, namely defining a convolution layer, a pooling layer, a full connection layer and an activation function. Wherein the convolution layer is used to extract spatial structure information of the input features. Assuming that an input feature map (input feature map) is X, a convolution kernel (kernel) is W, and a bias term (bias) is b, a calculation formula of the output feature map Y of the convolution layer is: y=f (W x+b), where X represents the convolution operation and f represents the activation function. The pooling layer is used for reducing the space size of the feature map, reducing the computational complexity and retaining the main features. Common Pooling operations are Max Pooling (Max Pooling), average Pooling (Average Pooling), and the like. Full tie layer (Fully Connected Layer): the fully connected layer is used to map the output features of the convolutional layer or the pooling layer to the final classification result. Assuming that an input feature vector x, a weight matrix W and a bias term b are provided, the calculation formula of the full connection layer is as follows: y=f (W x+b). Activation function (Activation Function): the activation function is used to introduce nonlinear transformations that increase the expressive power of the model. Common activation functions are a ReLU function, a Sigmoid function, a Tanh function, and the like.
S23, initializing a parameter stage, namely, initializing parameters to determine a learning starting point of a model, wherein the common parameter initializing method comprises the following steps: random initialization: this is one of the most commonly used methods, where the parameters of the model are randomly set to a range, such as [ -0.01,0.01]. Initializing uniform distribution: the parameters of the model are uniformly distributed over a range, such as [ -1,1]. Normal distribution initialization: the parameters of the model are set to normal distribution, e.g., μ=0, σ=0.01. Xavier initialization: this is an improved normal distribution initialization method that can make parameter initialization for each layer more reasonable. He initialization: this is a variant of Xavier initialization, which is particularly applicable to the case of a ReLU activation function.
S24, training a model stage, wherein model training is an iterative process by updating parameters of the model to be as close as possible to training data. Parameters of the model are updated using optimization algorithms such as gradient descent, adam, etc.
S25, verifying the model adjustment stage, namely periodically verifying the model performance, and adjusting the model parameters to improve the model accuracy. After the microscopic data detection model is built, based on the model, identifying and detecting pictures converted and output by Word format achievements, outputting results, comparing the results with a threshold rule, and when the number of identification card numbers, mobile phone numbers and the like is larger than a threshold value, sending out early warning.
FIG. 8 is a system diagram for securely managing microscopic data usage in accordance with an exemplary embodiment of the present invention.
As shown in fig. 8, a system for securely managing microscopic data usage includes: the application authentication subsystem is used for authenticating application of the microscopic data proposed by the user and is used for storing the physical isolation server of the microscopic data; the data downloading auditing subsystem is used for carrying out security audit on the authenticated application and providing downloading of microscopic data; and the result management and control subsystem is used for performing result management and control on the downloaded microscopic data after passing the security audit and outputting the result after the result management and control to the user.
According to one or more embodiments of the present invention, the user accesses the physical quarantine server through a thin client using an account number approved by a regulatory agency, and the data download auditing subsystem is configured to: performing white list security control on the access of the user; and carrying out real-name login authentication on the user, and carrying out log audit and summarization on the application and data downloading accessing the isolation server so as to discover and handle abnormal behaviors.
According to one or more embodiments of the invention, the effort management subsystem is configured to: analyzing, identifying and processing text data in microscopic data applied by a user through OCR; and after the analysis and identification result passes, the supervision mechanism examines and approves the passed result, and after the examination and approval pass, the user obtains the passed result.
According to one or more embodiments of the present invention, the effort management subsystem includes a model for detecting microscopic data based on a convolutional neural network, wherein the microscopic data after the OCR process is detected based on the model to obtain a result of the analysis recognition process, and an OCR detection threshold is set in the effort management subsystem, and when the result of the analysis recognition process passes the OCR detection threshold, it is determined that the result of the analysis recognition process passes.
By the scheme for safely controlling the use of the micro data, the safety problem of the development and use of the statistical micro data can be effectively avoided, so that the use safety of the micro data is controlled, the research work of the micro data is promoted, the micro data can better serve macroscopic decision making, and the social public can be served.
In accordance with one or more embodiments of the present invention, control logic in the devices and systems of the present invention may implement processes as in the above systems of the present invention using encoded instructions (e.g., computer and/or machine readable instructions) stored on a non-transitory computer and/or machine readable medium (e.g., hard disk drive, flash memory, read-only memory, optical disk, digital versatile disk, cache, random access memory, and/or any other storage device or storage disk) where information during any time period (e.g., extended period of time, permanent, transient instance, temporary cache, and/or information cache) is stored. As used herein, the term "non-transitory computer-readable medium" is expressly defined to include any type of computer-readable storage device and/or storage disk and to exclude propagating signals and to exclude transmission media.
Logic in the system of the present invention may be implemented using control circuitry, (control logic, a master control system, or a control module) that may include one or more processors or may include a non-transitory computer readable medium therein, in accordance with one or more embodiments of the present invention. In particular, the master control system or control module may comprise a microcontroller MCU. Processors used to implement the processing of logic in the system of the present invention may be, for example, but are not limited to, one or more single-core or multi-core processors. The processor(s) may include any combination of general-purpose processors and special-purpose processors (e.g., graphics processors, application processors, etc.). The processor may be coupled to and/or may include a memory/storage device and may be configured to execute instructions stored in the memory/storage device to implement various applications and/or operating systems running on the controller of the present invention.
The following are further examples of the invention:
example 1. A method for secure management of microscopic data usage, the method comprising: s1, authenticating a use application of microscopic data proposed by a user; s2: storing the microscopic data in a physical isolation server, performing security audit on the authenticated use application, and providing microscopic data downloading; s3: and when the microscopic data passes the security audit, the method is used for carrying out result control on the downloaded microscopic data and outputting a result after the result control on the user.
Example 2. The method of example 1, wherein in S1, the user is a eligible facility or facility scope determined by a microscopic data authority; the application of using the microscopic data is provided by the mechanism, and the application of using the microscopic data can be provided by a user under the mechanism after the application is passed by the approval of the mechanism by the supervision department.
Example 3 the method of example 1, wherein in S2, the user accesses the physical quarantine server through a thin client using an account number approved by a regulatory agency, and the security audit comprises: performing white list security control on the access of the user; performing real-name login authentication on the user; and log auditing and summarizing the application for use and the data downloading accessing the isolation server to discover and handle abnormal behaviors.
Example 4 the method of example 1, wherein in the S3, the effort management comprises: analyzing, identifying and processing text data in microscopic data applied by a user through OCR; and after the analysis and identification result passes, the supervision mechanism examines and approves the passed result, and after the examination and approval pass, the user obtains the passed result.
An example 5 is the method according to example 4, wherein an OCR detection threshold is set in the analysis recognition process, and when the result of the analysis recognition process passes the OCR detection threshold, it is determined that the result of the analysis recognition process passes.
Example 6. The method of example 4, wherein in the analysis recognition process, a microscopic data detection model based on a convolutional neural network is constructed, and the OCR processed microscopic data is detected based on the model to obtain a result of the analysis recognition process.
Example 7. The method of example 6, wherein the microscopic data detection model analysis identifies the processed information to include one or more of an identity card number, a cell phone number, a home address, a business name, and an organization code of the applicant.
Example 8 the method of example 7, wherein the microscopic data is text material and the OCR recognition is a recognition process of the text material to obtain one or more of text, picture and layout information.
Example 9. The method of any of examples 1-8, wherein the output of the applicant's application use of the microscopic data comprises: after the applicant develops and researches the microscopic data, the software in the physical isolation server is used by the thin client to process the developed and researched staged results and output the processed staged results.
Example 10 the method of any one of examples 1-9, wherein constructing the microscopic data detection model comprises: preparing a data set comprising input data and corresponding labels, wherein the input data comprises data to be detected, and the labels are used for judging the category of the data to be trained; defining a convolution layer, a pooling layer, a full connection layer and an activation function of the microscopic data detection model; initializing parameters in the microscopic data detection model, setting training data of input data, and updating model parameters through an optimization algorithm to train the model repeatedly; the performance and accuracy of the model are verified and adjusted regularly.
Example 11. A system for secure management of microscopic data usage, the system comprising: the application authentication subsystem is used for authenticating application of the microscopic data proposed by the user and is used for storing the physical isolation server of the microscopic data; the data downloading auditing subsystem is used for carrying out security audit on the authenticated application and providing downloading of microscopic data; and the result management and control subsystem is used for performing result management and control on the downloaded microscopic data after passing the security audit and outputting the result after the result management and control to the user.
Example 12 the system of example 11, wherein,
the user accesses the physical isolation server through the thin client by using an account number approved by a supervision department, and the data downloading auditing subsystem is used for: performing white list security control on the access of the user; and carrying out real-name login authentication on the user, and carrying out log audit and summarization on the application and data downloading accessing the isolation server so as to discover and handle abnormal behaviors.
Example 13 the system of example 11, wherein the effort management subsystem is to: analyzing, identifying and processing text data in microscopic data applied by a user through OCR; and after the analysis and identification result passes, the supervision mechanism examines and approves the passed result, and after the examination and approval pass, the user obtains the passed result.
Example 14 the system of example 13, wherein the effort management subsystem includes a microscopic data detection model based on a convolutional neural network, wherein the post-OCR-process microscopic data is detected based on the model to obtain a result of the analytical recognition process, and wherein an OCR detection threshold is set in the effort management subsystem, and wherein when the result of the analytical recognition process passes the OCR detection threshold, the result of the analytical recognition process is determined to pass.
Example 15 the system of example 11, wherein the data download auditing subsystem includes: the data downloading permission module is used for verifying the user login information and checking the user data permission; the real name login authentication module is used for verifying information of names, passwords and mobile phone verification codes input by a user; the IP access control module is used for configuring a white list for the access control of the user and checking the IP logged in by the user; and the audit log module is used for auditing and summarizing logs recorded in the data downloading authority module, the real-name login authentication module and the IP access control module so as to discover and process abnormal behaviors.
Example 16 the system of example 11, wherein a firewall is disposed between the thin client and the physical quarantine server to securely manage usage applications from the thin client.
Example 18. One or more non-transitory storage media having instructions stored thereon that, when executed by a processor, cause the processor to implement the method of any of examples 1-10.
The figures and detailed description of the invention referred to above as examples of the invention are intended to illustrate the invention, but not to limit the meaning or scope of the invention described in the claims. Accordingly, modifications may be readily made by one skilled in the art from the foregoing description. In addition, one skilled in the art may delete some of the constituent elements described herein without deteriorating the performance, or may add other constituent elements to improve the performance. Furthermore, one skilled in the art may vary the order of the steps of the methods described herein depending on the environment of the process or equipment. Thus, the scope of the invention should be determined not by the embodiments described above, but by the claims and their equivalents.
While the invention has been described in connection with what is presently considered to be practical, it is to be understood that the invention is not to be limited to the disclosed embodiments, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A method for securely managing microscopic data usage, the method comprising:
s1, authenticating a use application of microscopic data proposed by a user;
s2: storing the microscopic data in a physical isolation server, performing security audit on the authenticated use application, and providing microscopic data downloading;
s3: and when the microscopic data passes the security audit, the method is used for carrying out result control on the downloaded microscopic data and outputting a result after the result control on the user.
2. The method of claim 1, wherein in said S1, said user is a compliant institution or institution range determined by a microscopic data authority; wherein,
the application of using the microscopic data is provided by the mechanism, and the application of using the microscopic data can be provided by a user under the mechanism after the application is passed by the approval of the mechanism by the supervision department.
3. The method of claim 1, wherein in S2, the user accesses the physical quarantine server through a thin client using an account number approved by a regulatory agency, and the security audit comprises:
performing white list security control on the access of the user;
performing real-name login authentication on the user; and
log auditing and summarizing the application for use and data downloading accessing the isolation server to discover and handle abnormal behavior.
4. The method of claim 1, wherein in S3, the effort management comprises:
analyzing, identifying and processing text data in microscopic data applied by a user through OCR;
and after the analysis and identification result passes, the supervision mechanism examines and approves the passed result, and after the examination and approval pass, the user obtains the passed result.
5. The method according to claim 4, wherein an OCR detection threshold is set in the analysis recognition process, and when a result of the analysis recognition process passes the OCR detection threshold, it is determined that the result of the analysis recognition process passes.
6. The method according to claim 4, wherein in the analysis recognition process, a microscopic data detection model based on a convolutional neural network is constructed, and microscopic data after OCR processing is detected based on the model to obtain a result of the analysis recognition process.
7. A system for securely managing microscopic data usage, the system comprising:
an application authentication subsystem for authenticating application of microscopic data to the user,
a physical isolation server for storing the microscopic data;
the data downloading auditing subsystem is used for carrying out security audit on the authenticated application and providing downloading of microscopic data;
and the result management and control subsystem is used for performing result management and control on the downloaded microscopic data after passing the security audit and outputting the result after the result management and control to the user.
8. The system of claim 7, wherein,
the user accesses the physical isolation server through the thin client by using the account number approved by the supervision department, and
the data downloading audit subsystem is used for: performing white list security control on the access of the user; and carrying out real-name login authentication on the user, and carrying out log audit and summarization on the application and data downloading accessing the isolation server so as to discover and handle abnormal behaviors.
9. The system of claim 7, wherein the effort management subsystem is configured to:
analyzing, identifying and processing text data in microscopic data applied by a user through OCR;
and after the analysis and identification result passes, the supervision mechanism examines and approves the passed result, and after the examination and approval pass, the user obtains the passed result.
10. The system of claim 9, wherein the system further comprises a controller configured to control the controller,
the achievement management and control subsystem comprises a microscopic data detection model based on a convolutional neural network, wherein the microscopic data after OCR processing is detected based on the model to obtain the result of the analysis and recognition processing, and
and setting an OCR (optical character recognition) detection threshold in the result management and control subsystem, and determining that the result of the analysis and recognition processing passes when the result of the analysis and recognition processing passes the OCR detection threshold.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311585787.8A CN117592119A (en) | 2023-11-24 | 2023-11-24 | Method and system for secure management of microscopic data usage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311585787.8A CN117592119A (en) | 2023-11-24 | 2023-11-24 | Method and system for secure management of microscopic data usage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117592119A true CN117592119A (en) | 2024-02-23 |
Family
ID=89914726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311585787.8A Pending CN117592119A (en) | 2023-11-24 | 2023-11-24 | Method and system for secure management of microscopic data usage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117592119A (en) |
-
2023
- 2023-11-24 CN CN202311585787.8A patent/CN117592119A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10554659B2 (en) | Anonymizing biometric data for use in a security system | |
| US10558797B2 (en) | Methods for identifying compromised credentials and controlling account access | |
| US10936711B2 (en) | Systems and mechanism to control the lifetime of an access token dynamically based on access token use | |
| CN104364790B (en) | System and method for implementing dual factor anthentication | |
| US11979504B2 (en) | Blockchain architecture conforming to general data protection regulation for management of personally identifiable information | |
| US20220086131A1 (en) | Multi-factor authentication for non-internet applications | |
| US11381972B2 (en) | Optimizing authentication and management of wireless devices in zero trust computing environments | |
| CN106030527B (en) | By the system and method for application notification user available for download | |
| CN112465513A (en) | Network security system and method based on identity authentication | |
| KR102188775B1 (en) | Method and system for remotely controlling client terminals using face recognition and face recognition terminal | |
| CN117150461A (en) | Platform access method and device, electronic equipment and storage medium | |
| CN116506206A (en) | Big data behavior analysis method and system based on zero trust network user | |
| CN117592119A (en) | Method and system for secure management of microscopic data usage | |
| US20220394042A1 (en) | Protecting physical locations with continuous multi-factor authentication systems | |
| US20240152640A1 (en) | Managing access to data stored on a terminal device | |
| CN112632607A (en) | Data processing method, device and equipment | |
| CN111767575A (en) | Data anti-crawling method, device, equipment and computer readable storage medium | |
| US11777959B2 (en) | Digital security violation system | |
| Kudtarkar | Android botnet detection using signature data and ensemble machine learning | |
| CN111400750B (en) | Trusted measurement method and device based on access process judgment | |
| CN115277046B (en) | 5G capability open security control method, device, equipment and storage medium | |
| CN117742626B (en) | Multi-factor authentication cloud printer access control method and related device | |
| CN117978556B (en) | Data access control method, network switching subsystem and intelligent computing platform | |
| Dule et al. | A Crypto-Blocking Approach for the Security Paradigm for Aadhar Towards Privacy Preservation on Cloud Infrastructure | |
| Shannaq et al. | A security analysis to be technology architecture for ministry of regional municipalities and water resources (MRMWR) Sultanate of Oman |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |