WO2022161327A1 - 一种多层级安全保护的流数据处理方法及系统 - Google Patents

一种多层级安全保护的流数据处理方法及系统 Download PDF

Info

Publication number
WO2022161327A1
WO2022161327A1 PCT/CN2022/073610 CN2022073610W WO2022161327A1 WO 2022161327 A1 WO2022161327 A1 WO 2022161327A1 CN 2022073610 W CN2022073610 W CN 2022073610W WO 2022161327 A1 WO2022161327 A1 WO 2022161327A1
Authority
WO
WIPO (PCT)
Prior art keywords
stream data
query
preset
security level
security
Prior art date
Application number
PCT/CN2022/073610
Other languages
English (en)
French (fr)
Inventor
刘睿民
Original Assignee
威讯柏睿数据科技(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 威讯柏睿数据科技(北京)有限公司 filed Critical 威讯柏睿数据科技(北京)有限公司
Publication of WO2022161327A1 publication Critical patent/WO2022161327A1/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24568Data stream processing; Continuous queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Definitions

  • the present application relates to the field of stream data processing, and more particularly, to a method and system for stream data processing with multi-level security protection.
  • Streaming data security is an active data security protection measure. It must be based on reliable security protection technology and security system to fully guarantee stream data security from stream data itself to stream data access.
  • the database security protection technology mainly adopts several methods such as access analysis, SQL (structured query) security analysis, and authority control.
  • Access analysis is a stream data security protection method that realizes database access control by analyzing database logs
  • SQL security assessment is a stream data security protection method that realizes SQL access control by analyzing the source and use of SQL
  • permission control is a method to realize stream data security protection by controlling user permissions, that is, through the analysis and control of database user permissions , permission control can effectively determine whether there is excessive authorization or improper authorization in access authorization; but whether it is access analysis, SQL security assessment, or permission control, they all belong to a single-level traditional database protection method, that is, only limited to the access side. control, and does not involve the protection of the stream data itself.
  • the present invention provides a stream data processing method for multi-level security protection, which is used to solve the technical problem that security protection cannot be performed from the stream data itself in the prior art, and the method includes:
  • the stream data to be queried is obtained based on a time window and the encrypted stream data, where the time window is a window for accumulating the encrypted stream data.
  • the method further includes:
  • the user's query authority is determined according to the preset security level rule base, and the query authority is in one-to-one correspondence with the security level;
  • query flow data based on the query authority, where the query flow data is the to-be-queried flow data corresponding to the query authority;
  • the query stream data is decrypted according to the preset security encryption algorithm library, and the decrypted query stream data is returned to the user as a query result.
  • the method before converting the received stream data into a preset format and performing security level setting on the stream data according to a preset security level rule base to obtain marked stream data, the method further includes:
  • a stream data connector and a preset named pipe corresponding to the quantity are created according to the quantity of the stream data.
  • the method further includes:
  • the encrypted stream data is connected to the stream data connector through the preset named pipe, so that the time window processes the encrypted stream data.
  • the method further includes:
  • the query result is deleted or stored in a database corresponding to the security level of the query result.
  • the present invention also discloses a stream data processing system with multi-level security protection, the system comprising:
  • the security level module after converting the received stream data into a preset format, sets a security level for the stream data according to the preset security level rule base and obtains the marked stream data;
  • an encryption module performing encryption processing on the marked stream data according to a preset security encryption algorithm library to obtain encrypted stream data
  • the accumulation module obtains stream data to be queried based on a time window and the encrypted stream data, where the time window is a window for accumulating the encrypted stream data.
  • system further includes:
  • a permission determination module when the user sends a query request, determines the query permission of the user according to the preset security level rule base, and the query permission corresponds to the security level one-to-one;
  • a query module that obtains query flow data based on the query authority, where the query flow data is the to-be-queried flow data corresponding to the query authority;
  • the decryption module decrypts the query stream data according to the preset security encryption algorithm library, and returns the decrypted query stream data to the user as a query result.
  • system further includes a configuration module, and the configuration module is specifically configured to:
  • a stream data connector and a preset named pipe corresponding to the quantity are created according to the quantity of the stream data.
  • the system further includes a connection module, and the connection module is specifically used for:
  • the encrypted stream data is connected to the stream data connector through the preset named pipe, so that the time window processes the encrypted stream data.
  • system further includes a processing module, and the processing module is specifically configured to:
  • the query result is deleted or stored in a database corresponding to the security level of the query result.
  • the invention discloses a multi-level security protection stream data processing method and system.
  • the method includes: after converting the received stream data into a preset format, setting the stream data according to a preset security level rule base security level and obtain marked stream data; perform encryption processing on the marked stream data according to a preset security encryption algorithm library to obtain encrypted stream data; obtain the stream data to be queried based on the time window and the encrypted stream data, where the time window is A window for accumulating the encrypted stream data, so as to perform security protection from the stream data itself, further improving the security of the stream data.
  • FIG. 1 is a schematic flowchart of a method for processing stream data with multi-level security protection proposed by an embodiment of the present application
  • FIG. 2 is an architecture diagram of a multi-level security protection parallel processing of multiple stream data proposed by an embodiment of the present application
  • FIG. 3 is a schematic flowchart of a method for processing stream data with multi-level security protection proposed by another embodiment of the present application
  • Fig. 4 is the schematic flow chart of a kind of multi-level security protection stream data processing method proposed by another embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of a stream data processing system with multi-level security protection proposed by an embodiment of the present application.
  • first and second are only used for descriptive purposes, and should not be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as “first” or “second” may expressly or implicitly include one or more of that feature. In the description of this application, unless stated otherwise, "plurality" means two or more.
  • the terms “installed”, “connected” and “connected” should be understood in a broad sense, for example, it may be a fixed connection or a detachable connection Connection, or integral connection; can be mechanical connection, can also be electrical connection; can be directly connected, can also be indirectly connected through an intermediate medium, can be internal communication between two elements.
  • installed should be understood in a broad sense, for example, it may be a fixed connection or a detachable connection Connection, or integral connection; can be mechanical connection, can also be electrical connection; can be directly connected, can also be indirectly connected through an intermediate medium, can be internal communication between two elements.
  • the method includes:
  • streaming data is a set of real-time, continuous, unbounded, and loosely structured data sequences, mainly unstructured data, such as web-based website behavior monitoring data, mobile phone location information, tweets on social media, computer Or the running log of the server, etc.
  • unstructured data such as web-based website behavior monitoring data, mobile phone location information, tweets on social media, computer Or the running log of the server, etc.
  • the preset format can be set as required.
  • the preset format may be a CSV (Comma Separated Value) format.
  • the security level rules of the preset security level rule base can be customized according to user needs.
  • the rule base is divided into different security levels for convection data, databases, data tables, and users, and the objects of different security levels are defined. Permissions and one-to-one correspondence. Different objects have different security levels. Access requests with higher security levels can access stream data, processing results, database systems and data files (including data tables) of the same level or lower security level, but access requests with lower security levels cannot access higher security levels than the access request.
  • the stream data accessed includes stream data source data, stream data real-time processing and analysis results, and stored stream data.
  • the The method before converting the received stream data into a preset format and setting the security level of the stream data according to the preset security level rule base to obtain the marked stream data, the The method also includes:
  • a stream data connector and a preset named pipe corresponding to the quantity are created according to the quantity of the stream data.
  • the stream data event listener when receiving one or more stream data in real time, the stream data event listener will monitor the stream data. Once the stream has data access, the stream data event listener will send a notification to the system.
  • the general stream data event listener The controller runs on the master node of the distributed cluster. When receiving the notification of receiving the stream data sent by the stream data event listener, it creates a stream data connector and a stream data connector corresponding to the stream data quantity according to the stream data quantity.
  • a preset named pipe the preset named pipe can be set according to the actual situation, and optionally, the preset named pipe can be a Linux (clone system) named pipe.
  • the marked stream data is encrypted according to a preset security encryption algorithm library, and encrypted stream data is obtained after processing, and the preset security encryption algorithm library can be set according to user requirements.
  • the method further includes:
  • the encrypted stream data is connected to the stream data connector through the preset named pipe, so that the time window processes the encrypted stream data.
  • each stream data is transmitted through a preset named pipe that is created in advance and corresponds to each stream data, and runs on multiple computing nodes in the distributed cluster.
  • the corresponding stream data connector is connected.
  • the stream data connector runs in the memory and is used to accumulate the connected stream data in the memory.
  • the encrypted stream data can be processed through a time window.
  • the time window can be based on The time needs to be set. For example, setting a time window of 5 minutes means that the encrypted stream data is accumulated in a time window of 5 minutes. After 5 minutes, the accumulated stream data is stored in the memory.
  • an event window can also be used to process stream data instead of a time window, which all belong to the protection scope of the present application.
  • S103 Obtain stream data to be queried based on a time window and the encrypted stream data, where the time window is a window for accumulating the encrypted stream data.
  • the encrypted stream data is accumulated in a configurable time window to generate the stream data to be queried, and wait for the user's query.
  • the method further includes:
  • the user's query authority is determined according to the preset security level rule base, and the query authority is in one-to-one correspondence with the security level;
  • query flow data based on the query authority, where the query flow data is the to-be-queried flow data corresponding to the query authority;
  • the query stream data is decrypted according to the preset security encryption algorithm library, and the decrypted query stream data is returned to the user as a query result.
  • the user's query authority is first judged according to the preset security level rule base, and the query authority corresponds to the above-mentioned security level one-to-one, and then the query flow data is obtained according to the user's query authority.
  • the query stream data is the to-be-queried stream data corresponding to the query authority.
  • the query stream data is decrypted according to a preset security encryption algorithm library, and after decryption, the decryption result is returned to the query result as the query result.
  • the preset security encryption algorithm library sets different decryption permissions for different users. When the decryption permission of the user is less than the decryption permission of the obtained query stream data, the query stream data cannot be decrypted. Further protection of streaming data.
  • the user's query authority can query stream data with the same security level as his own or a lower security level than himself.
  • the security level of user 1 is a
  • the preset security level starts from a and decreases sequentially. is small, then user 1 can query stream data of all security levels, while user 2's security level is b, so user 2 can only query stream data of security level b or lower than security level b.
  • the method further includes:
  • the query result is deleted or stored in a database corresponding to the security level of the query result.
  • the query result can be deleted according to the user's needs, or the query result can be stored in the database corresponding to the security level of the query result. It can be stored in the data file corresponding to the security level of the query result.
  • the security level of the query result is consistent with the security level of the corresponding stream data before encryption, so that the query result can be saved in the database and data file corresponding to the security level as required, which can further protect the security of the stream data.
  • the user needs to query the stream data or stream data processing analysis results in the database or data file, it is also necessary to judge the user's authority first, and then search for the database or data file corresponding to the security level according to the user's query authority, and return the query result. , to prevent the stream data from being accessed by users without corresponding permissions in the database or data file.
  • the invention discloses a multi-level security protection stream data processing method.
  • the method includes: after converting the received stream data into a preset format, setting a security level for the stream data according to a preset security level rule base and obtain marked stream data; perform encryption processing on the marked stream data according to a preset security encryption algorithm library to obtain encrypted stream data; obtain the stream data to be queried based on the time window and the encrypted stream data, and the time window is for all A window in which the encrypted stream data is accumulated, so that the security protection is carried out from the stream data itself, transmission, access and storage at multiple levels, and the security of the stream data is further improved.
  • FIG. 3 a schematic flowchart of a method for processing stream data with multi-level security protection proposed by another embodiment of the present application, the method includes:
  • S201 Receive single or multiple stream data.
  • the stream data may be single or multiple.
  • the stream data listener monitors the stream data in real time, and sends a notification to the system in real time.
  • the stream data listener monitors the stream data in real time, and sends a notification to the system that the stream data is received in real time.
  • the system judges the quantity of the stream data, creates a stream data connector and a preset named pipe corresponding to the quantity of the stream data through the stream data adapter, and at the same time, the system converts the stream data from the original format to the preset Format stream data, complete the security level setting for different stream data according to the preset security level library, and encrypt the stream data according to the preset security encryption algorithm library.
  • the system After receiving the stream data notification sent by the stream data listener, the system firstly judges the amount of stream data, and then uses the stream data adapter to create stream data connectors and preset names that correspond to the number of stream data. At the same time, the system will convert the stream data from the original format to the stream data in the preset format, and complete the security level setting for different stream data according to the preset security level library, and finally encrypt the stream data according to the preset security encryption algorithm library.
  • the preset security level library and the preset security encryption algorithm library can be set according to user needs.
  • S204 complete the transmission of the corresponding stream data through a preset named pipe, connect with the corresponding stream data connector, load it into the memory on at least one computing node, accumulate, process and analyze the stream data based on the time window, and wait for the query.
  • the transmission of the stream data corresponding to the preset named pipe is completed through the preset named pipe, and then the encrypted stream data and the stream data corresponding to the stream data are transmitted through the preset named pipe.
  • the connectors are docked and loaded into the memory on at least one computing node, and then the streaming data is accumulated and processed based on the time window, waiting for query. This time window can also be replaced by an event window.
  • the system when the user sends a query request, after judging the user's query authority, the system reads the stream data of the same security level as the user's authority and a lower security level from the memory, and decrypts the stream data according to the preset data security encryption algorithm, And generate processing analysis results.
  • the system when a user sends a query request, the system will first determine the user's query authority, which corresponds to the security level of the stream data one-to-one, and then read the same security level as the user's query authority and lower security from the memory. Level stream data, and finally decrypt the stream data according to the preset data security encryption algorithm, and generate processing analysis results.
  • the query ends, the system deletes or stores the stream data processing and analysis results according to user requirements, continues to accumulate data in the time window, and waits for the next query.
  • the system will choose to delete or store the stream data processing and analysis results according to the user's needs. Continue to accumulate data and wait for the user's next query.
  • the time window corresponding to the stream data is closed.
  • the closing of the time window can also be controlled by time, and the time window can also be replaced with an event window.
  • event processing ends, the corresponding event window is closed.
  • the present invention provides a stream data processing method with multi-level security protection, which is different from the "existing data security protection method and system".
  • a preset security level rule base is set, and according to the preset security level library, the stream data itself, the security level of the storage file and the user's query authority are specified, as well as the flow data itself, the security level of the storage file and the user's query authority.
  • a corresponding relationship preset security level rule base that the user can define as needed).
  • the method completes the security level setting of the stream data when the stream data is accessed, and directly loads it into the memory for processing and query, and deletes or stores after the query is completed.
  • FIG. 4 a schematic flowchart of a method for processing stream data with multi-level security protection proposed by another embodiment of the present application, the method includes:
  • S304 determine whether the quantity of the stream data queried by the query request is greater than 1.
  • S305 Acquire accumulated stream data processing results from multiple event windows, and decrypt the stream data according to a preset security encryption algorithm.
  • the accumulated stream data processing results are obtained from multiple event windows, and the stream data is decrypted according to a preset security encryption algorithm.
  • a stream of data is accumulated in an event window, which can optionally be replaced by a time window.
  • S307 Acquire the accumulated stream data processing results from the event window, and decrypt the stream data according to a preset security encryption algorithm.
  • the accumulated stream data processing result is obtained from the event window corresponding to the queried stream data, and the stream data is decrypted according to the preset security encryption algorithm.
  • the accumulated stream data processing results are obtained from multiple event windows, and after the stream data is decrypted according to a preset security encryption algorithm, the multiple stream data processing results are combined.
  • the query ends, the query result is deleted or stored, the event window continues to accumulate stream data, and waits for the next query.
  • an embodiment of the present application proposes a stream data processing system with multi-level security protection, as shown in FIG. 5 , the system includes:
  • the security level module 501 after converting the received stream data into a preset format, sets a security level for the stream data according to the preset security level rule base and obtains marked stream data;
  • An encryption module 502 performing encryption processing on the marked stream data according to a preset security encryption algorithm library to obtain encrypted stream data;
  • the accumulation module 503 obtains stream data to be queried based on a time window and the encrypted stream data, where the time window is a window for accumulating the encrypted stream data.
  • system further includes:
  • a permission determination module when the user sends a query request, determines the query permission of the user according to the preset security level rule base, and the query permission corresponds to the security level one-to-one;
  • a query module which obtains query flow data based on the query authority, where the query flow data is the to-be-queried flow data corresponding to the query authority;
  • the decryption module decrypts the query stream data according to the preset security encryption algorithm library, and returns the decrypted query stream data to the user as a query result.
  • system further includes a configuration module, which is specifically used for:
  • a stream data connector and a preset named pipe corresponding to the quantity are created according to the quantity of the stream data.
  • the system further includes a connection module, which is specifically used for:
  • the encrypted stream data is connected to the stream data connector through the preset named pipe, so that the time window processes the encrypted stream data.
  • system further includes a processing module, and the processing module is specifically used for:
  • the query result is deleted or stored in a database corresponding to the security level of the query result.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种多层级安全保护的流数据处理方法及系统,所述方法包括,在将接收到的流数据转化为预设格式之后,根据预设安全等级规则库为所述流数据设置安全等级并得到标记流数据;根据预设安全加密算法库对所述标记流数据进行加密处理以得到加密流数据;基于时间窗口与所述加密流数据得到待查询流数据,所述时间窗口为对所述加密流数据进行累积的窗口,从而从流数据本身进行安全保护,进一步提高了流数据的安全性。

Description

一种多层级安全保护的流数据处理方法及系统 技术领域
本申请涉及流数据处理领域,更具体地,涉及一种多层级安全保护的流数据处理方法及系统。
背景技术
流数据安全是一种主动性数据安全保护措施,必须基于可靠的安全保护技术与安全体系,才能从流数据本身到流数据访问全面保障流数据安全。
现有技术中,数据库安全保护技术主要采用访问分析、SQL(结构化查询)安全分析和权限控制等几种方式,访问分析是一种通过分析数据库日志实现数据库访问控制的流数据安全保护方法;SQL安全评估是一种通过分析SQL来源及用途实现SQL访问控制的流数据安全保护方法;权限控制是一种通过控制用户权限实现流数据安全保护的方法,即通过对数据库用户权限的分析与控制,权限控制能够有效判定访问授权中是否存在授权过度或权限授予不当的情况;但是不论是访问分析、SQL安全评估,还是权限控制,都属于单一层级的传统数据库保护方法,即仅仅局限于访问端的控制,并不涉及流数据本身的保护。
因此,如何从流数据本身进行安全保护,进一步提高流数据的安全性,成为本领域技术人员亟待解决的技术难题。
发明内容
本发明提供一种多层级安全保护的流数据处理方法,用于解决现有技术中无法从流数据本身进行安全保护的技术问题,该方法包括:
在将接收到的流数据转化为预设格式之后,根据预设安全等级规则库为所述流数据设置安全等级并得到标记流数据;
根据预设安全加密算法库对所述标记流数据进行加密处理以得到加密流数据;
基于时间窗口与所述加密流数据得到待查询流数据,所述时间窗口为对所述加密流数据进行累积的窗口。
一些实施例中,所述方法还包括:
当用户发出查询请求时,根据所述预设安全等级规则库确定用户的查询权限,所述查询权限与所述安全等级一一对应;
基于所述查询权限获取查询流数据,所述查询流数据为与所述查询权限对应的所述待查询流数据;
根据所述预设安全加密算法库对所述查询流数据进行解密,并将解密后的所述查询流数据作为查询结果返回给用户。
一些实施例中,在将接收到的流数据转化为预设格式并根据预设安全等级规则库对所述流数据进行安全等级设置得到标记流数据之前,所述方法还包括:
当接收到流数据事件监听器发送的接收所述流数据通知时,根据所述流数据的数量创建与所述数量对应的流数据连接器和预设命名管道。
一些实施例中,在根据预设安全加密算法库对所述标记流数据进行加密处理得到加密流数据之后,所述方法还包括:
通过所述预设命名管道将所述加密流数据与所述流数据连接器连接,以使所述时间窗口处理所述加密流数据。
一些实施例中,在将解密后的所述流数据作为查询结果返回给用户之后,所述方法还包括:
将所述查询结果删除或存储到与所述查询结果安全等级对应的数据库内。
相应的,本发明还公开了一种多层级安全保护的流数据处理系统,所述系统包括:
安全等级模块,在将接收到的流数据转化为预设格式之后,根据预设安全等级规则库为所述流数据设置安全等级并得到标记流数据;
加密模块,根据预设安全加密算法库对所述标记流数据进行加密处理以得到加密流数据;
累积模块,基于时间窗口与所述加密流数据得到待查询流数据,所述时间窗口为对所述加密流数据进行累积的窗口。
一些实施例中,所述系统还包括:
权限确定模块,当用户发出查询请求时,根据所述预设安全等级规则库确定用户的查询权限,所述查询权限与所述安全等级一一对应;
查询模块,基于所述查询权限获取查询流数据,所述查询流数据为与所述 查询权限对应的所述待查询流数据;
解密模块,根据所述预设安全加密算法库对所述查询流数据进行解密,并将解密后的所述查询流数据作为查询结果返回给用户。
一些实施例中,所述系统还包括配置模块,所述配置模块具体用于:
当接收到流数据事件监听器发送的接收所述流数据通知时,根据所述流数据的数量创建与所述数量对应的流数据连接器和预设命名管道。
一些实施例中,所述系统还包括连接模块,所述连接模块具体用于:
通过所述预设命名管道将所述加密流数据与所述流数据连接器连接,以使所述时间窗口处理所述加密流数据。
一些实施例中,所述系统还包括处理模块,所述处理模块具体用于:
将所述查询结果删除或存储到与所述查询结果安全等级对应的数据库内。
与现有技术相比,本申请具有以下有益效果:
本发明公开了一种多层级安全保护的流数据处理方法及系统,所述方法包括,在将接收到的流数据转化为预设格式之后,根据预设安全等级规则库为所述流数据设置安全等级并得到标记流数据;根据预设安全加密算法库对所述标记流数据进行加密处理以得到加密流数据;基于时间窗口与所述加密流数据得到待查询流数据,所述时间窗口为对所述加密流数据进行累积的窗口,从而从流数据本身进行安全保护,进一步提高了流数据的安全性。
附图说明
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1是本申请实施例提出的一种多层级安全保护的流数据处理方法的流程示意图;
图2是本申请实施例提出的一种多个流数据多层级安全保护并行处理的体系架构图;
图3是本申请另一实施例提出的一种多层级安全保护的流数据处理方法的流程示意图;
图4是本申请又一实施例提出的一种多层级安全保护的流数据处理方法的 流程示意图;
图5是本申请实施例提出的一种多层级安全保护的流数据处理系统的结构示意图。
具体实施方式
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。
在本申请的描述中,需要理解的是,术语“中心”、“上”、“下”、“前”、“后”、“左”、“右”、“竖直”、“水平”、“顶”、“底”、“内”、“外”等指示的方位或位置关系为基于附图所示的方位或位置关系,仅是为了便于描述本申请和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本申请的限制。
术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个该特征。在本申请的描述中,除非另有说明,“多个”的含义是两个或两个以上。
在本申请的描述中,需要说明的是,除非另有明确的规定和限定,术语“安装”、“相连”、“连接”应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或一体地连接;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,可以是两个元件内部的连通。对于本领域的普通技术人员而言,可以具体情况理解上述术语在本申请中的具体含义。
为进一步对本申请的方案进行描述,在本申请的一种实例中,如图1所示,所述方法包括:
S101,在将接收到的流数据转化为预设格式之后,根据预设安全等级规则库为所述流数据设置安全等级并得到标记流数据。
本步骤中,流数据是一组实时产生、持续、无界、结构松散的数据序列,主要为非结构化数据,例如基于web的网站行为监控数据、手机位置信息、社交媒体上的推文、计算机或服务器的运行日志等。由于流数据主要为非结 构化数据,所以在接收到流数据后需要先将接收到的流数据转化为预设格式,即将流数据转化为结构化数据,该预设格式可以根据需要进行设置,可选的,该预设格式可以是CSV(逗号分隔值)格式,在进行完格式转化之后,根据预设安全等级规则库为所述流数据设置安全等级并得到标记流数据。
需要说明的是,预设安全等级规则库的安全等级规则可以根据用户需求自定义设置,规则库中对流数据、数据库、数据表及用户等划分了不同的安全等级,并明确不同安全等级对象的权限及一一对应关系。不同对象的安全等级有高低差异。安全等级较高的访问请求可以访问同一层级或更低安全等级的流数据、处理结果、数据库系统及数据文件(包括数据表),但是低安全等级的访问请求不能访问高于该访问请求安全等级的流数据,所访问的流数据包括流数据源数据、流数据实时处理分析结果及已存储的流数据。
为了准确实时的接收流数据,在一些实施例中,在将接收到的流数据转化为预设格式并根据预设安全等级规则库对所述流数据进行安全等级设置得到标记流数据之前,所述方法还包括:
当接收到流数据事件监听器发送的接收所述流数据通知时,根据所述流数据的数量创建与所述数量对应的流数据连接器和预设命名管道。
具体的,在实时接收一个或多个流数据时,流数据事件监听器会对流数据进行监听,一旦流有数据接入,流数据事件监听器就会向系统发出通知,一般的流数据事件监听器运行于分布式集群的主节点上,当接收到流数据事件监听器发送的接收所述流数据通知时,根据所述流数据的数量创建与所述流数据数量对应的流数据连接器和预设命名管道,该预设命名管道可以根据实际情况进行设置,可选的,该预设命名管道可以是Linux(克隆系统)命名管道。
需要说明的是,以上优选实施例的方案仅为本申请所提出的一种具体实现方案,其他创建流数据连接器和预设命名管道的方法均属于本申请的保护范围。
S102,根据预设安全加密算法库对所述标记流数据进行加密处理以得到加密流数据。
本步骤中,在流数据划分完安全等级后,根据预设安全加密算法库对标记流数据进行加密处理,处理后得到加密流数据,该预设安全加密算法库可以根据用户需求进行设置。
为了准确传输加密流数据,在一些实施例中,在根据预设安全加密算法库 对所述标记流数据进行加密处理得到加密流数据之后,所述方法还包括:
通过所述预设命名管道将所述加密流数据与所述流数据连接器连接,以使所述时间窗口处理所述加密流数据。
具体的,在完成流数据格式转换和安全级别设置后,各个流数据通过预先创建好的且与每个流数据对应的预设命名管道进行数据传输,与运行在分布式集群多个计算节点上的对应流数据连接器进行连接,该流数据连接器运行于内存中,用于将连接的流数据在内存中累积,可选的,可以通过时间窗口来处理加密流数据,该时间窗口可以根据需要设置时间,如设置时间为5分钟的时间窗口,代表以大小为5分钟的时间窗口对加密流数据进行累积,5分钟结束后,该累积的流数据存储于内存中。可选的,还可以使用事件窗口来代替时间窗口处理流数据,这些都属于本申请的保护范围。
需要说明的是,以上优选实施例的方案仅为本申请所提出的一种具体实现方案,其他将加密流数据与流数据连接器连接的方法均属于本申请的保护范围。
S103,基于时间窗口与所述加密流数据得到待查询流数据,所述时间窗口为对所述加密流数据进行累积的窗口。
本步骤中,在得到加密流数据后,将加密流数据在可配置的时间窗口中进行累积,生成待查询流数据,等待用户的查询。
为了在与用户查询时保护流数据的安全,在一些实施例中,所述方法还包括:
当用户发出查询请求时,根据所述预设安全等级规则库确定用户的查询权限,所述查询权限与所述安全等级一一对应;
基于所述查询权限获取查询流数据,所述查询流数据为与所述查询权限对应的所述待查询流数据;
根据所述预设安全加密算法库对所述查询流数据进行解密,并将解密后的所述查询流数据作为查询结果返回给用户。
具体的,当有用户发出查询请求时,先根据预设安全等级规则库对用户的查询权限进行判断,该查询权限与上述安全等级一一对应,然后根据用户的查询权限获取查询流数据,该查询流数据为与所述查询权限对应的所述待查询流数据,在得到查询流数据后,根据预设安全加密算法库对该查询流数据进行解密,解密后将解密结果作为查询结果返回给用户,可选的,该预设安全加密算法库针对不同的用户设置了不同的解密权限,当用户的解密权限小于获取的 查询流数据的解密权限时,将无法解密该查询流数据,这样可以进一步对流数据进行保护。
需要说明的是,如图2所示,用户的查询权限可以查询和自己安全等级相同或安全等级比自己低的流数据,例如用户1的安全等级为a,预设安全等级从a开始依次减小,那么用户1就可以查询所有安全等级的流数据,而用户2的安全等级为b,所以用户2只能查询安全等级b或者比安全等级比b小的流数据。
需要说明的是,以上优选实施例的方案仅为本申请所提出的一种具体实现方案,其他对查询流数据进行解密的方法均属于本申请的保护范围。
为了进一步保护流数据的安全,在一些实施例中,在将解密后的所述流数据作为查询结果返回给用户之后,所述方法还包括:
将所述查询结果删除或存储到与所述查询结果安全等级对应的数据库内。
具体的,在将解密后的所述流数据作为查询结果返回给用户之后,可以根据用户需要将查询结果删除,或将查询结果存储到与查询结果安全等级对应的数据库内,可选的,也可以存储到与查询结果安全等级对应的数据文件中。
需要说明的是,查询结果的安全等级与对应的加密前的流数据的安全等级一致,这样将查询结果根据需要保存在对应安全等级的数据库和数据文件中,可以进一步对流数据的安全进行保护,当用户需要查询数据库或数据文件中的流数据或流数据处理分析结果时,同样需要先对用户的权限进行判断,再根据用户的查询权限查找对应安全级别的数据库或数据文件,并返回查询结果,防止了流数据在数据库或者数据文件中被没有对应权限的用户访问。
本发明公开了一种多层级安全保护的流数据处理方法,所述方法包括,在将接收到的流数据转化为预设格式之后,根据预设安全等级规则库为所述流数据设置安全等级并得到标记流数据;根据预设安全加密算法库对所述标记流数据进行加密处理以得到加密流数据;基于时间窗口与所述加密流数据得到待查询流数据,所述时间窗口为对所述加密流数据进行累积的窗口,从而从流数据本身、传输、访问及存储多层级进行安全保护,进一步提高了流数据的安全性。
为了进一步对本申请的方案进行说明,如图3所示,本申请另一实施例提出的一种多层级安全保护的流数据处理方法的流程示意图,所述方法包括:
S201,接收单个或多个流数据。
本步骤中,流数据可以是单个或多个。
S202,流数据监听器实时对流数据进行监听,并实时向系统发出通知。
本步骤中,流数据监听器实时对流数据进行监听,并实时向系统发出接收到流数据的通知。
S203,系统接收通知后,对流数据的数量进行判断,通过流数据适配器创建与流数据数量对应多的流数据连接器和预设命名管道,同时系统会将流数据由原来的格式转换成预设格式的流数据,并根据预设安全等级库对不同流数据完成安全等级设置,根据预设安全加密算法库对流数据进行加密。
本步骤中,系统在接收到流数据监听器发送的收到流数据通知后,首先对流数据的数量进行判断,然后通过流数据适配器创建与流数据数量对应多的流数据连接器和预设命名管道,同时系统会将流数据由原来的格式转换成预设格式的流数据,并根据预设安全等级库对不同流数据完成安全等级设置,最后根据预设安全加密算法库对流数据进行加密,该预设安全等级库和预设安全加密算法库可以根据用户需要进行设置。
S204,通过预设命名管道完成对应流数据的传输,并与对应的流数据连接器进行对接,加载到至少一个计算节点上的内存中,基于时间窗口对流数据进行累积和处理分析,等待查询。
本步骤中,在对流数据进行加密后,通过预设命名管道完成与该预设命名管道对应的流数据的传输,然后通过该预设命名管道将加密后的流数据与流数据对应的流数据连接器进行对接,并加载到至少一个计算节点上的内存中,然后基于时间窗口对流数据进行累积和处理分析,等待查询。该时间窗口也可以替换为事件窗口。
S205,当用户发出查询请求时,系统在对用户查询权限判别后,从内存中读取与用户权限同等安全级别及更低安全级别的流数据,根据预设数据安全加密算法对流数据进行解密,并生成处理分析结果。
本步骤中,当用户发出查询请求时,系统会先判断用户的查询权限,该查询权限与流数据的安全等级一一对应,然后从内存中读取与用户查询权限同等安全级别及更低安全级别的流数据,最后根据预设数据安全加密算法对流数据进行解密,并生成处理分析结果。
S206,返回查询结果。
S207,查询结束,系统根据用户需求删除或存储流数据处理分析结果,时 间窗口继续累积数据,等待下一次查询。
本步骤中,当用户查询结束后,系统会根据用户需求选择删除或存储流数据处理分析结果,可选的,将流数据处理分析结果存储在与流数据安全等级对应的数据库中,然后时间窗口继续积累数据,等待用户的下一次查询。
S208,流数据处理结束,对应时间窗口关闭。
本步骤中,当流数据处理结束,与流数据对应的时间窗口关闭,可选的,时间窗口的关闭也可以通过时间来控制,同时也可以将时间窗口换成事件窗口,此时当流数据事件处理结束时,对应的事件窗口关闭。
本发明提供了一种多层级安全保护的流数据处理方法,区别于“现有数据安全保护方法及系统”本方法能够对流数据、数据库、数据文件和用户等多个对象进行安全等级设置,同时设置了预设安全等级规则库,并根据预设安全等级库规定了流数据的本身、存储文件的安全等级和用户查询权限,以及流数据的本身、存储文件的安全等级与用户查询权限的一一对应关系(用户可按需定义的预设安全等级规则库)。所述方法在流数据接入时就完成了对流数据的安全等级设置,并直接加载到内存中进行处理、查询,查询完成后进行删除或存储,整个流程中流数据都受到十分严密的数据加密、访问规则和流程控制等安全保护,即使发生了非法访问,也无法获取流数据中的源数据,因此不会发生数据泄露,同时也实现了涵盖流数据本身、流数据处理过程、流数据存储和流数据访问的全方位多层级流数据的安全保护。而与之对应的“现有数据安全保护方法及系统”均在权限控制层面通过访问分析、SQL安全分析和权限控制等方法保护数据安全,一方面数据本身安全无保障,另一方面即使分析获知系统存在非法或不合理地访问,在此之前数据已经泄露,同时本发明适应于流数据处理数据库系统,可以对实时产生的流数据进行安全保护,而“现有数据安全保护方法及系统”只适应于磁盘数据库系统,不适应于流数据处理数据库系统,无法对实时产生的流数据进行安全保护。
如图4所示,本申请又一实施例提出的一种多层级安全保护的流数据处理方法的流程示意图,所述方法包括:
S301,实时接收用户查询请求。
S302,根据预设安全等级库和用户权限,判断用户是否具备访问权。
本站步骤中,先根据预设安全等级库和用户权限判断用户是否具备访问权,若用户具备访问权限则执行S304,若用户不具备访问权限则执行S303。
S303,向用户返回“无访问权限”的通知。
本步骤中,当用户不具备访问权时,向用户返回“无访问权限”的通知,拒绝用户的查询请求,需要说明的是,也可以向用户返回其他代表拒绝查询的通知,这些都属于本申请的保护范围。
S304,根据预设安全等级库和用户权限,判断查询请求查询的流数据的数量是否>1。
本步骤中,当用户具备访问权时,根据预设安全等级库和用户权限,判断查询请求查询的流数据的数量是否>1。若是,则执行S305,若否,则执行S306。
S305,从多个事件窗口中获取累积的流数据处理结果,并根据预设安全加密算法对流数据进行解密。
本步骤中,当用户的查询请求查询的流数据的数量>1时,从多个事件窗口中获取累积的流数据处理结果,并根据预设安全加密算法对流数据进行解密。一般而言,一个流数据在一个事件窗口中累积,可选的,该事件窗口可以替换为时间窗口。
S306,判断所查询的流数据的数量是否=1。
本步骤中,判断用户查询的流数据的数量是否=1,若是,则执行S307,若否,则执行S308。
S307,从事件窗口中获取累积的流数据处理结果,并根据预设安全加密算法对流数据进行解密。
本步骤中,当用户查询的流数据的数量=1时,从与查询的流数据对应的事件窗口中获取累积的流数据处理结果,并根据预设安全加密算法对流数据进行解密。
S308,向所述用户返回“无满足条件的数据”的通知。
本步骤中,当用户查询的流数据的数量小于1,即为0时,向所述用户返回“无满足条件的数据”的通知。
S309,查询结束。
S310,合并所获取的多个流数据处理结果。
本步骤中,将从多个事件窗口中获取累积的流数据处理结果,并根据预设安全加密算法对流数据进行解密后,将多个流数据处理结果合并。
S311,向用户返回查询结果。
S312,查询结束,删除或存储所述查询结果,所述事件窗口继续累积流数据,等待下次查询。
S313,流数据事件处理结束且不存在活跃查询,事件处理结束,删除或存储所述事件窗口中累积的流数据。
本步骤中,流数据事件处理结束且不存在活跃查询时,事件处理结束,删除或存储所述事件窗口中积累的流数据,从而释放占用的内存、网络、计算等资源。
为达到以上目的,本申请实施例提出了一种多层级安全保护的流数据处理系统,如图5所示,所述系统包括:
安全等级模块501,在将接收到的流数据转化为预设格式之后,根据预设安全等级规则库为所述流数据设置安全等级并得到标记流数据;
加密模块502,根据预设安全加密算法库对所述标记流数据进行加密处理以得到加密流数据;
累积模块503,基于时间窗口与所述加密流数据得到待查询流数据,所述时间窗口为对所述加密流数据进行累积的窗口。
在本申请的具体应用场景中,所述系统还包括:
权限确定模块,当用户发出查询请求时,根据所述预设安全等级规则库确定用户的查询权限,所述查询权限与所述安全等级一一对应;
查询模块,基于所述查询权限获取查询流数据,所述查询流数据为与所述查询权限对应的所述待查询流数据;
解密模块,根据所述预设安全加密算法库对所述查询流数据进行解密,并将解密后的所述查询流数据作为查询结果返回给用户。
在本申请的具体应用场景中,所述系统还包括配置模块,具体用于:
当接收到流数据事件监听器发送的接收所述流数据通知时,根据所述流数据的数量创建与所述数量对应的流数据连接器和预设命名管道。
在本申请的具体应用场景中,所述系统还包括连接模块,具体用于:
通过所述预设命名管道将所述加密流数据与所述流数据连接器连接,以使所述时间窗口处理所述加密流数据。
在本申请的具体应用场景中,所述系统还包括处理模块,所述处理模块具体用于:
将所述查询结果删除或存储到与所述查询结果安全等级对应的数据库 内。
最后应说明的是:以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不驱使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。

Claims (10)

  1. 一种多层级安全保护的流数据处理方法,其特征在于,所述方法包括:
    在将接收到的流数据转化为预设格式之后,根据预设安全等级规则库为所述流数据设置安全等级并得到标记流数据;
    根据预设安全加密算法库对所述标记流数据进行加密处理以得到加密流数据;
    基于时间窗口与所述加密流数据得到待查询流数据,所述时间窗口为对所述加密流数据进行累积的窗口。
  2. 如权利要求1所述的方法,其特征在于,所述方法还包括:
    当用户发出查询请求时,根据所述预设安全等级规则库确定用户的查询权限,所述查询权限与所述安全等级一一对应;
    基于所述查询权限获取查询流数据,所述查询流数据为与所述查询权限对应的所述待查询流数据;
    根据所述预设安全加密算法库对所述查询流数据进行解密,并将解密后的所述查询流数据作为查询结果返回给用户。
  3. 如权利要求1所述的方法,其特征在于,在将接收到的流数据转化为预设格式并根据预设安全等级规则库对所述流数据进行安全等级设置得到标记流数据之前,所述方法还包括:
    当接收到流数据事件监听器发送的接收所述流数据通知时,根据所述流数据的数量创建与所述数量对应的流数据连接器和预设命名管道。
  4. 如权利要求3所述的方法,其特征在于,在根据预设安全加密算法库对所述标记流数据进行加密处理得到加密流数据之后,所述方法还包括:
    通过所述预设命名管道将所述加密流数据与所述流数据连接器连接,以使所述时间窗口处理所述加密流数据。
  5. 如权利要求2所述的方法,其特征在于,在将解密后的所述流数据作为查询结果返回给用户之后,所述方法还包括:
    将所述查询结果删除或存储到与所述查询结果安全等级对应的数据库内。
  6. 一种多层级安全保护的流数据处理系统,其特征在于,所述系统包括:
    安全等级模块,在将接收到的流数据转化为预设格式之后,根据预设安全等级规则库为所述流数据设置安全等级并得到标记流数据;
    加密模块,根据预设安全加密算法库对所述标记流数据进行加密处理以得到加密流数据;
    累积模块,基于时间窗口与所述加密流数据得到待查询流数据,所述时间窗口为对所述加密流数据进行累积的窗口。
  7. 如权利要求6所述的系统,其特征在于,所述系统还包括:
    权限确定模块,当用户发出查询请求时,根据所述预设安全等级规则库确定用户的查询权限,所述查询权限与所述安全等级一一对应;
    查询模块,基于所述查询权限获取查询流数据,所述查询流数据为与所述查询权限对应的所述待查询流数据;
    解密模块,根据所述预设安全加密算法库对所述查询流数据进行解密,并将解密后的所述查询流数据作为查询结果返回给用户。
  8. 如权利要求6所述的系统,其特征在于,所述系统还包括配置模块,具体用于:
    当接收到流数据事件监听器发送的接收所述流数据通知时,根据所述流数据的数量创建与所述数量对应的流数据连接器和预设命名管道。
  9. 如权利要求8所述的系统,其特征在于,所述系统还包括连接模块,具体用于:
    通过所述预设命名管道将所述加密流数据与所述流数据连接器连接,以使所述时间窗口处理所述加密流数据。
  10. 如权利要求7所述的系统,其特征在于,所述系统还包括处理模块,所述处理模块具体用于:
    将所述查询结果删除或存储到与所述查询结果安全等级对应的数据库内。
PCT/CN2022/073610 2021-01-29 2022-01-25 一种多层级安全保护的流数据处理方法及系统 WO2022161327A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110123201.0 2021-01-29
CN202110123201.0A CN112765218A (zh) 2021-01-29 2021-01-29 一种多层级安全保护的流数据处理方法及系统

Publications (1)

Publication Number Publication Date
WO2022161327A1 true WO2022161327A1 (zh) 2022-08-04

Family

ID=75706584

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/073610 WO2022161327A1 (zh) 2021-01-29 2022-01-25 一种多层级安全保护的流数据处理方法及系统

Country Status (2)

Country Link
CN (1) CN112765218A (zh)
WO (1) WO2022161327A1 (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117094041A (zh) * 2023-10-19 2023-11-21 湖北华中电力科技开发有限责任公司 一种数字电网数据的自动存储方法及系统
CN117201191A (zh) * 2023-11-06 2023-12-08 戎行技术有限公司 一种数据传输的动态加密方法及系统

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112765218A (zh) * 2021-01-29 2021-05-07 威讯柏睿数据科技(北京)有限公司 一种多层级安全保护的流数据处理方法及系统

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010010863A (ja) * 2008-06-25 2010-01-14 Kddi R & D Laboratories Inc 暗号プロトコルの安全性検証装置、安全性検証方法およびプログラム
CN104702577A (zh) * 2013-12-09 2015-06-10 华为技术有限公司 数据流安全处理方法及装置
CN107315968A (zh) * 2017-06-29 2017-11-03 国信优易数据有限公司 一种数据处理方法及设备
US20180150414A1 (en) * 2016-11-28 2018-05-31 Microsoft Technology Licensing, Llc Securing stream buffers
CN110516467A (zh) * 2019-07-16 2019-11-29 上海数据交易中心有限公司 数据流通方法及装置、存储介质、终端
CN111414387A (zh) * 2020-03-18 2020-07-14 威讯柏睿数据科技(北京)有限公司 一种基于全内存计算对流数据进行查询的方法和设备
CN112765218A (zh) * 2021-01-29 2021-05-07 威讯柏睿数据科技(北京)有限公司 一种多层级安全保护的流数据处理方法及系统

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111414386B (zh) * 2020-03-18 2021-06-18 威讯柏睿数据科技(北京)有限公司 一种基于分布式架构对流数据进行查询的方法和设备
CN112199700B (zh) * 2020-10-14 2022-07-19 北京理工大学 一种mes数据系统的安全管理方法及系统

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010010863A (ja) * 2008-06-25 2010-01-14 Kddi R & D Laboratories Inc 暗号プロトコルの安全性検証装置、安全性検証方法およびプログラム
CN104702577A (zh) * 2013-12-09 2015-06-10 华为技术有限公司 数据流安全处理方法及装置
US20180150414A1 (en) * 2016-11-28 2018-05-31 Microsoft Technology Licensing, Llc Securing stream buffers
CN107315968A (zh) * 2017-06-29 2017-11-03 国信优易数据有限公司 一种数据处理方法及设备
CN110516467A (zh) * 2019-07-16 2019-11-29 上海数据交易中心有限公司 数据流通方法及装置、存储介质、终端
CN111414387A (zh) * 2020-03-18 2020-07-14 威讯柏睿数据科技(北京)有限公司 一种基于全内存计算对流数据进行查询的方法和设备
CN112765218A (zh) * 2021-01-29 2021-05-07 威讯柏睿数据科技(北京)有限公司 一种多层级安全保护的流数据处理方法及系统

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117094041A (zh) * 2023-10-19 2023-11-21 湖北华中电力科技开发有限责任公司 一种数字电网数据的自动存储方法及系统
CN117094041B (zh) * 2023-10-19 2024-01-02 湖北华中电力科技开发有限责任公司 一种数字电网数据的自动存储方法及系统
CN117201191A (zh) * 2023-11-06 2023-12-08 戎行技术有限公司 一种数据传输的动态加密方法及系统
CN117201191B (zh) * 2023-11-06 2024-01-02 戎行技术有限公司 一种数据传输的动态加密方法及系统

Also Published As

Publication number Publication date
CN112765218A (zh) 2021-05-07

Similar Documents

Publication Publication Date Title
WO2022161327A1 (zh) 一种多层级安全保护的流数据处理方法及系统
Wang et al. Edge-based differential privacy computing for sensor–cloud systems
US10091230B1 (en) Aggregating identity data from multiple sources for user controlled distribution to trusted risk engines
CN111709056A (zh) 基于区块链的数据共享方法及系统
KR20190077765A (ko) 데이터를 블록체인을 이용하여 저장하는 방법 및 클라우드 시스템
Sicari et al. Security&privacy issues and challenges in NoSQL databases
CN112511599B (zh) 一种基于区块链的人防数据共享系统及方法
US20140095722A1 (en) Cloud-based resource sharing method and system
CN111245861B (zh) 电力数据存储和共享方法
WO2024001028A1 (zh) 一种维护区块链数据的方法、装置、电子设备和存储介质
CN110070300B (zh) 数据审核和获取方法、装置、系统、设备及介质
CN110602079B (zh) 一种基于区块链技术分级控制的科研数据上传及储存方法
CN105635320A (zh) 一种用于调用配置信息的方法与设备
CN114547209B (zh) 一种基于区块链的数据共享交互方法及系统
CN116090000A (zh) 文件安全管理方法、系统、设备、介质和程序产品
CN116956308A (zh) 数据库处理方法、装置、设备及介质
WO2014153982A1 (en) Methods and systems for broadcasting pictures
US20240048361A1 (en) Key Management for Cryptography-as-a-service and Data Governance Systems
CN115934640A (zh) 一种数据存储方法、系统、电子设备及存储介质
CN116346486A (zh) 联合登录方法、装置、设备及存储介质
CN114707134A (zh) 一种高性能密码卡安全管理方法、装置和系统
CN111682934B (zh) 一种综合能源计量数据的存储、访问、共享方法及系统
US20180278424A1 (en) Controlling access to content in a network
KR20190087807A (ko) 데이터레이크 프레임워크
Yonghong Privacy protection in secure database service

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22745202

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22745202

Country of ref document: EP

Kind code of ref document: A1