[go: up one dir, main page]

CN117828634A - Data processing method and device and electronic equipment - Google Patents

Data processing method and device and electronic equipment Download PDF

Info

Publication number
CN117828634A
CN117828634A CN202311795347.5A CN202311795347A CN117828634A CN 117828634 A CN117828634 A CN 117828634A CN 202311795347 A CN202311795347 A CN 202311795347A CN 117828634 A CN117828634 A CN 117828634A
Authority
CN
China
Prior art keywords
data
security
processing
target data
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311795347.5A
Other languages
Chinese (zh)
Inventor
李玮
陈京南
唐天溥
王耀华
白志斌
王浩
田涛
乔林
张新文
赵佳伟
席强伟
韩丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiahua Zhilian Technology Co ltd
Original Assignee
Beijing Jiahua Zhilian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiahua Zhilian Technology Co ltd filed Critical Beijing Jiahua Zhilian Technology Co ltd
Priority to CN202311795347.5A priority Critical patent/CN117828634A/en
Publication of CN117828634A publication Critical patent/CN117828634A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

A data processing method, a data processing device and electronic equipment relate to the field of data security processing. The method comprises the following steps: acquiring target data, wherein the target data is data transmitted from an intranet to an extranet; judging a data security type corresponding to the target data, wherein the data security type comprises a first data security type and a second data security type; acquiring a data processing mode corresponding to the data security type from a preset processing database, wherein the preset processing database is used for storing the corresponding relation between the data security type and the data processing mode, and the data processing mode comprises a first processing mode and a second processing mode; and processing the target data according to the data processing mode. According to the technical scheme, the problem that if important information or sensitive information exists in the transmission data, the safety of the transmission data is greatly reduced is solved.

Description

Data processing method and device and electronic equipment
Technical Field
The present disclosure relates to the field of data security processing, and in particular, to a data processing method and apparatus, and an electronic device.
Background
With the advent of the digital age, the data volume grows exponentially, a large amount of data is generated by enterprises, and in the process of transmitting data from an intranet to an extranet of the enterprises, important information or sensitive information in the transmitted data is at risk of leakage or tampering, so that the security of the data becomes particularly critical.
In the process of transmitting data from an intranet to an extranet, all data can be transmitted together, in order to ensure the security of data transmission, the data can be encrypted, but the transmitted data can still have transmission risks due to the openness of a network environment and the uncertainty of the internet, for example, when the data passes through an untrusted network, the data can be intercepted and intercepted maliciously by a third party, and the transmitted data is leaked or damaged due to interception, tampering or injection of the data by the third party. At this time, if important information or sensitive information exists in the transmission data, the security of the transmission data will be greatly reduced.
Therefore, a data processing method, device and electronic equipment are needed.
Disclosure of Invention
The application provides a data processing method, a data processing device and electronic equipment, which solve the problem that if important information or sensitive information exists in transmission data, the safety of the transmission data is greatly reduced.
In a first aspect of the present application, there is provided a data processing method, the method comprising: acquiring target data, wherein the target data is data transmitted from an intranet to an extranet; judging a data security type corresponding to the target data, wherein the data security type comprises a first data security type and a second data security type; acquiring a data processing mode corresponding to the data security type from a preset processing database, wherein the preset processing database is used for storing the corresponding relation between the data security type and the data processing mode, and the data processing mode comprises a first processing mode and a second processing mode; processing target data according to a data processing mode, and processing according to a first processing mode when the target data is of a first data security type; when the target data is of the second data security type, processing according to a second processing mode; the first processing mode is to isolate target data; the second processing mode is to isolate the target data and put the target data into the preset data safety storage device.
By adopting the technical scheme, the target data is the data transmitted from the internal network to the external network, and the data processing mode corresponding to the data security type is acquired in the preset processing database according to the data security type corresponding to the target data, so that the corresponding processing target data can be processed according to the data processing mode, the data transmitted from the internal network to the external network can be selected for screening, only the allowed data is transmitted to the external network, and the disallowed data is isolated, thereby solving the problem that the security of the transmitted data is greatly reduced if important information or sensitive information exists in the transmitted data.
Optionally, judging the data security type corresponding to the target data specifically includes: acquiring data information corresponding to target data and historical classification information corresponding to the data information; determining the security level corresponding to the target data according to the data information and the history classification information; the security level includes a first security level and a second security level; and judging the data security type corresponding to the target data according to the security level, wherein the first security level corresponds to the first data security type, and the second security level corresponds to the second data security type.
By adopting the technical scheme, the security level corresponding to the target data is determined by acquiring the data information corresponding to the target data and the history classification information corresponding to the data information and according to the data information and the history classification information, so that the data security type corresponding to the target data is determined according to the security level corresponding to the target data.
Optionally, the second security level is greater than the first security level.
By adopting the technical scheme, the size relation of the security level is set simultaneously when the security level is set, so that the classification of the target data, namely the target data classified into the higher security level, is determined according to the size relation of the security level, and the higher the importance degree, the privacy degree and the like of enterprises are.
Optionally, before the data processing mode corresponding to the data security type is acquired in the preset processing database, the method further includes constructing the preset processing database, and specifically includes: acquiring a plurality of data security types and a plurality of data processing modes; constructing corresponding relations between a plurality of data security types and a plurality of data processing modes, wherein one data security type corresponds to one data processing mode; and storing the corresponding relation between the plurality of data security types and the plurality of data processing modes in a preset processing database.
By adopting the technical scheme, a plurality of data processing modes are set according to the number of the data security types set by a user, one data processing mode corresponds to one data security type, the number of the data processing modes is the same as that of the data security types, and the corresponding relation between the data security types and the data processing modes is stored in a preset processing database so as to conveniently call the corresponding data processing modes in the preset processing database at any time according to the acquired data security types of the target data.
Optionally, after processing the target data in a data processing manner, the method further comprises: responding to a query request of a user, wherein the query request is an operation of querying target data in preset data security storage equipment for the user, and rights information corresponding to the user is obtained; judging whether the authority information is preset authority information or not; and if the permission information is preset permission information, opening permission for checking target data in the preset data security storage equipment to the user.
By adopting the technical scheme, the preset authority information is set, and when a user makes a query request, whether the corresponding authority information of the user is the preset authority information is judged, and only when the corresponding authority information of the user is the preset authority information, the authority of the target data in the preset data security storage device is opened and checked for the user, so that the data security of the target data in the preset data security storage device is further ensured.
Optionally, the preset data security storage device includes a primary data security storage device and a secondary data security storage device, and the target data is placed in the preset data security storage device, which specifically includes: judging whether the second security level is greater than a preset security level; if the second security level is greater than the preset security level, the target data is put into the second data security storage device; if the second security level is smaller than or equal to the preset security level, the target data are placed in the primary data security storage device, and the confidentiality of the secondary data security storage device is higher than that of the primary data security storage device.
By adopting the technical scheme, the target data with the security level larger than the preset security level is placed into the data security storage equipment with higher security performance, so that the management and protection of the target data with finer granularity are realized.
Optionally, the preset data security storage device includes a hardware device and a network storage system.
Through adopting above-mentioned technical scheme, through setting up preset data safety storage equipment, and set up preset data safety storage equipment including but not limited to hardware equipment and network storage system, when the data that importance degree, privacy degree etc. are higher is transmitted by the intranet to the extranet for the enterprise, keep this target data keep apart and preserve in preset data safety storage equipment for this target data obtains more comprehensive and controllable safety guarantee.
In a second aspect of the present application, a data processing apparatus is provided, the apparatus comprising an acquisition module and a processing module, wherein,
the acquisition module is used for acquiring target data, wherein the target data is data transmitted from an intranet to an extranet; judging a data security type corresponding to the target data, wherein the data security type comprises a first data security type and a second data security type; and acquiring a data processing mode corresponding to the data security type from a preset processing database, wherein the preset processing database is used for storing the corresponding relation between the data security type and the data processing mode, and the data processing mode comprises a first processing mode and a second processing mode.
The processing module is used for processing the target data according to a data processing mode, and processing according to a first processing mode when the target data is of a first data security type; when the target data is of the second data security type, processing according to a second processing mode; the first processing mode is to isolate target data; the second processing mode is to isolate the target data and put the target data into the preset data safety storage device.
In a third aspect the present application provides an electronic device comprising a processor, a memory for storing instructions, a user interface and a network interface for communicating with other devices, the processor for executing instructions stored in the memory to cause the electronic device to perform a method as any one of the above.
In a fourth aspect of the present application there is provided a computer readable storage medium storing a computer program for execution by a processor of a method as any one of the above.
One or more technical solutions provided in the embodiments of the present application at least have the following technical effects or advantages:
1. by adopting the technical scheme, the target data is the data transmitted from the internal network to the external network, and the data processing mode corresponding to the data security type is acquired in the preset processing database according to the data security type corresponding to the target data, so that the corresponding processing target data can be processed according to the data processing mode, the data transmitted from the internal network to the external network can be selected for screening, only the allowed data is transmitted to the external network, and the disallowed data is isolated, thereby solving the problem that the security of the transmitted data is greatly reduced if important information or sensitive information exists in the transmitted data.
2. The security level corresponding to the target data is determined by acquiring the data information corresponding to the target data and the history classification information corresponding to the data information, and according to the data information and the history classification information, the data security type corresponding to the target data is determined according to the security level corresponding to the target data.
3. By setting the size relationship of the security levels at the same time when the security levels are set, it is convenient to determine the classification of the target data, that is, the target data classified into a higher security level, which is higher in importance degree, privacy degree, and the like for the enterprise, according to the size relationship of the set security levels.
Drawings
FIG. 1 is a schematic flow chart of a data processing method according to an embodiment of the present application;
FIG. 2 is a schematic block diagram of a data processing apparatus according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Reference numerals illustrate: 21. an acquisition module; 22. a processing module; 301. a processor; 302. a communication bus; 303. a user interface; 304. a network interface; 305. a memory.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments.
The terminology used in the following embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of this application, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates to the contrary. It should also be understood that the term "and/or" as used in this application refers to and encompasses any or all possible combinations of one or more of the listed items.
The terms "first," "second," and the like, are used below for descriptive purposes only and are not to be construed as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature, and in the description of embodiments of the present application, unless otherwise indicated, the meaning of "a plurality" is two or more.
In order to make the technical scheme of the present invention better understood by those skilled in the art, the present invention will be further described in detail with reference to the accompanying drawings.
In some scenarios, to ensure system security, the external network may transmit data to the internal network, but the internal network may not transmit data to the external network. For example, in an industrial safety isolation system, a server can obtain industrial equipment operation data of an external network, data of a field instrument, state information in a production process, and the like, but for enterprise analysis data, enterprise accounting data, production detailed data, and the like, which relate to enterprise privacy, the server cannot transmit data to the external network through an internal network. At this time, in order to prevent the sensitive data from losing, the data transmitted from the intranet to the extranet can be selected to be screened, namely only the allowed data is transmitted to the extranet, and the data which is not allowed is isolated.
Therefore, a data processing method, device and electronic equipment are needed.
Referring to fig. 1, a flow chart of a data processing method according to an embodiment of the present application is shown, and the method is applied to a server, and the flow chart mainly includes the following steps: s101 to S104.
Step S101, obtaining target data, wherein the target data is data transmitted from an intranet to an extranet.
Specifically, when the server detects that data in the industrial enterprise is transmitted from the intranet to the extranet, the server acquires the data, namely, the server acquires target data, wherein the target data is all data transmitted from the intranet to the extranet. The method comprises the following specific steps: a traffic monitoring tool is deployed on the server to monitor network traffic in real time. This may be accomplished by a network traffic analysis tool or an Intrusion Detection System (IDS). The monitored network traffic is classified, and the identification of the data flow transmitted from the intranet to the extranet can be achieved by checking the destination IP address, port number, and other information of the data packet. And analyzing the data packet identified as the target data to acquire data information of target data transmission, wherein the data information comprises the content, protocol type, transmission mode and the like of the data packet. Ensuring that the data transfer complies with authorization rules, ensuring that the data transfer is legitimate and authorized through authentication, to be accomplished through Access Control Lists (ACLs) or other authentication mechanisms. And recording the related information of the acquired target data, including the time stamp, the transmission direction, the data quantity and the like, so that the analysis and the traceability of the subsequent steps are facilitated.
Step S102, judging a data security type corresponding to the target data, wherein the data security type comprises a first data security type and a second data security type.
Specifically, the server judges the data security type corresponding to the target data transmitted from the intranet to the extranet, wherein the data security type comprises a plurality of data security types, namely a first data security type and a second data security type. The process of judging the data security type corresponding to the target data by the server is a process of classifying and screening the target data, namely judging the data security type corresponding to each data in the target data, wherein the target data is a data set containing a large amount of data, namely a set of all data transmitted from an intranet to an extranet in a single transmission process. In the application, the first data security type and the second data security type represent all different data security types, and the number of the data security types includes, but is not limited to, two or more, and the specific number can be set by a user according to the requirements of an actual application scenario.
In one possible implementation, step S102 further includes: acquiring data information corresponding to target data and historical classification information corresponding to the data information; determining the security level corresponding to the target data according to the data information and the history classification information; the security level includes a first security level and a second security level; and judging the data security type corresponding to the target data according to the security level, wherein the first security level corresponds to the first data security type, and the second security level corresponds to the second data security type.
Specifically, taking single data in the target data as an example, obtaining data information corresponding to the data, wherein the data information comprises the content, the protocol type, the transmission mode and the like of a data packet. When the historical classification information corresponding to the data information is acquired, namely, the historical classification information corresponding to the data information is acquired, the system can inquire the historical data which has been recorded previously and has the same content, protocol type, transmission mode and other characteristics with the data, the historical data is classified before, namely, the data security type of the historical data is determined, namely, the security level of the historical data is determined; then, the server determines the security level corresponding to the data according to the data information and the history classification information, namely the server sets the security level of the data as the security level in the history classification information, and further the server determines the data security type corresponding to the data according to the corresponding relation between the security level and the data security type, and when the security level of the data is the first security level, the data security type of the data is the first data security type; when the security level of the data is the second security level, the data security type of the data is the second data security type. It should be noted that, in this embodiment, the first security level and the second security level refer to all different security levels, and the number of the security levels includes, but is not limited to, two or more, where the number of the security levels is determined by the number of data security types set by the user, and the number of the security levels needs to be the same as the number of the data security types set by the user.
In one possible implementation, step S102 further includes: the second security level is greater than the first security level.
Specifically, when the server sets the security levels, the server needs to set the magnitude relation of the security levels at the same time, and the server may order the security levels in a certain order, for example, order the security levels according to the magnitude relation of natural numbers, and when two security levels exist, namely, the second security level > the first security level. At this time, the size of the security level represents the size of the importance degree, the privacy degree, etc. of the target data, that is, the target data classified into a higher security level, which is higher for the business, the importance degree, the privacy degree, etc.
For example, assume that there are three different data in the target data, respectively: research and development project data, financial data and employee training data and coexist at three security levels, namely: the first security level, the second security level, and the third security level, the third security level > the second security level > the first security level, and when the server determines that the importance level, the privacy level, and the like of the target data are: when the research and development project data > the financial data > the employee training data, the server classifies the research and development project data as a third security level, classifies the financial data as a second security level, and classifies the employee training data as a first security level.
Step S103, obtaining a data processing mode corresponding to the data security type in a preset processing database, wherein the preset processing database is used for storing the corresponding relation between the data security type and the data processing mode, and the data processing mode comprises a first processing mode and a second processing mode.
Specifically, the preset database is used for storing a data security type, a data processing mode and a corresponding relation, wherein the data security type and the data processing mode correspond relation, and the data processing mode comprises a first processing mode and a second processing mode.
In a possible implementation manner, before step S103, the method further includes: acquiring a plurality of data security types and a plurality of data processing modes; constructing corresponding relations between a plurality of data security types and a plurality of data processing modes, wherein one data security type corresponds to one data processing mode; and storing the corresponding relation between the plurality of data security types and the plurality of data processing modes in a preset processing database.
Specifically, the server sets a plurality of data processing modes according to the number of the data security types set by the user, one data processing mode corresponds to one data security type, and the number of the data processing modes is the same as the number of the data security types. The server builds a corresponding relation between the data security type and the data processing mode and stores the corresponding relation in a preset processing database so that the server can call the corresponding data processing mode in the preset processing database at any time according to the acquired data security type of the target data. It should be noted that, the server can also update the data security type and the data processing mode in the preset processing database, when the user wants to change the data processing mode corresponding to a certain data security type, the server responds to the update operation request of the user and changes the data processing mode corresponding to the data security type into the data processing mode designated by the user; when a user adds a new data security type and a new data processing mode, the server constructs a new corresponding relation between the new added data security type and the new added data processing mode, and stores the new corresponding relation in a preset processing database.
Step S104, processing target data according to a data processing mode, and processing according to a first processing mode when the target data is of a first data security type; when the target data is of the second data security type, processing according to a second processing mode; the first processing mode is to isolate target data; the second processing mode is to isolate the target data and put the target data into the preset data safety storage device.
Specifically, after the server obtains the data processing mode corresponding to each data in the target data, different processing is performed on each data according to the corresponding processing mode of each data. When the target data is of a first data security type, processing according to a first processing mode; and when the target data is of the second data security type, processing according to a second processing mode. The first processing mode is to isolate target data, namely, inhibit the target data from being transmitted from an intranet to an extranet, and send first alarm information to a user, wherein the first alarm information is used for prompting the user; the second processing mode is to isolate the target data and put the target data into a preset data safety storage device, namely, the target data is forbidden to be transmitted from an intranet to an extranet, and put the target data into the preset data safety storage device, a user sends second alarm information, and the preset data safety storage device is an encrypted and safe authenticated storage system, and a hardware encryption technology or a special encryption module is generally adopted to ensure that the stored target data is effectively protected. The preset data security storage device may be a hardware device specifically designed for data storage and security, or may be a network storage system adopting strict data security standards and protocols, which is not limited herein. Its primary function is to provide a high degree of data security, including confidentiality, integrity, and availability of data, when processing target data. It should be noted that, in this embodiment, the first processing manner and the second processing manner refer to all different processing manners, and the number of processing manners includes, but is not limited to, two or more than two, where the number of processing manners is determined by the number of data security types set by the user, and the number of processing manners needs to be the same as the number of data security types set by the user. For example, when the target data is of a third data security type, the processing is performed according to a third processing mode, and the third processing mode may be to allow the target data to be transmitted from the intranet to the extranet.
In a possible implementation manner, after step S104, the method further includes: after processing the target data in a data processing manner, the method further comprises: responding to a query request of a user, wherein the query request is an operation of querying target data in preset data security storage equipment for the user, and rights information corresponding to the user is obtained; judging whether the authority information is preset authority information or not; and if the permission information is preset permission information, opening permission for checking target data in the preset data security storage equipment to the user.
Specifically, after receiving the alarm prompt, the user may select to perform corresponding operations on the target data, where the user is a data management user in the enterprise, and the corresponding operations include a query operation, a copy operation, a delete operation, and the like, and when the user performs these operations, the server needs to confirm the authority of the user. Taking query operation as an example for explanation, when a user performs query operation, the service area receives a request of the user query operation and sends authority verification information to the user, the user inputs corresponding authority information according to the authority verification information, the authority information includes but is not limited to fingerprint information, pupil information, digital password information and the like, and the input form of the authority information is not limited in this embodiment. The server verifies the authority information input by the user, compares the authority information with the stored preset authority information, judges whether the authority information input by the user is the preset authority information, and if the authority information is the preset authority information, allows the user to perform query operation, namely opens the authority of checking target data in the preset data safety storage device to the user; if the information is not the preset authority information, the inquiry operation of the user is terminated, and the authority of viewing the target data in the preset data safety storage device is not opened to the user.
In one possible implementation, step S104 further includes: judging whether the second security level is greater than a preset security level; if the second security level is greater than the preset security level, the target data is put into the second data security storage device; if the second security level is smaller than or equal to the preset security level, the target data are placed in the primary data security storage device, and the confidentiality of the secondary data security storage device is higher than that of the primary data security storage device.
Specifically, the server may determine, according to the size of the security level of the target data, the data security storage device into which the target data is placed, where when it is determined that the target data needs to be placed into the data security storage device, the higher the security level corresponding to the target data is, the stronger the security performance of the target data needs to be placed into the data security storage device, that is, the stronger the security and confidentiality performance of the data security storage device, for example, the stronger the security and confidentiality performance of the data security storage device may be achieved by applying multiple verifications, and the more verification steps that need to be performed when the user performs related operations on the target data in the data security storage device.
According to the method, the target data are data transmitted from the internal network to the external network, and the data processing mode corresponding to the data security type is acquired in the preset processing database according to the data security type corresponding to the target data, so that the corresponding processing target data can be processed according to the data processing mode, the data transmitted from the internal network to the external network can be selected for screening, only the allowed data are transmitted to the external network, and the disallowed data are isolated, and therefore the problem that if important information or sensitive information exists in the transmitted data, the security of the transmitted data is greatly reduced is solved.
Referring to fig. 2, a data processing apparatus provided in an embodiment of the present application is a server, where the server includes an obtaining module 21 and a processing module 22,
the acquiring module 21 is configured to acquire target data, where the target data is data transmitted from an intranet to an extranet; judging a data security type corresponding to the target data, wherein the data security type comprises a first data security type and a second data security type; and acquiring a data processing mode corresponding to the data security type from a preset processing database, wherein the preset processing database is used for storing the corresponding relation between the data security type and the data processing mode, and the data processing mode comprises a first processing mode and a second processing mode.
A processing module 22, configured to process the target data according to a data processing manner, and when the target data is of a first data security type, process the target data according to a first processing manner; when the target data is of the second data security type, processing according to a second processing mode; the first processing mode is to isolate target data; the second processing mode is to isolate the target data and put the target data into the preset data safety storage device.
In a possible implementation manner, the obtaining module 21 is configured to determine a data security type corresponding to the target data, and specifically includes: acquiring data information corresponding to target data and historical classification information corresponding to the data information; determining the security level corresponding to the target data according to the data information and the history classification information; the security level includes a first security level and a second security level; and judging the data security type corresponding to the target data according to the security level, wherein the first security level corresponds to the first data security type, and the second security level corresponds to the second data security type.
In one possible implementation, the second security level is greater than the first security level.
In a possible implementation manner, the obtaining module 21 is configured to, before obtaining a data processing manner corresponding to a data security type in a preset processing database, construct the preset processing database, and specifically include: acquiring a plurality of data security types and a plurality of data processing modes; constructing corresponding relations between a plurality of data security types and a plurality of data processing modes, wherein one data security type corresponds to one data processing mode; and storing the corresponding relation between the plurality of data security types and the plurality of data processing modes in a preset processing database.
In a possible implementation manner, the processing module 22 is configured to, after processing the target data according to the data processing manner, further include: responding to a query request of a user, wherein the query request is an operation of querying target data in preset data security storage equipment for the user, and rights information corresponding to the user is obtained; judging whether the authority information is preset authority information or not; and if the permission information is preset permission information, opening permission for checking target data in the preset data security storage equipment to the user.
In one possible implementation, the preset data security storage device includes a primary data security storage device and a secondary data security storage device, and the processing module 22 is configured to put the target data into the preset data security storage device, and specifically includes: judging whether the second security level is greater than a preset security level; if the second security level is greater than the preset security level, the target data is put into the second data security storage device; if the second security level is smaller than or equal to the preset security level, the target data are placed in the primary data security storage device, and the confidentiality of the secondary data security storage device is higher than that of the primary data security storage device.
In one possible implementation, the preset data security storage device includes a hardware device and a network storage system.
It should be noted that: in the device provided in the above embodiment, when implementing the functions thereof, only the division of the above functional modules is used as an example, in practical application, the above functional allocation may be implemented by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to implement all or part of the functions described above. In addition, the embodiments of the apparatus and the method provided in the foregoing embodiments belong to the same concept, and specific implementation processes of the embodiments of the method are detailed in the method embodiments, which are not repeated herein.
The application also provides electronic equipment. Referring to fig. 3, fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic device may include: at least one processor 301, at least one communication bus 302, a user interface 303, at least one network interface 304, a memory 305.
Wherein the communication bus 302 is used to enable connected communication between these components.
The user interface 303 may include a Display screen (Display), a Camera (Camera), and the optional user interface 303 may further include a standard wired interface, and a wireless interface.
The network interface 304 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), among others.
Wherein the processor 301 may include one or more processing cores. The processor 301 utilizes various interfaces and lines to connect various portions of the overall server, perform various functions of the server and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 305, and invoking data stored in the memory 305. Alternatively, the processor 301 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 301 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the display screen; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 301 and may be implemented by a single chip.
The Memory 305 may include a random access Memory (Random Access Memory, RAM) or a Read-Only Memory (Read-Only Memory). Optionally, the memory 305 includes a non-transitory computer readable medium (non-transitory computer-readable storage medium). Memory 305 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 305 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the above-described respective method embodiments, etc.; the storage data area may store data or the like involved in the above respective method embodiments. Memory 305 may also optionally be at least one storage device located remotely from the aforementioned processor 301. Referring to FIG. 3, a memory 305, which is a type of computer storage medium, may include an operating system, a network communication module, a user interface module, and data processing applications.
In the electronic device shown in fig. 3, the user interface 303 is mainly used for providing an input interface for a user, and acquiring data input by the user; and processor 301 may be configured to invoke applications in memory 305 storing data processing that, when executed by one or more processors 301, cause the electronic device to perform the methods described in one or more of the embodiments above. It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.
The present application also provides a computer-readable storage medium having instructions stored thereon. When executed by one or more processors, cause an electronic device to perform the method as described in one or more of the embodiments above.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.
In the several embodiments provided herein, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, such as a division of units, merely a division of logic functions, and there may be additional divisions in actual implementation, such as multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some service interface, device or unit indirect coupling or communication connection, electrical or otherwise.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a memory, including several instructions for causing a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned memory includes: various media capable of storing program codes, such as a U disk, a mobile hard disk, a magnetic disk or an optical disk.
The foregoing is merely exemplary embodiments of the present disclosure and is not intended to limit the scope of the present disclosure. That is, equivalent changes and modifications are contemplated by the teachings of this disclosure, which fall within the scope of the present disclosure. Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure.
This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains.

Claims (10)

1. A method of data processing, the method comprising:
acquiring target data, wherein the target data is data transmitted from an intranet to an extranet;
judging a data security type corresponding to the target data, wherein the data security type comprises a first data security type and a second data security type;
acquiring a data processing mode corresponding to the data security type from a preset processing database, wherein the preset processing database is used for storing the corresponding relation between the data security type and the data processing mode, and the data processing mode comprises a first processing mode and a second processing mode;
processing the target data according to the data processing mode, and processing according to the first processing mode when the target data is of the first data security type; when the target data is of the second data security type, processing according to the second processing mode; the first processing mode is to isolate the target data; the second processing mode is to isolate the target data and put the target data into a preset data safety storage device.
2. The method according to claim 1, wherein the determining the data security type corresponding to the target data specifically includes:
acquiring data information corresponding to the target data and history classification information corresponding to the data information;
determining a security level corresponding to the target data according to the data information and the history classification information; the security level includes a first security level and a second security level;
and judging the data security type corresponding to the target data according to the security level, wherein the first security level corresponds to the first data security type, and the second security level corresponds to the second data security type.
3. The method of claim 2, wherein the second security level is greater than the first security level.
4. The method according to claim 1, wherein before the data processing manner corresponding to the data security type is obtained in the preset processing database, the method further includes constructing the preset processing database, specifically including:
acquiring a plurality of data security types and a plurality of data processing modes;
Constructing corresponding relations between a plurality of data security types and a plurality of data processing modes, wherein one data security type corresponds to one data processing mode;
and storing the corresponding relations between the data security types and the data processing modes in the preset processing database.
5. The method of claim 1, wherein after said processing said target data in said data processing manner, said method further comprises:
responding to a query request of a user, wherein the query request is an operation of querying the target data in the preset data security storage device by the user, and rights information corresponding to the user is obtained;
judging whether the authority information is preset authority information or not;
and if the permission information is the preset permission information, opening the permission of viewing the target data in the preset data security storage device to the user.
6. The method according to claim 2, wherein the preset data security storage device comprises a primary data security storage device and a secondary data security storage device, and the placing the target data into the preset data security storage device specifically comprises:
Judging whether the second security level is greater than a preset security level;
if the second security level is greater than the preset security level, the target data are put into the secondary data security storage device;
and if the second security level is smaller than or equal to the preset security level, the target data are put into the primary data security storage device, and the confidentiality of the secondary data security storage device is higher than that of the primary data security storage device.
7. The method of claim 4, wherein the pre-set data security storage device comprises a hardware device and a network storage system.
8. A data processing device, characterized in that the device comprises an acquisition module (21) and a processing module (22), wherein,
the acquisition module (21) is used for acquiring target data, wherein the target data is data transmitted from an intranet to an extranet; judging a data security type corresponding to the target data, wherein the data security type comprises a first data security type and a second data security type; acquiring a data processing mode corresponding to the data security type from a preset processing database, wherein the preset processing database is used for storing the corresponding relation between the data security type and the data processing mode; the data processing modes comprise a first processing mode and a second processing mode;
The processing module (22) is configured to process the target data according to the data processing manner, and when the target data is of the first data security type, process the target data according to the first processing manner; when the target data is of the second data security type, processing according to the second processing mode; the first processing mode is to isolate the target data; the second processing mode is to isolate the target data and put the target data into a preset data safety storage device.
9. An electronic device comprising a processor (301), a communication bus (302), a user interface (303), a network interface (304) and a memory (305), the memory (305) being for storing instructions, the user interface (303) and the network interface (304) being for communicating to other devices, the processor (301) being for executing the instructions stored in the memory (305) to cause the electronic device to perform the method according to any one of claims 1 to 7.
10. A computer readable storage medium storing instructions which, when executed, perform the method of any one of claims 1 to 7.
CN202311795347.5A 2023-12-25 2023-12-25 Data processing method and device and electronic equipment Pending CN117828634A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311795347.5A CN117828634A (en) 2023-12-25 2023-12-25 Data processing method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311795347.5A CN117828634A (en) 2023-12-25 2023-12-25 Data processing method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN117828634A true CN117828634A (en) 2024-04-05

Family

ID=90510609

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311795347.5A Pending CN117828634A (en) 2023-12-25 2023-12-25 Data processing method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN117828634A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119128968A (en) * 2024-08-20 2024-12-13 重庆威客特瑞科技有限公司 A data information security protection method and system based on artificial intelligence

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119128968A (en) * 2024-08-20 2024-12-13 重庆威客特瑞科技有限公司 A data information security protection method and system based on artificial intelligence
CN119128968B (en) * 2024-08-20 2025-04-04 重庆威客特瑞科技有限公司 A data information security protection method and system based on artificial intelligence

Similar Documents

Publication Publication Date Title
Weichbroth et al. Mobile security: Threats and best practices
US10924517B2 (en) Processing network traffic based on assessed security weaknesses
US10728269B2 (en) Method for conditionally hooking endpoint processes with a security agent
US11777961B2 (en) Asset remediation trend map generation and utilization for threat mitigation
US20130333039A1 (en) Evaluating Whether to Block or Allow Installation of a Software Application
US20100251369A1 (en) Method and system for preventing data leakage from a computer facilty
US11030319B2 (en) Method for automated testing of hardware and software systems
WO2018004600A1 (en) Proactive network security using a health heartbeat
US20140230012A1 (en) Systems, methods, and media for policy-based monitoring and controlling of applications
US10951642B2 (en) Context-dependent timeout for remote security services
KR102542213B1 (en) Real-time encryption/decryption security system and method for data in network based storage
US10339307B2 (en) Intrusion detection system in a device comprising a first operating system and a second operating system
US9832201B1 (en) System for generation and reuse of resource-centric threat modeling templates and identifying controls for securing technology resources
CN117828634A (en) Data processing method and device and electronic equipment
CN119442290A (en) Data isolation and privacy protection method and system for large data security models
de Carvalho et al. Security requirements identification and prioritization for smart toys
RU2311676C2 (en) Method for providing access to objects of corporate network
CN110233859B (en) Novel wind control method and wind control system
Gruschka et al. Information Quality Challenges in Industry 4.0.
Xiong et al. Library data protection and threat detection system based on network security
CN119652678B (en) A microservice security control method in a container cloud environment
EP3918497A1 (en) Task engine
CN118509277B (en) Smart home remote control system and control method
CN119561778B (en) Multi-channel-based dynamic identity protection method and device
EP3557468B1 (en) Method for automated testing of hardware and software systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination