CN118504002A - Data security protection method and device for identity security - Google Patents

Abstract

A data security protection method and device for identity security, relating to the field of data management. In this method, in response to the operation of the target user accessing the target data, the identity information of the target user is obtained, and it is determined whether the identity information can match the internal user in the database; when the identity information cannot match the internal user in the database, a target virtual external user is selected from the virtual external users to bind the target user, and a first risk level is calculated according to the operation of the target virtual external user. When the first risk level is higher than a first preset threshold, the access rights of the target virtual external user are closed; when the identity information matches the target internal user in the database, a second risk level is calculated according to the operation of the target internal user and the preset behavior pattern of the target internal user. When the second risk level is higher than a second preset threshold, the rights of the target internal user are reduced. The implementation of the technical solution provided by the present application improves the security of data.

Description

A data security protection method and device for identity security

Technical Field

The present application relates to the technical field of data management, and in particular to a data security protection method, system, electronic device and storage medium for identity security.

Background Art

With the rapid development of information technology, data security issues have become increasingly prominent, especially the protection of sensitive data within enterprises, which has become an important problem that the industry needs to solve urgently. As the core of enterprise data management, the data management platform carries multiple functions such as data storage, processing and access, so its security is of vital importance. However, traditional data protection methods often only focus on data encryption and access control, while ignoring the key link of user identity security.

At present, most enterprises have set up certain user authentication mechanisms in their data management platforms, such as username and password verification, dynamic tokens, etc., to ensure that only legitimate users can access sensitive data. However, these methods are often inadequate in the face of advanced threats, such as malicious operations by insiders and external hackers disguised as legitimate users.

Therefore, how to build a more secure protection mechanism in the data management platform has become a technical problem that needs to be urgently solved in the current data security field.

Summary of the invention

The present application provides a data security protection method, system, electronic device and storage medium for identity security, which can not only effectively identify the user identity, but also dynamically adjust data access rights according to user behavior, thereby improving data security.

In a first aspect of the present application, a data security protection method for identity security is provided, which is applied to a data management platform, and the method comprises:

Establishing a database, the database including internal users of the target enterprise, virtual external users of the target enterprise, data of different importance levels of the target enterprise, and access rights relationships between different users and data;

In response to an operation of a target user accessing target data, obtaining identity information of the target user, and determining whether the identity information can match an internal user in the database;

When the identity information cannot match the internal user in the database, selecting a target virtual external user from the virtual external users to bind the target user, calculating a first risk level according to an operation of the target virtual external user, and closing the access right of the target virtual external user when the first risk level is higher than a first preset threshold;

When the identity information matches the target internal user in the database, a second risk level is calculated according to the operation of the target internal user and the preset behavior pattern of the target internal user. When the second risk level is higher than a second preset threshold, the authority of the target internal user is reduced.

By adopting the above technical solution, a database containing internal users, virtual external users, data of different importance levels and access rights relationships is established, which can ensure that only authorized users can access the corresponding data. This greatly reduces the risk of unauthorized access to data, thereby enhancing data security. When the identity information of the target user cannot match the internal user in the database, a virtual external user is selected for binding and its operation risk is calculated. If the risk level exceeds the preset threshold, its access rights will be closed. This mechanism effectively prevents external unauthorized users from obtaining data through illegal means and reduces external risks. When the identity information of the target user matches the internal user in the database, the risk level is calculated based on its operation and preset behavior pattern. If the risk level exceeds the preset threshold, its permissions will be reduced. This helps to monitor and identify potential internal risk behaviors, such as data leakage, abuse of permissions, etc., so as to take timely measures to prevent them. Through the concept of virtual external users, access rights can be flexibly expanded without increasing the number of actual internal users. This provides enterprises with greater flexibility and convenience while reducing management costs. Combining multiple technical means such as identity authentication, permission management, and risk assessment, a comprehensive data protection strategy is formed. This strategy can effectively respond to various data security threats and ensure the security and confidentiality of enterprise data.

Optionally, calculating the first risk level according to the operation of the target virtual external user includes:

Identify abnormal behaviors of the target virtual external user through preset rules, wherein the abnormal behaviors include abnormal login time, abnormal login location, abnormal type of accessed data, and abnormal time of accessed data;

A first score corresponding to each abnormal behavior is determined, a first total risk score of the target virtual external user is calculated according to the first score, and the first total risk score is mapped to a predetermined risk level.

By adopting the above technical solution, the data management platform can quickly identify any potential abnormal behavior by monitoring the login time, location, type and time of access data of the target virtual external user in real time. This real-time performance is crucial to protecting data security because it allows the system to respond in the shortest possible time. Assigning a specific score to each abnormal behavior enables the data management platform to conduct a fine-grained assessment of risks. Different abnormal behaviors may have different risk levels. Therefore, by assigning different scores to each behavior, the data management platform can more accurately reflect the risk level of user operations. By calculating the total first risk score of the target virtual external user and mapping the score to the predetermined risk level, the data management platform can quantify the risk so that managers can understand the current security situation more intuitively. This risk quantification mechanism helps managers formulate more effective security strategies and measures. The preset rules can be customized and adjusted according to the actual needs of the enterprise to adapt to different security environments and business needs. This makes the method highly flexible and adaptable, and can meet the diverse needs of different enterprises. When the first risk level is higher than the preset threshold, the data management platform can automatically close the access rights of the target virtual external user, thereby preventing potential security threats. This early warning mechanism can prevent further losses and protect the data security of the enterprise.

Optionally, calculating the second risk level according to the operation of the target internal user and a preset behavior pattern of the target internal user includes:

Determine a preset behavior pattern according to the historical behavior of the target internal user, and compare the operation of the target internal user with the preset behavior pattern to determine the difference;

A second score corresponding to each distinguishing point is determined, and a second total risk score of the target internal user is calculated according to the second score, and the second total risk score is mapped to a predetermined risk level.

By adopting the above technical solution, a preset behavior pattern is determined based on the historical behavior of the target internal user, and a personalized risk assessment standard can be generated for each user. This personalized assessment is more in line with the actual behavior of the user and improves the accuracy of the risk assessment. By comparing the current operation of the target internal user with the preset behavior pattern, the difference points that do not conform to the conventional behavior pattern can be quickly identified. These difference points may be potential security risk points, providing important security information for the data management platform. Assigning a specific second score to each difference point enables the data management platform to quantify the behavioral risk of internal users in a fine-grained manner. This quantification mechanism helps managers to understand the risk level of user operations more accurately and provides strong support for the formulation of security policies. By monitoring the operations of the target internal user in real time and comparing them with the preset behavior pattern, the data management platform can evaluate the risk level of user behavior in real time. This real-time performance enables the data management platform to respond quickly to potential security threats and take timely measures to protect data security. When the second risk level is higher than the preset threshold, the data management platform can reduce the permissions of the target internal user, thereby preventing the potential security risk from further expanding. This preventive security strategy helps protect enterprise data from internal threats and improve data security. By providing users with feedback on the risk level of their operations, users can be more aware of security issues and have a stronger sense of self-protection. This helps to cultivate users’ safe behavior habits and further reduce data security risks.

Optionally, determining a preset behavior pattern according to the historical behavior of the target internal user includes:

Collect statistics on the historical login time, historical login location, historical access data type, and historical access data time of the target internal users;

Divide each login time into corresponding time periods according to the historical login time, determine a first login weight for each time period, and determine a second login weight for each login location according to the historical login location;

Determine the access weight of each data type in different time periods according to the historical access data type and the historical access data time;

A preset behavior mode is determined according to the first login weight, the second login weight and the access weight.

By adopting the above technical solution, based on the actual historical behavior data of the target internal users, the preset behavior pattern determined is more personalized and can more accurately reflect the daily operation habits of users. This helps to improve the accuracy and effectiveness of subsequent risk assessments. By counting and weighting the historical login time, the data management platform can identify the user's activity level in different time periods, so as to more accurately judge the rationality and safety of user operations. For example, high-frequency logins during non-working hours may be regarded as abnormal behavior. Combined with the weights of historical login locations, the data management platform can identify the user's regular workplace or commonly used equipment to further judge the rationality of user operations. Logins at abnormal locations may trigger security alerts. By analyzing the types and times of historical access data, the data management platform can understand the user's access preferences and habits for various types of data. This helps to identify abnormal data access behaviors, such as frequent access to non-work-related data or large-scale access to data during non-working hours. Combined with login weights, geographic location weights, and data access weights, the data management platform can establish a multi-dimensional evaluation system for user behavior patterns. This comprehensive analysis can more accurately capture the abnormal points of user behavior and provide strong support for risk assessment. As user behavior changes, the data management platform can regularly update the preset behavior pattern to adapt to new operating habits. This adaptability ensures the timeliness and accuracy of risk assessment. While ensuring data security, the data management platform can reduce interference with normal user operations and improve user experience through personalized preset behavior patterns.

Optionally, dividing each login time into corresponding time periods according to the historical login time, determining a first login weight for each time period, and determining a second login weight for each login location according to the historical login location includes:

Divide each day into a preset number of time periods on average, determine the first login times of the target user in a first target time period, and determine the first login weight in the first target time period according to the ratio of the first login times to the total login times;

A second login number of the target user at the target location is determined, and a second login weight of the target location is determined according to a ratio of the second login number to the total login number.

By adopting the above technical solution, each day is divided into a preset number of time periods, and the first login weight is determined based on the number of logins of the target user in different time periods, so that the data management platform can more accurately capture the user's login habits. This time-sensitive analysis helps the data management platform identify abnormal login behaviors in unconventional time periods, thereby warning of potential security risks in advance. The second login weight is determined based on the number of logins of the target user at a specific location, and the data management platform can identify the user's common login locations. This is particularly effective for identifying logins at abnormal locations, because logins at abnormal locations may mean that the user's account has been stolen or there are other security risks. By combining the time period weight and the location weight, the data management platform can provide users with a personalized risk assessment model. This model can more accurately reflect the user's actual behavior pattern, thereby improving the accuracy and effectiveness of risk assessment. Once the data management platform detects that the user's login behavior is significantly deviated from the preset behavior pattern, it can immediately trigger a security alarm to notify the administrator or the user himself. This real-time monitoring and early warning mechanism helps to respond to potential security threats in a timely manner and protect the security of data. As user behavior changes, the data management platform can regularly update the weight settings of time periods and locations to adapt to new behavior patterns. This adaptability ensures the timeliness and accuracy of risk assessment. While ensuring data security, the data management platform can reduce interference with normal user operations and improve user experience through personalized risk assessment models. For example, for login behaviors in common locations and regular time periods, the data management platform can automatically reduce the frequency or level of security verification.

Optionally, determining the access weight of each data type in different time periods according to the historical access data type and the historical access data time includes:

Divide each day into a preset number of time periods, determine the number of visits and the duration of visits to the target data type in the second target time period,

Determine a first access weight according to a ratio of the number of accesses to the target data type within the second target time period to the total number of accesses to the target data type;

Determine a second access weight according to a ratio of the access duration of the target data type in the second target time period to the total access duration of the target data type;

An access weight of the target data type within the second target time period is determined according to the first access weight and the second access weight.

By adopting the above technical solution, each day is divided into a preset number of time periods, and the number of accesses and access duration of a specific data type in each time period are counted, so that the data management platform can conduct a refined analysis of the user's data access behavior. This analysis helps to more accurately understand the user's data usage habits in different time periods, and provide a strong basis for subsequent risk assessment and security strategy formulation. Based on the number of accesses and access duration of the target data type in a specific time period, the data management platform can calculate the first access weight and second access weight of the data type in the time period. This dynamic weight adjustment mechanism can reflect the changes in user behavior, making the risk assessment results closer to the actual situation. Combining the access weights of different time periods and different data types, the data management platform can provide users with a personalized risk assessment model. This model can more accurately reflect the user's actual behavior pattern and improve the accuracy and effectiveness of risk assessment. Through continuous monitoring and analysis of user data access behavior, the data management platform can promptly discover abnormal behaviors that do not conform to the normal behavior pattern. For example, users access a large amount of sensitive data during non-working hours, or frequently access a large amount of data in a short period of time, etc. These abnormal behaviors may indicate potential security risks. Based on in-depth analysis of user data access behavior, the data management platform can provide users with more accurate security policy recommendations. For example, for users who frequently access sensitive data, the data management platform can recommend strengthening identity authentication or restricting access rights; for users who are active during non-working hours, the data management platform can remind administrators to pay attention to their account security, etc. While ensuring data security, the data management platform can reduce interference with normal user operations and improve user experience through personalized risk assessment models and security policy recommendations. For example, for access behaviors of commonly used data types and regular time periods, the data management platform can automatically reduce the frequency or level of security verification.

Optionally, comparing the operation of the target internal user with the preset behavior pattern to determine the difference includes:

Determine a first login weight corresponding to the current login time of the target internal user, and determine a second login weight corresponding to the current login location of the target internal user, and determine an access weight according to the type of data currently accessed by the target internal user and the access duration;

When the first login weight is less than a third preset threshold, the current login time is used as a distinguishing point;

When the second login weight is less than a fourth preset threshold, the current login location is used as a distinguishing point;

When the access weight is less than the fifth preset threshold, the data type and access duration of the current access are used as distinguishing points.

By adopting the above technical solution, the data management platform can immediately detect any deviation from the normal behavior by comparing the user's current operation with the preset behavior pattern in real time. This real-time performance is crucial for timely response to security threats. Not only the login time and location are taken into account, but also the type of data accessed by the user and the duration of the access are combined to form a multi-dimensional analysis framework. This helps to more comprehensively evaluate the normality of user behavior. By setting the third, fourth and fifth preset thresholds, the data management platform can adjust the sensitivity to abnormal behavior according to actual needs. This flexibility enables the data management platform to adapt to the needs of different users or different security levels. When the data management platform detects that the behavior weight on one or more dimensions is lower than the preset threshold, it can accurately identify the current login time, location or access behavior as a distinguishing point. This provides clear guidance for subsequent security policy formulation and response. By detecting abnormal behavior in real time and accurately identifying the distinguishing points, the data management platform can more effectively prevent potential security risks. For example, for illegal logins or abnormal data access, the data management platform can take timely blocking measures or trigger alarms. Although security is the primary goal, this method also takes into account the user experience. By accurately identifying abnormal behavior and avoiding interference with normal operations, the data management platform can improve the user experience while ensuring security. The determination of the distinguishing points not only provides a basis for the data management platform to automatically respond, but also provides decision support for security managers. By analyzing the distinguishing points, managers can have a deeper understanding of user behavior patterns and formulate corresponding security policies.

In a second aspect of the present application, a data security protection system for identity security is provided, comprising a data module, an identity module, a first execution module and a second execution module, wherein:

A data module configured to establish a database, wherein the database includes internal users of a target enterprise, virtual external users of the target enterprise, data of different importance levels of the target enterprise, and access permission relationships between different users and data;

an identity module configured to obtain identity information of the target user in response to an operation of the target user accessing the target data, and determine whether the identity information can match an internal user in the database;

A first execution module is configured to select a target virtual external user from the virtual external users to bind the target user when the identity information cannot match the internal user in the database, calculate a first risk level according to the operation of the target virtual external user, and close the access right of the target virtual external user when the first risk level is higher than a first preset threshold;

The second execution module is configured to calculate a second risk level according to the operation of the target internal user and the preset behavior pattern of the target internal user when the identity information matches the target internal user in the database, and reduce the authority of the target internal user when the second risk level is higher than a second preset threshold.

In the third aspect of the present application, an electronic device is provided, including a processor, a memory, a user interface and a network interface, the memory is used to store instructions, the user interface and the network interface are both used to communicate with other devices, and the processor is used to execute the instructions stored in the memory so that the electronic device executes any one of the methods described above.

In a fourth aspect of the present application, a computer-readable storage medium is provided, wherein the computer-readable storage medium stores instructions, and when the instructions are executed, any of the methods described above is executed.

In summary, one or more technical solutions provided in the embodiments of the present application have at least the following technical effects or advantages:

1. A two-factor authentication mechanism is implemented by determining whether the target user's identity information can match the internal user in the database. This ensures that only verified internal users can access the target data, thereby effectively preventing unauthorized external users from accessing sensitive data;

2. When the identity information of the target user cannot be matched to an internal user, a virtual external user binding solution is provided. This mechanism allows external users to access data in a controlled manner while maintaining data security. By setting access rights and operation risk levels for virtual external users, the data management platform can manage external access in a refined manner.

3. Real-time risk assessment is implemented for both virtual external users and internal users. By calculating the first risk level and the second risk level, the data management platform can quickly identify potential security threats and take appropriate measures to reduce risks. This timely response helps prevent data leaks and other security incidents;

4. When high-risk behaviors are detected, the data management platform will dynamically adjust the user's access rights. For virtual external users, the data management platform can close their access rights; for internal users, the data management platform can lower their permission level. This dynamic adjustment mechanism can ensure a balance between the flexibility and security of data access;

5. The data security of the data management platform is significantly improved by implementing strict identity authentication, virtual external user management, real-time risk assessment, and dynamic permission adjustment mechanisms. This helps protect sensitive enterprise information from unauthorized access and leakage.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG1 is a flow chart of a data security protection method for identity security disclosed in an embodiment of the present application;

FIG2 is a schematic diagram of a module of a data security protection system for identity security disclosed in an embodiment of the present application;

FIG. 3 is a schematic diagram of the structure of an electronic device disclosed in an embodiment of the present application.

Explanation of the reference numerals: 201, data module; 202, identity module; 203, first execution module; 204, second execution module; 301, processor; 302, communication bus; 303, user interface; 304, network interface; 305, memory.

DETAILED DESCRIPTION

In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below in conjunction with the drawings in the embodiments of this specification. Obviously, the described embodiments are only part of the embodiments of this application, not all of the embodiments.

In the description of the embodiments of the present application, words such as "for example" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described as "for example" or "for example" in the embodiments of the present application should not be interpreted as being more preferred or more advantageous than other embodiments or designs. Specifically, the use of words such as "for example" or "for example" is intended to present related concepts in a specific way.

In the description of the embodiments of the present application, the meaning of the term "multiple" refers to two or more. For example, multiple systems refer to two or more systems, and multiple screen terminals refer to two or more screen terminals. In addition, the terms "first" and "second" are used for descriptive purposes only and cannot be understood as indicating or implying relative importance or implicitly indicating the indicated technical features. Thus, the features defined as "first" and "second" may explicitly or implicitly include one or more of the features. The terms "include", "comprise", "have" and their variations all mean "including but not limited to", unless otherwise specifically emphasized.

This embodiment discloses a data security protection method for identity security. FIG1 is a flow chart of the data security protection method for identity security disclosed in the embodiment of the present application. As shown in FIG1 , the data security protection method includes the following steps:

S110, establishing a database, wherein the database includes internal users of the target enterprise, virtual external users of the target enterprise, data of different importance levels of the target enterprise, and access rights relationships between different users and data;

A database is a collection for storing, retrieving, managing and processing data. In an embodiment of the present application, a database is used to store and manage information related to target enterprise users, data and access rights. The target enterprise refers to a specific company or organization that needs to establish data protection measures. Internal users: refers to employees, employee teams or departments that belong to the target enterprise and have access to internal enterprise resources (such as data, systems, files, etc.). They are usually authenticated and authorized, and can directly access and use sensitive information within the enterprise according to their permissions. Virtual external users of the target enterprise: virtual accounts set up to allow external personnel such as partners and third-party suppliers to access limited data of the target enterprise. According to the sensitivity and potential value of the data, the data is divided into different levels of importance. For example, some data may contain sensitive business secrets or customer information, so it has a higher level of importance and requires more stringent access control and protection measures. Access rights: defines the data that users can access and the operations they can perform on these data (such as read, write, modify, delete, etc.). Access rights relationship refers to the permission correspondence between users and data stored in the database. This relationship determines the specific data that each user can access and how they can use this data. By setting appropriate access permission relationships, you can ensure that only authorized users can access data with corresponding permissions, thereby protecting the integrity and security of the data.

S120, in response to the target user's operation of accessing the target data, obtaining the identity information of the target user, and determining whether the identity information can match an internal user in the database;

The target user may be an internal employee, partner, or any other entity that needs to access corporate data. When the target user attempts to access specific data (such as files, database records, application functions, etc.), the data management platform initiates an authentication and authorization process. The data management platform will first display a login interface, requiring the user to enter their identity credentials, such as username and password. After the user enters their username and password, the data management platform will collect this information. In addition to username and password, the data management platform may also use multi-factor authentication to increase security. This may include biometrics (such as fingerprint or facial recognition), mobile phone verification codes, hardware tokens, etc. To ensure the security of data during transmission, the user's identity information is encrypted before being sent to the server for verification. The server connects to the database that stores user information. The server retrieves the user record corresponding to the entered username in the database and compares the stored password hash value with the hash value generated from the user input. If the two match, the username and password are considered to be successfully authenticated. In addition to the username and password, the data management platform may also verify whether the multi-factor authentication information provided by the user is correct. After the user's authentication is successful, the data management platform will check whether the user's type is an internal user. This is typically accomplished by examining attributes in the user record, such as the EmployeeID, Department, or UserType fields.

S130, when the identity information cannot match the internal user in the database, selecting a target virtual external user from the virtual external users to bind the target user, calculating a first risk level according to an operation of the target virtual external user, and closing the access right of the target virtual external user when the first risk level is higher than a first preset threshold;

To manage the access rights of external users, the data management platform can pre-define a series of virtual external users. Each virtual external user represents the identity of a class of external visitors, such as partners, suppliers, temporary visitors, etc. Different types of virtual external users have different access rights. For example, partners may be able to access certain shared data or functions, while temporary visitors may have very limited access rights. When the system determines that a user is an external user, it assigns a suitable virtual external user identity based on the user's identity information (such as email address, company name, etc.). This is usually achieved by matching the information entered by the user with the predefined virtual external user type. When a user is bound to a virtual external user, the data management platform calculates the first risk level based on the user's operations. This can be achieved by analyzing factors such as the user's access pattern, behavior pattern, access time, etc. For example, if a user attempts to access sensitive data or performs abnormal operations, his risk level may increase. If the calculated first risk level is higher than the first preset threshold, the data management platform immediately closes the user's access rights to prevent potential security risks.

Optionally, calculating the first risk level according to the operation of the target virtual external user includes:

Identify abnormal behaviors of the target virtual external user through preset rules, wherein the abnormal behaviors include abnormal login time, abnormal login location, abnormal type of accessed data, and abnormal time of accessed data;

A first score corresponding to each abnormal behavior is determined, a first total risk score of the target virtual external user is calculated according to the first score, and the first total risk score is mapped to a predetermined risk level.

Define preset rules to identify abnormal behaviors of virtual external users. These abnormal behaviors may include abnormal login time, abnormal login location, abnormal type of accessed data, and abnormal time of accessed data.

Abnormal login time: For example, virtual external users frequently log in during non-working hours (such as late at night or early in the morning). Abnormal login location: The login location of a virtual external user changes suddenly, or the user comes from a high-risk area (such as an unknown IP outside the country). Abnormal type of accessed data: Users suddenly try to access sensitive documents that are not related to their duties, such as financial reports, customer information, etc. Abnormal access time of data: Users frequently access a large amount of data in a short period of time, or maintain access to a certain document for a long time.

For each abnormal behavior, the data management platform will assign a first score, which represents the risk level of the abnormal behavior. For example: 3 points for abnormal login time (assuming that the risk level of this abnormality is relatively low); 5 points for abnormal login location (because this abnormality may mean that the account has been stolen); 8 points for abnormal access data type (this usually means that the user may be accessing data without authorization); 6 points for abnormal access data time (this abnormality may indicate that the user is trying to steal a large amount of data).

The data management platform will add up the first scores corresponding to all abnormal behaviors of virtual external users to obtain the first total risk score. For example, if a virtual external user has abnormal login time and abnormal access data type, then its first total risk score is 3 points (abnormal login time) + 8 points (abnormal access data type) = 11 points. The data management platform will map the first total risk score to a predetermined risk level. This risk level can be defined based on the specific needs and security policies of the enterprise. For example, the following risk levels can be defined:

Low risk (0-5 points): Behavior at this risk level is generally normal or acceptable.

Medium Risk (6-10 points): Behaviors at this risk level may require further review or restriction.

High risk (11 points or more): Behavior at this risk level may indicate account compromise or other serious security threats, requiring immediate action (such as shutting down access, triggering an alert, etc.).

In this example, since the first risk total score of the virtual external user is 11 points, it will be classified as a high risk level, the system will shut down its access rights, and may trigger a security alert or notify the administrator for further processing.

By using preset rules to identify abnormal behaviors of target virtual external users in real time, such as abnormal login time and login location, real-time monitoring of user access behaviors is achieved. This monitoring capability enables the system to detect potential security risks in a timely manner, providing a basis for taking further security measures. Each abnormal behavior is assigned a corresponding first score, and the first risk total score of the target virtual external user is calculated based on this, realizing the quantification of risk assessment. This quantitative assessment method enables the data management platform to more accurately assess the risk level of users, thereby providing a basis for formulating appropriate security policies. The first risk total score is mapped to a predetermined risk level, such as low risk, medium risk, high risk, etc., so that the data management platform can more intuitively understand the risk level of users. This classification method not only facilitates administrators to grasp user risks, but also facilitates the system to take corresponding security measures according to the risk level. Based on the assessment of user risk levels, the data management platform can optimize security policies, such as taking stricter access control for high-risk users and triggering security alarms. This policy optimization helps to improve the overall security of the system and reduce potential security risks.

S140. When the identity information matches a target internal user in the database, a second risk level is calculated according to the operation of the target internal user and a preset behavior pattern of the target internal user. When the second risk level is higher than a second preset threshold, the authority of the target internal user is reduced.

Verify the identity information provided by the user, such as username and password. If this information matches the record of the target internal user stored in the database, the data management platform will confirm the user's internal identity and allow him to enter the data management platform. Each internal user may have one or more preset behavior patterns. These behavior patterns are set based on factors such as the user's responsibilities, historical operating habits, working hours, etc., and reflect the user's operating characteristics under normal circumstances. The preset behavior pattern may include login time, common functions, accessed data types, operation frequency, etc. After the user's identity is confirmed, the data management platform will begin to monitor the user's operation behavior. This includes the time when the user logs in, the functions used, the data accessed, the frequency and duration of operations, etc. All of this operation data will be recorded by the system for subsequent analysis and comparison. The data management platform will compare the user's actual operation behavior with the preset behavior pattern to find out the differences between the two. These differences may include abnormal login time, infrequently used functions, access to data outside the scope of responsibilities, and too high or too low operation frequency. Based on these differences, the data management platform will assign a risk score to each difference. The allocation of risk scores can be set based on the severity of the difference and the impact on enterprise security. Eventually, the risk scores of all differences will be accumulated to form the user's second total risk score. When the second total risk score is higher than the preset second threshold, the data management platform will determine that the user's operation is high risk. At this time, the data management platform will take corresponding security measures, such as reducing the user's access rights, triggering security alerts, or notifying administrators for further review. Measures to reduce permissions can include restricting users from accessing certain sensitive data, restricting the use of certain functions, shortening session time, etc. These measures are designed to reduce the threat that users may pose to corporate security while maintaining the normal operation of the system. For internal users whose permissions have been reduced, the data management platform can send notifications to inform users that their operations have been monitored by the system and remind them to pay attention to their operating behaviors. At the same time, administrators can also communicate with users as needed to understand the reasons behind their operations and give corresponding suggestions or guidance.

Optionally, calculating the second risk level according to the operation of the target internal user and a preset behavior pattern of the target internal user includes:

Determine a preset behavior pattern according to the historical behavior of the target internal user, and compare the operation of the target internal user with the preset behavior pattern to determine the difference;

A second score corresponding to each distinguishing point is determined, and a second total risk score of the target internal user is calculated according to the second score, and the second total risk score is mapped to a predetermined risk level.

Determine the preset behavior pattern based on the historical behavior data of the target internal user. This data may include the employee's login time in the past few months or years, the frequency of using the data management platform, the functions frequently accessed, the types of data processed, etc. By analyzing this data, the data management platform can establish a relatively stable preset behavior pattern that represents the employee's normal operating characteristics. For example, the preset behavior pattern of employee A may be: log in to the system from 9 am to 5 pm on weekdays, log in an average of 3 times a day, frequently access functions such as order management and employee attendance, and the types of data processed are mainly sales orders and attendance records. Monitor employee A's current operating behavior in real time and compare it with the preset behavior pattern. This process may involve comparisons in multiple aspects, such as login time, frequency of use, access functions, processed data, etc. Suppose one day, employee A logs in to the system at 10 pm and continuously accesses multiple sensitive functions related to finance, and also attempts to access data that is not within his scope of responsibility. These operations are significantly different from the preset behavior pattern. Based on the comparison results, the data management platform will determine the difference between the operation and the preset behavior pattern and assign a second score to each difference point. The allocation of this score can be set according to the severity of the difference point and the impact on system security. For example, logging in at 10 pm may be assigned 1 point (because it is inconsistent with normal working hours), continuous access to multiple sensitive functions may be assigned 3 points (because it may involve unauthorized data access), and access to data outside the scope of responsibility may be assigned 2 points (because it may involve unauthorized operations). The data management platform will add up the second scores of all difference points to obtain the second risk total score of employee A. In this example, the second risk total score of employee A is 1 point (abnormal login time) + 3 points (continuous access to sensitive functions) + 2 points (access to data outside the scope of responsibility) = 6 points. The data management platform will map the second risk total score to a predetermined risk level. These risk levels can be set according to the security policies and needs of the enterprise, usually including low risk, medium risk, high risk, etc. Assume that the risk level of the enterprise is divided as follows: low risk: 0-3 points; medium risk: 4-7 points; high risk: 8 points or more. In the embodiment of the present application, the second risk total score of employee A is 6 points, which belongs to the medium risk level. This means that there is a certain security risk in the employee's operation behavior, which requires further review and attention from the administrator.

By comparing the current operation of the target internal user with the preset behavior pattern determined based on its historical behavior, the data management platform can accurately identify the difference points that do not match the regular behavior pattern. These difference points often represent potential security risks or abnormal behaviors, allowing the data management platform to more accurately assess the risk level of the user. The data management platform can monitor the operation behavior of internal users in real time and immediately calculate and evaluate when it finds a situation that does not match the preset behavior pattern. This real-time performance ensures that the data management platform can discover potential security issues in the shortest time and take corresponding security measures in time. The data management platform achieves a quantitative assessment of the risk level by assigning a second score to each difference point and calculating the second risk total score. This enables enterprises to flexibly formulate and adjust risk management strategies according to the risk level, such as setting different permission levels, triggering security alerts, or conducting further investigations. By mapping the second risk total score to the predetermined risk level, the data management platform can issue early warnings to administrators to indicate the existence of potential security risks. This early warning mechanism helps enterprises take preventive measures in advance to avoid potential security issues from turning into actual security incidents. By providing accurate risk assessment results and detailed behavior analysis data, the data management platform can assist administrators in making more informed security decisions. Administrators can use this information to optimize security policies, strengthen user training, or conduct further security investigations, thereby improving the overall security level of the enterprise. While ensuring security, the data management platform can minimize interference with normal user operations through reasonable preset behavior patterns and flexible risk management strategies. This balance helps improve the overall user experience and ensures that the company's business operations comply with relevant regulations and compliance requirements.

Optionally, determining a preset behavior pattern according to the historical behavior of the target internal user includes:

Collect statistics on the historical login time, historical login location, historical access data type, and historical access data time of the target internal users;

Divide each login time into corresponding time periods according to the historical login time, determine a first login weight for each time period, and determine a second login weight for each login location according to the historical login location;

Determine the access weight of each data type in different time periods according to the historical access data type and the historical access data time;

A preset behavior mode is determined according to the first login weight, the second login weight and the access weight.

Collect historical behavior data of the target internal user (e.g. employee B), which includes:

Historical login time: all login times of employee B in the past period of time;

Historical login location: The geographical location of the device or network used by employee B to log into the system;

Historical access data types: various data types that employee B has accessed, such as files, database records, etc.;

Historical access data time: the time when employee B accessed various data types.

Divide the historical login time into different time periods, such as morning, noon, evening, early morning, etc. Determine the first login weight for each time period based on the login frequency of employee B in each time period. For example, if employee B often logs into the system in the morning, the first login weight in the morning will be relatively high. Determine the second login weight for each login location based on employee B's historical login locations. If employee B usually logs in at the company office, the second login weight for the company office will be very high; if employee B occasionally logs in at home or on a business trip, the second login weights for these locations will be relatively low. Association between data types and time periods: Analyze the relationship between the data types accessed by employee B and the access time. For example, employee B may mainly access work reports in the morning and project files in the afternoon. Access weight determination: Determine the access weight of each data type in different time periods based on the access frequency of employee B to different data types in different time periods.

The first login weight, the second login weight, and the access weight are combined to form a preset behavior pattern. This pattern describes the time and location of employee B's login to the system under normal circumstances, as well as the type of data accessed in different time periods. The preset behavior pattern can be used as a benchmark for subsequent detection of abnormal behavior. If employee B's current behavior is significantly different from the preset behavior pattern, the system can issue a warning to indicate that there may be a security risk.

By counting and analyzing the historical login time, location, access data type and time of the target internal users, the data management platform can build an accurate preset behavior pattern. This pattern can help the system quickly identify operations that do not conform to the normal behavior pattern, so as to timely discover potential security risks, such as unauthorized access, abnormal login, etc., and improve the security of the entire system. Since the preset behavior pattern is determined based on the historical behavior of each target internal user, it can reflect the personalized characteristics of each user. This personalized monitoring method is more accurate than the general security policy. It can reduce interference with normal user operations while ensuring system security and improve user experience. When the data management platform detects that the user's current behavior is significantly different from the preset behavior pattern, it can trigger a risk warning in real time. This real-time feature enables enterprises to discover potential security risks in the shortest time and take corresponding measures quickly to prevent the occurrence or expansion of security incidents. The preset behavior pattern provides security managers with rich data analysis support. By analyzing the user's behavior pattern, managers can more accurately understand the user's work habits and needs, so as to formulate more reasonable and effective security strategies and management measures. Through the preset behavior pattern, the data management platform can automatically assess and monitor the user's operations, reducing the need for manual intervention. This can not only reduce security management costs, but also improve security management efficiency, making the company's security management work more convenient and efficient.

Optionally, dividing each login time into corresponding time periods according to the historical login time, determining a first login weight for each time period, and determining a second login weight for each login location according to the historical login location includes:

Divide each day into a preset number of time periods on average, determine the first login times of the target user in a first target time period, and determine the first login weight in the first target time period according to the ratio of the first login times to the total login times;

A second login number of the target user at the target location is determined, and a second login weight of the target location is determined according to a ratio of the second login number to the total login number.

For example, a day is evenly divided into four time periods: early morning (00:00-06:00), morning (06:00-12:00), afternoon (12:00-18:00) and evening (18:00-24:00). The target user's login records in the past month are counted and the following data is obtained: Number of logins in the early morning: 5 times; number of logins in the morning: 30 times; number of logins in the afternoon: 20 times; number of logins in the evening: 15 times. Total number of logins = 5+30+20+15=70 times. The weight of the first login in the early morning = 5/70≈0.07; the weight of the first login in the morning = 30/70≈0.43; the weight of the first login in the afternoon = 20/70≈0.29; the weight of the first login in the evening = 15/70≈0.21.

Assume that the target user has logged in from three main locations in the past month: office, home, and coffee shop. The statistical results are: number of logins in the office: 50 times; number of logins at home: 15 times; number of logins in coffee shops: 5 times. The total number of logins is still 70 times. Calculate the second login weight of each location: the second login weight of the office = 50/70≈0.71; the second login weight of the home = 15/70≈0.21; the second login weight of the coffee shop = 5/70≈0.07.

The login weights for each time period and each location have been obtained, and these weights can be used to build a preset behavior pattern for users. For example, when the data management platform detects that a user logs in from a non-office location during the early morning hours, since the weights of the early morning hours and non-office locations are both low, the data management platform may consider this to be an abnormal behavior and trigger a corresponding security alert.

By dividing the daily login time into a preset number of time periods and calculating the first login weight within each time period, the data management platform can more accurately identify the time period when the user logs into the system. This refined time division helps the data management platform to more accurately capture the user's login habits, thereby improving the accuracy of identifying abnormal login behaviors. Similarly, by counting and calculating the weight of the login location, the data management platform can understand the location where the user logs into the system. When the data management platform detects that the user logs in from an unconventional location, it can determine whether this behavior is abnormal based on the second login weight. This geo-location-based security enhancement helps prevent unauthorized access and potential security risks. Combined with the first login weight and the second login weight, the data management platform can build a comprehensive preset behavior model. When the user's actual login time and weight, location and weight are significantly different from the preset behavior model, the data management platform can trigger a risk warning in real time. This real-time nature enables enterprises to discover potential security risks at the first time and take corresponding measures to prevent them. Since the login time and location of each user may be different, the weight calculation based on historical behavior can achieve personalized security management. The data management platform can customize security policies based on the preset behavior patterns of each user, thereby ensuring security while reducing interference with normal user operations and improving user experience. By counting and analyzing user login time and location data, the data management platform can provide enterprises with rich data support. These data not only help enterprises understand user behavior habits, but also provide decision-making basis for security managers to formulate more reasonable and effective security policies. By automatically calculating and applying the first login weight and the second login weight, the system can simplify the security management process. The system can automatically assess and monitor the risk of user login behavior, reducing the need for manual intervention and improving security management efficiency.

Optionally, determining the access weight of each data type in different time periods according to the historical access data type and the historical access data time includes:

Divide each day into a preset number of time periods, determine the number of visits and the duration of visits to the target data type in the second target time period,

Determine a first access weight according to a ratio of the number of accesses to the target data type within the second target time period to the total number of accesses to the target data type;

Determine a second access weight according to a ratio of the access duration of the target data type in the second target time period to the total access duration of the target data type;

An access weight of the target data type within the second target time period is determined according to the first access weight and the second access weight.

For example, divide a day into four time periods: early morning (00:00-06:00), morning (06:00-12:00), afternoon (12:00-18:00), and evening (18:00-24:00). Assume that the target user frequently accesses two types of data: documents (Docs) and reports (Reports). Count the number of times he accessed and the duration of his access in each time period in the past month. The statistical results may be as follows:

Early morning (00:00-06:00):

Number of visits to Docs: 10 times; duration of visits to Docs: 30 minutes; number of visits to Reports: 0 times; duration of visits to Reports: 0 minutes.

Morning (06:00-12:00):

Number of visits to Docs: 80 times; duration of visits to Docs: 300 minutes; number of visits to Reports: 20 times; duration of visits to Reports: 60 minutes.

Afternoon (12:00-18:00):

Number of visits to Docs: 60 times; duration of visits to Docs: 240 minutes; number of visits to Reports: 30 times; duration of visits to Reports: 90 minutes.

Evening (18:00-24:00):

Number of visits to Docs: 30 times; duration of visits to Docs: 120 minutes; number of visits to Reports: 10 times; duration of visits to Reports: 30 minutes.

The first access weight is calculated based on the ratio of the number of visits to the target data type in a specific time period to the total number of visits. For example, the access weight of Docs in the morning is:

The first visit weight = the number of visits to Docs in the morning / the total number of visits to Docs = 80 times / (80 times + 60 times + 30 times) = 80 times / 170 times ≈ 0.47.

The second access weight is calculated based on the ratio of the access duration of the target data type in a specific time period to the total access duration. For example, the access weight of Docs in the morning is:

The second access weight = the access time of Docs in the morning / the total access time of Docs = 300 minutes / (300 minutes + 240 minutes + 120 minutes) = 300 minutes / 660 minutes ≈ 0.45.

The access weight of the target data type in a specific time period can be determined based on the first access weight and the second access weight, which can be achieved by taking the average of the two weights or other calculation methods.

For example, for the access weight of Docs in the morning: access weight = (first access weight + second access weight)/2 = (0.47+0.45)/2 = 0.46.

After determining the access weights of each data type in different time periods, they can be applied to preset behavior patterns. This can more accurately identify abnormal behaviors, such as frequent access to sensitive data during non-working hours, or large-scale access to specific data types in a short period of time.

By dividing each day into a preset number of time periods and calculating the access weight of the target data type in each time period, the data management platform can more accurately capture the user's normal access behavior pattern, thereby more accurately identifying abnormal behaviors that do not conform to the normal pattern. This accuracy can greatly improve the accuracy of the security detection system and reduce the false alarm rate. By calculating the access weight of each data type in different time periods, the system can gain in-depth insights into the user's access habits and preferences. This helps companies better understand user needs and behavior patterns, thereby optimizing product design and service provision. At the same time, this also provides security managers with richer data support, enabling them to formulate more reasonable and effective security strategies based on user behavior. Combined with the first access weight and the second access weight, the data management platform can build a comprehensive preset behavior pattern. When the user's actual access behavior is significantly different from the preset behavior pattern, the system can trigger a risk warning in real time. This real-time nature enables companies to discover potential security risks at the first time and take appropriate measures to prevent them, thereby greatly reducing the probability of security risks. Since each user's access behavior and preferences may be different, the access weight calculation based on historical access data can achieve personalized security management. The data management platform can customize security policies based on the preset behavior patterns of each user, thereby ensuring security while reducing interference with normal user operations and improving user experience. Through statistical analysis of historical access data, the data management platform can provide enterprises with rich data support. These data not only help enterprises understand user behavior habits and needs, but also provide decision-making basis for security managers to formulate more reasonable and effective security policies. This data-driven decision-making method can improve the scientificity and accuracy of decision-making, and help enterprises achieve more accurate security management. By automatically calculating and applying access weights, the data management platform can simplify the security management process. The data management platform can automatically assess and monitor the risk of user access behavior, reducing the need for manual intervention and improving security management efficiency. At the same time, this automated management method can also reduce the risk of human error and improve the reliability of security management.

Optionally, comparing the operation of the target internal user with the preset behavior pattern to determine the difference includes:

Determine a first login weight corresponding to the current login time of the target internal user, and determine a second login weight corresponding to the current login location of the target internal user, and determine an access weight according to the type of data currently accessed by the target internal user and the access duration;

When the first login weight is less than a third preset threshold, the current login time is used as a distinguishing point;

When the second login weight is less than a fourth preset threshold, the current login location is used as a distinguishing point;

When the access weight is less than the fifth preset threshold, the data type and access duration of the current access are used as distinguishing points.

For example, it is determined that the current login time of user B is 3 a.m., the corresponding first login weight is 0.07, the current login location is an IP address that has never been logged in before, the corresponding second login weight is 0, the current accessed data type is financial report, and the access duration is 30 minutes. Since the first login weight of employee B is lower than the third preset threshold (for example, 0.5), the current login time (3 a.m.) is used as the distinguishing point. The second login weight of employee B is lower than the fourth preset threshold (for example, 0.7), so the current login location (the IP address) is used as the distinguishing point. If the weight of Zhang San's access to the financial report (calculated by combining the weight of the number of visits and the access duration) is lower than the fifth preset threshold (for example, 0.6), then the current accessed data type (financial report) and the access duration are used as distinguishing points. After the distinguishing points are determined, the second total risk score can be calculated based on the second score corresponding to each distinguishing point.

By comparing the current operation of the target internal user with the preset behavior pattern and calculating the weight based on multiple dimensions such as login time, login location and access behavior, the data management platform can more accurately identify abnormal operations that do not conform to the normal behavior pattern. This multi-dimensional comparison and weight calculation method can reduce the false alarm rate and improve the accuracy of security detection. When the data management platform detects that the operation of the target internal user is significantly different from the preset behavior pattern, it can immediately trigger a risk warning. This real-time feature enables enterprises to discover potential security risks at the first time and take corresponding measures to prevent them, thereby avoiding the occurrence of security incidents or reducing their impact. By performing multi-dimensional analysis and comparison of user operations, the data management platform can have a deeper understanding of users' login habits, access preferences and behavior patterns. Since each user's login and access behavior may be different, user behavior analysis based on historical data can achieve personalized security management. The system can customize security policies based on each user's preset behavior pattern, thereby reducing interference with users' normal operations while ensuring security and improving user experience. By automatically comparing user operations with preset behavior patterns and determining the differences, the data management platform can simplify the security management process. This automated management approach reduces the need for manual intervention and improves security management efficiency.

This embodiment also discloses a data security protection system for identity security. FIG. 2 is a module diagram of the data security protection system for identity security disclosed in the embodiment of the present application. As shown in FIG. 2 , the data security protection system includes a data module 201, an identity module 202, a first execution module 203, and a second execution module 204, wherein:

Data module 201 is configured to establish a database, wherein the database includes internal users of the target enterprise, virtual external users of the target enterprise, data of different importance levels of the target enterprise, and access permission relationships between different users and data;

The identity module 202 is configured to obtain the identity information of the target user in response to the target user's operation of accessing the target data, and determine whether the identity information can match the internal user in the database;

A first execution module 203 is configured to select a target virtual external user from the virtual external users to bind the target user when the identity information cannot match the internal user in the database, calculate a first risk level according to the operation of the target virtual external user, and close the access right of the target virtual external user when the first risk level is higher than a first preset threshold;

The second execution module 204 is configured to calculate a second risk level according to the operation of the target internal user and the preset behavior pattern of the target internal user when the identity information matches the target internal user in the database, and reduce the authority of the target internal user when the second risk level is higher than a second preset threshold.

Optionally, the first execution module 203 is configured to:

Identify abnormal behaviors of the target virtual external user through preset rules, wherein the abnormal behaviors include abnormal login time, abnormal login location, abnormal type of accessed data, and abnormal time of accessed data;

A first score corresponding to each abnormal behavior is determined, a first total risk score of the target virtual external user is calculated according to the first score, and the first total risk score is mapped to a predetermined risk level.

Optionally, the second execution module 204 is configured to:

Determine a preset behavior pattern according to the historical behavior of the target internal user, and compare the operation of the target internal user with the preset behavior pattern to determine the difference;

A second score corresponding to each distinguishing point is determined, and a second total risk score of the target internal user is calculated according to the second score, and the second total risk score is mapped to a predetermined risk level.

Optionally, the second execution module 204 is configured to:

Collect statistics on the historical login time, historical login location, historical access data type, and historical access data time of the target internal users;

Divide each login time into corresponding time periods according to the historical login time, determine a first login weight for each time period, and determine a second login weight for each login location according to the historical login location;

Determine the access weight of each data type in different time periods according to the historical access data type and the historical access data time;

A preset behavior mode is determined according to the first login weight, the second login weight and the access weight.

Optionally, the second execution module 204 is configured to:

Divide each day into a preset number of time periods on average, determine the first login times of the target user in a first target time period, and determine the first login weight in the first target time period according to the ratio of the first login times to the total login times;

A second login number of the target user at the target location is determined, and a second login weight of the target location is determined according to a ratio of the second login number to the total login number.

Optionally, the second execution module 204 is configured to:

Divide each day into a preset number of time periods, determine the number of visits and the duration of visits to the target data type in the second target time period,

Determine a first access weight according to a ratio of the number of accesses to the target data type within the second target time period to the total number of accesses to the target data type;

Determine a second access weight according to a ratio of the access duration of the target data type in the second target time period to the total access duration of the target data type;

An access weight of the target data type within the second target time period is determined according to the first access weight and the second access weight.

Optionally, the second execution module 204 is configured to:

Determine a first login weight corresponding to the current login time of the target internal user, and determine a second login weight corresponding to the current login location of the target internal user, and determine an access weight according to the type of data currently accessed by the target internal user and the access duration;

When the first login weight is less than a third preset threshold, the current login time is used as a distinguishing point;

When the second login weight is less than a fourth preset threshold, the current login location is used as a distinguishing point;

When the access weight is less than the fifth preset threshold, the data type and access duration of the current access are used as distinguishing points.

It should be noted that: when the device provided in the above embodiment realizes its function, only the division of the above functional modules is used as an example. In actual application, the above functions can be assigned to different functional modules as needed, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the device and method embodiments provided in the above embodiment belong to the same concept, and the specific implementation process is detailed in the method embodiment, which will not be repeated here.

This embodiment further discloses an electronic device. Referring to FIG. 3 , the electronic device may include: at least one processor 301 , at least one communication bus 302 , a user interface 303 , a network interface 304 , and at least one memory 305 .

The communication bus 302 is used to realize the connection and communication between these components.

The user interface 303 may include a display screen (Display) and a camera (Camera). Optionally, the user interface 303 may also include a standard wired interface and a wireless interface.

The network interface 304 may optionally include a standard wired interface or a wireless interface (such as a WI-FI interface).

Among them, the processor 301 may include one or more processing cores. The processor 301 uses various interfaces and lines to connect various parts in the entire server, and executes various functions of the server and processes data by running or executing instructions, programs, code sets or instruction sets stored in the memory 305, and calling data stored in the memory 305. Optionally, the processor 301 can be implemented in at least one hardware form of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), and programmable logic array (Programmable Logic Array, PLA). The processor 301 can integrate one or a combination of a central processing unit (Central Processing Unit, CPU), a graphics processing unit (Graphics Processing Unit, GPU) and a modem. Among them, the CPU mainly processes the operating system, user interface and application programs; the GPU is responsible for rendering and drawing the content to be displayed on the display screen; the modem is used to process wireless communications. It can be understood that the above-mentioned modem may not be integrated into the processor 301, and it can be implemented separately through a chip.

Among them, the memory 305 may include a random access memory (RAM) or a read-only memory (Read-Only Memory). Optionally, the memory 305 includes a non-transitory computer-readable storage medium. The memory 305 can be used to store instructions, programs, codes, code sets or instruction sets. The memory 305 may include a program storage area and a data storage area, wherein the program storage area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playback function, an image playback function, etc.), instructions for implementing the above-mentioned various method embodiments, etc.; the data storage area may store data involved in the above-mentioned various method embodiments, etc. The memory 305 may also be at least one storage device located away from the aforementioned processor 301. As shown in Figure 3, the memory 305 as a computer storage medium may include an operating system, a network communication module, a user interface module, and an application for a data security protection method for identity security.

In the electronic device shown in Figure 3, the user interface 303 is mainly used to provide an input interface for the user and obtain data input by the user; and the processor 301 can be used to call the application program of the data security protection method for identity security stored in the memory 305. When executed by one or more processors 301, the electronic device executes one or more methods in the above-mentioned embodiments.

It should be noted that, for the above-mentioned method embodiments, for the sake of simplicity, they are all expressed as a series of action combinations, but those skilled in the art should be aware that the present application is not limited by the order of the actions described, because according to the present application, certain steps can be performed in other orders or simultaneously. Secondly, those skilled in the art should also be aware that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required for the present application.

In the above embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference can be made to the relevant descriptions of other embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed devices can be implemented in other ways. For example, the device embodiments described above are only schematic, such as the division of units, which is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some service interfaces, and the indirect coupling or communication connection of devices or units can be electrical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above-mentioned integrated unit may be implemented in the form of hardware or in the form of software functional units.

If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable memory. Based on this understanding, the technical solution of the present application, or the part that contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a memory 305, including several instructions for a computer device (which can be a personal computer, server or network device, etc.) to perform all or part of the steps of the various embodiments of the present application. The aforementioned memory 305 includes: various media that can store program codes, such as a USB flash drive, a mobile hard disk, a magnetic disk or an optical disk.

The above is only an exemplary embodiment of the present disclosure, and the scope of the present disclosure cannot be limited thereto. That is, any equivalent changes and modifications made according to the teachings of the present disclosure are still within the scope of the present disclosure. After considering the disclosure of the specification and the truth of practice, it will be easy for those skilled in the art to think of other embodiments of the present disclosure. This application is intended to cover any modification, use or adaptation of the present disclosure, which follows the general principles of the present disclosure and includes common knowledge or customary technical means in the technical field that are not recorded in the present disclosure. The description and examples are regarded as exemplary only, and the scope and spirit of the present disclosure are defined by the claims.

Claims (10)

1. A data security protection method for identity security, characterized in that it is applied to a data management platform, and the method comprises: Establishing a database, the database including internal users of the target enterprise, virtual external users of the target enterprise, data of different importance levels of the target enterprise, and access rights relationships between different users and data; In response to an operation of a target user accessing target data, obtaining identity information of the target user, and determining whether the identity information can match an internal user in the database; When the identity information cannot match the internal user in the database, selecting a target virtual external user from the virtual external users to bind the target user, calculating a first risk level according to an operation of the target virtual external user, and closing the access right of the target virtual external user when the first risk level is higher than a first preset threshold; When the identity information matches the target internal user in the database, a second risk level is calculated according to the operation of the target internal user and the preset behavior pattern of the target internal user. When the second risk level is higher than a second preset threshold, the authority of the target internal user is reduced. 2. The data security protection method for identity security according to claim 1, characterized in that the step of calculating the first risk level according to the operation of the target virtual external user comprises: Identify abnormal behaviors of the target virtual external user through preset rules, wherein the abnormal behaviors include abnormal login time, abnormal login location, abnormal type of accessed data, and abnormal time of accessed data; A first score corresponding to each abnormal behavior is determined, a first total risk score of the target virtual external user is calculated according to the first score, and the first total risk score is mapped to a predetermined risk level. 3. The data security protection method for identity security according to claim 1, wherein the step of calculating the second risk level according to the operation of the target internal user and the preset behavior pattern of the target internal user comprises: Determine a preset behavior pattern according to the historical behavior of the target internal user, and compare the operation of the target internal user with the preset behavior pattern to determine the difference; A second score corresponding to each distinguishing point is determined, and a second total risk score of the target internal user is calculated according to the second score, and the second total risk score is mapped to a predetermined risk level. 4. The data security protection method for identity security according to claim 3, characterized in that the step of determining the preset behavior pattern according to the historical behavior of the target internal user comprises: Collect statistics on the historical login time, historical login location, historical access data type, and historical access data time of the target internal users; Divide each login time into corresponding time periods according to the historical login time, determine a first login weight for each time period, and determine a second login weight for each login location according to the historical login location; Determine the access weight of each data type in different time periods according to the historical access data type and the historical access data time; A preset behavior mode is determined according to the first login weight, the second login weight and the access weight. 5. The data security protection method for identity security according to claim 4, characterized in that said dividing each login time into corresponding time periods according to the historical login time, determining the first login weight of each time period, and determining the second login weight of each login location according to the historical login location comprises: Divide each day into a preset number of time periods on average, determine the first login times of the target user in a first target time period, and determine the first login weight in the first target time period according to the ratio of the first login times to the total login times; A second login number of the target user at the target location is determined, and a second login weight of the target location is determined according to a ratio of the second login number to the total login number. 6. The data security protection method for identity security according to claim 4, characterized in that the step of determining the access weight of each data type in different time periods according to the historical access data type and the historical access data time comprises: Divide each day into a preset number of time periods, determine the number of visits and the duration of visits to the target data type in the second target time period, Determine a first access weight according to a ratio of the number of accesses to the target data type within the second target time period to the total number of accesses to the target data type; Determine a second access weight according to a ratio of the access duration of the target data type in the second target time period to the total access duration of the target data type; An access weight of the target data type within the second target time period is determined according to the first access weight and the second access weight. 7. The data security protection method for identity security according to claim 4, characterized in that the step of comparing the operation of the target internal user with the preset behavior pattern to determine the difference comprises: Determine a first login weight corresponding to the current login time of the target internal user, and determine a second login weight corresponding to the current login location of the target internal user, and determine an access weight according to the type of data currently accessed by the target internal user and the access duration; When the first login weight is less than a third preset threshold, the current login time is used as a distinguishing point; When the second login weight is less than a fourth preset threshold, the current login location is used as a distinguishing point; When the access weight is less than the fifth preset threshold, the data type and access duration of the current access are used as distinguishing points. 8. A data security protection system for identity security, characterized in that it includes a data module, an identity module, a first execution module and a second execution module, wherein: A data module configured to establish a database, wherein the database includes internal users of a target enterprise, virtual external users of the target enterprise, data of different importance levels of the target enterprise, and access permission relationships between different users and data; an identity module configured to obtain identity information of the target user in response to an operation of the target user accessing the target data, and determine whether the identity information can match an internal user in the database; A first execution module is configured to select a target virtual external user from the virtual external users to bind the target user when the identity information cannot match the internal user in the database, calculate a first risk level according to the operation of the target virtual external user, and close the access right of the target virtual external user when the first risk level is higher than a first preset threshold; The second execution module is configured to calculate a second risk level according to the operation of the target internal user and the preset behavior pattern of the target internal user when the identity information matches the target internal user in the database, and reduce the authority of the target internal user when the second risk level is higher than a second preset threshold. 9. An electronic device, characterized in that it includes a processor, a memory, a user interface and a network interface, the memory is used to store instructions, the user interface and the network interface are both used to communicate with other devices, and the processor is used to execute the instructions stored in the memory so that the electronic device executes the method according to any one of claims 1 to 7. 10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores instructions, and when the instructions are executed, the method according to any one of claims 1 to 7 is executed.