[go: up one dir, main page]

CN120498815A - Data security protection method and system for server - Google Patents

Data security protection method and system for server

Info

Publication number
CN120498815A
CN120498815A CN202510737772.1A CN202510737772A CN120498815A CN 120498815 A CN120498815 A CN 120498815A CN 202510737772 A CN202510737772 A CN 202510737772A CN 120498815 A CN120498815 A CN 120498815A
Authority
CN
China
Prior art keywords
data
user
text
sound
identity information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510737772.1A
Other languages
Chinese (zh)
Inventor
唐芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Groud Technology Co ltd
Original Assignee
Shenzhen Groud Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Groud Technology Co ltd filed Critical Shenzhen Groud Technology Co ltd
Priority to CN202510737772.1A priority Critical patent/CN120498815A/en
Publication of CN120498815A publication Critical patent/CN120498815A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a data security protection method and a system of a server, which relate to the technical field of computer security, acquire data and user identity information in the server, respectively classify and classify the data and the user identity information, construct a user authority template according to classification results and classification results of the data and the user identity information, determine user authorities corresponding to users, filter network traffic and the user identity information by using a firewall, authenticate the users, acquire separated data, detect network attacks and defend the network attacks, backup the separated data and establish a data recovery mechanism, monitor data operation behaviors in real time, and audit data security states and access authorities periodically.

Description

Data security protection method and system for server
Technical Field
The invention relates to the technical field of computer security, in particular to a data security protection method and system of a server.
Background
With the rapid development of information technology, servers play a vital role in various fields, and store a large amount of important data, such as business secrets of enterprises, personal information of users, and the like. However, servers face various security threats, such as hacking, malware intrusion, data leakage, etc., which can cause significant loss to businesses and users once data is stolen or tampered with. Therefore, how to effectively protect the data security in the server is a problem to be solved.
In the prior art, the protection means are singly dependent on single measures such as a firewall or data encryption, complex and changeable attack means are difficult to deal with, the security policy is stiff, the continuous changing attack means cannot be adapted in time, a real-time monitoring mechanism is lacked, abnormal behaviors are difficult to discover and prevent in time, the data recovery mechanism is complex, and the data is difficult to recover quickly when the data is lost or damaged.
Disclosure of Invention
The invention solves the technical problems that in the prior art, the protection means is single, only single measures such as a firewall or data encryption are often relied on, complex and changeable attack means are difficult to deal with, the security policy is stiff, the continuous and changeable attack means cannot be adapted in time, a real-time monitoring mechanism is lacked, abnormal behaviors are difficult to discover and prevent in time, the data recovery mechanism is complex, and the data is difficult to recover quickly when lost or damaged.
In order to solve the technical problems, the invention provides the following technical scheme that the data security protection method of the server comprises the following steps:
Step S1, acquiring data and user identity information in a server, classifying and grading the data and the user identity information respectively, and acquiring a classification result and a grading result of the data and the user identity information;
S2, constructing a user authority template according to the classification result and the grading result of the data and the user identity information, and determining the user authority corresponding to the user according to the user role mapping rule and the user authority template;
Step S3, filtering network traffic and user identity information by using a firewall, authenticating a user, collecting separation data, detecting network attack by using an intrusion detection module, and defending the network attack by using an intrusion defending module;
S4, backing up the separated data and establishing a data recovery mechanism;
and S5, monitoring data operation behaviors in real time, and periodically auditing the data security state and the access right.
Preferably, the step S1 specifically includes:
The method comprises the steps of acquiring data and user identity information in a server, classifying and grading the data and the user identity information respectively, wherein the classification of data types comprises high-sensitivity data and low-sensitivity data, the high-sensitivity data comprises key data of core business confidentiality of enterprises and privacy information of users, and the low-sensitivity data comprises public statistical data, general business data and non-sensitive user information;
The classification of the data types comprises primary high-sensitivity data, secondary high-sensitivity data, tertiary high-sensitivity data, primary low-sensitivity data, secondary low-sensitivity data and tertiary low-sensitivity data;
the classification of the user identity information comprises a job, a job level and an external partner, and the classification of the user identity information is divided according to the responsibility and the work requirement of the user in the business process;
the hierarchy of user identity information includes a primary right, a medium right, and a high-level right.
Preferably, the step S2 specifically includes:
Step S201, constructing a user authority template according to the classification result and the grading result of the data and the user identity information, and setting different user authority templates according to different users;
The user authority template comprises:
The high-level manager template is provided with high-level authority and has complete authority for the first-level high-sensitivity data, the second-level high-sensitivity data, the third-level high-sensitivity data, the first-level low-sensitivity data, the second-level low-sensitivity data and the third-level low-sensitivity data;
a department manager template is provided with a medium-level authority, and has a reading authority and a modification authority for the second-level sensitive data and the first-level low-sensitive data related to the department;
a common employee template is provided with a medium-level authority which has a reading authority for the third-level high-sensitivity data and a reading authority and a writing authority for the second-level low-sensitivity data;
An external partner template is provided with primary authority and has reading authority for taking three-level low-sensitivity data;
Step S202, formulating a user role mapping rule, and determining a user right corresponding to a user according to the user right template and the user role mapping rule;
the user role mapping rule comprises a job matching rule, a user role mapping rule and a job matching rule, wherein the job matching rule is used for mapping the user role according to job keywords;
department association rules that users of a particular department are associated to higher level user roles;
dynamic entitlement rules-the user's role is adjusted when the user assumes a particular project or temporary responsibility.
Preferably, the step S3 specifically includes:
Step S301, when a user initiates a data access request, the firewall receives a network data packet comprising user identity information, extracts the user identity information from the network data packet, compares the user identity information with reserved user identity information, and performs multi-factor identity authentication on the user after the user identity information is consistent with the reserved user identity information, wherein the multi-factor identity authentication comprises primary authentication, secondary authentication and tertiary authentication;
After a user inputs a user name and a password, the multi-factor identity authentication triggers the primary authentication, the primary authentication comprises user name authentication and password authentication, the user name and the password input by the user are compared with the user name and the password stored in a database, the user name and the password input by the user are consistent with the user name and the password stored in the database, and the user passes the primary authentication;
After the first-level verification is passed, the multi-factor identity authentication starts a second-level verification, wherein the second-level verification comprises biological feature verification, user biological feature data are collected, the user biological feature data are compared with historical biological feature data of the user, the comparison similarity is calculated, when the comparison similarity is greater than or equal to a first threshold value, the biological feature verification is passed, and the user passes the second-level verification, and the biological feature comprises fingerprints, irises and facial features;
when the second-level authentication is passed, the multi-factor identity authentication starts three-level authentication, wherein the three-level authentication comprises user behavior feature authentication;
the user behavior characteristic verification comprises keystroke mode verification and mouse movement track verification;
In the process of inputting a user name and a password by a user, triggering the key-pressing mode verification by the multi-factor identity authentication, collecting key-pressing behavior data, comparing the key-pressing behavior data with historical key-pressing behavior data of the user, calculating the comparison similarity, and when the comparison similarity is greater than or equal to a second threshold value, passing the key-pressing mode verification, wherein the key-pressing behavior data comprises the pressing time of each key, the release time of each key and the time interval between adjacent keys;
and when the key-clicking mode verification is passed, triggering the mouse movement track verification by the multi-factor identity authentication, collecting mouse movement data, comparing the mouse movement data with the historical mouse movement data of the user, calculating the comparison similarity, and when the comparison similarity is greater than or equal to a third threshold value, passing the mouse movement track verification by the user, wherein the mouse movement data comprises the length of the mouse movement track, the quantity of inflection points of the mouse movement track and the mouse movement area.
Preferably, the step S3 further includes:
step S302, while user identity authentication is performed, the firewall continuously detects network traffic, analyzes and extracts key information of each incoming network data packet, wherein the key information comprises a source IP address, a destination IP address, a port number and a protocol type;
step S303, comparing the key information with a security policy to judge whether the network traffic is legal, wherein the security policy comprises a rule system which is preset and used for standardizing the network traffic and guaranteeing the security of a server;
step S304, collecting text data, picture data and sound data in the network traffic, and constructing a text transfer station, a picture transfer station and a sound transfer station;
Transmitting the text data to a text transfer station for text data separation, and obtaining text separation data, wherein the text data separation comprises the steps of converting the text data into a preset text format, removing non-text content according to the preset text format, and extracting the text separation data;
The text separation data comprises text formats, text contents and text metadata;
Transmitting the picture data to a picture transfer station for picture data separation, obtaining picture separation data, wherein the picture data processing comprises the steps of converting a picture into a gray picture, dividing different areas, respectively distributing unique identifiers for the different areas, calculating gray values of the different areas, and extracting the picture separation data;
The picture separation data comprises a picture gray value, a unique identifier and picture texture characteristics;
Transmitting the sound data to a sound transfer station for sound data separation to obtain sound separation data, wherein the sound data processing comprises the steps of converting the sound data into a preset audio format and extracting the sound separation data according to the preset audio format;
The sound separation data includes pitch, timbre, tempo and frequency components;
Step S305, on the basis of the firewall, further utilizes an intrusion detection module and an intrusion protection module, where the intrusion detection module is configured to detect a network attack, and when the intrusion detection module detects the network attack, the intrusion protection module is configured to take corresponding protection measures according to different network attacks.
Preferably, the determining whether the network traffic is legal specifically includes:
Judging the network traffic of which the key information accords with the security policy as legal traffic;
and judging the network traffic which is not in accordance with the security policy by the key information as illegal traffic.
Preferably, the step of taking corresponding defensive measures according to different network attack behaviors specifically includes:
for port scanning attack and vulnerability scanning attack, the intrusion prevention module is used for blocking the IP address of an attack source so that the intrusion prevention module can not send malicious detection data packets to the server;
for the denial of service attack, the intrusion prevention module is used for taking the defense measures of limiting the attack flow and optimizing the server resource allocation.
Preferably, the step S4 specifically includes:
step S401, backup is carried out on separated data periodically, wherein the separated data comprises character separated data, picture separated data and sound separated data, the backup comprises the steps of respectively storing the character separated data into different character data storage devices, respectively storing the picture separated data into different picture data storage devices, and respectively storing the sound separated data into different sound data storage devices;
step S402, when the data needs to be restored, confirming the data to be restored according to the directory structure of the backup of the separated data, and establishing a data restoration mechanism;
the data recovery mechanism comprises text data recovery, namely downloading text separation data from a text data storage device, decompressing text content back to readable text content, inserting text metadata into the readable text content, and applying a text format to the readable text content to recover the text data;
the picture data recovery comprises the steps of downloading picture separation data from picture data storage equipment, arranging the picture gray values of different areas according to unique identifiers according to an original sequence to construct a gray matrix, adding picture texture features to the gray matrix, and recovering the picture data;
and the sound data recovery comprises the steps of downloading sound separation data from a sound data storage device, reconstructing a sound spectrogram according to frequency components and timbres, adjusting the sound spectrogram according to tones, obtaining sound waveforms through inverse Fourier transformation, adjusting the sound waveforms according to rhythms to obtain final sound waveforms, encoding the final sound waveforms into an original audio format, and recovering the sound data.
Preferably, the step S5 specifically includes:
step S501, monitoring server data operation behaviors in real time, wherein the data operation behaviors comprise monitoring data access, data modification and data deletion, recording abnormal conditions of the data operation behaviors, and detecting the abnormal conditions of the data operation behaviors by adopting data access log recording and data change detection technical means;
And step S502, carrying out security audit regularly according to abnormal conditions of the data operation behaviors, wherein the audited contents comprise data integrity, data confidentiality, data availability, user access rights and user access behaviors.
The data security protection system of the server is applied to the data security protection method of the server and comprises a data analysis module, an access limiting module, a security protection module, a data backup and recovery module and a data security monitoring module;
the data analysis module is used for acquiring data and user identity information in the server, classifying and grading the data and the user identity information respectively, and acquiring a classification result and a grading result of the data and the user identity information;
The access limiting module is used for constructing a user authority template according to the classification result and the grading result of the data and the user identity information, and determining the user authority corresponding to the user according to the user role mapping rule and the user authority template;
the security protection module is used for filtering network traffic and user identity information by using a firewall, authenticating a user, collecting separation data, detecting network attack by using the intrusion detection module and defending the network attack by using the intrusion defending module;
The data backup and recovery module is used for backing up separated data and establishing a data recovery mechanism;
The data security monitoring module is used for monitoring data operation behaviors in real time and periodically auditing data security states and access rights.
The invention has the beneficial effects that by constructing a multi-level data security protection system, classifying and grading data and user identity information by using a data analysis means in a data processing link, pertinently formulating a security policy, constructing a user authority template in the aspects of access control and identity authentication, combining a multi-factor identity authentication mechanism to ensure the legality of the user identity, filtering network traffic by using a firewall in the network security protection layer, combining an intrusion detection module and an intrusion protection module to resist network attack, optimizing the security policy according to conditions, timely discovering abnormal behaviors and carrying out security audit by audit, and establishing a reliable data backup and recovery mechanism, the data security in a server can be effectively protected, the data leakage, tampering and loss are prevented, the security, the reliability and the recoverability of the data are improved, the data security risk is reduced, a safer and more reliable data storage environment is provided for enterprises and users, and the enterprise competitiveness is enhanced.
Drawings
FIG. 1 is a flowchart illustrating a method for protecting data security of a server according to an embodiment of the present invention;
Fig. 2 is a basic flow diagram of a data security protection system of a server according to an embodiment of the present invention.
Detailed Description
So that the manner in which the above recited objects, features and advantages of the present invention can be understood in detail, a more particular description of the invention, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings.
Embodiment 1, referring to fig. 1, provides a data security protection method of a server, including the following steps:
Step S1, data and user identity information in a server are acquired, the data and the user identity information are respectively classified and graded, and a classification result and a grading result of the data and the user identity information are acquired.
And S2, constructing a user authority template according to the classification result and the grading result of the data and the user identity information, and determining the user authority corresponding to the user according to the user role mapping rule and the user authority template.
And S3, filtering network traffic and user identity information by using a firewall, authenticating a user, collecting separation data, detecting network attack by using an intrusion detection module, and defending the network attack by using an intrusion defending module.
And S4, backing up the separated data and establishing a data recovery mechanism.
And S5, monitoring data operation behaviors in real time, and periodically auditing the data security state and the access right.
The step S1 specifically comprises the following steps:
The method comprises the steps of acquiring data and user identity information in a server, classifying and grading the data and the user identity information respectively, wherein the classification of data types comprises high-sensitivity data and low-sensitivity data, the high-sensitivity data comprises key data of core business confidentiality of enterprises and privacy information of users, and the low-sensitivity data comprises public statistical data, general business data and non-sensitive user information.
The hierarchy of data types includes primary high sensitivity data, secondary high sensitivity data, tertiary high sensitivity data, primary low sensitivity data, secondary low sensitivity data, and tertiary low sensitivity data.
The classification of the user identity information comprises functions, levels and external partners, and the classification of the user identity information is divided according to responsibilities and work demands of the user in the business process.
The hierarchy of user identity information includes a primary right, a medium right, and a high-level right.
The classification of the data types comprises high-sensitivity data and low-sensitivity data, the sensitivity degree and potential risk difference of the data can be clearly identified, the distinguishing mode is favorable for adopting a more targeted safety strategy later, resource waste and insufficient protection are avoided, the high-sensitivity data is encrypted and stored by adopting a high-strength encryption algorithm, advanced attacks such as violent cracking and data stealing can be effectively resisted, the low-sensitivity data is encrypted and stored by adopting a medium-strength encryption algorithm, basic safety is ensured, meanwhile, the consumption of encryption computing resources is reduced, the data read-write efficiency is improved, the influence on service operation smoothness due to excessive protection is avoided, and the encryption storage can block the risk of data leakage from the source.
The step S2 specifically comprises the following steps:
Step S201, constructing a user authority template according to the classification result and the grading result of the data and the user identity information, and setting different user authority templates according to different users.
According to different user authority templates, access authorities matched with responsibilities and data sensitivity degrees are allocated aiming at different user roles, fine management is realized through the differentiated authority setting, real-time matching of the user authorities and the responsibilities is ensured, meanwhile, risks are isolated according to a minimum authority principle, and data access safety is ensured.
The user rights template includes:
The high-level manager template is provided with high-level authority and has complete authority for the first-level high-sensitivity data, the second-level high-sensitivity data, the third-level high-sensitivity data, the first-level low-sensitivity data, the second-level low-sensitivity data and the third-level low-sensitivity data.
And the department manager template is provided with a medium-level authority, and has a reading authority and a modification authority for the second-level sensitive data and the first-level low-sensitive data related to the department.
And the common employee template has middle-level authority and has reading authority for the third-level high-sensitivity data and reading authority and writing authority for the second-level low-sensitivity data.
And the external partner template is provided with primary authority and has reading authority for taking three-level low-sensitivity data.
Step S202, a user role mapping rule is formulated, and user rights corresponding to the user are determined according to the user rights template and the user role mapping rule.
The user role mapping rule comprises a role matching rule, namely mapping the user roles according to the role keywords.
Department association rules-users of a particular department are associated with higher level user roles.
Dynamic entitlement rules-the user's role is adjusted when the user assumes a particular project or temporary responsibility.
The dynamic accurate matching of the user rights is realized through the job matching rules, the specific department users are associated to higher-level roles through the department association rules, the rights adaptation of department management requirements is met, the role rights are adjusted in real time according to specific projects or temporary responsibilities born by the users by means of the dynamic rights rules, the rights are flexibly changed along with the changes of responsibilities, the security of server data access is remarkably improved, the users are ensured to only access the data conforming to the responsibilities and the working requirements, the risks of data leakage and misoperation are effectively reduced, and firm guarantee is provided for the data security of enterprises.
The step S3 specifically comprises the following steps:
Step S301, when a user initiates a data access request, a firewall receives a network data packet comprising user identity information, extracts the user identity information from the network data packet, compares the user identity information with reserved user identity information, and performs multi-factor identity authentication on the user after the user identity information is consistent with the reserved user identity information, wherein the multi-factor identity authentication comprises primary authentication, secondary authentication and tertiary authentication;
the primary verification ensures the validity of the account certificate, the secondary verification eliminates identity impersonation through physiological feature uniqueness, and the tertiary verification identifies abnormal operation modes, so that the risk of identity fraud is greatly reduced.
After a user inputs a user name and a password, the multi-factor identity authentication triggers primary authentication, the primary authentication comprises user name authentication and password authentication, the user name and the password input by the user are compared with the user name and the password stored in a database, the user name and the password input by the user are consistent with the user name and the password stored in the database, and the user passes the primary authentication;
After the first-level verification is passed, the multi-factor identity authentication starts the second-level verification, the second-level verification comprises biological feature verification, user biological feature data are collected, the user biological feature data are compared with the historical biological feature data of the user, the comparison similarity is calculated, when the comparison similarity is greater than or equal to a first threshold value, the biological feature verification is passed, and the user passes the second-level verification, and the biological feature comprises fingerprints, irises and facial features;
by collecting and comparing the biological characteristic data, the identity verification is improved to the dimension of the unclonable physiological characteristic, so that only the user with the biological characteristic matched with the historical biological characteristic data of the user can access the core data, the safety of the data is ensured, the balance between the safety and the usability is realized, and the reliable identity guarantee is provided for high-risk operation.
And after the second-level verification is passed, the multi-factor identity authentication starts three-level verification, wherein the three-level verification comprises user behavior feature verification.
User behavior feature verification includes keystroke pattern verification and mouse movement track verification.
In the process of inputting the user name and the password, multi-factor identity authentication triggers key-pressing mode verification, key-pressing behavior data are collected, the key-pressing behavior data are compared with historical key-pressing behavior data of the user, comparison similarity is calculated, when the comparison similarity is larger than or equal to a second threshold value, the key-pressing mode verification is passed, and the key-pressing behavior data comprise the pressing time of each key, the releasing time of each key and the time interval between adjacent keys.
After the key-clicking mode verification is passed, the multi-factor identity authentication triggers the mouse movement track verification, the mouse movement data are collected, the mouse movement data are compared with the historical mouse movement data of the user, the comparison similarity is calculated, when the comparison similarity is greater than or equal to a third threshold value, the mouse movement track verification is passed, and the user passes the three-stage verification, wherein the mouse movement data comprise the length of the mouse movement track, the quantity of inflection points of the mouse movement track and the mouse movement area.
The key-clicking mode verification and the mouse movement track verification utilize unique behavior habits of users as identity marks, and the key-clicking mode verification and the mouse movement track verification have the characteristics of high individuation and difficulty in imitation, even if account passwords are revealed, an attacker can not easily etch the operation details of a real user again, and identity impersonation behaviors can be effectively identified.
The three-level verification and the biological feature verification are complementary, and the identity verification is enhanced from the double dimensions of physiological feature and behavior habit, so that a more three-dimensional safety barrier is constructed, the overall protection intensity is improved, and more reliable safety guarantee is provided for a user to access server data.
Step S3 further includes:
Step S302, while user identity authentication, the firewall continuously detects network traffic, analyzes and extracts key information of each network data packet, wherein the key information comprises a source IP address, a destination IP address, a port number and a protocol type;
The firewall is used as a first defense line to enter a network data packet for preliminary filtration, and only legal traffic conforming to rules is allowed to pass through, so that potential malicious attacks and unnecessary network traffic are effectively prevented, and the risk of the server being attacked is reduced.
Step S303, comparing the key information with a security policy to judge whether the network traffic is legal, wherein the security policy comprises a rule system which is preset and used for standardizing the network traffic and guaranteeing the security of the server;
and step S304, acquiring text data, picture data and sound data in the network traffic, and constructing a text transfer station, a picture transfer station and a sound transfer station.
The text data, the picture data and the sound data in the network flow have unique processing requirements and modes, and the text transfer station, the picture transfer station and the sound transfer station are constructed so that each data type can be subjected to specialized and optimized processing aiming at each data type, the processing efficiency and the accuracy are improved, separate data can be provided for links such as subsequent data backup, intrusion detection and the like, the quick calling and analysis of a system are facilitated, and the response efficiency of safety protection is improved.
And transmitting the text data to a text transfer station for text data separation, obtaining text separation data, wherein the text data separation comprises the steps of converting the text data into a preset text format, removing non-text content according to the preset text format, and extracting the text separation data.
The word separation data includes text format, text content, and text metadata.
The text format includes information that controls the appearance and layout of the text, the text content includes core information of the document, and the text metadata describes document properties and status information.
And transmitting the picture data to a picture transfer station for picture data separation, obtaining picture separation data, wherein the picture data processing comprises the steps of converting the picture into a gray picture, dividing different areas, respectively distributing unique identifiers to the different areas, calculating gray values of the different areas, and extracting the picture separation data.
The picture separation data includes a picture gray value, a unique identifier, and a picture texture feature.
The gray value of the picture represents the brightness information of each pixel in the picture, the unique identifier is a label for uniquely identifying different areas, and the texture feature of the picture is an important visual attribute of the picture and describes the spatial relationship and mode among the pixels.
And transmitting the sound data to a sound transfer station for sound data separation to obtain sound separation data, wherein the sound data processing comprises the steps of converting the sound data into a preset audio format and extracting the sound separation data according to the preset audio format.
The sound separation data includes pitch, timbre, tempo and frequency components.
The tone refers to the height of sound, the higher the frequency, the higher the tone, the tone color refers to the characteristics of sound, the rhythm is determined by the waveform of sound waves, the time organization mode of sound refers to the length, intensity and time points of occurrence of sound, the frequency components refer to sound wave components with different frequencies contained in sound, and the frequency components are analyzed to know the frequency spectrum structure of sound.
Step S305, based on the firewall, further utilizing an intrusion detection module and an intrusion defense module, wherein the intrusion detection module is used for detecting network attack behaviors, and when the intrusion detection module detects the network attack behaviors, the intrusion defense module is used for taking corresponding defense measures according to different network attack behaviors.
Further, the intrusion detection module and the intrusion defending module are utilized to provide deeper security protection for the server, when the intrusion detection module detects network attack behaviors, relevant attack data can be collected and analyzed, and means and motivations of an attacker can be better known through deep analysis of the attack data, so that more effective security policies and defending measures are formulated.
The method for judging whether the network traffic is legal specifically comprises the following steps:
judging the network traffic of which the key information accords with the security policy as legal traffic;
and judging the network traffic of which the key information does not accord with the security policy as illegal traffic.
The steps of adopting corresponding defending measures according to different network attack actions specifically comprise:
For port scanning attack and vulnerability scanning attack, the intrusion prevention module is used for blocking the IP address of the attack source to prevent the attack source from sending malicious detection data packets to the server;
For the denial of service attack, the intrusion prevention module is used for taking the defense measures of limiting the attack flow and optimizing the server resource allocation.
The step S4 specifically comprises the following steps:
Step S401, backup is carried out on the separated data regularly, wherein the separated data comprises character separated data, picture separated data and sound separated data, the backup comprises the steps of respectively storing the character separated data into different character data storage devices, respectively storing the picture separated data into different picture data storage devices, and respectively storing the sound separated data into different sound data storage devices;
The text separation data are respectively stored in different text data storage devices, so that the risk of data loss caused by single device faults can be reduced, the safety of the data is enhanced to a certain extent, the data can be more conveniently maintained and managed, and the efficiency of recovering the data by a later recovery mechanism can be improved.
Step S402, when the data needs to be restored, confirming the data to be restored according to the directory structure of the backup of the separated data, and establishing a data restoration mechanism;
the method has the advantages that specific data to be restored can be quickly positioned through the pre-established backup directory structure, the complicated process of searching one by one in a large amount of data is avoided, the affected specific data types can be restored in the data restoration process, the whole data set is not required to be restored, the system downtime is shortened, and the loss caused by service interruption is reduced.
The data recovery mechanism comprises text data recovery, namely downloading text separation data from a text data storage device, decompressing text contents back to readable text contents, inserting text metadata into the readable text contents, applying a text format to the readable text contents, and recovering the text data;
the picture data recovery comprises the steps of downloading picture separation data from picture data storage equipment, arranging the picture gray values of different areas according to unique identifiers according to an original sequence to construct a gray matrix, adding picture texture features to the gray matrix, and recovering the picture data;
And the sound data recovery comprises the steps of downloading sound separation data from the sound data storage equipment, reconstructing a sound spectrogram according to frequency components and timbre, adjusting the sound spectrogram according to tone, acquiring a sound waveform through inverse Fourier transform, acquiring a final sound waveform according to rhythm adjustment sound waveform, encoding the final sound waveform into an original audio format, and recovering the sound data.
The data is downloaded and separated from the storage equipment, the reliability and the safety of the data source are ensured, each data can be recovered in an optimal mode by adopting different recovery strategies aiming at different data types, and the success rate and the accuracy of data recovery are improved.
The step S5 specifically comprises the following steps:
step S501, monitoring server data operation behaviors in real time, wherein the data operation behaviors comprise monitoring data access, data modification and data deletion, recording abnormal conditions of the data operation behaviors, and detecting the abnormal conditions of the data operation behaviors by adopting data access log recording and data change detection technical means;
The server data operation behavior is monitored in real time, abnormal behavior in data operation can be timely found and recorded, early warning and evidence are provided for data security, and accordingly data leakage, tampering and loss are effectively prevented.
Step S502, security audit is carried out regularly according to abnormal conditions of data operation behaviors, and the audited contents comprise data integrity, data confidentiality, data availability, user access rights and user access behaviors.
The problems in the aspects of data security and access control can be timely found and corrected by regularly developing security audit, the integrity, confidentiality and usability of the data are guaranteed, the access authority and behavior of a user are standardized, and therefore the data security and the system reliability are improved.
Embodiment 2, referring to fig. 2, provides a data security protection method and system for a server, including a data analysis module, an access restriction module, a security protection module, a data backup and recovery module, and a data security monitoring module.
The data analysis module is used for acquiring data and user identity information in the server, classifying and grading the data and the user identity information respectively, and acquiring classification results and grading results of the data and the user identity information.
The access limiting module is used for constructing a user authority template according to the classification result and the grading result of the data and the user identity information, and determining the user authority corresponding to the user according to the user role mapping rule and the user authority template.
The security protection module is used for filtering network traffic and user identity information by using a firewall, authenticating a user, collecting separation data, and detecting network attacks by using the intrusion detection module and defending the network attacks by using the intrusion defending module.
The data backup and recovery module is used for backing up the separated data and establishing a data recovery mechanism.
The data security monitoring module is used for monitoring data operation behaviors in real time and periodically auditing data security states and access rights.
The invention has the beneficial effects that by constructing a multi-level data security protection system, classifying and grading data and user identity information by using a data analysis means in a data processing link, pertinently formulating a security policy, constructing a user authority template in the aspects of access control and identity authentication, combining a multi-factor identity authentication mechanism to ensure the legality of the user identity, filtering network traffic by using a firewall in the network security protection layer, combining an intrusion detection module and an intrusion protection module to resist network attack, optimizing the security policy according to conditions, timely discovering abnormal behaviors and carrying out security audit by audit, and establishing a reliable data backup and recovery mechanism, the data security in a server can be effectively protected, the data leakage, tampering and loss are prevented, the security, the reliability and the recoverability of the data are improved, the data security risk is reduced, a safer and more reliable data storage environment is provided for enterprises and users, and the enterprise competitiveness is enhanced.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein. The storage medium may be implemented by any type or combination of volatile or nonvolatile Memory devices, such as static random access Memory (Static Random Access Memory, SRAM), electrically erasable programmable Read-Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, EEPROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present invention may be modified or substituted without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered in the scope of the claims of the present invention.

Claims (10)

1. The data security protection method of the server is characterized by comprising the following steps of:
Step S1, acquiring data and user identity information in a server, classifying and grading the data and the user identity information respectively, and acquiring a classification result and a grading result of the data and the user identity information;
S2, constructing a user authority template according to the classification result and the grading result of the data and the user identity information, and determining the user authority corresponding to the user according to the user role mapping rule and the user authority template;
Step S3, filtering network traffic and user identity information by using a firewall, authenticating a user, collecting separation data, detecting network attack by using an intrusion detection module, and defending the network attack by using an intrusion defending module;
S4, backing up the separated data and establishing a data recovery mechanism;
and S5, monitoring data operation behaviors in real time, and periodically auditing the data security state and the access right.
2. The data security protection method of a server as claimed in claim 1, wherein the step S1 specifically includes:
The method comprises the steps of acquiring data and user identity information in a server, classifying and grading the data and the user identity information respectively, wherein the classification of data types comprises high-sensitivity data and low-sensitivity data, the high-sensitivity data comprises key data of core business confidentiality of enterprises and privacy information of users, and the low-sensitivity data comprises public statistical data, general business data and non-sensitive user information;
The classification of the data types comprises primary high-sensitivity data, secondary high-sensitivity data, tertiary high-sensitivity data, primary low-sensitivity data, secondary low-sensitivity data and tertiary low-sensitivity data;
the classification of the user identity information comprises a job, a job level and an external partner, and the classification of the user identity information is divided according to the responsibility and the work requirement of the user in the business process;
the hierarchy of user identity information includes a primary right, a medium right, and a high-level right.
3. The data security protection method of a server according to claim 1, wherein the step S2 specifically includes:
Step S201, constructing a user authority template according to the classification result and the grading result of the data and the user identity information, and setting different user authority templates according to different users;
The user authority template comprises:
The high-level manager template is provided with high-level authority and has complete authority for the first-level high-sensitivity data, the second-level high-sensitivity data, the third-level high-sensitivity data, the first-level low-sensitivity data, the second-level low-sensitivity data and the third-level low-sensitivity data;
a department manager template is provided with a medium-level authority, and has a reading authority and a modification authority for the second-level sensitive data and the first-level low-sensitive data related to the department;
a common employee template is provided with a medium-level authority which has a reading authority for the third-level high-sensitivity data and a reading authority and a writing authority for the second-level low-sensitivity data;
An external partner template is provided with primary authority and has reading authority for taking three-level low-sensitivity data;
Step S202, formulating a user role mapping rule, and determining a user right corresponding to a user according to the user right template and the user role mapping rule;
the user role mapping rule comprises a job matching rule, a user role mapping rule and a job matching rule, wherein the job matching rule is used for mapping the user role according to job keywords;
department association rules that users of a particular department are associated to higher level user roles;
dynamic entitlement rules-the user's role is adjusted when the user assumes a particular project or temporary responsibility.
4. The data security protection method of a server according to claim 1, wherein the step S3 specifically includes:
Step S301, when a user initiates a data access request, the firewall receives a network data packet comprising user identity information, extracts the user identity information from the network data packet, compares the user identity information with reserved user identity information, and performs multi-factor identity authentication on the user after the user identity information is consistent with the reserved user identity information, wherein the multi-factor identity authentication comprises primary authentication, secondary authentication and tertiary authentication;
After a user inputs a user name and a password, the multi-factor identity authentication triggers the primary authentication, the primary authentication comprises user name authentication and password authentication, the user name and the password input by the user are compared with the user name and the password stored in a database, the user name and the password input by the user are consistent with the user name and the password stored in the database, and the user passes the primary authentication;
After the first-level verification is passed, the multi-factor identity authentication starts a second-level verification, wherein the second-level verification comprises biological feature verification, user biological feature data are collected, the user biological feature data are compared with historical biological feature data of the user, the comparison similarity is calculated, when the comparison similarity is greater than or equal to a first threshold value, the biological feature verification is passed, and the user passes the second-level verification, and the biological feature comprises fingerprints, irises and facial features;
when the second-level authentication is passed, the multi-factor identity authentication starts three-level authentication, wherein the three-level authentication comprises user behavior feature authentication;
the user behavior characteristic verification comprises keystroke mode verification and mouse movement track verification;
In the process of inputting a user name and a password by a user, triggering the key-pressing mode verification by the multi-factor identity authentication, collecting key-pressing behavior data, comparing the key-pressing behavior data with historical key-pressing behavior data of the user, calculating the comparison similarity, and when the comparison similarity is greater than or equal to a second threshold value, passing the key-pressing mode verification, wherein the key-pressing behavior data comprises the pressing time of each key, the release time of each key and the time interval between adjacent keys;
and when the key-clicking mode verification is passed, triggering the mouse movement track verification by the multi-factor identity authentication, collecting mouse movement data, comparing the mouse movement data with the historical mouse movement data of the user, calculating the comparison similarity, and when the comparison similarity is greater than or equal to a third threshold value, passing the mouse movement track verification by the user, wherein the mouse movement data comprises the length of the mouse movement track, the quantity of inflection points of the mouse movement track and the mouse movement area.
5. The method for protecting data security of a server according to claim 4, wherein the step S3 further comprises:
step S302, while user identity authentication is performed, the firewall continuously detects network traffic, analyzes and extracts key information of each incoming network data packet, wherein the key information comprises a source IP address, a destination IP address, a port number and a protocol type;
step S303, comparing the key information with a security policy to judge whether the network traffic is legal, wherein the security policy comprises a rule system which is preset and used for standardizing the network traffic and guaranteeing the security of a server;
step S304, collecting text data, picture data and sound data in the network traffic, and constructing a text transfer station, a picture transfer station and a sound transfer station;
Transmitting the text data to a text transfer station for text data separation, and obtaining text separation data, wherein the text data separation comprises the steps of converting the text data into a preset text format, removing non-text content according to the preset text format, and extracting the text separation data;
The text separation data comprises text formats, text contents and text metadata;
Transmitting the picture data to a picture transfer station for picture data separation, obtaining picture separation data, wherein the picture data processing comprises the steps of converting a picture into a gray picture, dividing different areas, respectively distributing unique identifiers for the different areas, calculating gray values of the different areas, and extracting the picture separation data;
The picture separation data comprises a picture gray value, a unique identifier and picture texture characteristics;
Transmitting the sound data to a sound transfer station for sound data separation to obtain sound separation data, wherein the sound data processing comprises the steps of converting the sound data into a preset audio format and extracting the sound separation data according to the preset audio format;
The sound separation data includes pitch, timbre, tempo and frequency components;
Step S305, on the basis of the firewall, further utilizes an intrusion detection module and an intrusion protection module, where the intrusion detection module is configured to detect a network attack, and when the intrusion detection module detects the network attack, the intrusion protection module is configured to take corresponding protection measures according to different network attacks.
6. The method for protecting data security of a server according to claim 5, wherein determining whether the network traffic is legal specifically comprises:
Judging the network traffic of which the key information accords with the security policy as legal traffic;
and judging the network traffic which is not in accordance with the security policy by the key information as illegal traffic.
7. The method for protecting data security of a server according to claim 5, wherein said taking corresponding defensive measures according to different network attack actions specifically comprises:
for port scanning attack and vulnerability scanning attack, the intrusion prevention module is used for blocking the IP address of an attack source so that the intrusion prevention module can not send malicious detection data packets to the server;
for the denial of service attack, the intrusion prevention module is used for taking the defense measures of limiting the attack flow and optimizing the server resource allocation.
8. The method for protecting data security of a server according to claim 5, wherein the step S4 specifically includes:
step S401, backup is carried out on separated data periodically, wherein the separated data comprises character separated data, picture separated data and sound separated data, the backup comprises the steps of respectively storing the character separated data into different character data storage devices, respectively storing the picture separated data into different picture data storage devices, and respectively storing the sound separated data into different sound data storage devices;
step S402, when the data needs to be restored, confirming the data to be restored according to the directory structure of the backup of the separated data, and establishing a data restoration mechanism;
the data recovery mechanism comprises text data recovery, namely downloading text separation data from a text data storage device, decompressing text content back to readable text content, inserting text metadata into the readable text content, and applying a text format to the readable text content to recover the text data;
Downloading picture separation data from a picture data storage device, arranging the picture gray values of different areas according to a unique identifier to construct a gray matrix according to an original sequence, adding the picture grammatical features to the gray matrix, and recovering the picture data;
and the sound data recovery comprises the steps of downloading sound separation data from a sound data storage device, reconstructing a sound spectrogram according to frequency components and timbres, adjusting the sound spectrogram according to tones, obtaining sound waveforms through inverse Fourier transformation, adjusting the sound waveforms according to rhythms to obtain final sound waveforms, encoding the final sound waveforms into an original audio format, and recovering the sound data.
9. The data security protection method of a server according to claim 1, wherein the step S5 specifically includes:
step S501, monitoring server data operation behaviors in real time, wherein the data operation behaviors comprise monitoring data access, data modification and data deletion, recording abnormal conditions of the data operation behaviors, and detecting the abnormal conditions of the data operation behaviors by adopting data access log recording and data change detection technical means;
And step S502, carrying out security audit regularly according to abnormal conditions of the data operation behaviors, wherein the audited contents comprise data integrity, data confidentiality, data availability, user access rights and user access behaviors.
10. A data security protection system of a server, which is applied to a data security protection method of a server according to any one of claims 1 to 9, and is characterized by comprising a data analysis module, an access limiting module, a security protection module, a data backup and recovery module and a data security monitoring module;
the data analysis module is used for acquiring data and user identity information in the server, classifying and grading the data and the user identity information respectively, and acquiring a classification result and a grading result of the data and the user identity information;
The access limiting module is used for constructing a user authority template according to the classification result and the grading result of the data and the user identity information, and determining the user authority corresponding to the user according to the user role mapping rule and the user authority template;
the security protection module is used for filtering network traffic and user identity information by using a firewall, authenticating a user, collecting separation data, detecting network attack by using the intrusion detection module and defending the network attack by using the intrusion defending module;
The data backup and recovery module is used for backing up separated data and establishing a data recovery mechanism;
The data security monitoring module is used for monitoring data operation behaviors in real time and periodically auditing data security states and access rights.
CN202510737772.1A 2025-06-04 2025-06-04 Data security protection method and system for server Pending CN120498815A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510737772.1A CN120498815A (en) 2025-06-04 2025-06-04 Data security protection method and system for server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510737772.1A CN120498815A (en) 2025-06-04 2025-06-04 Data security protection method and system for server

Publications (1)

Publication Number Publication Date
CN120498815A true CN120498815A (en) 2025-08-15

Family

ID=96668769

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510737772.1A Pending CN120498815A (en) 2025-06-04 2025-06-04 Data security protection method and system for server

Country Status (1)

Country Link
CN (1) CN120498815A (en)

Similar Documents

Publication Publication Date Title
CN119004426B (en) Multi-dimension factor safety management system for government affair files
CN117390656B (en) Security management method and system for encryption equipment
CN110598404B (en) Security risk monitoring method, monitoring device, server and storage medium
CN117113199A (en) A file security management system and method based on artificial intelligence
JP2006511877A (en) System and method for detecting software tampering by proactively
CN118631552B (en) A computer network security protection method
CN116962076A (en) Blockchain-based IoT zero-trust system
CN117478364A (en) Transmission anti-disclosure method and system based on enterprise research and development core data
CN120017424B (en) A method and system for secure access to encrypted enterprise network data
CN119249499A (en) A computer storage file protection system
CN117272349A (en) A relational database security protection method, system and storage medium
CN120449206A (en) Information security management method and system based on sensitive data
CN119071073A (en) A method for automatically verifying the security of communication software
CN119442290A (en) Data isolation and privacy protection method and system for large data security models
CN118611899A (en) Security protection method and device for customer service management system
CN114124453A (en) Network security information processing method and device, electronic equipment and storage medium
Khubrani Mobile device forensics, challenges and blockchain-based solution
Agrawal et al. A SURVEY ON ATTACKS AND APPROACHES OF INTRUSION DETECTION SYSTEMS.
CN120124086A (en) A security management system and method for electronic archives
CN120498815A (en) Data security protection method and system for server
CN119167364A (en) A method and system for enhancing computer data security
CN119210856A (en) A method, device, equipment and medium for accessing enterprise resource information based on zero-trust network security protection
Flores et al. A GDPR-compliant Risk Management Approach based on Threat Modelling and ISO 27005
CN118509226B (en) Intelligent community data intelligent acquisition and storage intercommunication system
Leniski et al. Securing the biometric model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination