A data layered security access control method for group customers

Abstract

The invention discloses a group customer-oriented data layered security access control method, which includes a distributed application program transceiver module, a data encryption and decryption processing module, a key negotiation module, a data concurrent processing module, a layered access control module, and a database connection module and the MySQL database module. The distributed application transceiver module is responsible for monitoring cross-platform application service requests; the data encryption and decryption processing module is responsible for data encryption and decryption, and ensures the reliability of data sources; the key negotiation module is responsible for generating session keys; the data concurrent processing module is responsible for Analyze service request data; the layered access control module is responsible for judging whether the user has access to the layered data; the database connection module is responsible for establishing a database connection pool to improve the system's data read and write efficiency; the MySQL database module is responsible for modular storage of group customer data. The invention can provide a layered and expandable data access control method for group customers of different enterprise scales.

Description

technical field [0001] The invention relates to the field of computer network communication and the field of information security, in particular to a data layered security access control method for group customers. Background technique [0002] The BLP (Bell-La Padula) model is a model of security access control, which uses the concept of multi-level security to classify and mark subjects and objects. The BLP model was initially only used in the military field. In the military information system that is layered according to internal organizational levels, military ranks, and positions, data of different confidentiality levels is divided and the security of data reading and writing is guaranteed. The RBAC (Role-Based Access Control) model is a role-based access control model, which associates permissions with roles, and users obtain the permissions of these roles by becoming appropriate roles, which greatly simplifies the management of permissions. With the development of to...

AI Technical Summary

Problems solved by technology

[0017] In view of the technical problems of the above security access control methods, such as poor data classification scalability, horizontal and horizontal management but not vertical and vertical management, poor read and write operation security, poor data confidentiality, poor platform compatibility, and low database reliability, the present invention is based on BLP The model and RBAC model provide a cross-platform data layered security access control method for group customers. This method can classify and role-level data within the enterprise for enterprises of different sizes, ensuring that enterprises can Internal users carry out fine-grained access control to realize horizontal management and vertical management in the organizational structure of the enterprise. At the same time, between the divided levels, reserved space for levels to be determined to cope with changes in the size of the enterprise, strong scalability In addition, ensure the security of data through data encryption and signature technology, and adopt MySQL master-slave mirroring technology to improve the reliability of the database. application transceiver module, data encryption and decryption processing module, key negotiation module, data concurrent processing module, layered access control module, database connection module and MySQL database module; among them: the distributed application transceiver module is responsible for monitoring mobile terminals, Web The service request sent by the terminal application realizes the cross-platform service call; the data encryption and decryption processing module is responsible for encrypting and decrypting the service request and response data, and at the same time verifying the sender of the data to ensure the reliability of the data source, that is, the data sender cannot deny ;The key agreement module generates a session key every time the application sends a service request, and can resist man-in-the-middle attacks during the key distribution process; the concurrent data processing module is responsible for parsing the service request encapsulated in JSON format, and parsing the generated The business data is forwarded to the hierarchical access control module, and the log file in the hard disk is used as the cache pool to process repeated service requests and improve the concurrent performance of the system; Layer security access control module, responsible for the data layering of group customers, and judging whether users have access to data, so that group customers can realize vertical vertical management and horizontal horizontal management in organizational structure, while ensuring data security; database connection The module is responsible for establishing a database connection pool, reducing the performance loss caused by frequent creation and destruction of database connections, and improving the system's efficiency in reading and writing data; the MySQL database module is a self-designed modular data storage solution, responsible for modular storage group customers Data, using master-slave mirroring technology to improve the read and write efficiency of the database, ensure the high reliability of the database, and use the hash function to ensure the security of user privacy data

Images