Data processing method and system

A data processing system and data processing technology, applied in the field of data security, can solve problems such as unavoidable data leakage, failure to meet the principle of minimum authority, etc., and achieve the effect of reducing the risk of key leakage and high security

Active Publication Date: 2019-07-26
深圳市云网万店科技有限公司 +1
View PDF8 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] For the second method: Although there is high-level authority control, data warehouse managers can still directly access sensitive data, which does not meet the principle of minimum author...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data processing method and system
  • Data processing method and system
  • Data processing method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0067] An embodiment of the present invention provides a data processing method, the data processing method is applied to a data processing system, the data processing system includes a service gateway and a service cluster, the service cluster includes multiple service instances, and a database is deployed in the service cluster, such as figure 2 As shown, the data processing method may include steps:

[0068] 201. The service gateway receives a data encryption request sent by a first user, and routes the data encryption request to the service cluster, where the data encryption request carries data to be encrypted and data access rights.

[0069] In this embodiment, the first user may be a data producer or a data provider, and the first user submits a data encryption request to the service gateway through the first client.

[0070] Wherein, the data to be encrypted carried in the data encryption request may be data containing sensitive information, for example, user identity...

Embodiment 2

[0110] An embodiment of the present invention provides a data processing method. In this embodiment, the data processing method includes figure 2 In addition to the steps described in , after step 205, it also includes steps 301 to 304, which are omitted for the sake of brevity. figure 2 steps described in . Such as image 3 As shown, the data processing method also includes:

[0111] 301. The service gateway receives a data decryption request sent by a second user, and the data decryption request carries ciphertext to be encrypted, a service cluster identifier, and an encrypted event number.

[0112] In this embodiment, the second user may be a data user, and the second user submits a data encryption request to the service gateway through the second client.

[0113] 302. The service gateway routes the data decryption request to the service cluster corresponding to the service cluster identifier.

[0114] In this embodiment, the service gateway may determine the correspo...

Embodiment 3

[0126] An embodiment of the present invention provides a data processing system, such as Figure 4 As shown, the data processing system may include a service gateway 41 and a service cluster 42, the service cluster 42 includes multiple service instances, and a database is deployed in the service cluster 42, wherein:

[0127] The service gateway 41 is configured to receive the data encryption request sent by the first user, and route the data encryption request to the service cluster, where the data encryption request carries the data to be encrypted and the data access authority;

[0128] The service cluster 42 is used to call corresponding service instances among multiple service instances to encrypt the data to be encrypted to generate ciphertext and generate encryption events;

[0129] The service cluster 42 is also used to correspondingly store the data access authority, the event number of the encrypted event, the encryption algorithm and the key used to encrypt the data ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a data processing method and system, and belongs to the technical field of data security, and the method comprises the steps that a service gateway receives a data encryption request sent by a first user, and routes the data encryption request to a service cluster, and the data encryption request carries to-be-encrypted data and a data access authority; the service clustercalls a corresponding service instance to encrypt the to-be-encrypted data in the plurality of service instances to generate a ciphertext, and generates an encryption event; the data access authority,the event number of the encryption event, the encryption algorithm used for encrypting the to-be-encrypted data and the secret key are correspondingly stored into a database; an encryption result including the ciphertext, the identifier of the service cluster and the event number are returned to the service gateway; and the service gateway returns the encryption result to the first user. According to the embodiment of the invention, the risk of secret key leakage of a data producer and a data user can be reduced, so that the data security is higher; and a guarantee is provided for landing ofa data access permission minimization principle.

Description

technical field [0001] The invention relates to the technical field of data security, in particular to a data processing method and system. Background technique [0002] The current methods of data security management and control in the field of big data are as follows: [0003] Method 1. Use the same key to encrypt sensitive data during data production or transmission before storage, and the data user uses the corresponding key (equal or unequal) to decrypt; [0004] Method 2: Carry out high-level authority control over sensitive data, and physically and technically ensure that only necessary personnel can access sensitive data; [0005] Method 3: Implant an encryption and decryption mechanism on the access engine of the database, and the encryption and decryption of sensitive data will be transparent to users. [0006] There are defects and deficiencies in the above methods: [0007] For the first method: the data producer or user can have access to the encryption and d...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0428H04L63/08H04L63/10H04L67/10
Inventor 郁国勇孙迁
Owner 深圳市云网万店科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap