A method and system for sharing non-sensitive and sensitive data

Abstract

The application discloses a kind of non-sensitive and sensitive data sharing method and system, the method includes: by co-site hardware resource, form the private cloud resource data pool for storing sensitive data and the public cloud resource data pool of non-sensitive data;Sensitive data in private cloud resource data pool is constructed Non-sensitive data separation interaction channel of data, the sensitive data separation interaction channel of non-sensitive data in public cloud resource data pool;Fusion data warehouse is constructed, and separated sensitive data and sensitive data are respectively fused with sensitive data, and separated non-sensitive data and non-sensitive data are respectively fused with non-sensitive data.Processing fusion is handled by the present application through co-site basic hardware, resource dynamic allocation, flexible call, give data fast and safe interconnection, in time sharing circulation, non-sensitive and sensitive data fusion processing new architecture of sharing, under this architecture, data timeliness is faster, sharing convenience is better, data fusion is stronger.

Description

Technical Field

[0001] This invention relates to the field of big data and cloud computing technology, specifically to a method and system for sharing non-sensitive and sensitive data. Background Technology

[0002] With the rapid development of cloud computing, artificial intelligence, and big data technologies, data has become an important asset and core competitiveness for enterprises. Building big data centers or platforms is an inevitable trend for the development of various industries, and it continues to generate huge benefits and impacts in all walks of life.

[0003] Currently, big data, cloud computing, and artificial intelligence are developing rapidly, widely applied, and yielding significant results. In recent years, the military-civilian integration field has, based on traditional models such as multi-party information sharing and limited contact, fully leveraged advanced, mature, and secure civilian technologies to drive the rapid development of military technologies. In the field of military-civilian big data, data has become a fundamental and critical resource, and the traditional siloed construction model of information systems is increasingly unsuitable for the needs of military-civilian integration. The traditional model suffers from low average utilization of infrastructure resources, a lack of flexible system design, weak data interoperability, poor sharing, and insufficient data utilization. Consequently, in practical applications, data resource acquisition is incomplete, query efficiency is low, processing and analysis capabilities are weak, and display methods are not intuitive, directly impacting the effectiveness of data application.

[0004] Currently, military and civilian big data platform solutions are basically based on the three-tier architecture of IaaS, PaaS, and SaaS, which are independent of each other. Data interaction is carried out through cross-departmental physical media for sharing, which is time-consuming and labor-intensive, has poor data timeliness, low processing efficiency, and the integration results may not be ideal. It is impossible to achieve timely, convenient, and high-quality sharing and interoperability of basic military and civilian resources and data. Summary of the Invention

[0005] This invention addresses the problems of sensitive and non-sensitive data being relatively independent, and data exchange and sharing through cross-departmental physical media, which is time-consuming, labor-intensive, has poor data timeliness, and low processing efficiency. It provides a fast and secure method and system for sharing non-sensitive and sensitive data.

[0006] The technical solution provided by this invention is as follows:

[0007] A method for sharing non-sensitive and sensitive data, the method comprising:

[0008] By co-locating and unifying hardware resources, a private cloud resource data pool for storing sensitive data and a public cloud resource data pool for storing non-sensitive data are formed.

[0009] Construct a data exchange channel for separating sensitive data from non-sensitive data in a private cloud resource data pool, and a data exchange channel for separating non-sensitive data from sensitive data in a public cloud resource data pool;

[0010] Construct a fusion data warehouse to merge sensitive data with other sensitive data and non-sensitive data with other non-sensitive data.

[0011] Preferably, hardware resources are physically distributed to form physically isolated non-sensitive data and sensitive data;

[0012] Establish independent secure private cloud resource data pools and public cloud resource data pools based on sensitive and non-sensitive data.

[0013] Preferably, the separation interaction includes the following steps:

[0014] Extract sensitive data and non-sensitive data from non-sensitive data and sensitive data respectively;

[0015] The extracted sensitive and non-sensitive data are securely transferred to the private cloud resource data pool and the public cloud resource data pool, respectively, through their respective data buffer security zones.

[0016] Preferably, both the extracted sensitive and non-sensitive data are transmitted through a one-way optical shutter, and the data is stored in a data buffer security area using a pre-switching or security sandbox.

[0017] Preferably, the method for extracting non-sensitive data includes dimensionality reduction and desensitization, review, and level identification; the method for extracting sensitive data includes stripping and selection, review, and level identification.

[0018] Preferably, it further includes: evaluating data quality based on the fusion processing results, providing feedback on the evaluation information, and improving data extraction capabilities based on the evaluation information.

[0019] A system for sharing non-sensitive and sensitive data, comprising:

[0020] Private cloud resource data pools are used to store sensitive data;

[0021] Public cloud resource data pools are used to store non-sensitive data;

[0022] The non-sensitive data separation and interaction channel is used to extract non-sensitive data from stored sensitive data and securely share it to the public cloud resource data pool.

[0023] The sensitive data separation interaction channel is used to extract sensitive data from stored non-sensitive data and securely share it to the private cloud resource data pool.

[0024] Compared with the prior art, the beneficial effects of the present invention are as follows:

[0025] This invention provides a new architecture for fast and secure data connectivity, timely sharing and transfer, and fusion processing and sharing of non-sensitive and sensitive data through the unified construction of co-located basic hardware, dynamic allocation and flexible call to resources. Under this architecture, data is more timely, easier to share and more integrated. Attached Figure Description

[0026] Figure 1 This is a diagram illustrating the architecture for sharing non-sensitive and sensitive data.

[0027] Figure 2 This is a schematic diagram illustrating the process of sharing non-sensitive and sensitive data. Detailed Implementation

[0028] To more clearly illustrate the technical solutions in the embodiments of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention. The embodiments described with reference to the accompanying drawings are exemplary and intended to explain the present invention, and should not be construed as limiting the present invention.

[0029] A method for sharing non-sensitive and sensitive data, the method comprising three steps.

[0030] (1) By co-locating and building hardware resources, a private cloud resource data pool for storing sensitive data and a public cloud resource data pool for storing non-sensitive data are formed.

[0031] In this invention (1), hardware resources are constructed through co-location and physically distributed to form physically isolated non-sensitive and sensitive data; independent secure private cloud resource data pools and public cloud resource data pools are formed based on sensitive and non-sensitive data, respectively. Here, "physical distribution of hardware resources" means implementing diversity isolation for data storage hardware, and then obtaining sensitive and non-sensitive data according to the sensor data acquisition identifier; non-sensitive and sensitive data mainly include marine safety, marine environment, emergency law enforcement, maritime navigation, marine fisheries, maritime defense, marine management and other marine-related data.

[0032] By building a unified infrastructure based on shared addresses, interconnected resources can be dynamically allocated and flexibly accessed, enabling rapid and secure connectivity of various types of data and greatly improving data timeliness.

[0033] (2) Construct a non-sensitive data separation and interaction channel for sensitive data in the private cloud resource data pool and a sensitive data separation and interaction channel for non-sensitive data in the public cloud resource data pool.

[0034] In this invention (2), the separation interaction of the non-sensitive data separation interaction channel includes the following steps:

[0035] Extracting non-sensitive data from sensitive data, which includes dimensionality reduction and desensitization, review, and level identification;

[0036] The extracted non-sensitive data is transmitted through a one-way optical shutter, and the data is stored in the data buffer security area using a front-end exchange or a security sandbox. The data in the data buffer security area is autonomously burned into a large-capacity export medium. After burning, the burned export medium is quickly moved to the non-sensitive data reader by a shuttle robotic arm, and then stored in the public cloud resource data pool, thereby realizing the sharing of non-sensitive data.

[0037] The separation interaction of sensitive data separation interaction channels includes the following steps:

[0038] Extracting sensitive data from non-sensitive data, which includes stripping and selection, review, and classification.

[0039] The extracted sensitive data is transmitted through a one-way optical shutter and stored in a data buffer security area using a front-end exchange or a security sandbox. The data in the data buffer security area is autonomously burned into a large-capacity export medium. After burning, the burned export medium is quickly moved to the sensitive data reader by a shuttle robotic arm and then stored in a private cloud resource data pool, thereby realizing the sharing of sensitive data.

[0040] In this invention, the security light gate and the front-end switch are mainly composed of a dedicated unidirectional fiber optic transmitter, a unidirectional fiber optic receiver, an external end unit, an internal end unit, and a switch. The external end unit only has a transmitter, and the internal end unit only has a receiver. There is no physical feedback signal, which ensures that the hardware is physically unidirectional.

[0041] Unlike the traditional cross-regional media transfer and sharing model, non-sensitive data and sensitive data are shared and interacted securely through their respective separate interaction channels, which improves the convenience of data flow. (3) Construct a fusion data warehouse, and perform routine fusion processing on the separated sensitive data and non-sensitive data to obtain the corresponding metadata and subject data.

[0042] Data connectivity and sharing enable the fusion and processing of multi-source heterogeneous data. Here, corresponding metadata and thematic data can be obtained for sensitive shared data, and corresponding metadata and thematic data can also be obtained for non-sensitive shared data.

[0043] (4) Evaluate the data quality based on the fusion processing results and provide feedback on the evaluation information to improve the data extraction capability.

[0044] Specifically, after the separated sensitive data and the sensitive data in the private cloud resource data pool undergo routine fusion processing, the quality of the fused sensitive data is evaluated according to general data quality methods. The evaluation information is then fed back to the dimensionality reduction and desensitization module via control commands, and this evaluation information is used to iteratively improve the quality of data dimensionality reduction and desensitization. After the separated non-sensitive data and the non-sensitive data in the public cloud resource data pool undergo routine fusion processing, the quality of the fused non-sensitive data is evaluated according to general data quality methods. The evaluation information is then fed back to the stripping and selection module via control commands, and this evaluation information is used to extract higher quality data from the original data for iterative processing to improve the quality of data stripping and selection.

[0045] The quality of shared data is evaluated in real time based on the results, and timely feedback is provided to the data source to provide higher-value data, thereby iteratively improving the quality of data fusion and processing.

[0046] This invention also discloses a system for sharing non-sensitive data and sensitive data, comprising:

[0047] Private cloud resource data pools are used to store sensitive data;

[0048] Public cloud resource data pools are used to store non-sensitive data;

[0049] The non-sensitive data separation and interaction channel is used to extract non-sensitive data from stored sensitive data and securely share it to the public cloud resource data pool; here, the extraction of non-sensitive data is to perform dimensionality reduction and de-identification on the sensitive data.

[0050] Sensitive data separation and interaction channel is used to separate and select non-sensitive data stored and securely share it to a private cloud resource data pool;

[0051] The data fusion warehouse is used to fuse separate sensitive data with other sensitive data and separate non-sensitive data with sensitive data, to obtain fusion results mainly consisting of metadata and subject data, and then store them.

[0052] Furthermore, the non-sensitive data separation and interaction channel includes:

[0053] The dimensionality reduction and anonymization module is used to reduce the dimensionality and anonymize sensitive data.

[0054] The review and rating module is used to manually review the dimensionality reduction and desensitization results and rate them to obtain sensitive data and non-sensitive data. The non-sensitive data is the separated non-sensitive data.

[0055] Security gates and front-end switches are used to transmit separated, non-sensitive data in one direction.

[0056] A data buffer is used to buffer separated, non-sensitive data.

[0057] Data recorders are used to record non-sensitive data.

[0058] The data reader, in conjunction with the private cloud resource data pool, is used to read non-sensitive data and transfer it to the private cloud resource data pool.

[0059] The sensitive data separation and interaction channel includes:

[0060] The stripping and selection module is used to strip and select non-sensitive data;

[0061] The review and grading module is used to manually review the stripping and selection results and rate them to obtain sensitive data and non-sensitive data. The sensitive data is the separated sensitive data.

[0062] Security gates and front-end switches are used to transmit sensitive data in one direction only.

[0063] A data buffer is used to buffer separated sensitive data;

[0064] Data recorders are used to record sensitive data.

[0065] The data reader, in conjunction with the public cloud resource data pool, is used to read sensitive data and transfer it to the public cloud resource data pool.

[0066] The data buffer, data burning, and data reading processes are based on the principle of "physical isolation." A robotic arm is used to simulate manual operation of optical discs for automatic data migration, achieving physical isolation between the external and internal networks. This provides an automated, secure, and reliable bidirectional data transfer and reading method for inter-network data exchange.

Claims

1. A method for sharing non-sensitive and sensitive data, characterized in that, The method includes: By co-locating and unifying hardware resources, the hardware resources are physically distributed to form physically isolated non-sensitive and sensitive data, forming a private cloud resource data pool for storing sensitive data and a public cloud resource data pool for storing non-sensitive data. Construct a data exchange channel for separating sensitive data from non-sensitive data in a private cloud resource data pool, and a data exchange channel for separating non-sensitive data from sensitive data in a public cloud resource data pool; Sensitive and non-sensitive data are extracted from non-sensitive and sensitive data respectively. The extracted sensitive and non-sensitive data are transmitted through a one-way optical gate and stored in a data buffer security area using a front-end exchange or security sandbox. Thus, the data flows securely to the private cloud resource data pool and the public cloud resource data pool through their respective data buffer security areas. Construct a fusion data warehouse to merge sensitive data with other sensitive data and non-sensitive data with other non-sensitive data.

2. The method for sharing non-sensitive and sensitive data as described in claim 1, characterized in that, The extraction methods for non-sensitive data include dimensionality reduction and desensitization, review, and level identification; the extraction methods for sensitive data include stripping and selection, review, and level identification.

3. The method for sharing non-sensitive and sensitive data as described in claim 1, characterized in that, Also includes: The data quality is evaluated based on the fusion processing results, and evaluation information is fed back to improve data extraction capabilities based on the evaluation information.

4. A system for sharing non-sensitive data and sensitive data, characterized in that, include: A private cloud resource data pool is used to store sensitive data, which is obtained by using hardware resources built through co-location and physical diversity of the hardware resources; A public cloud resource data pool is used to store non-sensitive data, which is obtained by using hardware resources built through co-location and physical diversity of the hardware resources. The non-sensitive data separation interaction channel is used to strip non-sensitive data from stored sensitive data. The extracted non-sensitive data is transmitted through a one-way optical gate and stored in a data buffer security area using a front-end exchange or security sandbox, so that it can be securely flowed to the public cloud resource data pool. The sensitive data separation interaction channel is used to extract sensitive data from stored non-sensitive data. The extracted sensitive data is transmitted through a one-way optical gate and stored in a data buffer security area using a front-end exchange or security sandbox, so that it can be securely flowed to the private cloud resource data pool. The merged data warehouse is used to merge separate sensitive data with other sensitive data, and separate non-sensitive data with other non-sensitive data.

Images