Method and apparatus for accessing data
By classifying the target task data and adopting a dual key verification mechanism, the problem of data privacy information being tampered with or arbitrarily obtained in high-security protection scenarios is solved, thus achieving higher data access security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA MOBILE GROUP JIANGSU
- Filing Date
- 2022-03-25
- Publication Date
- 2026-06-12
Smart Images
Figure CN116846555B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of computer technology, and more specifically to a data access method and apparatus. Background Technology
[0002] In existing scenarios with high levels of network security protection, it is necessary to strictly protect the behavior of accessing data. The existing protection methods are to encrypt the data and control the user's access behavior.
[0003] Existing methods address network security issues in big data scenarios. Even with data encryption and user access control, privacy information on different devices within the data system and personal privacy data in communication networks can still be easily obtained or tampered with. Ensuring that privacy information in these data is not easily tampered with or arbitrarily obtained is a pressing issue that needs to be addressed. Summary of the Invention
[0004] This invention provides a data access method and apparatus to solve the technical problem of insufficient security in data access in the prior art.
[0005] In a first aspect, the present invention provides a data access method, comprising:
[0006] The target task data is classified to identify the privacy data within it.
[0007] Receive a request from a target user to access the privacy data, and send a first key to the target user;
[0008] Receive the user information of the target user and the first key verification feedback information of the target user. If the user information and the first key verification feedback information are verified and the target user is a historical user, send the second key to the target user.
[0009] The system receives a first key and a second key uploaded by the target user. After the first key and the second key are verified, the system controls the target user to access the privacy data.
[0010] In one embodiment, classifying the target task data includes:
[0011] Based on the data security assessment of the task data and the confidentiality level of the task data, a classification and storage model for the task data is constructed.
[0012] Based on the classification storage model, the target task data is classified to determine the privacy data and the ordinary content data in the target task data.
[0013] In one embodiment, the target task data is classified according to the classification storage model to determine the privacy data and the general content data in the target task data, including:
[0014] Based on the classification storage model, the data security estimate of the target task data and the confidentiality level of the target task data are weighted and summed to obtain the security level score of the target task data.
[0015] Based on the security level score, the target task data is classified to determine the privacy data and the general content data within the target task data.
[0016] In one embodiment, the data security assessment is determined based on the importance of the task data, the data integrity of the task data, the data correlation between the task data, and the data invalidity of the task data.
[0017] In one embodiment, after receiving the user information of the target user and the first key verification feedback information of the target user, the method further includes:
[0018] If the user information and the first key verification feedback information are verified successfully, and the target user is not a historical user, the target user will be marked as a historical user.
[0019] In one embodiment, before controlling the target user's access to the privacy data, the method further includes:
[0020] The access security level of the target user is determined based on the number of times the target user requests access to privacy data and the number of times the target user's first key verification feedback information is successfully verified.
[0021] The access permission level of the target user is determined based on the access security level, the security of the target user's access device, and the target user's access frequency.
[0022] In one embodiment, after determining the access permission level of the target user, the method further includes:
[0023] The access priority of the target user is determined based on the relationship between the access permission level and the preset access permission level threshold.
[0024] Based on the access priority, control the target user's access to the privacy data.
[0025] In a second aspect, the present invention also provides a data access device, comprising:
[0026] The task data classification and storage module is used to classify the target task data and determine the privacy data in the target task data;
[0027] The first key sending module is used to receive a request from a target user to access the privacy data and send a first key to the target user.
[0028] The second key sending module is used to receive the user information of the target user and the first key verification feedback information of the target user. If the user information and the first key verification feedback information are verified successfully and the target user is a historical user, the second key is sent to the target user.
[0029] The access control module is used to receive the first key and the second key uploaded by the target user, and control the target user to access the privacy data after the first key and the second key are verified.
[0030] Thirdly, the present invention also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the data access method described above.
[0031] Fourthly, the present invention also provides a computer program product, including a computer program that, when executed by a processor, implements any of the above-described data access methods.
[0032] The data access method, apparatus, electronic device, and storage medium provided by this invention classify target task data to identify private data within it. This allows users to retrieve the necessary portions of the task data based on data type, facilitating the acquisition of private data while preventing the retrieval of all data at once, thus enhancing data access security. Furthermore, when a target user accesses private data, dual authentication using a first key and a second key further strengthens the security of private data access. Attached Figure Description
[0033] To more clearly illustrate the technical solutions in this invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of this invention. For those skilled in the art, other drawings can be obtained from these drawings without creative effort.
[0034] Figure 1 A flowchart illustrating the data access method provided by the present invention;
[0035] Figure 2This is a schematic diagram of the data storage bar structure provided by the present invention;
[0036] Figure 3 A schematic diagram of the multi-task classification storage structure provided by the present invention;
[0037] Figure 4 The privacy data access signaling diagram provided for this invention;
[0038] Figure 5 A schematic diagram of data storage bars for multiple tasks provided by the present invention;
[0039] Figure 6 A schematic diagram of the structure of the data access device provided by the present invention;
[0040] Figure 7 This is a schematic diagram of the structure of the electronic device provided by the present invention. Detailed Implementation
[0041] To make the objectives, technical solutions, and advantages of this invention clearer, the technical solutions of this invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of this invention. All other embodiments obtained by those skilled in the art based on the embodiments of this invention without creative effort are within the scope of protection of this invention.
[0042] Figure 1 A flowchart illustrating the data access method provided by this invention. (Refer to...) Figure 1 The data access method provided by this invention may include:
[0043] 110. Classify the target task data and identify the privacy data within the target task data;
[0044] 120. Receive a request from a target user to access the privacy data, and send a first key to the target user;
[0045] 130. Receive the user information of the target user and the first key verification feedback information of the target user. If the user information and the first key verification feedback information are verified and the target user is a historical user, send the second key to the target user.
[0046] 140. Receive the first key and the second key uploaded by the target user, and after the first key and the second key are verified, control the target user to access the privacy data.
[0047] The data access method provided by this invention can be executed by an electronic device, a component within an electronic device, an integrated circuit, or a chip. The electronic device can be a mobile electronic device or a non-mobile electronic device. For example, a mobile electronic device can be a mobile phone, tablet computer, laptop computer, PDA, in-vehicle electronic device, wearable device, ultra-mobile personal computer (UMPC), netbook, or personal digital assistant (PDA), etc., while a non-mobile electronic device can be a server, network attached storage (NAS), personal computer (PC), television set (TV), ATM, or self-service machine, etc. This invention does not impose specific limitations.
[0048] The technical solution of the present invention will be described in detail below using the method for accessing data provided by the present invention via a computer as an example.
[0049] In step 110, after obtaining the target task data, the target task data can be classified according to the specific data type in the target task data to determine the privacy data in the target task data classification results.
[0050] Optionally, the target task data can be categorized, and the resulting data types can be stored separately to create storage entries for the target task data. The data types obtained from categorizing the target task data can be: data category data, data modification count data, basic data content data, privacy data, and data encryption information data. Specifically, data category data stores the category information of the target task data, data modification count data stores the number of times the target task data has been modified or accessed, basic data content data stores ordinary data relative to privacy data within the target task data, and data encryption information data stores information related to data encryption.
[0051] After classifying the target task data, the classified data can be stored in the various modules of a data storage bar. For example... Figure 2 The data storage bar structure diagram provided by this invention shows that the data storage bar includes a data category storage module, a data modification count storage module, a data content storage module, a privacy data storage module, and a data encryption information storage module. After determining the data type of the target task data, the corresponding type of data can be stored in the corresponding module of the data storage bar according to the corresponding module in the data storage bar. For example, data category data can be stored in the data category storage module of the data storage bar.
[0052] In the case of categorized storage for multiple tasks, multiple sub-modules can be constructed for storage within the data storage module and the privacy data storage module of the data storage bar, as shown in Figure 3, a schematic diagram of the multi-task categorized storage structure provided by this invention. Each sub-module stores one type of data for one task. For example, the basic data content of task 1 is stored in the content storage module 1 sub-module of the data content storage module, and the privacy data of task 1 is stored in the privacy data storage module 1 sub-module of the privacy data storage module. Different tasks are stored in separate modules.
[0053] Understandably, in data systems, the volume of data is typically large, and the lack of separate storage isolation during data storage can complicate the subsequent data retrieval process and reduce efficiency. Therefore, dividing and storing data according to different tasks, and further separating data for the same task into different modules based on certain storage rules, can improve data storage organization. At the same time, especially for privacy-sensitive data, accessing data based on its data storage type, and avoiding access to privacy-sensitive data when not needed, can also improve data access security.
[0054] In step 120, after the target user initiates a request to access the privacy database in the target task data, the system receives the target user's request to access the privacy data and sends the first key to the target user.
[0055] The first key is the initial verification key for the target user. Once the target user passes the verification with the first key, it means that the target user initially meets the requirements for accessing private data.
[0056] In step 130, the user information of the target user and the first key verification feedback information of the target user are received. The user information of the target user and the first key verification feedback information are verified. If the user information and the first key verification feedback information are verified and the target user is a historical user, the second key is sent to the target user.
[0057] After initial verification of the target user using the first key and the target user's information, if the target user is a previous visitor, a second key is sent to the target user. The second key is used for further verification.
[0058] Understandably, determining whether the target user is a historical visitor and sending the second key only to that user helps prevent malicious random access to data.
[0059] In step 140, the system receives a first key and a second key uploaded by the target user, verifies the first key and the second key, and controls the target user to access the privacy data after successful verification.
[0060] Understandably, dual authentication using the first and second keys can further enhance the security of target users' access to private data.
[0061] The data access method provided by this invention classifies target task data to identify private data within it. This allows users to retrieve the necessary portions of the task data based on its data type, facilitating the acquisition of private data while preventing the retrieval of all data at once, thus enhancing data access security. Furthermore, when a target user accesses private data, dual authentication using a first key and a second key further strengthens the security of private data access.
[0062] In one embodiment, classifying target task data includes: constructing a classification storage model for the task data based on the data security assessment and the confidentiality level of the task data; classifying the target task data according to the classification storage model to determine the privacy data and the ordinary content data in the target task data.
[0063] Specifically, a classification storage model can be constructed to classify and store the target task data. The target task data is input into the classification storage model to determine the privacy data and the general content data within the target task data.
[0064] The task classification and storage module is determined based on the data security assessment and the confidentiality level of the task data. Both the data security assessment and the confidentiality level of the task data reflect the degree of privacy of the task data.
[0065] Understandably, by classifying and storing data, identifying ordinary content data and private data, and storing the corresponding data in different data modules, the integrity of data storage is ensured while improving data storage security.
[0066] The data access method provided by this invention, by constructing a classification storage model, identifies ordinary content data and privacy data in the target task data, and accesses data according to the data type, preventing the acquisition of all data at once and improving the security of data storage.
[0067] In one embodiment, classifying the target task data according to the classification storage model to determine the privacy data and the ordinary content data in the target task data includes: weighting and summing the data security estimate and the confidentiality level of the target task data according to the classification storage model to obtain a security level score for the target task data; and classifying the target task data according to the security level score to determine the privacy data and the ordinary content data in the target task data.
[0068] Optionally, a classification storage model can be constructed based on the data security assessment of the task data and the confidentiality level of the task data. The classification storage model can be:
[0069] C f =Blog2(ηp) r +αM r (1)
[0070] Among them, C f B represents the classification result; P represents the preset adjustment coefficient. r Mission security level; M r For data security estimation; η and α are weighting adjustment coefficients.
[0071] Calculate the target task data and estimate the data security value M. r With security level P r By performing a weighted summation, a comprehensive data security level score is obtained, which yields the evaluation score for the data in the task. This score is then adjusted using a preset weight B to determine the final data storage location C. f Evaluation score.
[0072] Through C f The value is evaluated, if C f Values within the preset range [G, H] are classified as ordinary content data; if C f Values within the preset range [L, M] are identified as private data.
[0073] The data access method provided by this invention, by constructing a classification storage model, identifies ordinary content data and privacy data in the target task data, and accesses data according to the data type, preventing the acquisition of all data at once and improving the security of data storage.
[0074] In one embodiment, the data security assessment is determined based on the importance of the task data, the data integrity of the task data, the data correlation between the task data, and the data invalidity of the task data.
[0075] Data security assessment reflects the importance and quality of the data. Data security assessment can be obtained using formula (2):
[0076] M r =(W+min-max[F,a,b]) (2)
[0077] Among them, M r For data security estimation, W represents the importance of the data, F represents the data integrity, a represents the correlation between data, and b represents the data invalidity; min-max[F,a,b] is the normalization process of parameters F, a, and b using the min-max method.
[0078] The data access method provided by this invention determines the data security assessment, constructs a classification storage model based on the data security assessment and confidentiality level of the task data, identifies ordinary content data and privacy data in the target task data, and accesses data according to the data type, preventing the acquisition of all data at once and improving the security of data storage.
[0079] In one embodiment, after receiving the user information of the target user and the first key verification feedback information of the target user, the method further includes: if the user information and the first key verification feedback information are verified successfully and the target user is not a historical user, marking the target user as a historical user.
[0080] Understandably, after the user information and the first key verification feedback information are verified successfully, it can be determined that the target user has passed the initial verification. Further verification is then performed to determine if the target user is a historical user. Only if the target user is a historical user will the second key be sent to them. Otherwise, the target user will be marked as a historical user.
[0081] The data access method provided by this invention determines whether to send a second key to the target user by checking whether the target user is a previous user. Sending the second key to the target user only if the target user is a previous user avoids malicious random data access.
[0082] In one embodiment, before controlling the target user's access to the privacy data, the method further includes: determining the target user's access security level based on the number of times the target user requests access to the privacy data and the number of times the target user's first key verification feedback information is verified; and determining the target user's access permission level based on the access security level, the security of the target user's access device, and the target user's access frequency.
[0083] Considering system concurrency, the system cannot handle multiple users accessing it simultaneously within a certain period. Especially during peak access times when the number of users is large, access levels can be set for specific users to control their access.
[0084] Optionally, the number of access requests Q initiated by the target user and the number of times the target user's first key verification feedback information passed M can be calculated to obtain the target user's access security level S. F =QM. It's understandable that the access level reflects the access behavior of the target user; the better the target user's access behavior, the higher the access level.
[0085] After determining the access security level of the target user, the access permission level of the target user can be determined based on the access security level of the target user, the security of the target user's access device, and the access frequency of the target user, as shown in formula (3):
[0086]
[0087] Among them, Q X S represents the access permission level for the target user. F For the target user's access security level, S Q For the security of the target user's access device, R E The frequency of access by the target users is represented by α, β, and ε, which are weighting coefficients set manually.
[0088] After determining the access permission level of the target user, control the target user's access to private data in the target task data according to the access permission level.
[0089] The data access method provided by this invention determines the access permission level of the target user and controls the target user's access to private data in the target task data according to the access permission level, thereby achieving reasonable control of user access during peak access periods.
[0090] In one embodiment, after determining the access permission level of the target user, the method further includes: determining the access priority of the target user based on the relationship between the access permission level and a preset access permission level threshold; and controlling the target user's access to the privacy data based on the access priority.
[0091] After determining the access permission level of the target user, a permission level threshold can be set. Based on the relationship between the access permission level and the preset permission level threshold, the access priority of the target user can be determined. For example, when multiple users access the site, the access time can be divided into peak access periods, off-peak access periods, and spatial periods based on actual usage habits. During peak access periods, users with permission levels higher than the permission level threshold 3 have priority access; during off-peak access periods, users with permission levels higher than the permission level threshold 1 have priority access; during spatial periods, user access permissions are not restricted.
[0092] The data access method provided by this invention determines the access permission level of the target user and controls the target user's access to private data in the target task data according to the access permission level, thereby achieving reasonable control of user access during peak access periods.
[0093] The following is a privacy data access signaling diagram provided by this invention. Figure 4 For example, the technical solution provided by this invention will be explained:
[0094] For the four tasks (A, B, C, and D) that target user 'user1' wants to access, the task data for tasks A, B, C, and D is categorized, and the categorized data is stored in the corresponding module of the data storage bar. For example... Figure 5 The present invention provides a schematic diagram of data storage bars for multiple tasks, resulting in four data storage bars for tasks. Each data storage bar includes a data category storage module, a data modification count storage module, a data content storage module, a privacy data storage module, and a data encryption information storage module. When user1 wants to access the privacy data of task A stored on the server, user1 sends an authentication request to the server's monitoring node.
[0095] The server's supervisory node S sends the first key that allows access to the private data to the target user User1 and the server's verification node.
[0096] The target user, user1, receives the first key and verifies its integrity.
[0097] After the target user1 verifies the integrity of the first key, it sends the verification feedback information of the first key to the verification node.
[0098] The verification node verifies whether the target user (user1) is a previously visited user and whether the information provided by the target user is authentic, based on the target user's user information and the feedback information from the first key verification. If the verification node verifies that the target user's feedback is authentic and that the target user has a history of access, then it sends the second key to user1. If the verification node verifies that the target user's feedback is authentic but the user is not a previously visited user, then it marks the target user as a previously visited user.
[0099] After the target user, user1, verifies the information using the first and second keys, they can access the private data in task A.
[0100] Task A's data bar records the access behavior information of target user user1, and synchronizes this access behavior information to the consensus authentication modules of tasks B, C, and D. If target user user1 wants to access any of the data storage bars in tasks B, C, and D again, they need to initiate a re-access request to the supervisory node. The supervisory node verifies the data storage bars in tasks B, C, and D, checking target user user1's access behavior. If the user's access behavior is compliant, it obtains a second key from the verification node and directly provides the first and second keys to target user user1, providing them with a combined decryption key for accessing any data storage bar in tasks B, C, and D. If any data access behavior is improper during the user's data access process, the original access steps are used to access the task's data storage bar.
[0101] The present invention also provides a data access device, which can be referred to in correspondence with the data access method described above.
[0102] Figure 6 A schematic diagram of the structure of the data access device provided by the present invention, as shown below. Figure 6 As shown, the device includes:
[0103] The task data classification and storage module 610 is used to classify the target task data and determine the privacy data in the target task data;
[0104] The first key sending module 620 is used to receive a request from a target user to access the privacy data and send a first key to the target user.
[0105] The second key sending module 630 is used to receive the user information of the target user and the first key verification feedback information of the target user. If the user information and the first key verification feedback information are verified and the target user is a historical user, the second key is sent to the target user.
[0106] The access control module 640 is used to receive the first key and the second key uploaded by the target user, and control the target user to access the privacy data after the first key and the second key are verified.
[0107] The data access device provided by this invention classifies target task data to identify private data within it, allowing users to retrieve the necessary portions of the task data based on data type. This facilitates access to private data while preventing the acquisition of all data at once, thus enhancing data access security. Furthermore, when a target user accesses private data, dual authentication using a first key and a second key further strengthens the security of private data access.
[0108] In one embodiment, the task data classification and storage module 610 is specifically used for:
[0109] The target task data is categorized, including:
[0110] Based on the data security assessment of the task data and the confidentiality level of the task data, a classification and storage model for the task data is constructed.
[0111] Based on the classification storage model, the target task data is classified to determine the privacy data and the ordinary content data in the target task data.
[0112] In one embodiment, the task data classification and storage module 610 is further configured to:
[0113] Based on the classification and storage model, the target task data is classified to determine the privacy data and the general content data within the target task data, including:
[0114] Based on the classification storage model, the data security estimate of the target task data and the confidentiality level of the target task data are weighted and summed to obtain the security level score of the target task data.
[0115] Based on the security level score, the target task data is classified to determine the privacy data and the general content data within the target task data.
[0116] In one embodiment, the task data classification and storage module 610 is further configured to:
[0117] The data security assessment is determined based on the importance of the task data, the data integrity of the task data, the correlation between the data in the task data, and the data invalidity of the task data.
[0118] In one embodiment, the second key sending module 630 is specifically used for:
[0119] After receiving the target user's user information and the target user's first key verification feedback information, the method further includes:
[0120] If the user information and the first key verification feedback information are verified successfully, and the target user is not a historical user, the target user will be marked as a historical user.
[0121] In one embodiment, the access control module 640 is specifically used for:
[0122] Before controlling the target user's access to the privacy data, the method further includes:
[0123] The access security level of the target user is determined based on the number of times the target user requests access to privacy data and the number of times the target user's first key verification feedback information is successfully verified.
[0124] The access permission level of the target user is determined based on the access security level, the security of the target user's access device, and the target user's access frequency.
[0125] In one embodiment, the access control module 640 is further configured to:
[0126] After determining the access permission level of the target user, the method further includes:
[0127] The access priority of the target user is determined based on the relationship between the access permission level and the preset access permission level threshold.
[0128] Based on the access priority, control the target user's access to the privacy data.
[0129] The present invention also provides an electronic device, such as... Figure 7 As shown, the electronic device may include: a processor 710, a communication interface 720, a memory 730, and a communication bus 740, wherein the processor 710, the communication interface 720, and the memory 730 communicate with each other through the communication bus 740. The processor 710 can call logical instructions in the memory 730 to execute data access methods, such as:
[0130] The target task data is classified to identify the privacy data within it.
[0131] Receive a request from a target user to access the privacy data, and send a first key to the target user;
[0132] Receive the user information of the target user and the first key verification feedback information of the target user. If the user information and the first key verification feedback information are verified and the target user is a historical user, send the second key to the target user.
[0133] The system receives a first key and a second key uploaded by the target user. After the first key and the second key are verified, the system controls the target user to access the privacy data.
[0134] Furthermore, the logical instructions in the aforementioned memory 730 can be implemented as software functional units and, when sold or used as independent products, can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, essentially, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0135] On the other hand, the present invention also provides a computer program product, the computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions, which, when executed by a computer, enable the computer to execute the data access methods provided in the above-described method embodiments, for example including:
[0136] The target task data is classified to identify the privacy data within it.
[0137] Receive a request from a target user to access the privacy data, and send a first key to the target user;
[0138] Receive the user information of the target user and the first key verification feedback information of the target user. If the user information and the first key verification feedback information are verified and the target user is a historical user, send the second key to the target user.
[0139] The system receives a first key and a second key uploaded by the target user. After the first key and the second key are verified, the system controls the target user to access the privacy data.
[0140] In another aspect, the present invention also provides a non-transitory computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the data access methods provided in the above-described method embodiments, for example including:
[0141] The target task data is classified to identify the privacy data within it.
[0142] Receive a request from a target user to access the privacy data, and send a first key to the target user;
[0143] Receive the user information of the target user and the first key verification feedback information of the target user. If the user information and the first key verification feedback information are verified and the target user is a historical user, send the second key to the target user.
[0144] The system receives a first key and a second key uploaded by the target user. After the first key and the second key are verified, the system controls the target user to access the privacy data.
[0145] The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs. Those skilled in the art can understand and implement this without any creative effort.
[0146] Through the above description of the embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus necessary general-purpose hardware platforms, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solutions, in essence or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product can be stored in a computer-readable storage medium, such as ROM / RAM, magnetic disk, optical disk, etc., and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute the methods described in the various embodiments or some parts of the embodiments.
[0147] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims
1. A method for accessing data, characterized in that, include: The target task data is classified to identify the privacy data within it. Receive a request from a target user to access the privacy data, and send a first key to the target user; Receive the user information of the target user and the first key verification feedback information of the target user. If the user information and the first key verification feedback information are verified and the target user is a historical user, send the second key to the target user. The system receives a first key and a second key uploaded by the target user. After the first key and the second key are verified, the system controls the target user to access the privacy data.
2. The data access method according to claim 1, characterized in that, The classification of target task data includes: Based on the data security assessment of the task data and the confidentiality level of the task data, a classification and storage model for the task data is constructed. Based on the classification storage model, the target task data is classified to determine the privacy data and the ordinary content data in the target task data.
3. The data access method according to claim 2, characterized in that, The step of classifying the target task data according to the classification storage model to determine the privacy data and the ordinary content data in the target task data includes: Based on the classification storage model, the data security estimate of the target task data and the confidentiality level of the target task data are weighted and summed to obtain the security level score of the target task data. Based on the security level score, the target task data is classified to determine the privacy data and the general content data within the target task data.
4. The data access method according to claim 2, characterized in that, The data security assessment is determined based on the importance of the task data, the data integrity of the task data, the correlation between the data in the task data, and the data invalidity of the task data.
5. The data access method according to claim 1, characterized in that, After receiving the user information of the target user and the first key verification feedback information of the target user, the method further includes: If the user information and the first key verification feedback information are verified successfully, and the target user is not a historical user, the target user will be marked as a historical user.
6. The data access method according to claim 1, characterized in that, Before controlling the target user's access to the privacy data, the method further includes: The access security level of the target user is determined based on the number of times the target user requests access to privacy data and the number of times the target user's first key verification feedback information is successfully verified. The access permission level of the target user is determined based on the access security level, the security of the target user's access device, and the target user's access frequency.
7. The data access method according to claim 6, characterized in that, After determining the access permission level of the target user, the method further includes: The access priority of the target user is determined based on the relationship between the access permission level and the preset access permission level threshold. Based on the access priority, control the target user's access to the privacy data.
8. A data access device, characterized in that, include: The task data classification and storage module is used to classify the target task data and determine the privacy data in the target task data; The first key sending module is used to receive a request from a target user to access the privacy data and send a first key to the target user. The second key sending module is used to receive the user information of the target user and the first key verification feedback information of the target user. If the user information and the first key verification feedback information are verified successfully and the target user is a historical user, the second key is sent to the target user. The access control module is used to receive the first key and the second key uploaded by the target user, and control the target user to access the privacy data after the first key and the second key are verified.
9. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the computer program, it implements the data access method as described in any one of claims 1 to 7.
10. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the data access method as described in any one of claims 1 to 7.