CN105515963A - Data gateway device and big data system - Google Patents
Data gateway device and big data system Download PDFInfo
- Publication number
- CN105515963A CN105515963A CN201510881918.6A CN201510881918A CN105515963A CN 105515963 A CN105515963 A CN 105515963A CN 201510881918 A CN201510881918 A CN 201510881918A CN 105515963 A CN105515963 A CN 105515963A
- Authority
- CN
- China
- Prior art keywords
- data
- service
- gateway device
- management module
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 claims abstract description 53
- 238000012545 processing Methods 0.000 claims abstract description 42
- 238000007726 management method Methods 0.000 claims description 119
- 238000001914 filtration Methods 0.000 claims description 38
- 230000000737 periodic effect Effects 0.000 claims description 22
- 238000012550 audit Methods 0.000 claims description 16
- 230000001360 synchronised effect Effects 0.000 claims description 8
- 230000000873 masking effect Effects 0.000 abstract description 4
- 238000007689 inspection Methods 0.000 description 17
- 238000000034 method Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 9
- 238000012552 review Methods 0.000 description 7
- 238000013475 authorization Methods 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000013075 data extraction Methods 0.000 description 3
- 238000005070 sampling Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000004140 cleaning Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 206010020751 Hypersensitivity Diseases 0.000 description 1
- 208000026935 allergic disease Diseases 0.000 description 1
- 230000007815 allergy Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
本发明公开了数据网关装置和大数据系统。其中,数据网关装置包括:用户管理模块,其用于管理用户信息;服务管理模块,其用于管理向用户开放的数据服务的信息;规则管理模块,其用于针对不同用户和不同的数据服务设置不同合规检查规则;取数管理模块,其用于接收用户发出的服务的取数请求,向数据中心发出相应的取数请求,并接受数据中心返回的源数据;以及数据脱敏处理模块,其用于根据规则管理模块设置的规则,对数据中心返回的源数据进行合规检查,从而生成服务数据,所述服务数据为满足合规检查的数据,其中所述取数管理模块还用于将数据脱敏处理模块生成的服务数据提供给用户。
The invention discloses a data gateway device and a big data system. Among them, the data gateway device includes: a user management module, which is used to manage user information; a service management module, which is used to manage the information of data services open to users; a rule management module, which is used for different users and different data services Set up different compliance check rules; data access management module, which is used to receive data access requests from users, send corresponding data access requests to the data center, and accept source data returned by the data center; and data desensitization processing module , which is used to check the compliance of the source data returned by the data center according to the rules set by the rule management module, so as to generate service data. It is used to provide the service data generated by the data masking processing module to the user.
Description
技术领域technical field
本发明属于数据处理技术领域,具体涉及一种数据网关(Gateway)装置和一种包括该数据网关装置的大数据系统,其可保障大数据的安全运营。The invention belongs to the technical field of data processing, and in particular relates to a data gateway (Gateway) device and a big data system including the data gateway device, which can guarantee the safe operation of big data.
背景技术Background technique
在大数据时代,盘活数据资产、开放共享数据已成为大势所趋。开放数据服务、实现大数据的运营和变现是当前大数据发展的热点问题。然而,在大数据的运营或者变现过程中,如何保证数据的合规性、避免敏感信息的泄漏、对交易数据进行计量或者计费以及对数据进行审计等成为了当前亟需解决的问题。In the era of big data, revitalizing data assets and openly sharing data has become the general trend. Opening data services and realizing the operation and realization of big data are hot issues in the current development of big data. However, in the operation or realization of big data, how to ensure data compliance, avoid leakage of sensitive information, measure or bill transaction data, and audit data has become an urgent problem to be solved.
发明内容Contents of the invention
本发明的目的是提供一种数据网关装置和一种包括该数据网关装置的大数据系统,其可以解决现有技术中存在的上述至少一个问题。The object of the present invention is to provide a data gateway device and a big data system including the data gateway device, which can solve at least one of the above-mentioned problems in the prior art.
为实现本发明的目的,根据本发明的一方面,提供了一种数据网关装置,其包括:In order to achieve the purpose of the present invention, according to one aspect of the present invention, a data gateway device is provided, which includes:
用户管理模块,其用于管理用户信息;User management module, which is used to manage user information;
服务管理模块,其用于管理向用户开放的数据服务的信息;A service management module, which is used to manage the information of data services open to users;
规则管理模块,其用于针对不同用户和不同的数据服务设置不同合规检查规则;A rule management module, which is used to set different compliance check rules for different users and different data services;
取数管理模块,其用于接收用户发出的服务的取数请求,向数据中心发出相应的取数请求,并接受数据中心返回的源数据;以及A data access management module, which is used to receive the data access request sent by the user, send a corresponding data access request to the data center, and accept the source data returned by the data center; and
数据脱敏处理模块,其用于根据规则管理模块设置的规则,对数据中心返回的源数据进行合规检查,从而生成服务数据,所述服务数据为满足合规检查的数据,其中The data desensitization processing module is used to perform a compliance check on the source data returned by the data center according to the rules set by the rule management module, so as to generate service data, and the service data is data satisfying the compliance check, wherein
所述取数管理模块还用于将数据脱敏处理模块生成的服务数据提供给用户。The data access management module is also used to provide the service data generated by the data desensitization processing module to the user.
可选地,所述规则管理模块还可以用于针对不同用户和不同的数据服务设置不同的数据过滤脱敏规则,并且所述数据脱敏处理模块可以用于对数据中心返回的源数据进行过滤脱敏,然后再对过滤脱敏的数据进行合规检查。Optionally, the rule management module can also be used to set different data filtering desensitization rules for different users and different data services, and the data desensitization processing module can be used to filter the source data returned by the data center Desensitization, and then perform a compliance check on the filtered and desensitized data.
可选地,所述取数模块还可以用于对输出的服务数据进行计量和计费。Optionally, the data fetching module can also be used to measure and charge the output service data.
可选地,所述规则管理模块还可以用于设置用户的服务数据的输出行数,当满足合规检查的数据的总行数大于所述设置的服务数据的输出行数时,所述数据脱敏处理模块还可以用于根据所述规则管理模块设置的服务数据的输出行数,对满足合规检查的数据,从首行开始,顺序截取一定行数的数据,来生成所述服务数据,其中所述行数=服务数据的输出行数。Optionally, the rule management module can also be used to set the number of output lines of the user's service data, and when the total number of lines of data satisfying the compliance check is greater than the set number of output lines of service data, the data The sensitive processing module can also be used to generate the service data by sequentially intercepting a certain number of rows of data from the first row of the data satisfying the compliance check according to the number of output rows of the service data set by the rule management module, The number of rows=the number of output rows of service data.
可选地,所述取数管理模块还可以用于针对用户的取数请求生成取数任务,并提供取数任务的查看功能。Optionally, the data retrieval management module can also be used to generate a data retrieval task according to the user's data retrieval request, and provide a viewing function of the data retrieval task.
可选地,所述用户管理模块还可以用于对不同类型的用户的权限进行配置,所述权限包括功能菜单访问权限。Optionally, the user management module can also be used to configure permissions of different types of users, and the permissions include function menu access permissions.
所述合规检查规则可以包括:数据字典匹配、数值范围检查和字段长度检查。The compliance checking rules may include: data dictionary matching, numerical range checking and field length checking.
所述数据过滤脱敏规则可以包括:服务输出字段筛选、字段的条件过滤和字段内容处理。The data filtering desensitization rules may include: service output field filtering, field condition filtering and field content processing.
可选地,所述数据网关装置还可以包括存储单元,其用于缓存数据中心返回的源数据和数据脱敏处理模块生成的服务数据,其中所述取数管理模块配置为:首先判断所述存储单元中是否存在客户所请求的数据,如果所请求的数据已缓存在存储单元中,则将缓存在存储单元中的所请求的数据作为服务数据提供给客户,否则向数据中心发出相应的取数请求。Optionally, the data gateway device may further include a storage unit, which is used to cache the source data returned by the data center and the service data generated by the data desensitization processing module, wherein the data retrieval management module is configured to: first determine the Whether there is the data requested by the customer in the storage unit, if the requested data has been cached in the storage unit, then the requested data cached in the storage unit will be provided to the customer as service data, otherwise, a corresponding request will be sent to the data center number of requests.
可选地,所述数据网关装置还可以包括安全审计模块,其用于记录操作日志和取数日志,并将操作日志和取数日志存档。Optionally, the data gateway device may also include a security audit module, which is used to record the operation log and the access log, and archive the operation log and the access log.
可选地,所述数据网关装置还可以包括工单管理模块,其用于处理系统工单任务,所述工单任务包括工单创建和工单查看。Optionally, the data gateway device may further include a work order management module, which is used to process system work order tasks, and the work order tasks include work order creation and work order viewing.
可选地,所述数据网关装置还可以包括系统管理模块,其用于配置系统的基础数据,所述基础数据包括数据周期和定时器,所述数据周期为数据中心返回的源数据和所述数据脱敏处理模块生成的服务数据在数据网关装置中的缓存周期。Optionally, the data gateway device may also include a system management module, which is used to configure the basic data of the system, the basic data includes a data cycle and a timer, and the data cycle is the source data returned by the data center and the The service data generated by the data desensitization processing module is cached in the data gateway device.
根据本发明的另一方面,还提供了一种客户端可访问的大数据系统,其包括数据中心和数据网关装置,所述数据网关装置通过接口与所述数据中心连接,其中所述数据网关装置为上述任意一种数据网关装置,并且所述数据网关装置配置为能够通过接口与客户端连接。According to another aspect of the present invention, there is also provided a client-accessible big data system, which includes a data center and a data gateway device, the data gateway device is connected to the data center through an interface, wherein the data gateway The device is any one of the data gateway devices described above, and the data gateway device is configured to be able to connect with the client through an interface.
所述数据网关装置与所述数据中心可以通过数据服务信息同步更新接口、取数申请接口、服务数据生成通知接口和服务数据同步接口来实现数据连接,其中,The data gateway device and the data center can realize data connection through a data service information synchronous update interface, a data access application interface, a service data generation notification interface, and a service data synchronization interface, wherein,
通过所述服务信息同步更新接口,所述数据网关装置的服务管理模块中的数据服务的信息与所述数据中心开放的数据服务保持一致;Through the service information synchronous update interface, the information of the data service in the service management module of the data gateway device is consistent with the data service opened by the data center;
通过所述取数申请接口,所述数据网关装置的取数管理模块向所述数据中心发出服务的取数请求,并且,当所述服务为实时服务时,所述数据中心通过所述取数申请接口向所述数据网关装置的取数管理模块返回源数据,当所述服务为周期服务且所述服务的帐期为历史帐期时,所述数据中心通过所述取数申请接口向所述数据网关装置的取数管理模块返回所请求源数据的存储信息,当所述服务为周期服务且所述服务的帐期为未来帐期时,所述数据中心通过所述取数申请接口向所述网关装置的取数管理模块返回帐期未到消息;Through the data access application interface, the data access management module of the data gateway device sends a service data access request to the data center, and when the service is a real-time service, the data center uses the data access The application interface returns the source data to the data access management module of the data gateway device. When the service is a periodic service and the account period of the service is a historical account period, the data center sends the data to the data access management module through the access application interface. The access management module of the data gateway device returns the storage information of the requested source data. When the service is a periodic service and the account period of the service is a future account period, the data center sends The number retrieval management module of the gateway device returns a message that the account period has not yet arrived;
通过所述服务数据生成通知接口,所述数据中心通知所述数据网关装置的取数管理模块所请求源数据准备就绪并返回所请求源数据的存储信息;以及Through the service data generation notification interface, the data center notifies the access management module of the data gateway device that the requested source data is ready and returns the storage information of the requested source data; and
通过所述服务数据同步接口,所述数据网关装置的取数管理模块根据所请求源数据的存储信息获取数据。所述数据服务信息同步更新接口、取数申请接口、服务数据生成通知接口可以通过WebService接口实现;所述服务数据同步接口可以通过FTP接口实现。Through the service data synchronization interface, the data access management module of the data gateway device acquires data according to the storage information of the requested source data. The data service information synchronous update interface, data access application interface, and service data generation notification interface can be realized through the WebService interface; the service data synchronization interface can be realized through the FTP interface.
数据网关装置还配置为可以通过取数申请接口和服务数据推送接口来与客户端数据连接,其中,The data gateway device is also configured to be able to connect with the client data through the access application interface and the service data push interface, wherein,
通过取数申请接口,数据网关装置的取数管理模块接受客户端发出的服务的取数请求,并且数据网关装置的取数管理模块向用户提供所请求的服务数据;Through the access application interface, the access management module of the data gateway device accepts the access request of the service sent by the client, and the access management module of the data gateway device provides the requested service data to the user;
通过服务数据推送接口,数据网关装置的取数管理模块将所请求的服务数据推送到指定位置。Through the service data push interface, the data access management module of the data gateway device pushes the requested service data to a specified location.
所述取数申请接口可以通过WebService接口实现;所述服务数据推送接口可以通过FTP接口实现。The data access application interface can be realized through the WebService interface; the service data push interface can be realized through the FTP interface.
本发明提供的数据网关装置和大数据系统中,针对不同用户和不同的数据类型,利用不同的合规检查规则对数据中心提供的源数据进行审核,保证了提供给用户的服务数据的规范性;对于定义的数据中的敏感信息,根据设置的规则进行过滤脱敏,保障交易输出的数据(即,服务数据)中无敏感内容;对于合规的脱敏后的输出数据,按照不同用户、交易输出的数据量大小和数据价值属性进行计量和计费;此外,数据输出或者交易过程中,对数据输出对象(即,交易用户)、输出数据的时间以及输出数据的格式等进行永久性存档,以便于未来的运营合规性审计。In the data gateway device and the big data system provided by the present invention, for different users and different data types, different compliance inspection rules are used to review the source data provided by the data center, ensuring the standardization of service data provided to users ;For the sensitive information in the defined data, filter and desensitize according to the set rules to ensure that there is no sensitive content in the transaction output data (ie, service data); for the compliant desensitized output data, according to different users, The data volume and data value attributes of the transaction output are measured and billed; in addition, during the data output or transaction process, the data output object (that is, the transaction user), the time of the output data, and the format of the output data are permanently archived. , to facilitate future operational compliance audits.
附图说明Description of drawings
图1为本发明一个实施例提供的数据网关装置的示意图;FIG. 1 is a schematic diagram of a data gateway device provided by an embodiment of the present invention;
图2为本发明另一个实施例提供的数据网关装置的示意图;FIG. 2 is a schematic diagram of a data gateway device provided by another embodiment of the present invention;
图3为本发明实施例提供的数据网关装置的工作流程图;以及Fig. 3 is a working flow diagram of the data gateway device provided by the embodiment of the present invention; and
图4为本发明实施例提供的大数据系统的示意图。FIG. 4 is a schematic diagram of a big data system provided by an embodiment of the present invention.
具体实施方式detailed description
为使本领域技术人员更好地理解本发明的技术方案,下面结合附图和具体实施方式对本发明作进一步详细描述。In order to enable those skilled in the art to better understand the technical solutions of the present invention, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.
本发明一个实施例提供了一种用于保障大数据安全运营的数据网关装置。如图1所示,该数据网关装置可以包括用户管理模块、服务管理模块、规则管理模块、取数管理模块和数据脱敏处理模块。用户管理模块用于管理用户信息。服务管理模块用于管理向用户开放的数据服务的信息;规则管理模块用于针对不同用户和不同的数据服务设置不同合规检查规则;取数管理模块用于接收用户发出的服务的取数请求,向数据中心发出相应的取数请求,并接受数据中心返回的源数据;数据脱敏处理模块用于根据规则管理模块设置的规则,对数据中心返回的源数据进行合规检查,从而生成服务数据,所述服务数据为满足合规检查的数据;其中,所述取数管理模块还用于将数据脱敏处理模块生成的服务数据提供给用户。An embodiment of the present invention provides a data gateway device for ensuring safe operation of big data. As shown in FIG. 1 , the data gateway device may include a user management module, a service management module, a rule management module, a data access management module and a data desensitization processing module. The user management module is used to manage user information. The service management module is used to manage the information of data services open to users; the rule management module is used to set different compliance inspection rules for different users and different data services; the access management module is used to receive service access requests issued by users , send the corresponding access request to the data center, and accept the source data returned by the data center; the data desensitization processing module is used to check the compliance of the source data returned by the data center according to the rules set by the rule management module, so as to generate the service data, the service data is data that meets compliance checks; wherein, the access management module is also used to provide the service data generated by the data desensitization processing module to users.
根据本发明的其他实施例,本发明提供的用于保障大数据安全运营的数据网关装置还可以包括安全审计模块、规则管理模块、工单管理模块和/或系统管理模块。例如,图2示出了本发明另一个实施例提供的数据网关装置的示意图。According to other embodiments of the present invention, the data gateway device for ensuring safe operation of big data provided by the present invention may further include a security audit module, a rule management module, a work order management module and/or a system management module. For example, FIG. 2 shows a schematic diagram of a data gateway device provided by another embodiment of the present invention.
以下,将参照图1和图2对数据网关装置的各功能模块进行详细说明。Hereinafter, each functional module of the data gateway device will be described in detail with reference to FIG. 1 and FIG. 2 .
用户管理模块User Management Module
用户管理模块用于管理用户信息,并可以对不同类型的用户的功能菜单访问权限进行配置,从而可支持多种类型的用户管理,实现多租户管理。The user management module is used to manage user information, and can configure the function menu access rights of different types of users, so as to support multiple types of user management and realize multi-tenant management.
用户可包括数据用户和机构用户。数据用户是数据服务的需求用户或第三方系统/应用,并且每个数据用户必须关联一个机构,数据用户可以申请获取数据服务,并获得合规的服务数据。机构用户作为数据用户的责任人,企业或组织机构的责任人,一个机构下只有一个机构用户,但可以拥有多个数据用户。可以理解,机构用户和数据用户均可以自行申请,通过对机构用户和数据用户的申请及修改进行审核,可以更好地追踪和记录服务数据的流向。Users can include data users and institutional users. Data users are data service demand users or third-party systems/applications, and each data user must be associated with an organization. Data users can apply for data services and obtain compliant service data. Institutional users are responsible persons of data users, enterprises or organizations. There is only one institutional user under an institution, but it can have multiple data users. It can be understood that both institutional users and data users can apply by themselves. By reviewing the applications and modifications of institutional users and data users, the flow of service data can be better tracked and recorded.
用户还可以包括后台业务管理人员,例如,可以包括数据安全管理员和审核人员。数据安全管理员配置数据过滤、脱敏及合规检查规则。审核人员审核用户的注册/修改/注销、分配用户的密级、数据服务查看权限、取数权限、取数优先级权限以及审核数据过滤、脱敏及合规检查规则等。Users may also include background business management personnel, for example, data security administrators and auditors. The data security administrator configures data filtering, desensitization, and compliance checking rules. Auditors review user registration/modification/logout, assign user confidentiality levels, data service viewing permissions, access permissions, access priority permissions, and review data filtering, desensitization, and compliance inspection rules, etc.
用户还可以包括后台系统管理人员用户,例如,可以包括:运维人员和系统管理员。运维人员运营和维护系统。系统管理员具有系统的全部权限。可以理解,系统管理人员可以新建审核人员、数据安全管理员和运维人员。The users may also include background system administrator users, for example, may include: operation and maintenance personnel and system administrators. Operators operate and maintain the system. The system administrator has full authority of the system. It can be understood that system administrators can create auditors, data security administrators, and operation and maintenance personnel.
用户管理模块还可以针对不同类型的用户,如数据用户、机构用户、数据安全管理员、审核人员、运维人员和系统管理员,配置用户的功能菜单访问权限。一般而言,不同的用户具有不同级别的功能菜单访问权限。The user management module can also configure user function menu access rights for different types of users, such as data users, institutional users, data security administrators, auditors, operation and maintenance personnel, and system administrators. In general, different users have different levels of access to function menus.
服务管理模块Service Management Module
服务管理模块用于管理向用户开放的数据服务的信息,例如,创建新的数据服务、修改和删除已开放的数据服务等管理操作。数据管理模块中的数据服务信息与数据运营者向用户开放的数据服务保持一致。The service management module is used to manage the information of data services open to users, for example, management operations such as creating new data services, modifying and deleting open data services. The data service information in the data management module is consistent with the data services that data operators open to users.
数据服务信息可包括:服务基本信息,其可以包括服务编码、服务名称、服务类型(实时服务或周期服务)、服务周期(年、季、月、周或日;对于周期服务)、周期数据就绪日期(对于周期服务)、服务输出集编码、服务输出集名称等;服务输出字段信息,其包括服务输出集编码、字段编码、字段名称、字段数据类型、字段描述等;以及服务计费信息,例如,每单元字段或每行的价格等。Data service information may include: service basic information, which may include service code, service name, service type (real-time service or periodic service), service cycle (year, quarter, month, week or day; for periodic service), periodic data ready Date (for periodic services), service output set code, service output set name, etc.; service output field information, including service output set code, field code, field name, field data type, field description, etc.; and service billing information, For example, price per unit field or per row etc.
取数管理模块Data access management module
取数管理模块用于接收用户的取数请求,向数据中心发出相应的取数请求,并接受数据中心返回的源数据。本发明中,数据中心返回的源数据包括:针对实时服务,数据中心返回的源数据,以及针对周期服务,取数管理模块根据数据中心返回的源数据的存储信息获取的源数据。在数据脱敏处理模块(后述)对数据中心返回的源数据进行处理,产生服务数据(即,合规的数据)之后,取数管理模块将服务数据提供给用户。The access management module is used to receive the user's access request, send a corresponding access request to the data center, and accept the source data returned by the data center. In the present invention, the source data returned by the data center includes: for real-time services, the source data returned by the data center, and for periodical services, the data access management module obtains the source data according to the storage information of the source data returned by the data center. After the data desensitization processing module (described later) processes the source data returned by the data center to generate service data (ie, compliant data), the access management module provides the service data to the user.
取数管理模块还可以用于针对用户的取数请求生成取数任务。取数任务的创建方式有四种,一是针对实时服务,由用户手工发起实时取数任务;二是针对周期服务,由用户首次手工发起取数任务;三是针对周期服务,在用户首次手工发起取数任务之后,由取数管理模块周期性自动生成取数任务;四是数据安全管理员修改合规检查规则并立即生效后重新生成取数任务。The data retrieval management module can also be used to generate data retrieval tasks according to user data retrieval requests. There are four ways to create data retrieval tasks. One is for real-time services, where the user manually initiates a real-time retrieval task; second, for periodic services, the user manually initiates the data retrieval task for the first time; After the data access task is initiated, the data access management module automatically generates the data access task periodically; fourth, the data security administrator modifies the compliance inspection rules and regenerates the data access task after it takes effect immediately.
取数管理模块还可以提供服务取数任务的查看功能。服务取数任务可以采取列表方式显示。The access management module can also provide a viewing function for service access tasks. Service retrieval tasks can be displayed in a list.
服务取数任务列表所含的信息可以包括:数据用户名称、服务编码、服务名称、服务类型、服务周期、任务账期、数据就绪状态、任务状态、任务开始时间、任务结束时间。The information contained in the service retrieval task list may include: data user name, service code, service name, service type, service period, task account period, data ready status, task status, task start time, and task end time.
其中,服务类型包括周期或实时。Wherein, the service type includes periodic or real-time.
任务账期只有在服务类型为周期的情况下,该字段才有值,如果任务是通过手工发起的实时取数任务,则该字段显示实时。根据账期类型,显示格式可以为:年-yyyy、月-yyyymm、季度-yyyy*Q、周-yyyy**、日-yyyy***。Task accounting period This field has a value only when the service type is Periodic. If the task is a real-time fetching task initiated manually, this field displays real-time. According to the account type, the display format can be: year-yyyy, month-yyyymm, quarter-yyyy*Q, week-yyyy**, day-yyyy***.
任务状态可以包括有效和失效。任务创建后,任务状态默认为有效,在数据安全管理员修改规则(包括数据过滤脱敏规则和合规检查规则)并选择立即生效后,将终止当前所有相关的未完成的取数任务,重新创建取数任务,执行新的安全规则,已终止的取数任务的任务状态被设置为失效。Task status can include valid and invalid. After the task is created, the task status is valid by default. After the data security administrator modifies the rules (including data filtering and desensitization rules and compliance inspection rules) and chooses to take effect immediately, all current related unfinished data retrieval tasks will be terminated and restarted. Create a data retrieval task, implement new security rules, and set the task status of the terminated data retrieval task to invalid.
数据就绪状态的值可以为准备取数、开始取数、取数完成、脱敏中、合规检查中、数据就绪、非法服务终止、服务已送达或服务送达失败、重试中,各项的说明如下:The value of the data readiness status can be ready to fetch, start fetching, fetch complete, desensitization, compliance check, data ready, illegal service termination, service delivered or service delivery failed, retrying, each Item descriptions are as follows:
服务任务列表还可以支持查询功能,例如根据数据用户名称、服务编码、服务名称、开始时间、结束时间进行的查询。The service task list can also support query functions, such as query based on data user name, service code, service name, start time, and end time.
服务取数任务列表还可以针对管理人员提供检查结果查看、服务源数据和服务数据的抽样等功能操作。The service access task list can also provide managers with functional operations such as inspection result viewing, service source data and service data sampling.
检查结果查看提供本次取数任务的服务源数据的数据脱敏及检查结果,包括本次取数任务的数据用户登录名、数据用户姓名、所属机构用户登录名、所属机构用户姓名、服务编码、服务名称、服务类型、服务周期、任务帐期、任务开始时间、服务源数据是否合规、合规检查总行数、数据脱敏/合规检查规则。如果服务源数据检查结果为不合规,则将以列表方式显示所有被检查出来的不合规数据,列表展示信息包括:不合规数据行的序号、在服务源数据中的行号,不合规数据所在行的所有数据,以红色字体标注不合规数据,以鼠标触发方式弹出该数据应当遵从的合规检查规则,并提供合规检查结果的导出功能,支持以txt、excel文件格式导出。Inspection Results View the data desensitization and inspection results of the service source data provided for this data retrieval task, including the data user login name, data user name, affiliated institution user login name, affiliated institution user name, and service code for this data retrieval task , service name, service type, service period, task account period, task start time, service source data compliance, total number of compliance check lines, data desensitization/compliance check rules. If the inspection result of the service source data is non-compliant, all the non-compliant data detected will be displayed in a list. The list display information includes: the sequence number of the non-compliant data row, the row number in the service source data, and For all the data in the row where the compliant data is located, the non-compliant data will be marked in red fonts, and the compliance inspection rules that the data should comply with will pop up in a mouse-triggered manner, and the export function of the compliance inspection results is provided, and it supports txt and excel file formats export.
服务源数据和服务数据的抽样,支持连续指定行数据内容的抽样(指定从XXX行至XXX行),连续行数最大数为100,结束行号必须小于等于源数据/服务数据的总行数。The sampling of service source data and service data supports the sampling of continuously specified row data content (designated from XXX row to XXX row), the maximum number of consecutive rows is 100, and the end row number must be less than or equal to the total number of rows of source data/service data.
如需要对用户获取的服务数据进行统计,取数管理模块还可以对输出至该用户的服务数据进行计量和计费。对于输出的服务数据,按照不同的用户,根据数据量大小和数据价值属性进行计量和计费。在服务取数任务列表展示信息增加服务数据量和收费金额。例如,可以按照以下公式来计算数据量和该数据服务的收费金额:If it is necessary to make statistics on the service data obtained by the user, the data access management module can also measure and charge the service data output to the user. For the output service data, according to different users, metering and billing are carried out according to the data volume and data value attributes. Display information in the service access task list to increase the service data volume and charging amount. For example, the amount of data and the charging amount of the data service can be calculated according to the following formula:
数据量=字段数×行数;Data volume = number of fields × number of rows;
数据服务收费金额=每单元字段/行的定价×数据量×用户定级标准系数。Data service charging amount = pricing per unit field/row x data volume x user grading standard coefficient.
这里,可以在用户管理模块中预先确定用户的用户定级标准系数。Here, the user rating standard coefficient of the user may be predetermined in the user management module.
一般而言,数据用户只能查看已授权的数据服务的信息,并提出取数请求。Generally speaking, data users can only view the information of authorized data services and make access requests.
可以理解,数据网关装置还可以包括存储单元,其用于缓存数据中心返回的源数据和数据脱敏处理模块生成的服务数据。此时,取数管理模块配置为首先确认存储单元中是否存在客户所请求的数据,如果所请求的数据已缓存在存储单元中,则将缓存在存储单元中的所请求的数据作为服务数据提供给用户,否则向数据中心发出相应的取数请求。It can be understood that the data gateway device may further include a storage unit for caching the source data returned by the data center and the service data generated by the data masking processing module. At this point, the access management module is configured to first confirm whether the data requested by the customer exists in the storage unit, and if the requested data has been cached in the storage unit, then provide the requested data cached in the storage unit as service data To the user, otherwise send a corresponding access request to the data center.
需要说明的是,存储单元可以作为独立的单元存在,也可以作为取数管理模块的一部分,本发明对此不进行限定,只要数据中心返回的源数据或取数管理模块获取的源数据可以被数据脱敏模块读取,并且数据脱敏模块生成的服务数据可以被取数管理模块读取即可。It should be noted that the storage unit can exist as an independent unit or as a part of the access management module, which is not limited in the present invention, as long as the source data returned by the data center or the source data obtained by the access management module can be The data masking module can read it, and the service data generated by the data masking module can be read by the access management module.
规则管理模块Rule Management Module
规则管理模块用于对各机构用户和/或数据用户的权限进行独立配置,针对不同的用户和不同的数据服务生成不同的查看权限、取数申请授权、取数优先级权限、数据过滤脱敏规则和合规检查规则,从而可实现不同数据用户间的资源隔离。通过规则管理模块,可以提供安全规则统一管理功能,可以理解,任何规则配置只能由数据安全管理员操作。数据服务的查看权限,指机构用户和/或数据用户能否在数据服务列表中看到该服务及其详细信息。不同的用户所看到的服务列表可以各不相同。The rule management module is used to independently configure the permissions of institutional users and/or data users, and generate different viewing permissions, data access application authorization, data access priority permissions, and data filtering and desensitization for different users and different data services Rules and compliance check rules, so that resource isolation between different data users can be realized. Through the rule management module, a unified management function of security rules can be provided. It can be understood that any rule configuration can only be operated by the data security administrator. The viewing permission of data services refers to whether institutional users and/or data users can see the service and its detailed information in the data service list. Different users may see different service lists.
数据服务的取数申请授权,指数据用户能否获取该服务的数据。数据用户可以在取数管理模块针对有查看权限的服务,提交取数申请,经过审核、配置取数申请授权后,能通过取数管理模块发起取数请求。Data access application authorization for data services refers to whether data users can obtain the data of the service. Data users can submit data access applications in the data access management module for services with viewing authority. After review and configuration of data access application authorization, data access requests can be initiated through the data access management module.
数据服务的取数优先级权限,指多个数据用户同时发起取数请求时,取数管理模块创建取数任务的排序优先级规则。The access priority authority of the data service refers to the sorting priority rules for the access tasks created by the access management module when multiple data users initiate access requests at the same time.
由于不同机构用户或数据用户的密级要求一般不同,因此,为了尽量避免多个数据用户通过共享获取的服务数据并进行重组而获得敏感信息,优选地,针对不同用户和不同数据服务,制定不同的数据过滤脱敏规则和合规检查规则。数据过滤脱敏规则和合规检查规则可以随机设置或预先设置,只要能尽量使得属于同一个机构用户下的数据用户很难通过获取的服务数据恢复出敏感信息即可。Since different institutional users or data users generally have different confidentiality requirements, in order to prevent multiple data users from obtaining sensitive information by sharing and reorganizing the obtained service data, it is preferable to formulate different secrets for different users and different data services. Data filtering desensitization rules and compliance check rules. Data filtering and desensitization rules and compliance inspection rules can be set randomly or in advance, as long as it can make it difficult for data users belonging to the same organizational user to recover sensitive information through acquired service data.
合规检查规则可以包括:数据字典匹配、数值范围检查和字段长度检查。合规检查规则可以通过excel文件格式导入。Compliance checking rules can include: data dictionary matching, numeric range checking, and field length checking. Compliance check rules can be imported in excel file format.
过滤脱敏规则可以包括:服务输出字段筛选、字段的条件过滤和字段内容处理。字段的条件过滤可以包括:根据字段的字典进行过滤,以及针对数值类型的字段,根据数值比较表达式进行过滤。字段内容处理可以包括:对特殊字符进行替换的处理,以及对连续位数进行截取替换的处理。以下,将对这些过滤脱敏规则进行详细说明。Filtering and desensitization rules may include: service output field filtering, field conditional filtering, and field content processing. The conditional filtering of fields may include: filtering according to a dictionary of fields, and for fields of numerical type, filtering according to numerical comparison expressions. Field content processing may include: processing of replacing special characters, and processing of intercepting and replacing continuous digits. Hereinafter, these filtering desensitization rules will be described in detail.
(1)服务输出字段筛选(1) Service output field screening
服务输出字段筛选即为数据表的列过滤。例如,某服务的源数据中包括9个输出字段,字段名称分别为省份、用户编码、姓名、出生日期、身份证号、手机号、套餐类型、机型、月均话费。根据《电信和互联网用户个人信息保护规定》,不允许输出用户姓名、出生日期、身份证件号码、住址、电话号码、账号和密码等字段。因此,针对数据用户的该服务请求,规则管理模块设置字段筛选规则,使得该服务只输出省份、用户编码、套餐类型、机型和月均话费5个字段,则服务源数据中的姓名、出生日期、身份证号和手机号这4个字段都将被过滤掉。The service output field filter is the column filter of the data table. For example, the source data of a service includes 9 output fields, and the field names are province, user code, name, date of birth, ID number, mobile phone number, package type, model, and average monthly call charge. According to the "Regulations on the Protection of Personal Information of Telecommunications and Internet Users", fields such as user name, date of birth, ID card number, address, phone number, account number, and password are not allowed to be output. Therefore, for the service request of the data user, the rule management module sets the field screening rules so that the service only outputs five fields: province, user code, package type, model, and average monthly call fee. The 4 fields of date, ID card number and mobile phone number will be filtered out.
(2)字段的条件过滤(2) Conditional filtering of fields
字段的条件过滤即为数据表的行过滤。如上所述,字段的条件过滤又可分为两种过滤。The conditional filtering of the field is the row filtering of the data table. As mentioned above, conditional filtering of fields can be divided into two types of filtering.
第一种是根据字段的字典进行的过滤。例如,上例服务中的输出字段“省份”对应的省份字典包括“北京”、“河北”、“天津”、“河南”、“山东”5个取值,规则管理模块可以针对数据用户设置该服务的输出字段“省份”的取值过滤条件为只包括“北京”,则对于该数据用户,服务源数据中的省份字段取值为“河北”、“天津”、“河南”、“山东”的数据行都被过滤掉。The first is filtering based on a dictionary of fields. For example, the province dictionary corresponding to the output field "province" in the above example service includes five values: "Beijing", "Hebei", "Tianjin", "Henan", and "Shandong". The rule management module can set this value for data users. If the value filtering condition of the output field "province" of the service is to include only "Beijing", then for this data user, the value of the province field in the service source data is "Hebei", "Tianjin", "Henan", "Shandong" data rows are filtered out.
第二种是针对数值类型的字段,根据数值比较表达式进行的过滤。例如,上例服务中的输出字段“月均话费”的数据类型是double,规则管理模块针对数据用户设置该服务的输出字段“月均话费”的取值过滤条件为:字段取值范围在50~100之间,则服务源数据中的月均话费字段的取值小于50或者大于100的数据行都被过滤掉。The second is for fields of numeric type, filtering based on numeric comparison expressions. For example, the data type of the output field "average monthly phone bill" in the above example service is double, and the rule management module sets the value filter condition of the output field "average monthly phone bill" of the service for the data user as follows: the value range of the field is within 50 ~100, the data rows whose value of the monthly average call fee field in the service source data is less than 50 or greater than 100 will be filtered out.
(3)字段内容处理(3) Field content processing
如上所示,字段内容处理包括两种处理。As shown above, field content processing includes two types of processing.
第一种是对特殊字符进行替换的处理。例如,上例服务中,规则管理模块针对数据用户设置对该服务的输出字段“用户编码”进行特殊字符替换,将特殊字符(123)替换处理成***,则服务源数据中的字段“用户编码”中的“123”都将被替换为“***”。比如,服务源数据中的“用户编码”为“1235678”,经过替换处理后显示为“***5678”。The first is to replace special characters. For example, in the service example above, the rule management module replaces special characters in the output field "user code" of the service according to the data user settings, and replaces the special character (123) with ***, then the field in the service source data " "123" in User Code" will be replaced with "***". For example, if the "user code" in the service source data is "1235678", it will be displayed as "***5678" after replacement.
第二种是对连续位数的字符进行截取替换的处理。截取替换包括:将前端N位字符替换成指定字符,将中间连续N位字符替换成指定字符,或将后端从第几位开始的字符替换成指定字符。The second is to intercept and replace characters with consecutive digits. Intercepting and replacing includes: replacing the front-end N-digit characters with specified characters, replacing the middle consecutive N-digit characters with specified characters, or replacing the characters starting from the number at the back-end with specified characters.
当要求将“用户编码”中的前4位换成6666时,如果服务源数据中的“用户编码”为“1235678”,则经过替换处理后显示为:6666678;When it is required to replace the first 4 digits in the "User Code" with 6666, if the "User Code" in the service source data is "1235678", it will be displayed as: 6666678 after replacement;
当要求将“用户编码”中的第2至5位换成6666时,如果服务源数据中的“用户编码”为“1235678”,则经过替换处理后显示为:1666678;When it is required to replace the 2nd to 5th digits in the "User Code" with 6666, if the "User Code" in the service source data is "1235678", it will be displayed as: 1666678 after replacement;
当要求将“用户编码”中从第4位之后的字符换成6666时,如果服务源数据中的“用户编码”为“1235678”,则经过替换处理后显示为:1236666。When it is required to replace the characters after the 4th digit in the "User Code" with 6666, if the "User Code" in the service source data is "1235678", it will be displayed as: 1236666 after replacement.
需要说明的是,规则管理模块中必须设置数据的合规检查规则,从而确保提供给用户的服务数据的合规性。在数据中心已经配置有过滤脱敏功能的情况下,数据网关装置无需配置数据的过滤脱敏规则。It should be noted that data compliance checking rules must be set in the rule management module, so as to ensure the compliance of service data provided to users. In the case where the data center has been configured with a filtering and desensitization function, the data gateway device does not need to configure data filtering and desensitization rules.
数据脱敏模块Data desensitization module
数据脱敏处理模块用于根据规则管理模块的配置,对数据中心返回的源数据进行过滤脱敏处理,并对过滤脱敏后的数据进行合规检查,如果该数据合规,则该合规的数据作为服务数据通过取数管理模块提供给用户,否则,停止输出该数据。The data desensitization processing module is used to filter and desensitize the source data returned by the data center according to the configuration of the rule management module, and to check the compliance of the filtered and desensitized data. If the data is compliant, the compliance The data is provided to the user through the access management module as service data, otherwise, stop outputting the data.
如果规则管理模块还针对不同的用户和不同的数据服务设置服务数据的输出行数的情况下,当满足合规检查的数据的总行数大于所述设置的服务数据的输出行数时,数据脱敏处理模块将根据规则管理模块设置的用户的服务数据的输出行数,对满足合规检查的数据,从首行开始顺序截取一定行数的数据,生成所述服务数据,其中行数=服务数据的输出行数。If the rule management module also sets the number of output rows of service data for different users and different data services, when the total number of rows of data that meets the compliance check is greater than the number of output rows of service data set, the data will be removed. The sensitive processing module will intercept the data of a certain number of lines sequentially from the first line to generate the service data according to the output line number of the user's service data set by the rule management module, and the number of lines=service The number of output rows of data.
可以理解,在规则管理模块无需配置数据过滤脱敏规则的情情况下(即,数据中心已经配置有过滤脱敏功能的情况下),脱敏脱敏模块直接对数据中心返回的源数据或取数申请接口获取的源数据进行合规检查。It can be understood that in the case where the rule management module does not need to configure data filtering and desensitization rules (that is, when the data center has been configured with a filtering and desensitization function), the desensitization and desensitization module directly returns the source data or retrieved data from the data center. The source data obtained through the data application interface is checked for compliance.
安全审计模块Security Audit Module
安全审计模块用于记录操作日志、取数日志,并将操作日志、取数日志进行存档。The security audit module is used to record operation logs and access logs, and archive the operation logs and access logs.
操作日志是指装置运行中所有用户的操作信息,包括:操作用户账号、被操作用户账号、操作类型、操作功能、操作内容(如:查询自己待办任务列表,数据量:25条)、操作时间等。The operation log refers to the operation information of all users during the operation of the device, including: operating user account, operated user account, operation type, operation function, operation content (such as: query your own to-do task list, data volume: 25 items), operation time etc.
取数日志是指装置运行中所有用户的服务数据的获取操作信息,包括:获取数据的时间、数据量、服务基本信息、服务输出字段信息(即,服务数据的字段信息)、执行的服务数据脱敏/合规检查规则等。服务数据的获取操作包括两种情况,一是管理人员主动下载或抽样下载服务源数据和服务数据,二是数据网关装置将服务数据成功返回给数据用户。The access log refers to the acquisition operation information of all users' service data during the operation of the device, including: the time of acquiring data, data volume, basic service information, service output field information (that is, field information of service data), and executed service data Desensitization/compliance check rules, etc. The acquisition operation of service data includes two situations. One is that the management personnel actively download or sample download the service source data and service data, and the other is that the data gateway device successfully returns the service data to the data user.
安全审计模块能周期性地对操作日志、取数日志进行审计,并支持针对机构用户或数据用户获取的服务数据的字段级审计,从而可以更准确地追踪敏感字段的数据流向,使得大数据运营更好地满足运营合规性审计。The security audit module can periodically audit operation logs and access logs, and supports field-level auditing of service data obtained by institutional users or data users, so that the data flow of sensitive fields can be tracked more accurately, making big data operations Better meet operational compliance audits.
工单管理模块Work order management module
工单管理模块用于处理数据网关装置的工单任务,工单任务包括工单创建和工单查看。对于需要审批流转的任务,数据网关装置可以自动创建工单。针对不同业务,在业务流转节点设置工单任务触发条件。系统管理人员可以配置处理各工单任务的用户类型,当工单任务被触发时,自动生成待办工单给该类用户。例如,对于新用户注册业务,可将注册信息的提交设置为触发条件,并将处理该新用户注册工单的用户类型设置为审核人员。用户在提交注册信息后将触发新用户注册工单,并自动生成一个待办工单给在岗的审核人员处理。The work order management module is used to process work order tasks of the data gateway device, and the work order tasks include work order creation and work order viewing. For tasks that require approval and transfer, the data gateway device can automatically create a work order. For different businesses, set work order task trigger conditions at the business flow node. System administrators can configure the user types that handle each work order task, and when the work order task is triggered, a to-do work order is automatically generated for this type of user. For example, for the new user registration business, the submission of registration information can be set as the trigger condition, and the user type that handles the new user registration work order can be set as the reviewer. After the user submits the registration information, the new user registration work order will be triggered, and a pending work order will be automatically generated for the on-the-job review personnel to process.
此外,可以通过工单管理模块查看工单,管理人员可以查看待办/已办/撤回的工单。In addition, work orders can be viewed through the work order management module, and managers can view pending/completed/withdrawn work orders.
待办工单的查看向处理用户提供工单查询以及处理功能。用户可以根据待办类型、待办标题、待办内容进行模糊查询。系统将根据待办生成时间进行降序排序展示,用户直接点击处理进入相应的工单处理页面。工单处理后,会自动流转到已办工单。The viewing of pending work orders provides work order query and processing functions to processing users. Users can perform fuzzy queries based on to-do type, to-do title, and to-do content. The system will sort and display in descending order according to the generation time of the to-do, and the user can directly click Process to enter the corresponding work order processing page. After the work order is processed, it will automatically flow to the completed work order.
已办工单的查看将会展示已处理工单历史处理信息,包括:上一步工单处理人、处理时间、处理意见、处理时间等信息。The view of the completed work order will display the historical processing information of the processed work order, including: the previous work order processor, processing time, processing opinion, processing time and other information.
撤回工单的查看将会展示已撤回工单的详细信息,包括工单撤回原因。通过工单管理模块,数据网关系统能够实现对各类用户的用户信息和权限的审核流程的运转。The view of the withdrawn ticket will display the details of the withdrawn ticket, including the reason for withdrawing the ticket. Through the work order management module, the data gateway system can realize the operation of the review process of user information and permissions of various users.
系统管理模块System Management Module
系统管理模块用于配置系统的基础数据,该基础数据可以包括数据周期和定时器。The system management module is used to configure the basic data of the system, which may include data periods and timers.
数据周期为服务源数据和服务数据在数据网关装置中的缓存周期,该数据周期可以预先设置或由运维人员指定或修改。The data cycle is the cache cycle of the service source data and service data in the data gateway device, and the data cycle can be preset or specified or modified by the operation and maintenance personnel.
数据的缓存周期的类型可以是年、季、月、周或日,周期单位为天,即在该周期后对该数据进行清理。The type of data caching cycle can be year, quarter, month, week or day, and the cycle unit is day, that is, the data will be cleared after this cycle.
系统管理模块每天扫描检查数据是否过期,针对过期的数据,生成过期数据清理待办工单,通知运维人员,经运维人员审批通过后自动执行过期数据的清理。The system management module scans and checks whether the data is expired every day. For the expired data, it generates an expired data cleaning to-do work order, notifies the operation and maintenance personnel, and automatically performs the cleaning of expired data after the operation and maintenance personnel approve it.
定时器可以包括:周期服务的任务自动创建监控定时器、服务源数据扫描时间间隔、数据脱敏/规范性检查时间间隔、FTP推送失败后重新推送的时间间隔、FTP推送重发失败次数等。Timers can include: automatic task creation monitoring timers for periodic services, service source data scanning intervals, data desensitization/regularity inspection intervals, re-push intervals after FTP push failures, and the number of FTP push resend failures.
图3为本发明实施例提供的用于保障大数据安全运营的数据网关装置的工作流程图。如图3所示,该工作流程具体包括以下步骤。Fig. 3 is a working flowchart of a data gateway device for ensuring safe operation of big data provided by an embodiment of the present invention. As shown in Figure 3, the workflow specifically includes the following steps.
步骤1:用户通过数据网关装置的用户管理模块进行用户注册。Step 1: The user registers through the user management module of the data gateway device.
步骤2:数据网关装置的服务管理模块从数据中心同步各种数据服务的信息。Step 2: The service management module of the data gateway device synchronizes information of various data services from the data center.
步骤3:数据网关装置的规则管理模块对用户进行数据服务查询权限的授权。Step 3: The rule management module of the data gateway device authorizes the data service query authority to the user.
步骤4:用户通过网关装置的取数管理模块提交服务的取数申请。Step 4: The user submits a service access application through the access management module of the gateway device.
步骤5:数据网关装置的规则管理模块对用户进行数据服务取数权限的配置。Step 5: The rule management module of the data gateway device configures data service access rights for users.
规则管理模块可以针对用户进行服务的取数申请授权、服务数据取数的优先级授权、服务的数据过滤脱敏规则、服务数据的合规检查规则和服务数据的输出行数等。同一服务面向不同用户独立配置其数据过滤脱敏规则、合规检查规则、服务数据的输出行数。The rule management module can apply for authorization of service access, priority authorization of service data access, service data filtering and desensitization rules, service data compliance inspection rules, and the number of output rows of service data for users. The same service independently configures its data filtering desensitization rules, compliance inspection rules, and the number of output rows of service data for different users.
步骤6:数据网关装置的取数管理向数据中心提交用户授权服务的取数申请。Step 6: The data access management of the data gateway device submits a data access application for the user authorization service to the data center.
步骤7:数据中心生成服务源数据。特别地,如果用户提交的是实时服务取数申请,则数据中心生成实时服务源数据。如果用户提交的是周期服务的取数申请,则数据中心将根据周期服务的生成周期,生成周期服务源数据。Step 7: The data center generates service source data. In particular, if the user submits an application for accessing real-time service data, the data center generates real-time service source data. If the user submits a data access application for periodic services, the data center will generate periodic service source data according to the generation cycle of periodic services.
步骤8:数据中心将服务源数据(实时服务源数据或者周期服务源数据存储信息)返回给数据网关装置。Step 8: The data center returns the service source data (real-time service source data or periodic service source data storage information) to the data gateway device.
步骤9:数据网关装置的数据脱敏处理模块根据规则管理模块中设置的针对该用户的数据过滤脱敏规则,对服务源数据进行数据过滤脱敏。具体的数据过滤脱敏可参照前述,此处不再赘述。Step 9: The data desensitization processing module of the data gateway device performs data filtering and desensitization on the service source data according to the data filtering and desensitization rules for the user set in the rule management module. Specific data filtering and desensitization can refer to the above, and will not be repeated here.
步骤10:数据网关装置的数据脱敏处理模块根据规则管理模块中针对该用户设置的合规检查规则,对经过数据过滤脱敏后的服务源数据进行数据合规检查,如果存在不合规数据,则中断本次服务数据取数流程。Step 10: The data desensitization processing module of the data gateway device performs a data compliance check on the service source data after data filtering and desensitization according to the compliance check rules set for the user in the rule management module. If there is any non-compliant data , the service data retrieval process will be interrupted.
如前所述,合规检查可以包括数据字典匹配、数值范围检查和字段长度检查。As mentioned earlier, compliance checks can include data dictionary matches, numeric range checks, and field length checks.
步骤11:数据网关装置的数据脱敏处理模块根据规则管理模块中针对该用户设置的服务数据的输出行数,对满足数据合规检查规则的、过滤脱敏后的服务源数据,从首行开始,顺序截取规定行数的数据,生成服务数据。Step 11: The data desensitization processing module of the data gateway device, according to the number of output rows of service data set for the user in the rule management module, for the filtered and desensitized service source data that meets the data compliance inspection rules, start from the first row At the beginning, the data of the specified number of rows is sequentially intercepted to generate service data.
步骤12:数据网关装置的取数管理模块将服务数据返回给用户,并进行计量、计费。Step 12: The data access management module of the data gateway device returns the service data to the user, and performs metering and charging.
需要说明的是,实时服务的服务数据可以通过WebService接口返回给用户。周期服务的服务数据可以采用数据文件方式通过FTP接口推送到用户的FTP服务器。It should be noted that the service data of the real-time service can be returned to the user through the WebService interface. The service data of the periodic service can be pushed to the user's FTP server through the FTP interface in the form of data files.
步骤13:数据网关装置的安全审计模块定期对操作日志、取数日志进行审计。Step 13: The security audit module of the data gateway device regularly audits the operation log and data access log.
根据本发明的另一方面,还提供了一种客户端可访问的大数据通信系统,如图4所示,其包括数据中心和数据网关装置,该数据网关装置通过接口与数据中心数据连接,并且该数据网关装置配置为可通过接口与客户端数据通信。客户端(代表数据服务需求者)发出的数据服务请求通过数据网关装置发送至数据中心,数据中心返回的服务源数据通过数据网关装置进行过敏脱敏处理和合规性检查,然后将脱敏后的满足合规性检查的服务数据提供给客户端,防止了关键和敏感数据的泄漏,满足了合规性。此外,本发明提供的数据网关装置还可以对发送给客户端的服务数据进行计量或者计费,并对这些服务数据进行审计。该数据网关装置为上述的数据网关装置,因此,不再对其进行赘述。According to another aspect of the present invention, there is also provided a client-accessible big data communication system, as shown in Figure 4, which includes a data center and a data gateway device, the data gateway device is connected to the data center through an interface, And the data gateway device is configured to communicate data with the client through the interface. The data service request sent by the client (representing the data service demander) is sent to the data center through the data gateway device, and the service source data returned by the data center is subjected to allergy desensitization processing and compliance inspection through the data gateway device, and then the desensitized The service data that meets the compliance check is provided to the client, which prevents the leakage of key and sensitive data and meets the compliance. In addition, the data gateway device provided by the present invention can also measure or charge the service data sent to the client, and audit the service data. The data gateway device is the above-mentioned data gateway device, therefore, it will not be described again.
根据大数据系统中的数据的流向,运营商的数据中心构成数据内网区,本发明提供的数据网关装置构成审核区,其可保障数据服务开放运营的安全性,请求数据服务的客户端构成外网合作区,客户端可发出各种数据服务请求,如图4所示。According to the flow direction of data in the big data system, the data center of the operator constitutes a data intranet area, and the data gateway device provided by the present invention constitutes an audit area, which can guarantee the security of data service open operation, and the client requesting data service constitutes In the extranet cooperation zone, clients can send various data service requests, as shown in Figure 4.
数据网关装置(审核区)与数据中心(数据内网区)之间可以通过接口进行连接。在一个示例中,数据网关装置与数据中心通过数据服务信息同步更新接口、取数申请接口、服务数据生成通知接口和服务数据同步接口来实现数据连接。The data gateway device (audit area) and the data center (data intranet area) can be connected through interfaces. In one example, the data gateway device and the data center implement data connection through a data service information synchronization update interface, a data access application interface, a service data generation notification interface, and a service data synchronization interface.
数据服务信息同步更新接口可以通过WebService接口来实现。当数据中心开放的数据服务信息发生变化(例如,新建数据服务或修改数据服务)时,数据中心通过WebService接口主动将数据服务信息推送给数据网关装置。通过该数据服务信息同步更新接口,数据网关装置的服务管理模块中的信息与所述数据中心开放的数据服务保持一致The data service information synchronous update interface can be implemented through the WebService interface. When the data service information opened by the data center changes (for example, creating a new data service or modifying a data service), the data center actively pushes the data service information to the data gateway device through the WebService interface. Through the data service information synchronous update interface, the information in the service management module of the data gateway device is consistent with the data service opened by the data center
取数申请接口也可以通过WebService接口实现方式。在收到来自客户端的服务数据提取申请后,数据网关装置检查本地服务缓存表是否存在所请求的数据,如果不存在则向数据中心发起该服务的数据提取请求。如果该服务的服务类型是实时服务,则数据中心实时生成源数据返回给数据网关装置;如果该服务的服务类型是周期服务,且所请求的服务账期是历史账期,则数据中心将该服务源数据的存储信息(包括例如文件服务器的FTP地址、访问端口、登录用户名、密码、源数据文件存储路径、源数据文件名等)返回给数据网关装置;如果该服务的服务类型是周期服务,且所请求的服务账期是未来账期,则数据中心将返回一个账期未到的消息给数据网关装置,在满足账期条件并且源数据生成后再通过服务数据生成通知接口通知数据网关装置。The access application interface can also be implemented through the WebService interface. After receiving the service data extraction application from the client, the data gateway device checks whether the requested data exists in the local service cache table, and if not, initiates a data extraction request for the service to the data center. If the service type of the service is real-time service, the data center will generate source data in real time and return it to the data gateway device; if the service type of the service is periodic service, and the requested service account period is a historical account period, the data center will The storage information of the service source data (including, for example, the FTP address of the file server, access port, login user name, password, source data file storage path, source data file name, etc.) is returned to the data gateway device; if the service type of the service is periodic service, and the requested service account period is a future account period, the data center will return a message that the account period has not yet arrived to the data gateway device, and then notify the data through the service data generation notification interface after the account period conditions are met and the source data is generated gateway device.
服务数据生成通知接口也可以通过WebService接口实现。如前述,当数据网关装置向数据中心发起某个周期服务的取数申请后,由于所请求的服务账期是未来账期,数据中心在满足账期条件并且源数据生成后再通过该接口通知数据网关装置数据就绪,并将该服务源数据的存储信息(包括例如文件服务器的FTP地址、访问端口、登录用户名、密码、源数据文件存储路径、源数据文件名)提供给数据网关装置。The service data generation notification interface can also be implemented through the WebService interface. As mentioned above, when the data gateway device initiates a data access application for a certain periodic service to the data center, since the requested service account period is a future account period, the data center will notify through this interface after the account period conditions are met and the source data is generated. The data gateway device is ready for data, and provides the storage information of the service source data (including, for example, FTP address of the file server, access port, login user name, password, source data file storage path, source data file name) to the data gateway device.
服务数据同步接口可以通过FTP接口来实现,数据网关装置根据服务源数据的存储信息,通过FTP方式获取服务源数据。The service data synchronization interface can be realized through the FTP interface, and the data gateway device obtains the service source data through FTP according to the storage information of the service source data.
数据网关装置(审核区)与客户端(外网合作区)可以通过接口连接。在一个示例中,数据网关装置与客户端通过取数申请接口和服务数据推送接口来实现数据连接。The data gateway device (audit area) and the client (external network cooperation area) can be connected through the interface. In an example, the data gateway device and the client implement a data connection through a data access application interface and a service data push interface.
取数申请接口可以通过WebService接口来实现。客户端通过WebService接口向数据网关装置提交服务数据提取申请。如果该服务的服务类型是实时服务,则数据网关装置在对源数据进行脱敏处理、合规检查等审核处理后,将服务数据返回给客户端。The access application interface can be realized through the WebService interface. The client submits a service data extraction application to the data gateway device through the WebService interface. If the service type of the service is a real-time service, the data gateway device returns the service data to the client after desensitizing the source data, checking compliance, and other review processes.
服务数据推送接口可以通过FTP接口来实现。在数据网关装置对周期服务的源数据进行脱敏处理和合规性检查等审核处理后,通过服务数据推送接口将服务数据采用数据文件方式推送到数据服务需求者指定的FTP。数据服务需求者可以在注册时指定FTP,即,指定用于接收服务数据的推送FTP连接相关信息,其可以包括:FTP地址、访问端口、登录用户名、密码、文件存储路径等。The service data push interface can be realized through the FTP interface. After the data gateway device desensitizes the source data of periodic services and checks for compliance, the service data is pushed to the FTP specified by the data service demander through the service data push interface in the form of data files. The data service demander can specify FTP when registering, that is, specify the push FTP connection related information for receiving service data, which can include: FTP address, access port, login user name, password, file storage path, etc.
可以理解,虽然上述以WebService接口和FTP接口为例对本发明进行了说明,但本发明并不限于此,任何可以实现实时数据交换和周期数据读写的接口都可以用于本发明。It can be understood that although the WebService interface and the FTP interface are used as examples to illustrate the present invention, the present invention is not limited thereto. Any interface that can realize real-time data exchange and periodic data reading and writing can be used in the present invention.
可以理解的是,以上实施方式仅仅是为了说明本发明的原理而采用的示例性实施方式,然而本发明并不局限于此。对于本领域内的普通技术人员而言,在不脱离本发明的精神和实质的情况下,可以做出各种变型和改进,这些变型和改进也视为本发明的保护范围。It can be understood that, the above embodiments are only exemplary embodiments adopted for illustrating the principle of the present invention, but the present invention is not limited thereto. For those skilled in the art, various modifications and improvements can be made without departing from the spirit and essence of the present invention, and these modifications and improvements are also regarded as the protection scope of the present invention.
Claims (13)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510881918.6A CN105515963A (en) | 2015-12-03 | 2015-12-03 | Data gateway device and big data system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510881918.6A CN105515963A (en) | 2015-12-03 | 2015-12-03 | Data gateway device and big data system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105515963A true CN105515963A (en) | 2016-04-20 |
Family
ID=55723621
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510881918.6A Pending CN105515963A (en) | 2015-12-03 | 2015-12-03 | Data gateway device and big data system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105515963A (en) |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016188325A1 (en) * | 2015-11-27 | 2016-12-01 | 中兴通讯股份有限公司 | Data charging method and apparatus |
| CN106371975A (en) * | 2016-08-31 | 2017-02-01 | 国信优易数据有限公司 | Automatic operation and maintenance early-warning method and system |
| CN106529329A (en) * | 2016-10-11 | 2017-03-22 | 中国电子科技网络信息安全有限公司 | Desensitization system and desensitization method used for big data |
| CN107194660A (en) * | 2017-04-27 | 2017-09-22 | 合肥视尔信息科技有限公司 | A kind of with no paper measures and procedures for the examination and approval immediately of vital document |
| CN107194661A (en) * | 2017-04-27 | 2017-09-22 | 合肥视尔信息科技有限公司 | A kind of with no paper document approvals system based on information network |
| CN108009435A (en) * | 2017-12-18 | 2018-05-08 | 网智天元科技集团股份有限公司 | Data desensitization method, device and storage medium |
| CN108154047A (en) * | 2017-12-25 | 2018-06-12 | 网智天元科技集团股份有限公司 | A kind of data desensitization method and device |
| CN108156195A (en) * | 2016-12-02 | 2018-06-12 | 航天星图科技(北京)有限公司 | A kind of business datum inspection method and system |
| CN108984625A (en) * | 2018-06-19 | 2018-12-11 | 平安科技(深圳)有限公司 | Information filtering method, device, computer equipment and storage medium |
| CN109417576A (en) * | 2016-07-26 | 2019-03-01 | 思科技术公司 | For providing the system and method for closing the transmission that rule require for cloud application |
| CN109583987A (en) * | 2018-10-09 | 2019-04-05 | 阿里巴巴集团控股有限公司 | A kind of processing method of data, device and equipment |
| CN109634836A (en) * | 2018-10-23 | 2019-04-16 | 平安科技(深圳)有限公司 | Test data packaging method, device, equipment and storage medium |
| CN109697368A (en) * | 2017-10-20 | 2019-04-30 | 北京比邻共赢信息技术有限公司 | Method, equipment and system that user information data safety uses, storage medium |
| WO2019114766A1 (en) * | 2017-12-14 | 2019-06-20 | 中兴通讯股份有限公司 | Data desensitising method, server, terminal, and computer-readable storage medium |
| CN110096625A (en) * | 2019-05-14 | 2019-08-06 | 中国联合网络通信集团有限公司 | Data close rule inspection method and device |
| CN110197083A (en) * | 2019-06-05 | 2019-09-03 | 深圳市优网科技有限公司 | Sensitive data desensitization system and processing method |
| CN110457330A (en) * | 2019-08-21 | 2019-11-15 | 北京远舢智能科技有限公司 | A kind of time series data management platform |
| CN111143880A (en) * | 2019-12-27 | 2020-05-12 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
| CN111506905A (en) * | 2019-01-31 | 2020-08-07 | 百度在线网络技术(北京)有限公司 | Data processing method, device, server and storage medium |
| CN112181957A (en) * | 2020-09-08 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | A method, device and electronic device for supervision and processing of archive data |
| CN112732489A (en) * | 2021-01-11 | 2021-04-30 | 上海上讯信息技术股份有限公司 | Data desensitization method and device based on database virtualization |
| CN114285616A (en) * | 2021-12-16 | 2022-04-05 | 上海商汤科技开发有限公司 | Data transmission method and device, electronic equipment and storage medium |
| CN116318956A (en) * | 2023-03-07 | 2023-06-23 | 芜湖雄狮汽车科技有限公司 | Data processing device and method based on shadow computing |
| CN116628461A (en) * | 2023-06-07 | 2023-08-22 | 支付宝(杭州)信息技术有限公司 | A data compliance processing method, device and equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7398311B2 (en) * | 2000-07-10 | 2008-07-08 | Oracle International Corporation | Selective cache flushing in identity and access management systems |
| CN101986599A (en) * | 2010-12-09 | 2011-03-16 | 北京交通大学 | Network security control method based on cloud service and cloud security gateway |
| US20120259877A1 (en) * | 2011-04-07 | 2012-10-11 | Infosys Technologies Limited | Methods and systems for runtime data anonymization |
| US20140047551A1 (en) * | 2012-08-10 | 2014-02-13 | Sekhar Nagasundaram | Privacy firewall |
| US20140164405A1 (en) * | 2012-12-12 | 2014-06-12 | Institute For Information Industry | Dynamic data masking method and database system |
| US20140337614A1 (en) * | 2013-05-07 | 2014-11-13 | Imperva, Inc. | Selective modification of encrypted application layer data in a transparent security gateway |
| CN104699777A (en) * | 2015-03-10 | 2015-06-10 | 中国联合网络通信集团有限公司 | Association method and system of management plane and service plane of big data analysis and mining |
| CN105119956A (en) * | 2015-07-09 | 2015-12-02 | 传成文化传媒(上海)有限公司 | Network application system and disposition method |
-
2015
- 2015-12-03 CN CN201510881918.6A patent/CN105515963A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7398311B2 (en) * | 2000-07-10 | 2008-07-08 | Oracle International Corporation | Selective cache flushing in identity and access management systems |
| CN101986599A (en) * | 2010-12-09 | 2011-03-16 | 北京交通大学 | Network security control method based on cloud service and cloud security gateway |
| US20120259877A1 (en) * | 2011-04-07 | 2012-10-11 | Infosys Technologies Limited | Methods and systems for runtime data anonymization |
| US20140047551A1 (en) * | 2012-08-10 | 2014-02-13 | Sekhar Nagasundaram | Privacy firewall |
| US20140164405A1 (en) * | 2012-12-12 | 2014-06-12 | Institute For Information Industry | Dynamic data masking method and database system |
| US20140337614A1 (en) * | 2013-05-07 | 2014-11-13 | Imperva, Inc. | Selective modification of encrypted application layer data in a transparent security gateway |
| CN104699777A (en) * | 2015-03-10 | 2015-06-10 | 中国联合网络通信集团有限公司 | Association method and system of management plane and service plane of big data analysis and mining |
| CN105119956A (en) * | 2015-07-09 | 2015-12-02 | 传成文化传媒(上海)有限公司 | Network application system and disposition method |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106817228A (en) * | 2015-11-27 | 2017-06-09 | 中兴通讯股份有限公司 | Data charging method and device |
| WO2016188325A1 (en) * | 2015-11-27 | 2016-12-01 | 中兴通讯股份有限公司 | Data charging method and apparatus |
| CN109417576A (en) * | 2016-07-26 | 2019-03-01 | 思科技术公司 | For providing the system and method for closing the transmission that rule require for cloud application |
| CN106371975A (en) * | 2016-08-31 | 2017-02-01 | 国信优易数据有限公司 | Automatic operation and maintenance early-warning method and system |
| CN106371975B (en) * | 2016-08-31 | 2019-03-01 | 国信优易数据有限公司 | A method and system for automatic early warning of operation and maintenance |
| CN106529329A (en) * | 2016-10-11 | 2017-03-22 | 中国电子科技网络信息安全有限公司 | Desensitization system and desensitization method used for big data |
| CN108156195B (en) * | 2016-12-02 | 2021-08-20 | 中科星图股份有限公司 | Service data checking method and system |
| CN108156195A (en) * | 2016-12-02 | 2018-06-12 | 航天星图科技(北京)有限公司 | A kind of business datum inspection method and system |
| CN107194660A (en) * | 2017-04-27 | 2017-09-22 | 合肥视尔信息科技有限公司 | A kind of with no paper measures and procedures for the examination and approval immediately of vital document |
| CN107194661A (en) * | 2017-04-27 | 2017-09-22 | 合肥视尔信息科技有限公司 | A kind of with no paper document approvals system based on information network |
| CN109697368A (en) * | 2017-10-20 | 2019-04-30 | 北京比邻共赢信息技术有限公司 | Method, equipment and system that user information data safety uses, storage medium |
| CN109697368B (en) * | 2017-10-20 | 2021-02-02 | 北京比邻共赢信息技术有限公司 | Method, device and system for safe use of user information data and storage medium |
| CN109960944A (en) * | 2017-12-14 | 2019-07-02 | 中兴通讯股份有限公司 | A data desensitization method, server, terminal and computer-readable storage medium |
| WO2019114766A1 (en) * | 2017-12-14 | 2019-06-20 | 中兴通讯股份有限公司 | Data desensitising method, server, terminal, and computer-readable storage medium |
| CN108009435A (en) * | 2017-12-18 | 2018-05-08 | 网智天元科技集团股份有限公司 | Data desensitization method, device and storage medium |
| CN108154047A (en) * | 2017-12-25 | 2018-06-12 | 网智天元科技集团股份有限公司 | A kind of data desensitization method and device |
| CN108984625A (en) * | 2018-06-19 | 2018-12-11 | 平安科技(深圳)有限公司 | Information filtering method, device, computer equipment and storage medium |
| CN109583987A (en) * | 2018-10-09 | 2019-04-05 | 阿里巴巴集团控股有限公司 | A kind of processing method of data, device and equipment |
| CN109634836A (en) * | 2018-10-23 | 2019-04-16 | 平安科技(深圳)有限公司 | Test data packaging method, device, equipment and storage medium |
| CN111506905A (en) * | 2019-01-31 | 2020-08-07 | 百度在线网络技术(北京)有限公司 | Data processing method, device, server and storage medium |
| CN110096625A (en) * | 2019-05-14 | 2019-08-06 | 中国联合网络通信集团有限公司 | Data close rule inspection method and device |
| CN110197083A (en) * | 2019-06-05 | 2019-09-03 | 深圳市优网科技有限公司 | Sensitive data desensitization system and processing method |
| CN110457330A (en) * | 2019-08-21 | 2019-11-15 | 北京远舢智能科技有限公司 | A kind of time series data management platform |
| CN110457330B (en) * | 2019-08-21 | 2022-09-13 | 北京远舢智能科技有限公司 | Time sequence data management platform |
| CN111143880A (en) * | 2019-12-27 | 2020-05-12 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
| CN111143880B (en) * | 2019-12-27 | 2022-06-07 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
| CN112181957A (en) * | 2020-09-08 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | A method, device and electronic device for supervision and processing of archive data |
| CN112181957B (en) * | 2020-09-08 | 2024-04-12 | 支付宝(杭州)信息技术有限公司 | File data supervision processing method and device and electronic equipment |
| CN112732489A (en) * | 2021-01-11 | 2021-04-30 | 上海上讯信息技术股份有限公司 | Data desensitization method and device based on database virtualization |
| CN112732489B (en) * | 2021-01-11 | 2023-05-09 | 上海上讯信息技术股份有限公司 | Data desensitization method and device based on database virtualization |
| CN114285616A (en) * | 2021-12-16 | 2022-04-05 | 上海商汤科技开发有限公司 | Data transmission method and device, electronic equipment and storage medium |
| CN116318956A (en) * | 2023-03-07 | 2023-06-23 | 芜湖雄狮汽车科技有限公司 | Data processing device and method based on shadow computing |
| CN116318956B (en) * | 2023-03-07 | 2025-10-24 | 芜湖雄狮汽车科技有限公司 | Data processing device and method based on shadow computing |
| CN116628461A (en) * | 2023-06-07 | 2023-08-22 | 支付宝(杭州)信息技术有限公司 | A data compliance processing method, device and equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105515963A (en) | Data gateway device and big data system | |
| US10430740B2 (en) | Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods | |
| WO2019041804A1 (en) | Personalized checking method and apparatus for claim settlement orders, storage medium, and terminal | |
| WO2008137457A1 (en) | Monitoring and aggregating user activities in heterogeneous systems | |
| CN112492533B (en) | 5G rich media message pushing method and device based on block chain technology | |
| CN108805632A (en) | A kind of charging method and device | |
| CN109636558B (en) | Employee data processing method, device and system based on block chain | |
| US12413599B2 (en) | Systems, methods, apparatuses and computer program products for executing data verification operations between independent computing resources | |
| US20220318939A1 (en) | Legal document filing system | |
| US20130179315A1 (en) | Time and Attendance System and Method | |
| CN111178843A (en) | Supervision and early warning method and device for worker wage distribution | |
| US10776517B2 (en) | Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods | |
| US20130097221A1 (en) | Analyzing client data stores | |
| CN118864124A (en) | A method and electronic device for supervising the payment of wages to migrant workers | |
| RU2698412C2 (en) | System for protecting personal data of users in an information system based on depersonalization and migration to a secure environment | |
| CN112448972A (en) | Data exchange and sharing platform | |
| CN110991865A (en) | Intelligent threat analysis method for operation and maintenance auditing system | |
| KR101290580B1 (en) | Private information transfer management system and method thereof | |
| KR102686839B1 (en) | Public my data management system | |
| RU2773429C1 (en) | Automation system for the exchange of marking codes | |
| CN103325063A (en) | Test major test report inquiry and verification system | |
| KR20110035556A (en) | Financial information providing service system and service method using MOS | |
| WO2019023511A1 (en) | Data processing systems for generating and populating a data inventory | |
| CN119814485A (en) | Data processing method and device, non-volatile storage medium, and electronic device | |
| CN117891870A (en) | Multi-party data processing, management system and multi-party data processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160420 |
|
| RJ01 | Rejection of invention patent application after publication |