[go: up one dir, main page]

CN119577802A - Data protection method and related equipment - Google Patents

Data protection method and related equipment Download PDF

Info

Publication number
CN119577802A
CN119577802A CN202411662805.2A CN202411662805A CN119577802A CN 119577802 A CN119577802 A CN 119577802A CN 202411662805 A CN202411662805 A CN 202411662805A CN 119577802 A CN119577802 A CN 119577802A
Authority
CN
China
Prior art keywords
data
calling
security
storage
space
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411662805.2A
Other languages
Chinese (zh)
Inventor
王斯诺
李军
魏广朝
郭敬林
赵拴宝
王仑
刘伟
孙实杰
李媛
于少瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Information and Telecommunication Co Ltd
Beijing Guodiantong Network Technology Co Ltd
Original Assignee
State Grid Information and Telecommunication Co Ltd
Beijing Guodiantong Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Information and Telecommunication Co Ltd, Beijing Guodiantong Network Technology Co Ltd filed Critical State Grid Information and Telecommunication Co Ltd
Priority to CN202411662805.2A priority Critical patent/CN119577802A/en
Publication of CN119577802A publication Critical patent/CN119577802A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

本申请提供一种数据保护方法,根据安全规则对不同安全等级的数据进行分类,并且将相同安全等级的数据存储在对应的存储空间内,根据不同存储空间的调用规则对数据进行调用,从而使调用数据过程中对不同安全等级的数据进行分别处理,不仅能够提高安全等级较高的数据存储安全性,还能简化安全等级较低的数据提取所需流程。

The present application provides a data protection method, which classifies data of different security levels according to security rules, stores data of the same security level in corresponding storage spaces, and calls data according to calling rules of different storage spaces, so that data of different security levels can be processed separately during the data calling process, which can not only improve the storage security of data with a higher security level, but also simplify the process required for extracting data with a lower security level.

Description

Data protection method and related equipment
Technical Field
The application relates to the technical field of data security management, in particular to a data protection method.
Background
Data security management represents a security management protection technique established and adopted for data management to ensure that data is not destroyed, altered and revealed by accidental and malicious reasons, thereby ensuring the availability, integrity and confidentiality of network data. The purpose of establishing data security protection measures is to ensure that data transmitted and exchanged through a network cannot be increased, modified, lost, leaked and the like, the service data of the power terminal are related to the security operation of the power grid, once the data are tampered and leaked, the security and stability operation of the power grid are directly affected, and meanwhile, when the service data of the power terminal are called, all files corresponding to the file catalogue are automatically read, so that hidden danger exists in the security management of the data.
Disclosure of Invention
In view of the above, the present application is directed to a data protection method and related device.
Based on the above object, the application provides a data protection method, which comprises the steps of acquiring data and grouping the data based on a security standard. The same grouping of data is stored in corresponding storage spaces, wherein the storage spaces are isolated from each other. Setting a corresponding data calling rule according to the safety standard, and accessing a corresponding storage space based on the calling rule.
In some embodiments, the data is grouped based on security criteria, including in particular dividing the security level of the data according to the security criteria. And sorting the data according to the security level to obtain a first sorting list.
In some embodiments, storing the same grouping of data in the corresponding storage space specifically includes sequentially storing the data into the storage space according to a first ordered list, wherein the security level of the data stored in a single storage space is the same. And sorting the storage spaces according to the security level to obtain a second sorting list.
In some embodiments, setting the corresponding data call rule according to the security standard specifically includes setting the data call rule according to the second ordered list.
In some embodiments, accessing the corresponding memory space based on the invocation rules specifically includes validating an invocation request of the user device in response to the user device requesting invocation of data within the memory space. And responding to the calling request to meet the calling rule, and connecting the storage space where the data to be called are located with the cache space. And copying the data to be called, and storing the copied data into a cache space. And in response to the copied data is stored, disconnecting the storage space from the cache space, and connecting the cache space with the user equipment. And transmitting the data in the buffer space to the user equipment.
In some embodiments, after transmitting the data in the buffer space to the user equipment, disconnecting the buffer space from the user equipment and deleting the data stored in the buffer space.
In some embodiments, verifying the call request of the user equipment specifically comprises obtaining call authority information of the user equipment according to the call request. And acquiring a corresponding calling rule according to the calling authority information to call the data.
The application also provides a data protection device, which comprises a data grouping module, a data protection module and a data protection module, wherein the data grouping module is used for obtaining data and grouping the data based on a safety standard. And the data storage module is used for storing the data of the same group in the corresponding storage space, wherein the storage spaces are mutually isolated. And the data calling module is used for setting corresponding data calling rules according to the safety standards and accessing corresponding storage spaces based on the calling rules.
The application also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1 to when the program is executed by the processor.
The present application also provides a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to.
From the above, it can be seen that the data protection method provided by the application classifies the data with different security levels according to the security rules, stores the data with the same security level in the corresponding storage space, and calls the data according to the calling rules of different storage spaces, so that the data with different security levels are respectively processed in the process of calling the data, thereby not only improving the security of data storage with higher security level, but also simplifying the flow required by data extraction with lower security level.
Drawings
In order to more clearly illustrate the technical solutions of the present application or related art, the drawings that are required to be used in the description of the embodiments or related art will be briefly described below, and it is apparent that the drawings in the following description are only embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort to those of ordinary skill in the art.
FIG. 1 is a flowchart of a data protection method according to an embodiment of the present application;
fig. 2 is a flowchart of a data grouping method according to an embodiment of the present application;
FIG. 3 is a flowchart of a data storage method according to an embodiment of the present application;
FIG. 4 is a flowchart of a data extraction method according to another embodiment of the present application;
FIG. 5 is a flowchart of a user rights verification method according to another embodiment of the present application;
FIG. 6 is a schematic diagram of a data protection device according to another embodiment of the present application;
fig. 7 is a schematic diagram of a hardware structure of an electronic device according to the present application.
Detailed Description
The present application will be further described in detail below with reference to specific embodiments and with reference to the accompanying drawings, in order to make the objects, technical solutions and advantages of the present application more apparent.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present application should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present application belongs. The terms "first," "second," and the like, as used in embodiments of the present application, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
It will be appreciated that before using the technical solutions of the various embodiments in the disclosure, the user may be informed of the type of personal information involved, the range of use, the use scenario, etc. in an appropriate manner, and obtain the authorization of the user.
For example, in response to receiving an active request from a user, a prompt is sent to the user to explicitly prompt the user that the operation it is requesting to perform will require personal information to be obtained and used with the user. Therefore, the user can select whether to provide personal information to the software or hardware such as the electronic equipment, the application program, the server or the storage medium for executing the operation of the technical scheme according to the prompt information.
As an alternative but non-limiting implementation, in response to receiving an active request from a user, the manner in which the prompt information is sent to the user may be, for example, a popup, in which the prompt information may be presented in a text manner. In addition, a selection control for the user to select to provide personal information to the electronic device in a 'consent' or 'disagreement' manner can be carried in the popup window.
It will be appreciated that the above-described notification and user authorization process is merely illustrative, and not limiting of the implementations of the present disclosure, and that other ways of satisfying relevant legal regulations may be applied to the implementations of the present disclosure.
An embodiment of the present application provides a data protection method, as shown in fig. 1, including:
step S1, data are acquired, and the data are grouped based on safety standards.
In this embodiment, the security standard is used for classifying the data in a security level, where the source of the security standard is not limited, and may be reasonably selected according to the data usage scenario to be protected, for example, may be one of an enterprise internal standard, an industry standard, and a national recommendation standard. By grouping the data with different security levels, the more important data can be protected with higher level, excessive data protection resources are prevented from being wasted on the data with lower security level, and the pre-process for acquiring the data with lower security level is reduced.
Preferably, in order to realize unified operation on the security level classification standard, the security standard may be selected from recommended national standards "data security technology data classification rule" implemented by national network security standardization technical commission at 2024, 3 and 15 and 2024, 10 and 1 (standard number: GB/T43697-2024), so as to realize standardized classification on the data security level.
Step S2, storing the same group of data in a corresponding storage space, wherein the storage spaces are isolated from each other.
The data of different security level groups are stored in different storage spaces, so that the different storage spaces are mutually isolated, stricter encryption measures can be used when the data with higher security level are protected, a more convenient extraction mode can be provided for the data with lower security level, and storage resources are reasonably distributed. The types of the storage spaces isolated from each other are not limited, and can be reasonably selected according to practical application requirements, for example, the storage spaces can be one of different sectors of a hard disk, different hard disks and different storage servers, and the storage spaces can be reasonably configured according to the security requirements and the data sizes of different data.
And S3, setting a corresponding data calling rule according to the safety standard, and accessing a corresponding storage space based on the calling rule.
The data calling rule is set based on the security level of the data, the specific calling rule is not limited, reasonable selection can be performed according to actual application requirements, for example, for data with higher security level, multiple encryption processing can be set, multiple verification and other modes can be performed on a user calling the data, and for data with lower security level, the data can be obtained by direct reading or a mode which can be read through simple identity verification.
In some embodiments, as shown in fig. 2, step S1 specifically includes:
Step S11, dividing the security level of the data according to the security standard.
And step S12, sorting the data according to the security level to obtain a first sorting list.
In this embodiment, the security level of the data is divided, so that the data can obtain the security level tag before being stored in the storage space, and the data with the security level tag can be simultaneously stored in the storage space after the first ordering list is obtained by ordering the data with the security level tag.
In some embodiments, as shown in fig. 3, step S2 specifically includes:
And step S21, sequentially storing the data into the storage spaces according to the first ordered list, wherein the security levels of the data stored in the single storage space are the same.
In this embodiment, the data with the same security level is stored in a single storage space, so that the same calling rule for the single storage space is ensured, and the confirmation time of the security level is reduced. And by storing the data according to the first ordered list, the data with higher security level can be stored in the corresponding storage space preferentially, so that the increase of the data leakage risk caused by overlong waiting time in the storage process is avoided.
Step S22, sorting the storage spaces according to the security level to obtain a second sorting list.
The storage space is ordered according to the security level of the data stored in the storage space, and a second ordering list is obtained, so that the security level of the storage space can be determined according to the second ordering list, and the storage space with higher security level is arranged at the bottom layer, thereby reducing the risk of data leakage.
In some embodiments, setting the corresponding data call rule according to the security standard specifically includes:
step S31, setting a data calling rule according to the second sorting list.
In this embodiment, by setting a calling rule for the storage space, the storage space with a lower security level can be directly read, and the storage space with a higher security level needs to be verified to be read, so that the efficiency of calling the data with a lower security level is improved, and the risk of leakage of the data with a higher security level is reduced.
In some embodiments, as shown in fig. 4, accessing the corresponding storage space based on the calling rule specifically includes:
step S301, validating the call request of the user equipment in response to the user equipment requesting to call the data in the storage space.
Step S302, in response to the call request meeting the call rule, the storage space where the data to be called is located is connected with the cache space.
In this embodiment, by verifying whether the call of the user equipment is true, and sending the call request to the server according to the security level of the call request, the server controls the storage space to be connected with the cache space. The number of the buffer spaces is not limited, and the buffer spaces can be reasonably selected according to practical application requirements, for example, at least one buffer space can be respectively set for different security levels, and at least one buffer space can be set for each independent storage space.
The storage medium of the cache space is not limited, and may be reasonably selected according to practical application requirements, for example, a magnetic disk, a nonvolatile storage, a volatile storage, and the like.
The purpose of setting the buffer space is to isolate the path of the data storage space which can be directly accessed by the user, so that the user can only call the required data when the data is called, and the situation that the data is randomly crawled at the destination can not occur, in addition, if the called data is directly obtained according to the rule, that is to say, the call is carried out according to the rule in a targeted way, when the multi-user calls data, a larger operation load is easily caused, the hardware cost is increased, and through the cache space, only the back end of the cache space is needed to execute data call, and main data interaction work is added to the cache space, so that the hardware cost and algorithm pressure are greatly reduced.
Step S303, copying the data to be called, and storing the copied data into a cache space.
The data to be called is stored in the cache space after being copied, so that the data to be called is prevented from being damaged in the transmission process.
Step S304, in response to the copied data storage, the connection between the storage space and the cache space is disconnected, and the cache space is connected with the user equipment.
In step S305, the data in the buffer space is transmitted to the ue.
After the data to be called is copied, the storage space and the cache space are disconnected, so that the data can be prevented from being stolen in the transmission process, and the cache space and the user equipment are connected together, so that the user equipment can acquire the data to be called.
In some embodiments, after step S305, further comprising:
Step S306, disconnecting the buffer space from the user equipment, and deleting the data stored in the buffer space.
In this embodiment, after the data transmission to be invoked is completed, the connection between the buffer space and the user equipment is disconnected, so as to prevent the user equipment from continuously accessing the buffer space, and then the data stored in the buffer space is deleted, so as to prevent the user connected with the buffer space from bypassing the authorization to read the data extracted by other users.
As a preferred embodiment, after deleting the data stored in the buffer space, blank data may also be written into the buffer space, so as to achieve thorough erasure of the data in the buffer space.
As a preferred embodiment, volatile storage may be used as the buffer space, and after the connection between the buffer space and the user equipment is disconnected, the buffer space may be powered off to achieve thorough erasure of data.
As a preferred implementation manner, the buffer space can take the cloud space as a springboard, so that the cloud interaction capability of the data is increased, and the convenience and safety of data calling are further improved.
In some embodiments, as shown in fig. 5, step S301 specifically includes:
Step S311, obtaining the calling authority information of the user equipment according to the calling request.
Step S312, the corresponding calling rule is obtained according to the calling authority information to call the data.
In this embodiment, different permissions are set for different user devices, so that user devices with lower permissions are prevented from accessing a storage space with higher security level, and leakage of data with higher security level is prevented.
According to the embodiment of the application, the data with different security levels are classified according to the security rules, the data with the same security level is stored in the corresponding storage space, and the data is called according to the calling rules of the different storage spaces, so that the data with different security levels are respectively processed in the process of calling the data, the data storage security with higher security level can be improved, and the flow required by extracting the data with lower security level can be simplified.
It should be noted that, the method of the embodiment of the present application may be performed by a single device, for example, a computer or a server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the method of an embodiment of the present application, the devices interacting with each other to accomplish the method.
It should be noted that the foregoing describes some embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Based on the same inventive concept, the application also provides a data protection device corresponding to the method of any embodiment.
Referring to fig. 6, the data protection apparatus includes:
and the data grouping module is used for acquiring the data and grouping the data based on the security standard.
And the data storage module is used for storing the data of the same group in the corresponding storage space, wherein the storage spaces are mutually isolated.
And the data calling module is used for setting corresponding data calling rules according to the safety standards and accessing corresponding storage spaces based on the calling rules.
For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, the functions of each module may be implemented in the same piece or pieces of software and/or hardware when implementing the present application.
The device of the foregoing embodiment is configured to implement the corresponding data protection method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, the application also provides an electronic device corresponding to the method of any embodiment, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the data protection method of any embodiment when executing the program.
Fig. 7 shows a more specific hardware architecture of an electronic device provided by the present embodiment, which may include a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 implement communication connections therebetween within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit ), a microprocessor, an Application SPECIFIC INTEGRATED Circuit (ASIC), or one or more integrated circuits, etc. for executing related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory ), static storage, dynamic storage, etc. Memory 1020 may store an operating system and other application programs, and when the embodiments of the present specification are implemented in software or firmware, the associated program code is stored in memory 1020 and executed by processor 1010.
The input/output interface 1030 is used to connect with an input/output module for inputting and outputting information. The input/output module may be configured as a component in a device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
Communication interface 1040 is used to connect communication modules (not shown) to enable communication interactions of the present device with other devices. The communication module may implement communication through a wired manner (such as USB, network cable, etc.), or may implement communication through a wireless manner (such as mobile network, WIFI, bluetooth, etc.).
Bus 1050 includes a path for transferring information between components of the device (e.g., processor 1010, memory 1020, input/output interface 1030, and communication interface 1040).
It should be noted that although the above-described device only shows processor 1010, memory 1020, input/output interface 1030, communication interface 1040, and bus 1050, in an implementation, the device may include other components necessary to achieve proper operation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present description, and not all the components shown in the drawings.
The electronic device of the foregoing embodiment is configured to implement the corresponding data protection method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, the present application also provides a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the data protection method according to any of the above embodiments, corresponding to the method according to any of the above embodiments.
The computer readable media of the present embodiments, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
The storage medium of the foregoing embodiments stores computer instructions for causing the computer to perform the data protection method according to any one of the foregoing embodiments, and has the advantages of the corresponding method embodiments, which are not described herein.
It should be noted that the embodiments of the present application may be further described in the following manner:
A method of data protection, comprising:
Data is acquired and grouped based on security criteria.
The same grouping of data is stored in corresponding storage spaces, wherein the storage spaces are isolated from each other.
Setting a corresponding data calling rule according to the safety standard, and accessing a corresponding storage space based on the calling rule.
Optionally, the data is grouped based on a security standard, which specifically includes:
the security level of the data is divided according to the security standard.
And sorting the data according to the security level to obtain a first sorting list.
Optionally, the storing the same group of data in the corresponding storage space specifically includes:
And sequentially storing the data into the storage spaces according to the first ordered list, wherein the security levels of the data stored in the single storage space are the same.
And sorting the storage spaces according to the security level to obtain a second sorting list.
Optionally, setting a corresponding data calling rule according to a security standard specifically includes:
And setting a data calling rule according to the second ordered list.
Optionally, accessing the corresponding storage space based on the calling rule specifically includes:
and responding to the data in the call storage space requested by the user equipment, and verifying the call request of the user equipment.
And responding to the calling request to meet the calling rule, and connecting the storage space where the data to be called are located with the cache space.
And copying the data to be called, and storing the copied data into a cache space.
And in response to the copied data is stored, disconnecting the storage space from the cache space, and connecting the cache space with the user equipment.
And transmitting the data in the buffer space to the user equipment.
Alternatively, the method may comprise, among other things,
The method further comprises the following steps after transmitting the data in the buffer space to the user equipment:
and disconnecting the buffer space from the user equipment, and deleting the data stored in the buffer space.
Alternatively, the method may comprise, among other things,
Verifying a call request of user equipment, which specifically comprises the following steps:
and obtaining the calling authority information of the user equipment according to the calling request.
And acquiring a corresponding calling rule according to the calling authority information to call the data.
A data protection device, comprising:
a data grouping module 401, configured to obtain data, and group the data based on a security standard.
The data storage module 402 is configured to store the same group of data in a corresponding storage space, where the storage spaces are isolated from each other.
The data calling module 403 is configured to set a corresponding data calling rule according to the security standard, and access a corresponding storage space based on the calling rule.
An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a method as claimed in any one of the preceding claims when executing the program.
A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform any of the methods described above.
It will be appreciated by persons skilled in the art that the foregoing discussion of any embodiment is merely exemplary and is not intended to imply that the scope of the application (including the claims) is limited to these examples, that combinations of technical features in the foregoing embodiments or in different embodiments may be implemented in any order and that many other variations of the different aspects of the embodiments described above exist within the spirit of the application, which are not provided in detail for clarity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the embodiments of the present application. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the embodiments of the present application, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the present application are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalent substitutions, improvements, and the like, which are within the spirit and principles of the embodiments of the application, are intended to be included within the scope of the application.

Claims (10)

1.一种数据保护方法,包括:1. A data protection method, comprising: 获取数据,基于安全标准对所述数据进行分组;Acquiring data, and grouping the data based on security criteria; 将相同分组的所述数据存储在对应的存储空间中,其中,所述存储空间相互隔离;storing the data of the same group in corresponding storage spaces, wherein the storage spaces are isolated from each other; 根据所述安全标准设置对应的数据调用规则,基于所述调用规则访问对应的所述存储空间。A corresponding data calling rule is set according to the security standard, and the corresponding storage space is accessed based on the calling rule. 2.根据权利要求1所述的数据保护方法,其中,所述基于安全标准对所述数据进行分组,具体包括:2. The data protection method according to claim 1, wherein the grouping of the data based on the security standard specifically comprises: 根据所述安全标准,对所述数据的安全级别进行划分;According to the security standard, classify the security level of the data; 根据所述安全级别,对所述数据进行排序,获取第一排序列表。The data is sorted according to the security level to obtain a first sorted list. 3.根据权利要求2所述的数据保护方法,其中,所述将相同分组的所述数据存储在对应的存储空间中,具体包括:3. The data protection method according to claim 2, wherein storing the data of the same group in corresponding storage spaces specifically comprises: 根据所述第一排序列表将所述数据顺序存储至所述存储空间内,其中,单个所述存储空间内存储的所述数据安全等级相同;storing the data in the storage space in sequence according to the first sorting list, wherein the data stored in a single storage space have the same security level; 根据所述安全级别,对所述存储空间进行排序,获取第二排序列表。The storage space is sorted according to the security level to obtain a second sorted list. 4.根据权利要求3所述的数据保护方法,其中,所述根据所述安全标准设置对应的数据调用规则,具体包括:4. The data protection method according to claim 3, wherein the step of setting corresponding data call rules according to the security standard specifically comprises: 根据所述第二排序列表,设置所述数据调用规则。The data calling rule is set according to the second sorting list. 5.根据权利要求1所述的数据保护方法,其中,所述基于所述调用规则访问对应的所述存储空间,具体包括:5. The data protection method according to claim 1, wherein the accessing the corresponding storage space based on the calling rule specifically comprises: 响应于用户设备请求调用所述存储空间内的所述数据,对所述用户设备的调用请求进行验证;In response to a user device requesting to call the data in the storage space, verifying the calling request of the user device; 响应于所述调用请求满足所述调用规则,将需要调用的数据所在的所述存储空间与缓存空间进行连接;In response to the calling request satisfying the calling rule, connecting the storage space where the data to be called is located with the cache space; 对需要调用的所述数据进行复制,将复制后的所述数据存储至所述缓存空间;Copy the data to be called, and store the copied data in the cache space; 响应于复制后的所述数据存储完毕,断开所述存储空间与所述缓存空间的连接,并将所述缓存空间与所述用户设备连接;In response to the storage of the copied data being completed, disconnecting the storage space from the cache space, and connecting the cache space to the user equipment; 将所述缓存空间内的所述数据传输至所述用户设备。The data in the cache space is transmitted to the user equipment. 6.根据权利要求5所述的数据保护方法,其中,6. The data protection method according to claim 5, wherein: 在将所述缓存空间内的所述数据传输至所述用户设备之后还包括:After transmitting the data in the cache space to the user equipment, the method further includes: 断开所述缓存空间与所述用户设备的连接,删除所述缓存空间内存储的所述数据。The connection between the cache space and the user equipment is disconnected, and the data stored in the cache space is deleted. 7.根据权利要求5所述的数据保护方法,其中,7. The data protection method according to claim 5, wherein: 所述对所述用户设备的调用请求进行验证,具体包括:The verifying the calling request of the user equipment specifically includes: 根据所述调用请求得到所述用户设备的调用权限信息;Obtaining calling authority information of the user device according to the calling request; 根据所述调用权限信息获取对应的所述调用规则对所述数据进行调用。The corresponding calling rule is obtained according to the calling permission information to call the data. 8.一种数据保护装置,包括:8. A data protection device, comprising: 数据分组模块,用于获取数据,基于安全标准对所述数据进行分组;A data grouping module, used for acquiring data and grouping the data based on security criteria; 数据存储模块,用于将相同分组的所述数据存储在对应的存储空间中,其中,所述存储空间相互隔离;A data storage module, used for storing the data of the same group in corresponding storage spaces, wherein the storage spaces are isolated from each other; 数据调用模块,用于根据所述安全标准设置对应的数据调用规则,基于所述调用规则访问对应的所述存储空间。The data calling module is used to set corresponding data calling rules according to the security standard and access the corresponding storage space based on the calling rules. 9.一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如权利要求1至7任意一项所述的方法。9. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the method according to any one of claims 1 to 7 when executing the program. 10.一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使计算机执行权利要求1至7任一所述方法。10 . A non-transitory computer-readable storage medium storing computer instructions, wherein the computer instructions are used to cause a computer to execute the method according to claim 1 .
CN202411662805.2A 2024-11-20 2024-11-20 Data protection method and related equipment Pending CN119577802A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411662805.2A CN119577802A (en) 2024-11-20 2024-11-20 Data protection method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411662805.2A CN119577802A (en) 2024-11-20 2024-11-20 Data protection method and related equipment

Publications (1)

Publication Number Publication Date
CN119577802A true CN119577802A (en) 2025-03-07

Family

ID=94799402

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411662805.2A Pending CN119577802A (en) 2024-11-20 2024-11-20 Data protection method and related equipment

Country Status (1)

Country Link
CN (1) CN119577802A (en)

Similar Documents

Publication Publication Date Title
CN108810006B (en) Resource access method, device, equipment and storage medium
US10614233B2 (en) Managing access to documents with a file monitor
US20200304485A1 (en) Controlling Access to Resources on a Network
EP3029593B1 (en) System and method of limiting the operation of trusted applications in the presence of suspicious programs
KR101382222B1 (en) System and method for mobile data loss prevention which uses file system virtualization
CN106030528B (en) Agent data service
WO2015096695A1 (en) Installation control method, system and device for application program
CN105404819A (en) Data access control method and apparatus and terminal
CN108885672B (en) Access management method, information processing device, program, and recording medium
US12111893B2 (en) System and method for protecting software licensing information via a trusted platform module
CN110489994B (en) File authority management method and device for nuclear power station and terminal equipment
CN104937904A (en) Copy offload for disparate offload providers
CN113918999B (en) Method and device for establishing safe ferry channel, network disk and storage medium
US9026456B2 (en) Business-responsibility-centric identity management
CN104767761B (en) A kind of cloud storage platform access control method and device
CN110807205B (en) File security protection method and device
CN115277143A (en) Data secure transmission method, device, equipment and storage medium
CN102685122A (en) Software protection method based on cloud server
TW202022669A (en) Method, device and electronic equipment for preventing misuse of identity data
US9355232B2 (en) Methods for governing the disclosure of restricted data
CN114138590A (en) Operation and maintenance processing method, device and electronic device of Kubernetes cluster
US11386041B1 (en) Policy tag management for data migration
US9703976B1 (en) Encryption for physical media transfer
KR102666687B1 (en) Operating server for providing a safe phone service using qr code without exposing personal information by granting a communication authority level according to nickname and its operation method
CN105653904B (en) Using the processing method of screen locking, device and mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination