CN108121513B - A kind of data destruction method and system - Google Patents
A kind of data destruction method and system Download PDFInfo
- Publication number
- CN108121513B CN108121513B CN201711436563.5A CN201711436563A CN108121513B CN 108121513 B CN108121513 B CN 108121513B CN 201711436563 A CN201711436563 A CN 201711436563A CN 108121513 B CN108121513 B CN 108121513B
- Authority
- CN
- China
- Prior art keywords
- data
- business datum
- information
- destroying
- destroyed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0646—Horizontal data movement in storage systems, i.e. moving data in between storage devices or systems
- G06F3/0652—Erasing, e.g. deleting, data cleaning, moving of data to a wastebasket
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a kind of data destruction method and systems, are related to Technology On Data Encryption;Field.This method comprises: the business datum to input carries out data markers, the corresponding mark information of the business datum is generated;The business datum is identified according to the mark information, determines the corresponding data mode of the business datum;When the data mode is abnormality, according to the preset policy information that freezes to business datum progress data-frozen, obtain freezing business datum;Destruction identification is carried out to the business datum of freezing, determines data to be destroyed;Data destroying is carried out to the data to be destroyed.The embodiment of the present invention determines the data to be destroyed for needing to destroy with realizing automated intelligent, reduces the False Rate of data destroying, and improve data destroying efficiency.
Description
Technical field
The present invention relates to technical field of data security, more particularly to a kind of data destruction method, a kind of data destroying system
System, a kind of electronic equipment and a kind of readable storage medium storing program for executing.
Background technique
Under the overall background that information-technology age changes to the data technique epoch, data are gathered around according to itself exclusive value
There are the inner principles of " internal leakage, outside are stolen ", the high risk state in easy leakage and abuse, data safety protection
It faces a severe challenge.
With the enhancing of people's awareness of network security, around the generation of data, storage, transmission, the data Life Cycle such as use
Phase process has gradually formed mature security protection system.Data destroying, as the significant process of data life period, mesh
Be permanently to delete specific data, avoid data leak, be still not affected by the enough attention of people so far.Existing data pin
Damage method is mainly the target data of destruction required for determining it by manually, this leads to data destroying low efficiency, it is difficult to big
Scale, mass, which determine, destroys target data.The target data for needing to destroy relies on profile to determine completely, is easy to appear
The data for not needing to destroy are judged as the data that needs are destroyed, cause the False Rate of data destroying high, or even can accidentally destruction be had
Data.
Summary of the invention
In view of the above problems, the embodiment of the present invention provides a kind of data destruction method, to promote data destroying efficiency, reduces
The False Rate of data destroying.
Correspondingly, the embodiment of the invention also provides a kind of data destroying system, a kind of equipment and a kind of readable storages
Medium, to guarantee the implementation and application of the above method.
To solve the above-mentioned problems, the embodiment of the invention discloses a kind of data destruction methods, comprising:
Data markers are carried out to the business datum of input, generate the corresponding mark information of the business datum;
The business datum is identified according to the mark information, determines the corresponding data shape of the business datum
State;
When the data mode is abnormality, freezes policy information according to preset the business datum is counted
According to freezing, obtain freezing business datum;
Destruction identification is carried out to the business datum of freezing, determines data to be destroyed;
Data destroying is carried out to the data to be destroyed.
Optionally, further includes:
Analytical auditing is carried out according to the corresponding record information of the business datum, obtains analytical auditing result, wherein described
Record information comprises at least one of the following: usage record information destroys record information and freezes to record information;
According to the analytical auditing as a result, being updated to the corresponding mark information of the business datum.
It is optionally, described that data destroying is carried out to the data to be destroyed, comprising:
According to preset matching rule information, the corresponding data destroying mode of the data to be destroyed is matched, wherein described
Data destroying mode includes: that the soft destruction mode of data and data destroy mode firmly;
Data destroying is carried out to the data to be destroyed according to the data destroying mode, generates corresponding destruction record letter
Breath.
Optionally, further includes:
It is corresponding to the business datum to carry out authentication using user when the data mode is normal condition;
After authentication passes through, the business datum is supplied to described using user, generates corresponding usage record
Information.
Optionally, the abnormality includes: frozen state, the method also includes:
Judge whether to need to carry out data defrosting to the business datum according to the preset Rule Information that freezes;
If desired it thaws to the business datum, then generates defrosting request, according to described in defrosting request removal
The corresponding frozen state of business datum generates corresponding defrosting and records information, and re-starts to the business datum after defrosting
Data markers;
If not needing to thaw to the business datum, it is determined as the business datum to freeze business datum, holds
Row is described to carry out destroying the step of identifying to the business datum of freezing.
Optionally, before the business datum progress data markers of described pair of input, further includes: setting system management messages,
The system management messages, which include at least one of the following:, to be freezed Rule Information, destroys Rule Information, matching rule information, freezes
Policy information destroys policy information and user information;
After the progress data-frozen to the business datum, further includes: freeze business datum generation pair for described
That answers freezes record information.
The embodiment of the invention discloses a kind of data destroying systems, comprising:
It is corresponding to generate the business datum for carrying out data markers to the business datum of input for data markers module
Mark information;
Data identification module determines the business for identifying according to the mark information to the business datum
The corresponding data mode of data;
Data-frozen module, for freezing policy information pair according to preset when the data mode is abnormality
The business datum carries out data-frozen, obtains freezing business datum;And destruction mirror is carried out to the business datum of freezing
Not, data to be destroyed are determined;
Data destroying module, for carrying out data destroying to the data to be destroyed.
Optionally, further includes: analytical auditing module;
The analytical auditing module is obtained for carrying out analytical auditing according to the corresponding record information of the business datum
Analytical auditing result, wherein the record information comprises at least one of the following: usage record information destroys record information and jelly
Knot record information;
The data markers module is also used to according to the analytical auditing as a result, to the corresponding label of the business datum
Information is updated.
Optionally, the data destroying module includes:
Matched sub-block, for matching the corresponding data pin of the data to be destroyed according to preset matching rule information
Ruin mode, wherein the data destroying mode includes: that the soft destruction mode of data and data destroy mode firmly;
Submodule is destroyed, for carrying out data destroying to the data to be destroyed according to the data destroying mode, is generated
Corresponding destruction records information.
Optionally, further includes: safe handling module;
The safe handling module is used for when the data mode is normal condition, corresponding to the business datum
Authentication is carried out using user;And after authentication passes through, the business datum is supplied to it is described using user,
Generate corresponding usage record information.
Optionally, the data identification module is also used to when the abnormality is frozen state, according to preset jelly
Knot Rule Information judges whether to need to carry out data defrosting to the business datum;If desired the business datum is solved
Freeze, then generate defrosting request, it is corresponding to remove the business datum according to the defrosting request triggering data markers module
Frozen state;If not needing to thaw to the business datum, the business datum is determined as to freeze business datum, be touched
It sends out data-frozen module described and executes and described the business datum of freezing is carried out destroying the step of identifying;
The data markers module is also used to remove the corresponding frozen state of the business datum, generates corresponding defrosting
Information is recorded, and data markers are re-started to the business datum after defrosting.
Optionally, further includes: system management module;
The system management module, for system management messages to be arranged, the system management messages include following at least one
: freeze Rule Information, destroys Rule Information, matching rule information, freezes policy information, destroying policy information and user's letter
Breath;
The data-frozen module is also used to freeze business datum and generate corresponding to freeze to record information for described.
The embodiment of the invention also discloses a kind of electronic equipment, including memory, processor and storage are on a memory simultaneously
The computer program that can be run on a processor, the processor realize the data in the embodiment of the present invention when executing described program
The step of destroying method.
The embodiment of the invention also discloses a kind of computer readable storage mediums, are stored thereon with computer program, the journey
The step of data destruction method in the embodiment of the present invention is realized when sequence is executed by processor.
The embodiment of the present invention includes following advantages:
Firstly, the embodiment of the present invention by carrying out data markers to the business datum of input, generates mark information, and can be according to
Business datum is identified according to the mark information, so as to identify whether business datum is in abnormality, Yi Jike
According to the preset policy information that freezes to the business datum progress data-frozen in abnormality, obtain freezing business datum,
Then can determine data to be destroyed, that is, be based on data-driven by carrying out destruction identification to freezing business datum, realize from
The dynamic data to be destroyed for intelligently determining to need to destroy, reduce the False Rate of data destroying, improve data destroying efficiency, into
And it can reduce data management cost.
Secondly, the embodiment of the present invention can carry out analytical auditing, energy according to according to the corresponding record information of the business datum
Enough guarantee and objectively evaluate data safety destruction overall effect.
Again, the embodiment of the present invention can match the corresponding data of data to be destroyed according to preset matching rule information
Destruction mode such as can select the soft destruction mode of data or data to destroy mode firmly according to matching rule information, provide data
The unified standard process of destruction is supported to destroy firmly with the soft destruction of platform management data and data, thus the destruction that guarantees data security
The consistency of system promotes data safety and destroys overall effect.
Detailed description of the invention
Fig. 1 is a kind of step flow chart of data destruction method embodiment of the invention;
Fig. 2 is a kind of structural block diagram of data destroying system embodiment of the invention;
Fig. 3 is an optional exemplary a kind of structural block diagram for data destroying system of the invention
Fig. 4 is the schematic illustration of one of an example of the present invention data destruction method;
Fig. 5 is the step flow chart of one of an example of the present invention data destruction method.
Specific embodiment
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real
Applying mode, the present invention is described in further detail.
With information technology flourish, people's awareness of network security is increasingly enhanced, around the generation of data, storage,
It the processes such as transmits, use, gradually forming mature security protection system.Wherein, weight of the data destroying as data life period
Process is wanted, is the key link of data safety protection.Data life period can be the generations of data, storage, transmission, using and
The set of the processes such as destruction.Around data destroying process, complete security protection system is not yet formed at present.
Increasingly change specifically, destroying demand with data safety, the existing soft destruction of data destroys difficulty with data firmly
To meet data safety destruction demand under the new situation.Specifically, the soft destroying method of existing data and the hard destroying method of data
It is predefined according to user or custom data destroys strategy, towards fixed destruction target data, provides data
Safety destroys ability, but lacks monitoring and audit to data Destruction, that is, lacks to ruin data safety pin and output and input
Assessment and control, it is difficult to guarantee and objectively evaluate data safety destruction overall effect.In addition, the soft destruction of existing data and data
It is hard to destroy, possess respective independent flow.Accordingly, it is difficult to be destroyed firmly with the soft destruction of the existing data of platform management and data, influence
Data safety destroys safely the consistency of system, limits data safety and destroys overall effect, is unfavorable for data safety destruction
Skill scheme is applied under complicated business scene.
It should be noted that soft destroy of data is also known as mathematical logic and destroys, it can refer to and wipe/overriding method etc. using data
Software approach destroys data.Wherein, data wipe/overriding method can refer to: legacy data is covered using specific data, is made original
Data disappear with the change of data, pre-set specific data " 0 " covering legacy data such as can be used, so that original number
It disappears according to the covering with data.
Data are destroyed also known as Data Physical firmly and are destroyed, and can refer to using demagnetization method, destroy method by fire, smash method to pieces etc. and destroy data
The method of storage medium physical structure realizes data destroying.Wherein, demagnetization method can be adapted for magnetic-based storage media, can be
Refer to: the strong magnetic field generated using Deperming Facility is destroyed the magnetic texure of magnetic-based storage media, loses magnetic-based storage media and deposit
Store up data capability.The method of destroying by fire, which can use high temperature, makes storage medium turn to dust and ashes, so that data have not existed permanently.It smashs to pieces
Method also known as shreds method, can smash to pieces or shred to minimum fragment by storage medium physical damage, such as by storage medium, thus
Can ensure that data can not be restored from storage medium remains.
One of the core concepts of the embodiments of the present invention is, a kind of data destruction method and system is provided, with data life
Data destroying process is core in period, towards the important business data that need to be protected, is constructed including data markers, data knowledge
Not, the data safety of data-frozen, data destroying etc. destroys system, with automated intelligent determines to destroy target data, realize
The purpose that target data is permanently deleted is destroyed, data leak is avoided, to guarantee data security.
It should be noted that important business data may include needing business datum to be protected;Destroying target data can be with
Refer to the data for needing to destroy safely, can be the subset of important business data, the embodiment of the present invention is not specifically limited this.
Referring to Fig.1, a kind of step flow chart of data destruction method embodiment of the invention is shown, this method can answer
For can specifically include following steps in data destroying system:
Step 102, data markers are carried out to the business datum of input, generates the corresponding mark information of the business datum.
In practical applications, it can use the data destruction method in the embodiment of the present invention and construct a data peace and destroy and be
System.The data destroying system can be using data destroying process in data life period as core, by data-driven and data life
Other processes are connected in period, so as to automated intelligent determine data to be destroyed.
Specifically, data destroying system can be marked, indirectly by such as direct during incoming traffic data
The modes such as label, customized label, are marked the business datum of input, generate the corresponding mark information of the business datum.
Wherein, direct mark mode can refer to: the data markers mode of additional mark information in the business datum for needing to wrap protection,
Business datum to be protected is needed to merge with the physics of mark information to realize;Indirect labelling mode can refer to: will need to protect
Business datum and the associated data markers mode of mark information, so that realizing needs business datum to be protected and mark information
Logic fusion;Customized mark mode, which can refer to, destroys demand according to actual business demand and/or data safety, customized
Data markers mode, etc..
In the embodiment of the present invention, mark information can be used for recording the business datum that need to be protected in data intelligence Destruction
In status information, may include unique encodings (Identity, ID), data mode, self-defined information etc., this hair embodiment
With no restriction to this.Wherein, ID can indicate the unique string for the business datum that need to be protected;Data mode can be divided into normally
State, abnormality etc., present invention implementation are also not specifically limited this.
For example, data destroying system after detecting need important business data to be protected, is such as detecting user's input
Important business data when, data markers can be carried out to the important business data that detects by direct mark mode, generated
The corresponding mark information of the important business data, with the mark information being currently generated additional in the important business data, thus
It realizes and unique mark information is bound to need important business data to be protected.Wherein, important business data may include needing
Business datum to be protected, as needed business datum to be protected in financial institution, needing business datum to be protected in release mechanism
Etc., the embodiment of the present invention to this with no restriction.
In the embodiment of the present invention, optionally, data destroying system can also to after Data Identification business datum and its
Corresponding mark information carries out secure storage, so that the subsequent business datum obtained after data markers carries out business processing.Example
Such as, in conjunction with above-mentioned example, the important business data after Data Identification can be safely stored into database by data destroying system,
So as to subsequent business processing can be carried out from the important business data after obtaining data markers in the database.
Step 104, the business datum is identified according to the mark information, determines that the business datum is corresponding
Data mode.
The embodiment of the present invention can be before using business datum, can be according to mark information to the business datum that will be used
It is identified, to identify the abnormality during whether the business datum that will be used is in data destroying.If will make
Business datum is in the abnormality during data destroying, then can recognize the corresponding data shape of the business datum
State is abnormality, then can execute step 106 for the business datum in abnormality recognized.If will use
Business datum be not in the abnormality during data destroying, then can recognize the corresponding data of the business datum
State is normal condition, then can carry out identity for the user of the business datum in normal condition identified and recognize
Card, to authorize the access right of the business datum to user after authentication passes through, so that the user for obtaining authorization can
To use the business datum.
Step 106, when the data mode is abnormality, according to the preset policy information that freezes to the business number
According to data-frozen is carried out, obtain freezing business datum.
In the embodiment of the present invention, policy information can be freezed in the setting of data destroying system in advance, so that the data destroying
System can freeze policy information according to this and carry out data-frozen to the business datum in abnormality.Optionally, abnormal shape
Condition can be divided into the abnormality for freezing situation and non-freezing, wherein frozen state can be the abnormality freezed.Specifically
, data destroying system can determine the abnormality when recognizing the corresponding data mode of business datum is abnormality
Whether be non-freezing abnormality.It, can be according to presetting when determining that business datum is in the abnormality of non-freezing
The policy information that freezes business datum is freezed so that the business datum is in frozen state.Industry in frozen state
Business data can referred to as freeze business datum.It, can be by the business datum when business datum has been in the abnormality freezed
It is determined as freezing business datum, the frozen state of business datum can be kept, then executable step 108.
In an alternate embodiment of the present invention where, after freezing to business datum, corresponding jelly can also be generated
Knot record information, so as to it is subsequent can freeze according to this record information to freeze business datum carry out analytical auditing.Wherein, freeze
Record information may include being determined according to practical business demand, analytical auditing demand, data safety destruction demand etc., need to remember
Record information relevant to data-frozen, the embodiment of the present invention to this with no restriction.
Step 108, destruction identification is carried out to the business datum of freezing, determines data to be destroyed.
It, can be according to pre-set destruction rule to jelly after freezing to business datum in the embodiment of the present invention
Knot business datum carries out destruction identification, carries out data destroying to judge whether to need to freeze this business datum.Optionally, to institute
It states and freezes business datum and carry out destruction identification, can specifically include: according to preset destruction Rule Information, judging whether to need pair
The business datum of freezing carries out data destroying;If desired to business datum progress data destroying is freezed, then this can be freezed
Business datum is determined as data to be destroyed, then executes step 110.Data to be destroyed can be used for characterizing the destruction for needing to destroy
Target data may include the various businesses data for needing to destroy, such as the financial circles important business data for needing to destroy.If no
It needs then freeze the corresponding record information of freezing of business datum according to this to business datum progress data destroying is freezed and carry out
Analytical auditing forms analytical auditing as a result, to freeze the corresponding data mode of business datum according to analytical auditing result update.
Step 110, data destroying is carried out to the data to be destroyed.
In the embodiment of the present invention, data destroying system can be directed to the data to be destroyed after determining data to be destroyed
Intelligent Matching is carried out, to determine in a manner of the corresponding data destroying of the data to be destroyed, so as to utilize the data determined
Destruction mode destroys data to be destroyed.
To sum up, the embodiment of the present invention is by carrying out data markers to the business datum of input, generates mark information, and can be according to
Business datum is identified according to the mark information, so as to identify whether business datum is in abnormality, Yi Jike
According to the preset policy information that freezes to the business datum progress data-frozen in abnormality, obtain freezing business datum,
Then can determine data to be destroyed, that is, be based on data-driven by carrying out destruction identification to freezing business datum, realize from
The dynamic data to be destroyed for intelligently determining to need to destroy, reduce the False Rate of data destroying, improve data destroying efficiency, into
And it can reduce data management cost.
In an alternate embodiment of the present invention where, data destruction method can also include: corresponding according to business datum
Record information and carry out analytical auditing, obtain analytical auditing as a result, with according to the analytical auditing result to the input of business datum and
Output is assessed and is controlled, and destroys overall effect so as to guarantee and objectively evaluate data safety.Wherein, record information can
To include at least one: usage record information destroys record information and freezing and records information etc., the embodiment of the present invention to this not
It is restricted.
Specifically, data destroying system can integrate usage record information, freeze to record information, destroy record information etc.
Many factors carry out analytical auditing, such as carry out analytical auditing to business datum, when going out business datum exception with analytical auditing oneself
Dynamic alarm, export problem report, destroy overall effect so as to guarantee data security, and can objectively evaluate data safety
Destroy overall effect.Wherein, usage record information may include the information recorded when being supplied to business datum using user;
Freeze to record the information that information may include the record when carrying out data-frozen to business datum, such as freeze-off time;Destroy note
Record information may include carrying out the information that data destroying is record to business datum, such as may include data destroying time, number
According to destruction mode etc.;Problem report can be used for that user is assisted to determine that abnormal reason occurs in business datum.
Optionally, the data destruction method in the embodiment of the present invention can also include: according to analytical auditing as a result, to business
The corresponding mark information of data is updated.Specifically, data destroying system can also be according to analytical auditing as a result, to business number
It is updated according to corresponding mark information;It can also carry out visualization according to the analytical auditing result and concentrate to show, such as to needing to protect
The quantity of the important business data of shield shows, state accounting, freezes situation, service condition, destroys situation etc. to be shown, thus
It realizes that multi-angle of view, multidimensional information show, and then user can be helped to know data intelligence clearly and destroy state, control data intelligence
Destroy global situation.
In embodiments of the present invention, optionally, data destroying is carried out to the data to be destroyed, may include: according to pre-
If matching rule information, match the corresponding data destroying mode of the data to be destroyed, wherein the data destroying mode packet
Include: the soft destruction mode of data and data destroy mode firmly;The data to be destroyed are counted according to the data destroying mode
According to destruction, generates corresponding destruction and record information.
Specifically, matching rule information can be arranged in data destroying system in advance, so that the data destroying is true
After making data to be destroyed, can according to pre-set matching rule information to data to be destroyed carry out intelligent Matching, with according to
According to matching result intelligent selection mode is destroyed firmly, data to be destroyed are destroyed using the soft destruction mode of data or data.Its
In, pre-set matching rule information may include predefined or customized matching rule in data destroying system.Matching
Rule can destroy demand customization according to practical business demand or data safety, and implementation is flexible, the embodiment of the present invention to this not
It is restricted.For example, can be in matching rule, it is the soft destruction mode of data that the corresponding data destroying mode of cloud service data, which is arranged,
To carry out the soft destruction of data to cloud service data according to the soft destruction mode of data in follow-up data Destruction;It is arranged removable
The corresponding data destroying mode of storing data of dynamic storage medium is that data destroy mode firmly, so as to follow-up data Destruction
In, mode of destroying firmly according to data destroys the storing data progress data of movable storage medium firmly, etc..
It should be noted that the soft destruction mode of data, can use data wipe/software approach such as overriding method are destroyed
Data.In actual treatment, data destroying system can be used on platform line, can to realize the execution of the soft destruction mode of data
To support the soft destruction algorithm of domestic and international data, standards and specifications, and can support according to practical business demand or data safety pin
Ruin the soft destruction algorithm of data of demand customization.Wherein, the soft destruction algorithm of data may include: erasing/overriding mode, erasing/
The number etc. of overriding.
The data mode of destruction firmly, which can use demagnetization method, destroy method by fire, smash method to pieces etc., destroys data storage medium physical structure
Method realize data destroying.Specifically, being destroyed firmly if necessary to carry out data, can be directed in data destroying system to be destroyed
Data generate data and destroy work order firmly, and execution data under platform line then can be used and destroy firmly, such as can be by data destroying work order
It is supplied to data destroying person liable, is destroyed firmly so that data destroying person liable carries out data according to the data destroying work order, and
It completes that the corresponding confirmation message of data destroying work order can be submitted in data destroying system after data are destroyed firmly, so that data pin
The system of ruining can determine the completion of data destroying work order according to the confirmation message.Wherein, data destroy work order firmly and can be used for remembering
Record data storage medium destroys target data, data and destroys person liable firmly, can be also used for record according to practical business demand,
Analytical auditing demand or data safety destroy the information of demand customization, the embodiment of the present invention to this with no restriction.
In an alternate embodiment of the present invention where, further includes: when the data mode is normal condition, to the industry
Data of being engaged in are corresponding to carry out authentication using user;After authentication passes through, the business datum is supplied to described make
With user, corresponding usage record information is generated.Specifically, identifying that the business datum that will be used is in normal condition
When, data destroying system can carry out authentication using user to the business datum;It, can be with if authentication passes through
The corresponding access right of the business datum is authorized using user, so as to be proposed business datum based on the access right authorized
Supply is used using user.For example, data destroying system can pass through such as off-line data, service interface, data-interface, application
The modes such as Program Interfaces (Application Programming Interface, API) will be in the industry of normal condition
Business data are supplied to using user, and can be recorded to the business datum being supplied to using user, and corresponding make is generated
With record information.The usage record information may include that summed data is needed to destroy safely according to practical business demand, analytical auditing
Demand etc., which determines, needs the information that records, the embodiment of the present invention to this with no restriction.
In embodiments of the present invention, normal condition can be used to indicate that the business datum state that need to be protected is normal, can make
With.Abnormality can be used to indicate that other states needed outside normal condition to be protected, specifically may include expired state, redundancy
State, derivative state, failure state, frozen state and customized abnormality etc..Wherein, expired state can indicate to need to protect
Business datum exceeded the legal time limit used.Redundant state can indicate that the business datum that need to be protected is other business datums
Reproduction replica.Derivative state can indicate that the business datum that need to be protected is generated based on the processing of other business datums, operation
Data.Failure state can indicate that the business datum that need to be protected has lost intrinsic business value.Frozen state can indicate to need to protect
Business datum be in the state of data-frozen.Customized abnormality may include according to practical business demand or data safety pin
Ruin the customized data mode of demand.Wherein, the data status of demand customization is destroyed according to practical business demand or data safety,
Implementation is flexible, the embodiment of the present invention to this with no restriction.
In an alternate embodiment of the present invention where, abnormality may include: frozen state, the method also includes:
Judge whether to need to carry out data defrosting to the business datum according to the preset Rule Information that freezes;If desired to the business
Data are thawed, then generate defrosting request, remove the corresponding frozen state of the business datum according to defrosting request, raw
Information is recorded at corresponding defrosting, and data markers are re-started to the business datum after defrosting;If not needing to the industry
Business data are thawed, then are determined as the business datum freezing business datum, execution is described to freeze business datum to described
It carries out destroying the step of identifying.
In the embodiment of the present invention, it can be arranged in data destroying system in advance and freeze Rule Information.Freeze Rule Information
May include it is predefined or it is customized freeze rule, can be used for carrying out defrosting mirror to the business datum in frozen state
Not, to determine the need for carrying out data defrosting to the business datum in frozen state.Wherein, it predefines or customized jelly
Knot rule can destroy demand according to practical business demand or data safety and be customized, and realize flexibly, such as can be set one
It thawed automatically to freezing data in specified time, freeze frozen state of business datum etc., this hair towards specific user's holding
Bright embodiment to this with no restriction.
In the concrete realization, data destroying system is recognizing after recognizing the business datum in frozen state
After freezing business datum, can according to it is predefined or it is customized freeze rule, judge whether to freeze business number to this to needs
According to progress data defrosting.If desired to business datum progress data defrosting is freezed, then it can freeze business datum generation for this
Corresponding defrosting request, is thawed with freezing business datum to this automatically according to defrosting request, the business after being thawed
Data, and generate corresponding defrosting and record information, so as to record information to the business datum after defrosting according to the defrosting
Data markers are re-started, the corresponding data mode of business datum after such as thawing is labeled as normal condition, etc..If being not required to
Data defrosting is carried out to business datum is freezed, then can keep the frozen state for freezing business datum, it then can be according to preparatory
The destruction Rule Information of setting carries out destruction identification to business datum is freezed.
Wherein, destroying Rule Information may include predefined or customized destruction rule in data destroying system.It is predetermined
Adopted or customized destruction rule can destroy demand according to practical business demand or data safety and be customized, and realize flexibly,
It is more than to specify time limit, access times arrival that upper limit etc. is allowed to freeze business datum to be determined as needing to destroy as the time limit can will be freezed
Business datum, the embodiment of the present invention to this with no restriction.
In an alternate embodiment of the present invention where, before the business datum of described pair of input carries out data markers, may be used also
To include: setting system management messages, the system management messages, which include at least one of the following:, to be freezed Rule Information, destroys rule
Then information, matching rule information, freeze policy information, destroy policy information and user information.It, can be preparatory in actual treatment
System management messages are set in data destroying system, allow the data destroying system according to pre-set system administration
Information is managed business number, such as according to the pre-set Rule Information that freezes to the business datum progress in frozen state
Thaw identify, according to pre-set destructions Rule Information judge whether need to freeze business datum progress data destroying, according to
Freeze plan according to the corresponding data destroying mode of pre-set matching rule information matches data to be destroyed, according to pre-set
Slightly information carries out data-frozen to the business datum that needs freeze, carries out data pin according to pre-set destruction policy information
Ruin, etc..
In the embodiment of the present invention, optionally, after the progress data-frozen to the business datum, further includes: be directed to
It is described freeze business datum generate it is corresponding freeze record information.Specifically, data destroying system is carried out to business datum
When data-frozen, can recorde information relevant to data-frozen, formation is freezed to record information, so as to it is subsequent can be according to the jelly
Knot record information carries out analytical auditing, destroys overall effect so as to guarantee and objectively evaluate data safety.Freeze record letter
Breath may include that summed data safety destruction demand etc. is needed to determine the letter for needing to record according to practical business demand, analytical auditing
Breath, the embodiment of the present invention to this with no restriction.
Referring to fig. 2, show a kind of structural block diagram of data destroying system embodiment of the invention, can specifically include as
Lower module:
It is corresponding to generate the business datum for carrying out data markers to the business datum of input for data markers module 202
Mark information;
Data identification module 204 determines the industry for identifying according to the mark information to the business datum
The corresponding data mode of data of being engaged in;
Data-frozen module 206, for freezing policy information according to preset when the data mode is abnormality
Data-frozen is carried out to the business datum, obtains freezing business datum;And destruction mirror is carried out to the business datum of freezing
Not, data to be destroyed are determined;
Data destroying module 208, for carrying out data destroying to the data to be destroyed.
In an alternate embodiment of the present invention where, which can also include analytical auditing module.It is described
Analytical auditing module, for obtaining analytical auditing according to the business datum corresponding record information progress analytical auditing as a result,
Wherein, the record information comprises at least one of the following: usage record information destroys record information and freezes to record information.Institute
Data markers module is stated, is also used to according to the analytical auditing as a result, being carried out more to the corresponding mark information of the business datum
Newly.
In an alternate embodiment of the present invention where, the data destroying module 208 may include following submodule:
Matched sub-block, for matching the corresponding data pin of the data to be destroyed according to preset matching rule information
Ruin mode, wherein the data destroying mode includes: that the soft destruction mode of data and data destroy mode firmly;
Submodule is destroyed, for carrying out data destroying to the data to be destroyed according to the data destroying mode, is generated
Corresponding destruction records information.
In embodiments of the present invention, optionally, data destroying system can also include: safe handling module.The safety
Using module, it is used for when the data mode is normal condition, it is corresponding to the business datum to carry out identity using user
Certification;And after authentication passes through, the business datum is supplied to described using user, the corresponding use note of generation
Record information.
In embodiments of the present invention, optionally, the data identification module 204 is also used in the abnormality be to freeze
When knot state, judge whether to need to carry out data defrosting to the business datum according to the preset Rule Information that freezes;If desired
It thaws to the business datum, then generates defrosting request, trigger the data markers module 202 according to defrosting request
Remove the corresponding frozen state of the business datum;If not needing to thaw to the business datum, by the business number
According to being determined as freezing business datum, the data-frozen module 206 is triggered and executes described pin is carried out to the business datum of freezing
The step of ruining identification.
The data markers module 202 is also used to remove the corresponding frozen state of the business datum, generates corresponding solution
Freeze record information, and data markers are re-started to the business datum after defrosting.
In an alternate embodiment of the present invention where, data destroying system can also include: system management module.The system
System management module, can be used for being arranged system management messages, the system management messages, which include at least one of the following:, freezes rule
Information destroys Rule Information, matching rule information, freezes policy information, destroys policy information and user information.
Data-frozen module 208 can be also used for freezing business datum and generate corresponding to freeze to record information for described.
In one optional example, as shown in figure 3, data destroying system 300 may include: data markers module 202, data
Identification module 204, data-frozen module 206, data destroying module 208, safe handling module 210,212 and of analytical auditing module
System management module 214.
In actual treatment, data markers module 202 can be used for that the important business data that need to be protected is marked and
Storage management provides data markers and secure storage two functions.
Specifically, data markers function can refer to: Data Identification module 202 can by directly marking, indirect labelling
The important business data that need to be protected is marked with modes such as customized labels, to be bound to the important business data that need to be protected
Unique mark information.For example, passing through the directly side of label in the case where the important business data that need to be protected is structural data
The field including mark information can be added in tables of data where important business data in formula;It, can by indirect labelling mode
Outside tables of data, to create the tables of data comprising mark information where important business data, and by the tables of data and can be somebody's turn to do
Important business data is associated, to establish the corresponding relationship between important business data and identification information.For another example, it is needing
It, can be direct by mark information by direct mark mode in the case that the important business data of protection is unstructured data
It is written in file header or the file body of important business data;It, can be literary where important business data by indirect labelling mode
Outside part, the attachment files comprising mark information are created, be associated with the important business data etc..The specific implementation side of data markers
Formula is flexible, the embodiment of the present invention to this with no restriction.
Secure storage function can refer to: the important industry that Data Identification module 202 can protect the need after data markers
Be engaged in data carry out secure storage, the specific implementation of secure storage is flexible, the embodiment of the present invention to this with no restriction.
Data identification module 204 can identify the business datum taken out, will used from secure storage, mention
It identifies and thaws for data and identify two functions.Wherein, data identification function can refer to: data identification module 204 can mention
The corresponding identification information of the business datum that will be used is taken, then the identification information extracted can be disassembled mark information is
ID, data mode and self-defined information etc., ID, data mode and the self-defined information then obtained using dismantling, judge industry
Whether data mode of the data of being engaged in data intelligence Destruction is in abnormality, or judges business datum in data intelligence
Whether the data mode in energy Destruction is in normal condition.Defrosting identification function can be and refer to that data identification module 204 can
To carry out defrosting identification in the business datum of frozen state, freeze shape with judge whether to need to keep the business datum
State.
Data-frozen module 206 can provide data-frozen, freeze to record and destroy the functions such as identification.Wherein, number
According to freezing function can according to it is predefined or it is customized freeze strategy, to identifying in expired, redundancy, derivative, failure
With the business datum of the abnormalities such as customized, data-frozen is carried out.It should be noted that predefined or customized freeze plan
Slightly demand can be destroyed according to practical business demand or data safety to be customized, realize flexibly, such as carried out using cipher mode
Data-frozen carries out data-frozen etc. using permission mode, the embodiment of the present invention to this with no restriction.Freezing writing function can be with
Business datum by data-frozen feature freeze is recorded, records content according to practical business demand, analytical auditing need
Summed data safety destruction demand is determined, the embodiment of the present invention to this with no restriction.Destroying identification function can be according to pre-
Definition or customized destructions rule, carry out destruction identification to the business datum for being in frozen state, to determine the need for pair
The business datum carries out data destroying.
For example, data-frozen module 206 can according to it is predefined or it is customized freeze strategy, to data identification module 204
The business datum in expired, redundancy, derivative, failure and the abnormalities such as customized identified executes data-frozen, and can
To carry out freezing record to freezing data, destroy identification.It is optional, it, can when not needing to carry out data destroying to the business datum
To carry out analytical auditing to the business datum, analytical auditing result is formed.
Data destroying module 208 can provide the soft destruction of intelligent Matching, data, record etc. is destroyed and destroyed firmly to data
Function.Wherein, the business datum destroyed by data destroying function can be recorded by destroying writing function, the content of record
Summed data safety destruction demand can be needed to be determined with practical business demand, analytical auditing, the embodiment of the present invention does not make this
Concrete restriction.For example, data destroying module 208 can carry out intelligent Matching to the data to be destroyed for needing to carry out data destroying,
In a manner of the soft destruction of data gone out using intelligent Matching or data destroy mode firmly, carry out data destroying, and can be to destruction
Business datum recorded, generate corresponding destructions record information.
Safe handling module 210 can provide the functions such as authorization identifying, safe handling, usage record.Specifically,
Based on authorization identifying function, security identity module 210 carries out the user of the business datum in normal condition identified
Authentication, and the data right to use of the business datum can be authorized to user when authentication passes through.In addition, safety is known
Other module 210 can be based on safe handling function, in a manner of off-line data, service interface, data-interface, API etc., will be in just
The user that the business datum of normal state is supplied to authorization makes, and under the premise of ensuring data security, meets user demand;And
It can be based on usage record function, the business datum provided by safe handling function is recorded, generate usage record letter
Breath.
Analytical auditing module 212 may be used to provide analytical auditing function, visualize function.Specifically, analysis is examined
It counts module 212 and is based on analytical auditing function, it can be more with integrated data usage record, data-frozen record, data destroying record etc.
Aspect factor carries out analytical auditing, generates analytical auditing report.Optionally, analytical auditing module 212 can be shown by viewization
Function carries out visualization concentration to analytical auditing result and shows, realizes multi-angle of view, multidimensional information shows.
System management module 214 can provide the functions such as regulation management, tactical management, system administration.Wherein, system
The rule-based management function of management module 214 can need summed data to destroy need safely according to practical business demand, analytical auditing
It asks, to rule, destruction rule, matching rule is freezed, is increased newly, deleted, modified and inquired.Based on policy management capability, it is
System management module 214 summed data safety destruction demand can be needed according to practical business demand, analytical auditing, to freeze strategy,
Strategy is destroyed, is increased newly, deleted, modified and inquired;And it is based on system management function, the user of data destroying system is provided
Setting, user grouping setting and user authority setting.It should be noted that user setting may include creation, delete, modification,
Inquire the user of data destroying system;User grouping setting may include creation, delete, modification, inquiry data destroying system
User grouping, and can also include setting user grouping description information, adjustment specific user to specific user's grouping etc.;With
Family priority assignation may include that different system permissions is assigned to user, can such as create, deletes, modifies, inquire specific user
Or the permission etc. that setting specific user is grouped.
Embodiment in order to enable those skilled in the art to better understand the present invention, below in conjunction with example in the embodiment of the present invention
Data destruction method be illustrated.
Referring to Fig. 4, the schematic illustration of one of an example of the present invention data destruction method is shown.
In this example, data destroying system can be using data destroying process in data life period as core, towards need
The business datum of protection, carrying out intelligent destruction to the business datum that needs are destroyed can specifically include following steps as figure 5 illustrates:
Step 502, in system management module, system management messages are set.For example, can in system management module,
To freeze rule, destroy rule, matching rule, freeze strategy, destruction strategy predefines, and data destroying can be set
User, user grouping and user right of system, etc..
Step 504, data markers module carries out data markers to the business datum that need to be protected, and generates mark information.For example,
Data markers module can by directly marking, indirect labelling or it is customized label etc. modes to financial circles important business data into
Line flag generates corresponding mark information.
Step 506, data markers module carries out secure storage to the business datum of the need protection after data markers.For example,
In conjunction with above-mentioned example, data markers module can carry out secure storage to the financial circles important business data after data markers.
Step 508, data identification module extracts the corresponding mark information of business datum that will be used, according to label letter
Breath carries out data identification, identifies the data mode of the business datum.Specifically, will be used being taken out from secure storage
After business datum, data identification module can extract the corresponding mark information of the business datum, and disassembling mark information is ID, number
According to state and self-defined information, so as to judge business datum in data intelligence using ID, data mode and self-defined information
Whether the data mode in Destruction is in normal condition.If the data mode of business datum is normal condition, can be true
The fixed business datum is in normal condition, then executable step 510.If the data mode of business datum is frozen state,
It can determine that the business datum is to freeze business datum, then execute step 514.If the data mode of business datum is non-freezing
Abnormality, then can for the business datum execute step 516.
Step 510, safe handling module uses user to the business datum in normal condition identified, carries out body
Part certification.If authentication fails, service can be terminated.If, can be by the business datum by authentication
The data right to use is authorized using user, and can use user for authorized, with off-line data, service interface, number
Business datum is provided according to modes such as interface, API, so that the business datum of offer can be used using user, then executes step
512。
Step 512, safe handling module records the business datum of offer, generates corresponding usage record information.
Specifically, safe handling module can to by safe handling function provide business datum, carry out usage record, obtain using
Information is recorded, and usage record information is sent to analytical auditing module, then executes step 522.
Step 514, data identification module carries out defrosting identification to the business datum in frozen state, to judge whether to need
It to thaw to the business datum.
Specifically, data identification module can according to it is predefined or it is customized freeze rule, judge whether to need to jelly
It ties business datum and carries out data defrosting.If not needing to freeze this business datum progress data defrosting, this can be kept to freeze industry
The frozen state for data of being engaged in.If desired it thaws to freezing business datum, generates corresponding defrostings and request, and defrosting is asked
It asks and is sent to data markers module.Data markers module removes this and freezes the corresponding mark of business datum after receiving defrosting request
Know the data-frozen state in information, and 506 can be returned to step.
Step 516, data-frozen module carries out data-frozen, obtains to the business datum in abnormality identified
To freezing business datum.Specifically, being in such as expired state, redundant state, derivative state, failure recognizing business datum
After the abnormality of the non-freezing such as state and customized abnormality, data-frozen module can be according to predefined or customized
Freeze strategy, data-frozen carried out to the business datum, and can to by the business datum of data-frozen feature freeze into
Row freezes to record, and generation is corresponding to be freezed to record information, can will then freeze record information and be sent to analytical auditing module, so that
Analytical auditing module can carry out analytical auditing according to record information is freezed.
Step 518, data-frozen module carries out destruction identification to the business datum of freezing, and determines data to be destroyed.Tool
Body, data-frozen module can according to predefined or customized destructions rule, to be in the business datum of frozen state into
Identification is ruined in marketing, to judge whether to need to carry out the business datum a point progress data destroying.When judging result is to need to this
Business datum carries out data destroying, which can be determined as to data to be destroyed, and the data to be destroyed are sent to number
According to module is destroyed, step 520 is then executed.When judging result be do not need to the business datum carry out data destroying, can sentence
It is disconnected whether to need to carry out analytical auditing to the business datum.If desired analytical auditing is carried out to the business datum, then it can be by the industry
Business data are sent to analytical auditing module, then executable step 522.
Step 520, data destroying module destroys the data to be destroyed for needing to carry out data destroying.Specifically, number
Intelligent Matching can be carried out to data to be destroyed according to predefined or customized matching rule according to module is destroyed, generate matching knot
Fruit, so as to destroy firmly using the soft destruction of data or data according to matching result intelligent selection and carry out pin to data to be destroyed
It ruins.
If data destroying module uses the soft destruction of data according to matching result, it can use data and wipe/overriding method
Equal software approach destroy data, and the destruction of business datum is realized using the execution soft destruction mode of data on platform line.Specifically, number
The soft destruction of data can be executed for data to be destroyed automatically according to the soft destruction strategy of pre-set data according to module is destroyed,
To achieve the purpose that safety destroys data;And destruction note can be carried out to the business datum destroyed by data destroying function
Record generates corresponding destruction and records information, then the destruction can be recorded information and issue analytical auditing module, so that analysis
Audit Module can record information according to the destruction and carry out analytical auditing.
If data destroying module is destroyed according to matching result using data firmly, it can use demagnetization method, destroy method by fire, smash
The method that broken method etc. destroys data storage medium physical structure realizes data destroying.Specifically, data destroying system can be directed to
Data to be destroyed generate data and destroy work order firmly, and the data are destroyed work order are firmly supplied to data and destroy person liable firmly, to adopt
It is destroyed firmly with data are executed under platform line, i.e., destroys person liable firmly by data and data to be destroyed are destroyed.Data are sold firmly
Person liable is ruined after completing data and destroying firmly, and data can be destroyed with work order in data destroying system firmly and confirmed, triggered
Data destroying system destroys the corresponding confirmation message of work order at the data firmly, so that data destroying system being capable of foundation
The confirmation message determines the completion that data are destroyed firmly.Optionally, data destroying module can also be based on confirmation message, to passing through data
It destroys the business datum that function is destroyed and carries out destruction record, generate corresponding destruction and record information, and the destruction is recorded and is believed
Breath issues analytical auditing module, so that analytical auditing module, which can record information according to the destruction, carries out analytical auditing.
Step 522, analytical auditing module carries out analytical auditing, generates analytical auditing as a result, carrying out to analytical auditing result
Visualization, which is concentrated, to be showed.Specifically, analytical auditing module can determine the input and defeated that data safety is destroyed by analytical auditing
Whether there is exception out;If without exception, service can be terminated;, then can be with auto-alarming if there is exception, and can export and ask
Topic report, and relevant abnormalities can be sent to data markers module, abnormal industry will occur by Data Identification module
Data mode in the corresponding mark information of business data is updated to abnormality.
To sum up, data destruction method and system provided in an embodiment of the present invention, can be with data pin in data life period
Ruining process is that core is constructed towards the important business data that need to be protected including data markers, data identification, data-frozen, peace
It entirely uses, the data safety of data destroying, analytical auditing destruction system, realizes that destroying target data permanently deletes, and avoids counting
According to leakage, to guarantee data security.
Specifically, the data destruction method and system in the embodiment of the present invention can be according to predefined or customized numbers
According to rule is destroyed, it is based on data-driven, automated intelligent determines the data to be destroyed for needing to destroy, that is, do not need manually to participate in, just
Can automated intelligent determine to destroy target data, improve the determination efficiency for destroying target data, can extensive, mass determine
Target data is destroyed, and the False Rate for destroying target data is low, it is at low cost to reduce data management.
Furthermore, the data destruction method and system in the embodiment of the present invention, can be according to predefined or customized
Strategy of Data Maintenance construct data safety and destroy system towards the important business data that need to be protected.Specifically, data pin
Damage method and system are using data destroying process in data life period as core, by other in data-driven and data life period
Process is connected, and the assessment and control output and input is ruined in support to data safety pin, and can use note with integrated data
The many factors such as record, data-frozen record, data destroying record carry out analytical auditing, so as to guarantee and objectively evaluate number
Overall effect is destroyed according to safety.
The present invention implement in data destruction method and system can also utilize intelligent Matching function, according to it is predefined or from
The matching rule of definition, intelligent selection are destroyed firmly using the soft destruction of data or data, can provide unified standard process, support
It is destroyed firmly with the soft destruction of platform management data and data, so that the consistency for the system of destroying that guarantees data security, promotes data peace
It is complete to destroy overall effect, be conducive to data safety destruction and applied under complicated business scene, can satisfy data under the new situation
Safety destroys demand.
It should be noted that for simple description, therefore, it is stated as a series of action groups for embodiment of the method
It closes, but those skilled in the art should understand that, embodiment of that present invention are not limited by the describe sequence of actions, because according to
According to the embodiment of the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art also should
Know, the embodiments described in the specification are all preferred embodiments, and the related movement not necessarily present invention is implemented
Necessary to example.
A kind of electronic equipment including memory, processor and stores the meter that can be run on a memory and on a processor
Calculation machine program, which is characterized in that following steps may be implemented when executing described program in the processor: to the business datum of input
Data markers are carried out, the corresponding mark information of the business datum is generated;According to the mark information to the business datum into
Row identification, determines the corresponding data mode of the business datum;When the data mode is abnormality, according to preset jelly
It ties policy information and data-frozen is carried out to the business datum, obtain freezing business datum;The business datum of freezing is carried out
It destroys and identifies, determine data to be destroyed;Data destroying is carried out to the data to be destroyed.
Optionally, further includes:
Analytical auditing is carried out according to the corresponding record information of the business datum, obtains analytical auditing result, wherein described
Record information comprises at least one of the following: usage record information destroys record information and freezes to record information;
According to the analytical auditing as a result, being updated to the corresponding mark information of the business datum.
It is optionally, described that data destroying is carried out to the data to be destroyed, comprising:
According to preset matching rule information, the corresponding data destroying mode of the data to be destroyed is matched, wherein described
Data destroying mode includes: that the soft destruction mode of data and data destroy mode firmly;
Data destroying is carried out to the data to be destroyed according to the data destroying mode, generates corresponding destruction record letter
Breath.
Optionally, further includes: corresponding to the business datum to use user when the data mode is normal condition
Carry out authentication;After authentication passes through, the business datum is supplied to described using user, generates corresponding use
Record information.
Optionally, the abnormality includes: frozen state, the method also includes:
Judge whether to need to carry out data defrosting to the business datum according to the preset Rule Information that freezes;
If desired it thaws to the business datum, then generates defrosting request, according to described in defrosting request removal
The corresponding frozen state of business datum generates corresponding defrosting and records information, and re-starts to the business datum after defrosting
Data markers;
If not needing to thaw to the business datum, it is determined as the business datum to freeze business datum, holds
Row is described to carry out destroying the step of identifying to the business datum of freezing.
Optionally, before the business datum progress data markers of described pair of input, further includes: setting system management messages,
The system management messages, which include at least one of the following:, to be freezed Rule Information, destroys Rule Information, matching rule information, freezes
Policy information destroys policy information and user information;
After the progress data-frozen to the business datum, further includes: freeze business datum generation pair for described
That answers freezes record information.
A kind of computer readable storage medium, is stored thereon with computer program, can be with when which is executed by processor
The step of realizing the data destruction method in the embodiment of the present invention.
For electronic equipment, computer readable storage medium embodiment, since it is basically similar to the method embodiment,
So being described relatively simple, the relevent part can refer to the partial explaination of embodiments of method.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can provide as method, system or calculate
Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can
With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code
The form of the computer program product of implementation.
The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, terminal device (system) and computer program
The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions
In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these
Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals
Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices
Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram
The system of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices
In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet
The manufacture of instruction system is included, which realizes in one side of one or more flows of the flowchart and/or block diagram
The function of being specified in frame or multiple boxes.
These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that
Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus
The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart
And/or in one or more blocks of the block diagram specify function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases
This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as
Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap
Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article
Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited
Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.
Above to a kind of data destruction method provided by the present invention, system, equipment and storage medium, detailed Jie has been carried out
It continues, used herein a specific example illustrates the principle and implementation of the invention, and the explanation of above embodiments is only
It is to be used to help understand method and its core concept of the invention;At the same time, for those skilled in the art, according to this hair
Bright thought, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not manage
Solution is limitation of the present invention.
Claims (14)
1. a kind of data destruction method, which is characterized in that the described method includes:
Data markers are carried out to the business datum of input, generate the corresponding mark information of the business datum;
The business datum is identified according to the mark information, determines the corresponding data mode of the business datum;
When the data mode is abnormality, according to the preset policy information that freezes to business datum progress data jelly
Knot, obtains freezing business datum;Wherein, the abnormality includes redundant state, derives state, failure state, frozen state,
With, according to data safety destroy the customized customized abnormality of demand;
Destruction identification is carried out to the business datum of freezing, determines data to be destroyed;
Data destroying is carried out to the data to be destroyed.
2. the method according to claim 1, wherein further include:
Analytical auditing is carried out according to the corresponding record information of the business datum, obtains analytical auditing result, wherein the record
Information comprises at least one of the following: usage record information destroys record information and freezes to record information;
According to the analytical auditing as a result, being updated to the corresponding mark information of the business datum.
3. method according to claim 1 or 2, which is characterized in that it is described that data destroying is carried out to the data to be destroyed,
Include:
According to preset matching rule information, the corresponding data destroying mode of the data to be destroyed is matched, wherein the data
Destruction mode includes: that the soft destruction mode of data and data destroy mode firmly;
Data destroying is carried out to the data to be destroyed according to the data destroying mode, corresponding destruction is generated and records information.
4. according to the method described in claim 2, it is characterized by further comprising:
It is corresponding to the business datum to carry out authentication using user when the data mode is normal condition;
After authentication passes through, the business datum is supplied to described using user, generates corresponding usage record information.
5. according to the method described in claim 2, the method is also it is characterized in that, the abnormality includes: frozen state
Include:
Judge whether to need to carry out data defrosting to the business datum according to the preset Rule Information that freezes;
If desired it thaws to the business datum, then generates defrosting request, remove the business according to defrosting request
The corresponding frozen state of data generates corresponding defrosting and records information, and re-starts data to the business datum after defrosting
Label;
If not needing to thaw to the business datum, the business datum is determined as to freeze business datum, executes institute
It states and the business datum of freezing is carried out destroying the step of identifying.
6. method according to claim 2 or 4, which is characterized in that
The business datum of described pair of input carries out before data markers, further includes: setting system management messages, the system administration
Information, which includes at least one of the following:, to be freezed Rule Information, destroys Rule Information, matching rule information, freeze policy information, destroy
Policy information and user information;
It is described to the business datum carry out data-frozen after, further includes: for it is described freeze business datum generate it is corresponding
Freeze to record information.
7. a kind of data destroying system characterized by comprising
Data markers module generates the corresponding label of the business datum for carrying out data markers to the business datum of input
Information;
Data identification module determines the business datum for identifying according to the mark information to the business datum
Corresponding data mode;
Data-frozen module is used for when the data mode is abnormality, according to the preset policy information that freezes to described
Business datum carries out data-frozen, obtains freezing business datum;Wherein, the abnormality include redundant state, derivative state,
Failure state, frozen state, and, the customized customized abnormality of demand is destroyed according to data safety;And to the jelly
Knot business datum carries out destruction identification, determines data to be destroyed;
Data destroying module, for carrying out data destroying to the data to be destroyed.
8. system according to claim 7, which is characterized in that further include: analytical auditing module;
The analytical auditing module is analyzed for carrying out analytical auditing according to the corresponding record information of the business datum
Auditing result, wherein the record information comprises at least one of the following: usage record information destroys record information and freezes to remember
Record information;
The data markers module is also used to according to the analytical auditing as a result, to the corresponding mark information of the business datum
It is updated.
9. system according to claim 7 or 8, which is characterized in that the data destroying module includes:
Matched sub-block, for matching the corresponding data destroying side of the data to be destroyed according to preset matching rule information
Formula, wherein the data destroying mode includes: that the soft destruction mode of data and data destroy mode firmly;
Submodule is destroyed, for carrying out data destroying to the data to be destroyed according to the data destroying mode, generates and corresponds to
Destruction record information.
10. system according to claim 8, which is characterized in that further include: safe handling module;
The safe handling module is used for the use corresponding to the business datum when the data mode is normal condition
User carries out authentication;And after authentication passes through, the business datum is supplied to described using user, generation
Corresponding usage record information.
11. system according to claim 8, which is characterized in that
The data identification module is also used to freeze Rule Information according to preset when the abnormality is frozen state
Judge whether to need to carry out data defrosting to the business datum;If desired it thaws to the business datum, then generates solution
Freeze request, triggers the data markers module according to defrosting request and remove the corresponding frozen state of the business datum;If
It does not need to thaw to the business datum, is then determined as the business datum to freeze business datum, trigger the data
Freeze module execute it is described to it is described freeze business datum carry out destroy identify the step of;
The data markers module is also used to remove the corresponding frozen state of the business datum, generates corresponding defrosting record
Information, and data markers are re-started to the business datum after defrosting.
12. the system according to claim 8 or 10, which is characterized in that further include: system management module;
The system management module, for system management messages to be arranged, the system management messages include at least one of the following: jelly
Knot Rule Information destroys Rule Information, matching rule information, freezes policy information, destroys policy information and user information;
The data-frozen module is also used to freeze business datum and generate corresponding to freeze to record information for described.
13. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that the processor performs the steps of when executing described program
Data markers are carried out to the business datum of input, generate the corresponding mark information of the business datum;
The business datum is identified according to the mark information, determines the corresponding data mode of the business datum;
When the data mode is abnormality, according to the preset policy information that freezes to business datum progress data jelly
Knot, obtains freezing business datum;Wherein, the abnormality includes redundant state, derives state, failure state, frozen state,
With, according to data safety destroy the customized customized abnormality of demand;
Destruction identification is carried out to the business datum of freezing, determines data to be destroyed;
Data destroying is carried out to the data to be destroyed.
14. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The step of any one of claim 1 to 6 the method is realized when execution.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711436563.5A CN108121513B (en) | 2017-12-26 | 2017-12-26 | A kind of data destruction method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711436563.5A CN108121513B (en) | 2017-12-26 | 2017-12-26 | A kind of data destruction method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108121513A CN108121513A (en) | 2018-06-05 |
| CN108121513B true CN108121513B (en) | 2019-02-22 |
Family
ID=62231902
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711436563.5A Active CN108121513B (en) | 2017-12-26 | 2017-12-26 | A kind of data destruction method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108121513B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111787029B (en) * | 2020-07-29 | 2023-03-17 | 浙江德迅网络安全技术有限公司 | Advanced network security threat mitigation for https protocol deep monitoring |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103823830A (en) * | 2012-11-15 | 2014-05-28 | 国际商业机器公司 | Method and system for destruction of sensitive information |
| CN106649587A (en) * | 2016-11-17 | 2017-05-10 | 国家电网公司 | High-security desensitization method based on big data information system |
| CN107241452A (en) * | 2017-08-15 | 2017-10-10 | 江苏北弓智能科技有限公司 | A kind of data destruct system and method for mobile terminal |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103618693B (en) * | 2013-10-31 | 2017-01-11 | 中国航天科工集团第二研究院七〇六所 | A cloud manufacturing user data management and control method based on labels |
| CN105480207A (en) * | 2014-10-13 | 2016-04-13 | 张东 | Micro dust remover for vehicle |
| CN106020729A (en) * | 2016-05-25 | 2016-10-12 | 青岛海信移动通信技术股份有限公司 | Clearing method and device for multi-media data of mobile terminal |
| CN106529329A (en) * | 2016-10-11 | 2017-03-22 | 中国电子科技网络信息安全有限公司 | Desensitization system and desensitization method used for big data |
| CN106971007B (en) * | 2017-04-28 | 2021-05-28 | 成都优易数据有限公司 | Data processing and data analysis framework controlled by data structure |
-
2017
- 2017-12-26 CN CN201711436563.5A patent/CN108121513B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103823830A (en) * | 2012-11-15 | 2014-05-28 | 国际商业机器公司 | Method and system for destruction of sensitive information |
| CN106649587A (en) * | 2016-11-17 | 2017-05-10 | 国家电网公司 | High-security desensitization method based on big data information system |
| CN107241452A (en) * | 2017-08-15 | 2017-10-10 | 江苏北弓智能科技有限公司 | A kind of data destruct system and method for mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108121513A (en) | 2018-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Maw et al. | ICS-BlockOpS: Blockchain for operational data security in industrial control system | |
| US8135135B2 (en) | Secure data protection during disasters | |
| US9002801B2 (en) | Systems and/or methods for distributed data archiving amongst a plurality of networked computing devices | |
| US9049226B1 (en) | Defending against a cyber attack via asset overlay mapping | |
| CN109308421B (en) | Information tamper-proofing method and device, server and computer storage medium | |
| US11803461B2 (en) | Validation of log files using blockchain system | |
| CN110018924A (en) | A kind of file damage preventing method based on block chain and correcting and eleting codes | |
| CN111125776A (en) | Operation data tamper-proofing method based on block chain | |
| KR100853721B1 (en) | Method for real-time integrity check and audit trail connected with the security kernel | |
| US20220269807A1 (en) | Detecting unauthorized encryptions in data storage systems | |
| US11868339B2 (en) | Blockchain based distributed file systems | |
| WO2020124067A1 (en) | Alarm management system with blockchain technology | |
| CN116578990A (en) | Comprehensive monitoring technology based on digital operation and maintenance of data center | |
| CN108121513B (en) | A kind of data destruction method and system | |
| CN112422527B (en) | Threat assessment system, method and device for substation power monitoring system | |
| Ali et al. | Audit logs management and security-A survey | |
| CN108427889A (en) | Document handling method and device | |
| CN105989482A (en) | Data encryption method | |
| CN106326769B (en) | A kind of field monitoring information processing unit | |
| Li et al. | Graded security forensics readiness of SCADA systems | |
| CN109040306A (en) | intelligent display terminal based on Internet of things | |
| CN115129783A (en) | Autonomous supervised block chain data fragment storage method for guaranteeing privacy | |
| KR102192232B1 (en) | System for providing verification and guide line of cyber security based on block chain | |
| CN115221136A (en) | Log tamper-proof verification system, method and device and computer equipment | |
| CN109783317A (en) | A kind of detection method around security management and control behavior |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |