CN111241104A - Operation auditing method and device, electronic equipment and computer-readable storage medium - Google Patents

Operation auditing method and device, electronic equipment and computer-readable storage medium Download PDF

Info

Publication number
CN111241104A
CN111241104A CN202010037891.3A CN202010037891A CN111241104A CN 111241104 A CN111241104 A CN 111241104A CN 202010037891 A CN202010037891 A CN 202010037891A CN 111241104 A CN111241104 A CN 111241104A
Authority
CN
China
Prior art keywords
log
block chain
original
elements
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010037891.3A
Other languages
Chinese (zh)
Inventor
刘斌华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202010037891.3A priority Critical patent/CN111241104A/en
Publication of CN111241104A publication Critical patent/CN111241104A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Strategic Management (AREA)
  • Computer Hardware Design (AREA)
  • Human Resources & Organizations (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Computing Systems (AREA)
  • Marketing (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses an operation auditing method, device and system, an electronic device and a computer readable storage medium, wherein the method comprises the following steps: acquiring an original operation log of a target enterprise, and extracting elements of the original operation log; the elements comprise standard elements and custom elements, wherein the standard elements comprise subjects, objects, time and operation types; carrying out hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and storing the mapping relation between the operation original log and the hash value; storing the hash value and the element into a target sub-block chain network corresponding to a target enterprise in a parent block chain network so that a supervision block chain node in the target sub-block chain network can perform operation audit on the target enterprise; the mother blockchain network comprises a plurality of sub blockchain networks, and data isolation is performed between each sub blockchain network. The operation auditing method provided by the application realizes real-time operation auditing for enterprises.

Description

Operation auditing method and device, electronic equipment and computer-readable storage medium
Technical Field
The present application relates to the field of operation auditing technologies, and in particular, to an operation auditing method and apparatus, an electronic device, and a computer-readable storage medium.
Background
At present, a supervision mechanism does not have a direct technical means for monitoring how user personal information is used in an enterprise, more is to rely on the enterprise to carry out internal audit and internal control, the supervision mechanism determines whether the enterprise is in compliance or not by carrying out regular spot check, audit and compliance check on the enterprise, and a large blind spot exists, namely, the operation audit of the enterprise is poor in instantaneity.
Therefore, how to implement real-time operation auditing for an enterprise is a technical problem to be solved by the technical personnel in the field.
Disclosure of Invention
The application aims to provide an operation auditing method and device, electronic equipment and a computer readable storage medium, and the method and device can be used for realizing real-time operation auditing of enterprises.
To achieve the above object, a first aspect of the present application provides an operation auditing method, including:
acquiring an original operation log of a target enterprise, and extracting elements of the original operation log; the elements comprise standard elements and custom elements, wherein the standard elements comprise subjects, objects, time and operation types;
performing hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and storing a mapping relation between the operation original log and the hash value;
storing the hash value and the element into a target sub-block chain network corresponding to the target enterprise in a parent block chain network so that operation audit is conducted on the target enterprise by a supervision block chain node in the target sub-block chain network; the mother blockchain network comprises a plurality of sub blockchain networks, and data isolation is performed between the sub blockchain networks.
To achieve the above object, a second aspect of the present application provides an operation auditing apparatus including:
the extraction module is used for acquiring an original operation log of a target enterprise and extracting elements of the original operation log; the elements comprise standard elements and custom elements, wherein the standard elements comprise subjects, objects, time and operation types;
the calculation module is used for carrying out hash calculation on the operation original log to obtain a hash value corresponding to the operation original log and storing the mapping relation between the operation original log and the hash value;
the storage module is used for storing the hash value and the element into a target sub-block chain network corresponding to the target enterprise in a parent block chain network so that a supervision block chain node in the target sub-block chain network can perform operation audit on the target enterprise; the mother blockchain network comprises a plurality of sub blockchain networks, and data isolation is performed between the sub blockchain networks.
To achieve the above object, a third aspect of the present application provides an electronic device comprising:
a memory for storing a computer program;
a processor for implementing the steps of the above-described operational auditing method when executing the computer program.
To achieve the above object, a fourth aspect of the present application provides a computer-readable storage medium having a computer program stored thereon, where the computer program is executed by a processor to implement the steps of the above-mentioned operation auditing method.
According to the scheme, the operation auditing method comprises the following steps: acquiring an original operation log of a target enterprise, and extracting elements of the original operation log; the elements comprise standard elements and custom elements, wherein the standard elements comprise subjects, objects, time and operation types; performing hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and storing a mapping relation between the operation original log and the hash value; storing the hash value and the element into a target sub-block chain network corresponding to the target enterprise in a parent block chain network so that operation audit is conducted on the target enterprise by a supervision block chain node in the target sub-block chain network; the mother blockchain network comprises a plurality of sub blockchain networks, and data isolation is performed between the sub blockchain networks.
The operation auditing method provided by the application utilizes the block chain network to store the operation information, namely the elements extracted from the operation original log and the hash value of the operation original log. In the parent block chain network, each sub-block chain network stores the operation information of an enterprise, only the hash value is uploaded to the sub-block chain network, and the operation original log is not directly uploaded, so that the safety of the operation information is ensured. And data isolation is performed between each sub-blockchain network, so that the operation information of different enterprises is isolated from each other in the parent blockchain network, and the safety of the operation information of the enterprises is ensured. And adding a supervision mechanism for performing operation audit on the target enterprise as a block chain link point into a target sub-block chain network corresponding to the target enterprise, acquiring elements from the target sub-block chain network in real time for performing operation audit, and inquiring an original operation log in a server of the target enterprise based on the hash value stored in the target sub-block chain network if necessary. Therefore, the operation auditing method provided by the application ensures the timeliness and the non-tampering property of the operation information of the enterprise by utilizing the characteristics of shared accounts, non-tampering and timely synchronization of the block chains, breaks through the system barrier from the enterprise to the supervision institution, and realizes the real-time operation auditing of the enterprise. The application also discloses an operation auditing device, electronic equipment and a computer readable storage medium, which can also realize the technical effects.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is an architecture diagram of an operational audit system provided by an embodiment of the present application;
FIG. 2 is a flow chart of an operation auditing method provided by an embodiment of the present application;
FIG. 3 is a flow chart of another method for auditing operation according to an embodiment of the present application;
FIG. 4 is a flow chart of another auditing method of operation provided by an embodiment of the present application;
FIG. 5 is a block diagram of an operation auditing apparatus according to an embodiment of the present application;
fig. 6 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to facilitate understanding of the operation auditing method provided by the present application, a system for use thereof is described below. Referring to fig. 1, an architecture diagram of an operation auditing system according to an embodiment of the present invention is shown, and as shown in fig. 1, the architecture diagram includes a log source 100 of a target enterprise, a server 200 of the target enterprise, and a mother blockchain network, where the mother blockchain network includes a plurality of sub blockchain networks, each enterprise corresponds to one sub blockchain network, that is, one sub blockchain network is used to store operation information of one enterprise, and data isolation is performed between each sub blockchain network, so that operation information of different enterprises are isolated from each other in the mother blockchain network, and the security of the operation information of the enterprise is ensured. The sub-blockchain network corresponding to the target enterprise is the target sub-blockchain network 300.
The number of log sources is not limited herein, i.e. log source 100 may include a plurality of log sources, each of which may be understood as a memory for storing logs, such as a kafka queue or database. Each log source may maintain an original operation log generated by one system, or may maintain original operation logs generated by a plurality of systems, which are not specifically limited herein, and these original operation logs are collectively referred to as original operation logs in the following embodiments.
The server 200 is a server of an intra-enterprise auditing system, and includes a plurality of log source plug-ins, which can be stored in the server 200 in a cluster manner, and each log source plug-in is used for acquiring an operation original log in a corresponding log source and transmitting the operation original log to the server 200, so that the cluster is expandable with the increase of the types of the log sources 100.
The server 200 further includes a plurality of tag extraction plug-ins, which may be stored in the server 200 in a cluster manner, and each tag extraction plug-in is configured to extract elements from the operation raw log of its corresponding log type.
In addition, in order to extract information closer to the service, the server 200 may further include a plurality of element extension plug-ins for extracting extension fields of the elements in the management system corresponding to the elements. The management system is used for recording basic information of each element, for example, the subject management system may include an HR system and the like, and the object management system may include a resource management system and the like.
Target sub-blockchain network 300 includes a supervisor blockchain node 31 for performing operational auditing on a target enterprise, i.e., a supervisory authority performs operational auditing on a target enterprise using the supervisor blockchain node 31. Certainly, the target sub-blockchain network 300 further includes other blockchain nodes, the server 200 may store the element extracted from the operation original log and the hash value corresponding to the operation original log into the target sub-blockchain network 300 by using the blockchain node 32, the supervision blockchain node 31 may obtain the element from the target sub-blockchain network 300 for operation audit, and may also obtain the hash value from the target sub-blockchain network 300 as needed, so as to query the operation original log in the server 200 for operation audit.
The embodiment of the application discloses an operation auditing method, which realizes real-time operation auditing of an enterprise.
Referring to fig. 2, a flowchart of an operation auditing method provided in an embodiment of the present application is shown in fig. 2, and includes:
s101: the method comprises the steps that a server obtains an original operation log of a target enterprise from a log source;
in this step, the server obtains the operation original log from the log source, and preferably, this step includes: and acquiring an operation original log from a log source by using the log source plug-in. The operation original log may include an internet application log, an instant messaging log, a data block log, an attack/scan log, a file transfer log, a remote control log, a mail log, and the like, and the internet application log may include an HTTP (Hyper Text transfer protocol) application log, an entertainment software log, an application software usage log based on a C/S (Client/Server, full chinese) architecture, and the like. The HTTP application log is a log for monitoring content information of accessing an Internet webpage, recording keyword information set by a user, information aiming at HTTPUP and recording all DNS (Domain Name System) protocol requests, and the monitoring content information of accessing the Internet webpage comprises publishing and browsing based on an HTTP protocol. The instant communication log is a log for recording various instant communication software use information, namely virtual identity information, the database log is a log for recording various data Block operations and user information, the attack/scan log is a log for recording DDOS attack (Chinese full name: Distributed denial of service attack, English full name: Distributed trust of service attack) and port scanning behavior log, the File transmission log comprises File transmission information carried out by various download tools, FTP Protocol (Chinese full name: File transmission Protocol, English full name: File Transfer Protocol) and Chinese full name: Server Message Block, and also comprises information of instant chat software point-to-point transmission files and File names, the remote control log is a log for recording various remote control software or Protocol use conditions, and comprises a TELNET Protocol (Chinese full name: remote terminal Protocol), WINDOWS remote desktop and SSH (Chinese full name: Secure Shell Protocol, English full name: Secure Shell), Mail logs are SMTP (Simple Mail Transfer Protocol), POP3 (Post Office Protocol Version 3, English full name: Post Office Protocol-Version 3) and logs of mainstream web mails, including recipients, subjects, copies, texts, attachments, and the like.
The server comprises a plurality of log source plug-ins, each log source plug-in is used for obtaining operation original logs from one log source, namely, the server obtains the operation original logs from a plurality of log sources by using the plurality of log source plug-ins. Specifically, the step may include: acquiring an operation original log in a kafka queue by using a kafka source plug-in; and/or acquiring an operation original log in the database by using a data plug-in; and/or, acquiring the reported operation original log by using a reporting interface plug-in through an interface.
In a specific implementation, for the operation original logs stored in the kafka queue, the operation original logs can be read into the server through the kafka source plug-in, and for the operation original logs stored in the database, the operation original logs can be read from the database through the data plug-in. The server may further include a reporting interface plug-in, and the reporting interface plug-in may be used to report the operation original log to the server through the interface.
The kafka source plug-in, the data plug-in and the reporting interface plug-in can be stored in a server in a cluster mode, and the cluster can be expanded as the types of log sources increase.
S102: the server extracts elements of the operation original log; the elements comprise standard elements and custom elements, wherein the standard elements comprise subjects, objects, time and operation types;
preferably, the step of extracting, by the server, the elements of the operation original log includes: determining the log type of the operation original log, and extracting elements of the operation original log by using a mark extraction plug-in corresponding to the log type.
In the log source plug-in, the operation original log is marked with basic labels, for example, a server indicates which system the operation original log is generated by, a service indicates which service interface the operation original log is generated by, and the labels can be obtained by operating the original log source system or performing simple reading analysis on the operation original log. The server may determine a log type of each operation raw log according to the above tag, where the log type may include a structured type, an sql type, a text type, and the like, and the structured day type is, for example, a json structure, an xml structure, and the like, and is not limited in detail here.
The server comprises a plurality of mark extraction plug-ins, and each mark extraction plug-in is used for extracting elements from the operation original logs of the corresponding log types, namely the server extracts the elements of the operation original logs of different log types by using different mark extraction plug-ins. The elements herein may include subject, object, time and operation type, i.e. standard elements in this step, and may also include other user-defined elements.
The plurality of tag extraction plug-ins may be stored in the server in a collection, which is extensible. The server may provide a mapping table to indicate which tag extraction plug-in can handle the raw log of operations of different log types, for example as shown in table 1:
TABLE 1
Log type Mark extraction insert
Structured type Mark extraction insert A
sql type Mark extraction plug-in B
Text type Mark extraction plug-in C
It can be understood that the log types of the operation original logs generated by different service interfaces of the same system may be different, and therefore, for the operation original logs of the same system, multiple mark extraction plug-ins can be used for element extraction at the same time. Table 1 can be extended to table 2:
TABLE 2
server service Log type Mark extraction insert
ServerA Service1 sql type Mark extraction plug-in B
ServerA Service2 Structured type Mark extraction insert A
ServerB Service3 sql type Mark extraction plug-in B
ServerC Service4 Text type Mark extraction plug-in C
Specifically, the step of extracting the element of the operation original log by using the mark extraction plug-in corresponding to the log type may include: carrying out structured analysis on the operation original log, and extracting elements of the operation original log from an analysis result; and/or analyzing the sql statement in the operation original log through a pipeline library, and extracting elements of the operation original log from an analysis result; and/or extracting elements of the operation original log by using a regular expression.
In a specific implementation, if the log type is a json or xml structured type, the structure may be analyzed, so as to further obtain each element of the original operation log. If the log type is the sql type, that is, the operation original log contains sql statements, the sql statements can be analyzed by the pipeline library, and then each element of the operation original log is obtained. Due to specific labels and keywords in the structured type and sql type operation raw logs, elements can be extracted by identifying the labels and keywords. The druid is an open-source, distributed, column-storage, and real-time data analysis system, and can summarize basic statistical indexes, that is, the elements in this embodiment can be represented by one field. If the log type is a text type, all elements of the original log can be obtained in a regular expression mode.
It should be noted that, for the mark extraction plug-in this step, the implementation manner of the mark extraction plug-in is not specifically limited in this embodiment, and for example, the mark extraction plug-in may be implemented by Java code or may be implemented by python script.
The original of the extracted operation original log can comprise standard elements and custom elements, wherein the standard elements are four operation audit elements including subjects, objects, time and operation types. These four elements can be extracted from each raw log of operations, which defines a standard story/event for each raw log of operations, i.e. what person (subject) has done what type of operation on what object at what time. The subject represents an executor of an operation, and the object represents an object on which the operation is actually acted, such as a server host, a service, a product configuration, and the like. The following examples are presented for operation:
(1) the system administrator queries a user for information. In the operation, the subject is a system administrator, the object is a user ID, and the operation type is query;
(2) the system administrator modifies the configuration of a fund. In the operation, the subject is a system administrator, the object is an ID of the fund, and the operation type is modification;
(3) an employee logs into a machine. In the operation, the subject is the employee ID, the object is the IP address of the machine, and the operation type is login;
it should be noted that the object element in one operation raw log may be multiple and various types. For example, if an employee deploys service S on machine a, machine B, and machine C, respectively, the objects include machine a, machine B, and machine C, and also include service S, and there are 4 objects in the operation.
For the object element, the object element can be extracted from the parameters in the request message recorded in the operation original log. For example, for the operation original log "system administrator inquires user information by user ID", the ID of the user may be extracted from the parameter in the request message as an object. Of course, the parameters may be extracted from the response message recorded in the operation original log. For example, for the operation of the original log, "a system administrator initiates a range query," the response message returns an information list of 10 users, and the ID of each user in the response message 10 may be used as an object. That is, the present step may include: and extracting the object of the operation original log according to the request message and the response message in the operation original log by using the mark extraction plug-in corresponding to the log type.
The parameter type of the extracted object element at least includes an object type (type) and an object name (name). For example, the object is the user ID, type is userId, and name is zhangsan. It should be noted that, in order to facilitate operation auditing across multiple log types, naming needs to be uniformly specified for the same object type. For example, for system a, the type of the user ID is userId, and in system B, the type of the user ID is user _ account, which may be unified as userId in the present embodiment.
Of course, in addition to the standard elements described above, other elements of business interest may be extracted in the markup extraction plug-in as custom elements. For example, for an original log of operations that records configured online activity, the configured amount may be of additional concern, and thus the amount may be extracted as a custom element. Of course, the user may also set other custom elements, which are not specifically limited herein.
Because different systems, even different operations in the same system, can have different log formats, the element of standardizing the operation original log can provide data support for the follow-up operation audit. For example, for an important user, it is necessary to determine whether someone has operated him in all the systems. By the object element extraction in the step, the heterogeneous logs can be subjected to unified standard query to obtain results. Similarly, the main body and the operation type have similar meanings, and the time element can understand the time of the operation and the reduction operation sequence.
S103: the server performs hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and stores the mapping relation between the operation original log and the hash value;
in this step, the operation raw logs are hashed to obtain a hash value corresponding to each operation raw log, where a specific form of the hash value is not limited, and for example, the hash value may include a hash value. The server stores the mapping relation between each operation original log and the hash value, only the hash value of the operation original log is uploaded to a target sub-block chain network in the subsequent steps, the safety of the operation original log is guaranteed, the hash value can be obtained from the target sub-block chain network when a supervision organization needs to operate the original log, and the operation original log corresponding to the hash value is determined in the server based on the mapping relation.
S104: the server stores the hash value and the element in a target sub-block chain network corresponding to the target enterprise in a parent block chain network;
in this step, the server uploads the hash values of all the operation original logs of the target enterprise and the elements extracted from the operation original logs to a target sub-blockchain network corresponding to the target enterprise in the parent blockchain network. The master block chain network comprises a plurality of sub-block chain networks, each enterprise corresponds to one sub-block chain network, namely one sub-block chain network is used for storing the operation information of one enterprise, and data isolation is performed among the sub-block chain networks, so that the operation information of different enterprises is isolated from each other in the master block chain network, and the safety of the operation information of the enterprises is ensured.
S105: and the operation audit of the target enterprise is carried out by the supervision block chain node in the target sub-block chain network.
In a specific implementation, the target sub-blockchain network includes a supervision block chain node for performing operation audit on the target enterprise, that is, the supervision entity performs operation audit on the target enterprise by using the supervision block chain node. The monitoring area blockchain node can obtain elements from the target sub-blockchain network for operation audit, and can also obtain hash values from the target sub-blockchain network if necessary, and the server inquires the operation original log corresponding to the hash values based on the mapping relation between the operation original log and the hash values to perform operation audit.
The operation auditing method provided by the embodiment of the application utilizes the block chain network to store the operation information, namely the elements extracted from the operation original log and the hash value of the operation original log. In the parent block chain network, each sub-block chain network stores the operation information of an enterprise, only the hash value is uploaded to the sub-block chain network, and the operation original log is not directly uploaded, so that the safety of the operation information is ensured. And data isolation is performed between each sub-blockchain network, so that the operation information of different enterprises is isolated from each other in the parent blockchain network, and the safety of the operation information of the enterprises is ensured. And adding a supervision mechanism for performing operation audit on the target enterprise as a block chain link point into a target sub-block chain network corresponding to the target enterprise, acquiring elements from the target sub-block chain network in real time for performing operation audit, and inquiring an original operation log in a server of the target enterprise based on the hash value stored in the target sub-block chain network if necessary. Therefore, the operation auditing method provided by the embodiment of the application ensures the timeliness and the non-tampering property of the operation information of the enterprise by utilizing the characteristics of shared accounts, non-tampering and timely synchronization of the block chain, breaks through the system barrier from the enterprise to the supervision institution, and realizes the real-time operation auditing of the enterprise.
The embodiment of the application discloses an operation auditing method, and compared with the previous embodiment, the embodiment further explains and optimizes the technical scheme. The embodiment will be described with a server as an execution subject, specifically:
referring to fig. 3, a flowchart of another operation auditing method provided in an embodiment of the present application is shown in fig. 3, and includes:
s201: acquiring an original operation log of a target enterprise, and extracting elements of the original operation log; the elements comprise standard elements and custom elements, wherein the standard elements comprise subjects, objects, time and operation types;
s202: determining sensitive information in the elements, and performing preprocessing operation on the sensitive information; wherein the sensitive information comprises user sensitive information and/or system sensitive information of the target enterprise;
the execution subject of the embodiment is a server of an enterprise internal auditing system. Before the operation information is uploaded to a target sub-block chain network, sensitive information in the operation information needs to be preprocessed to ensure the safety of data. It is understood that the whole content of the operation information can be divided into user information related to the user operation and system information unrelated to the user operation, and the user information can be divided into user sensitive information and non-user sensitive information. The sensitive information in this step may include the user sensitive information, such as user identity information, and may also include system information unrelated to the user operation, that is, system sensitive information of the target enterprise, such as an IP address, an internal database name, and an internal system name inside the target enterprise.
The specific preprocessing mode is not limited, and only the plaintext of the sensitive information cannot be acquired by other equipment accessed into the target sub-block chain network. For example, the system sensitive information in the element may be removed, or the system sensitive information may be masked. For user sensitive information, it may be encrypted. The specific encryption method is not limited here, and a symmetric encryption method or an asymmetric encryption method may be used. For the symmetric encryption mode, a shared key is distributed between a target enterprise and each supervision mechanism in advance, the target enterprise encrypts user sensitive information by using the shared key and uploads the encrypted user sensitive information to a target sub-block chain network, and the supervision mechanism reads data on the target sub-block chain network and decrypts the encrypted user sensitive information. For the asymmetric encryption mode, the public key is distributed to the target enterprise for encryption, and the supervision organization uses the private key for decryption.
S203: performing hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and storing a mapping relation between the operation original log and the hash value;
in this step, the operation raw logs are hashed to obtain a hash value corresponding to each operation raw log, where a specific form of the hash value is not limited, and for example, the hash value may include a hash value. The server stores the mapping relation between each operation original log and the hash value, only the hash value of the operation original log is uploaded to a target sub-block chain network in the subsequent steps, the safety of the operation original log is guaranteed, the hash value can be obtained from the target sub-block chain network when a supervision organization needs to operate the original log, and the operation original log corresponding to the hash value is determined in the server based on the mapping relation.
S204: storing the hash value and the preprocessed elements into a target sub-block chain network corresponding to the target enterprise in a parent block chain network, so that operation audit is conducted on the target enterprise by a supervision block chain node in the target sub-block chain network; the mother blockchain network comprises a plurality of sub blockchain networks, and data isolation is performed between the sub blockchain networks.
In this step, the server uploads the hash values of all the operation original logs of the target enterprise and the elements extracted from the operation original logs to a target sub-blockchain network corresponding to the target enterprise in the parent blockchain network, and guarantees timeliness and non-tampering of enterprise operation information by using the characteristics of shared accounts, non-tampering and timely synchronization of the blockchains. The target sub-area blockchain network comprises a supervision area blockchain node used for carrying out operation audit on the target enterprise, namely, a supervision mechanism carries out operation audit on the target enterprise by utilizing the supervision area blockchain node. The monitoring area blockchain node can obtain elements from the target sub-blockchain network for operation audit, and can also obtain hash values from the target sub-blockchain network if necessary, and the server inquires the operation original log corresponding to the hash values based on the mapping relation between the operation original log and the hash values to perform operation audit.
Therefore, according to the operation auditing method provided by the embodiment, data isolation is performed between the sub-blockchain networks corresponding to different enterprises, and the security of enterprise data is high. In the sub-block chain network, only the hash value of the operation original log is uploaded, and the operation original log is not uploaded, so that the safety of the operation original log of an enterprise is ensured. The sensitive information to be uplinked is preprocessed, so that other equipment accessed into the sub-block chain network cannot acquire the plaintext of the sensitive information, and the security is high.
The embodiment of the application discloses an operation auditing method, and compared with the first embodiment, the embodiment further explains and optimizes the technical scheme. The embodiment will be described with a server as an execution subject, specifically:
referring to fig. 4, a flowchart of another operation auditing method provided by the embodiment of the present application is shown in fig. 4, and includes:
s301: acquiring an original operation log of a target enterprise, and extracting elements of the original operation log; the elements comprise standard elements and custom elements, wherein the standard elements comprise subjects, objects, time and operation types;
s302: acquiring element extension standards from the supervision block chain nodes, and determining an extension field corresponding to each element based on the element extension standards;
in this step, the supervisor defines the extension fields that each element must extend, i.e. defines the element extension criteria, to be published into the entire target sub-blockchain network through the supervisor blockchain nodes. The server determines an extension field corresponding to each element based on the element extension criteria. In element extension, the same extension plug-in can be adopted for heterogeneous logs with different sources, and each extension plug-in is distinguished according to different elements. More important marks close to the service can be expanded for the operation original log through the extension plug-in, so that the operation audit supports stronger standardized audit.
In a specific implementation, the principal markup extension plug-in extracts basic information by calling a principal management system, where the principal management system may include the HR system or the organizational architecture system of a company, depending on the differences of the IT systems of the respective companies. For example, the actual identity of a principal, including the actual name, identification card, or equivalent identification, may be extended, as well as the role of the principal in a company, contract organization, etc. The object mark extension plug-in extracts the basic information by calling an object management system, wherein the object management system, such as a resource management system of a company, is determined according to the difference of IT systems of various companies. For example, the real identity of the object may be extended, including the real name, identification card or equivalent identification, and the attributes of the object may also be extended, for example, when the fund information purchased by the user is queried by internal staff, relevant rules should be made, and the extended relevant attributes of the fund are filled in the extended field.
Preferably, the extension field of the operation type includes a category; the determining the extension field corresponding to each element based on the element extension standard comprises: and acquiring operation type classification standard from the supervision block chain node, and determining the class of the operation type based on the operation type classification standard. In a specific implementation, servers of different enterprises define different URL names or interface names for the operation type, which are too poorly readable for the regulatory authorities. Therefore, the supervising agency can define the operation type classification standard which is convenient for auditing, the server establishes the corresponding relation between each supported operation type and the class, for example, the class corresponding to the "/api/fk _ freqen" is risk control-frozen fund ", and for the operation types which cannot be classified, Chinese annotation marks can be added.
S303: determining an operation summary field of the operation original log based on a standard reporting format according to each element and the extension field corresponding to each element;
in specific implementation, the server adds the extracted elements into a standard reporting format, where the standard reporting format is, for example:
Figure BDA0002366675200000131
Figure BDA0002366675200000141
it is understood that "user" is the subject, "operation _ type" is the operation type, "timestamp" is the time, and "object" is the object. If the elements extracted in the previous step also include the user-defined element, in the standard reporting format, other operation summary fields can be distributed for the user-defined element. In a target sub-block chain network, elements extracted from an operation original log are stored based on a standard reporting format, namely, each element is subjected to standardized processing, and a supervision organization audits operation information in a uniform format, so that the efficiency is high.
S304: storing the hash value and the operation summary field into a target sub-block chain network corresponding to the target enterprise in a parent block chain network so that a supervision block chain node in the target sub-block chain network can perform operation audit on the target enterprise; the mother blockchain network comprises a plurality of sub blockchain networks, and data isolation is performed between the sub blockchain networks.
Therefore, the operation auditing method provided by the embodiment extracts uniform element marks from operation original logs which are collected by various systems and are not formatted, so that the original completely different operation original logs can query key information by adopting the same method, more important expansion information which is close to business is expanded for each element through element expansion based on an element expansion standard defined by a supervision institution, and the operation auditing efficiency is improved.
For ease of understanding, reference is made to an application scenario of the present application. In connection with fig. 1, the nodes of target sub-blockchain network 300 include enterprise a and its associated enterprises, departments, and a plurality of regulatory agencies. And the different block chain sub-networks are used for data isolation, so that the data of different enterprises can be isolated from each other.
And collecting operation original logs through a self-built auditing system in the enterprise by block chain nodes of each subsidiary company and each department of the enterprise A, extracting four-element information, namely a subject, an object, an operation type and time, by the auditing system, and expanding the four-element information. In making a four element extension, the mandatory fields required by the regulatory body must be extended as required. The principal must extend its true identity, job position in the company, contract organization, etc. The object must extend its true identity, attributes, etc. And for the operation type, adding a category identifier according to an operation type division standard defined by a regulatory agency, and for the operation type which cannot be classified, adding a Chinese annotation mark.
The operation original log is subjected to hashing processing, and only the hash value of the operation original log is uploaded to the target sub-block chain network 300. An auditing system inside an enterprise should keep the mapping relationship between the operation original log and the hash value. When the supervision agency requires the query, the corresponding operation original log can be queried through the hash value.
The extracted elements are used for removing or masking the internal system information of the enterprise which is not related to the user operation, so that the enterprise-related information is prevented from being leaked. And carrying out encryption processing on the user sensitive information. The hash values of all the operation original logs of the enterprise a and the processed elements extracted from the operation original logs are uploaded to the target sub-block chain network 300. The supervising agency can obtain the elements from the target sub-block chain network 300 for operation auditing, and can also obtain the hash value from the target sub-block chain network if necessary, and inquire the operation original log corresponding to the hash value in the server based on the mapping relation between the operation original log and the hash value for operation auditing.
In the following, an operation auditing apparatus provided by an embodiment of the present application is introduced, and an operation auditing apparatus described below and an operation auditing method described above may be referred to each other.
Referring to fig. 5, a block diagram of an operation auditing apparatus provided in an embodiment of the present application is shown in fig. 5, and includes:
an extraction module 501, configured to obtain an original operation log of a target enterprise, and extract elements of the original operation log; the elements comprise standard elements and custom elements, wherein the standard elements comprise subjects, objects, time and operation types;
a calculating module 502, configured to perform hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and store a mapping relationship between the operation original log and the hash value;
a storage module 503, configured to store the hash value and the element in a target sub-block chain network corresponding to the target enterprise in a parent block chain network, so that a supervision block chain node in the target sub-block chain network performs operation audit on the target enterprise; the mother blockchain network comprises a plurality of sub blockchain networks, and data isolation is performed between the sub blockchain networks.
The operation auditing device provided by the embodiment of the application utilizes the block chain network to store the operation information, namely the elements extracted from the operation original log and the hash value of the operation original log. In the parent block chain network, each sub-block chain network stores the operation information of an enterprise, only the hash value is uploaded to the sub-block chain network, and the operation original log is not directly uploaded, so that the safety of the operation information is ensured. And data isolation is performed between each sub-blockchain network, so that the operation information of different enterprises is isolated from each other in the parent blockchain network, and the safety of the operation information of the enterprises is ensured. And adding a supervision mechanism for performing operation audit on the target enterprise as a block chain link point into a target sub-block chain network corresponding to the target enterprise, acquiring elements from the target sub-block chain network in real time for performing operation audit, and inquiring an original operation log in a server of the target enterprise based on the hash value stored in the target sub-block chain network if necessary. Therefore, the operation auditing device provided by the embodiment of the application ensures the timeliness and the non-tampering property of the operation information of the enterprise by utilizing the characteristics of shared accounts, non-tampering and timely synchronization of the block chain, breaks through the system barrier from the enterprise to the supervision institution, and realizes the real-time operation auditing of the enterprise.
On the basis of the above embodiment, as a preferred implementation, the method further includes:
the preprocessing module is used for determining sensitive information in the elements and preprocessing the sensitive information; wherein the sensitive information comprises user sensitive information and/or system sensitive information of the target enterprise.
On the basis of the foregoing embodiment, as a preferred implementation manner, the preprocessing module is specifically a module that removes the system sensitive information in the elements or performs masking processing on the system sensitive information.
On the basis of the foregoing embodiment, as a preferred implementation manner, the preprocessing module is specifically a module that performs encryption processing on the user sensitive information.
On the basis of the foregoing embodiment, as a preferred implementation, the storage module 503 includes:
the first determining unit is used for determining an operation summary field of the operation original log according to the element based on a standard reporting format;
and the storage unit is used for storing the hash value and the operation summary field into a target sub-block chain network corresponding to the target enterprise in a parent block chain network.
On the basis of the above embodiment, as a preferred implementation, the method further includes:
the determining module is used for acquiring element extension standards from the supervision block chain nodes and determining an extension field corresponding to each element based on the element extension standards;
correspondingly, the first determining unit is specifically a unit that determines the operation summary field of the operation original log based on a standard reporting format according to each element and the extension field corresponding to each element.
On the basis of the above embodiment, as a preferred implementation, the extension field of the operation type includes a category; the determining module comprises:
and the second determination unit is used for acquiring operation type classification standards from the supervision block chain node and determining the class of the operation type based on the operation type classification standards.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The present application also provides an electronic device, and referring to fig. 6, a structure diagram of an electronic device 60 provided in the embodiment of the present application, as shown in fig. 6, may include a processor 61 and a memory 62.
The processor 61 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 61 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 61 may also include a main processor and a coprocessor, where the main processor is a processor for processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 61 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 61 may further include an AI (Artificial Intelligence) processor for processing computing operations related to machine learning.
Memory 62 may include one or more computer-readable storage media, which may be non-transitory. The memory 62 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 62 is at least used for storing a computer program 621, wherein after being loaded and executed by the processor 61, the computer program can implement relevant steps in the operation auditing method executed by the electronic device side disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 62 may also include an operating system 622 and data 623, etc., which may be stored in a transient or persistent manner. The operating system 622 may include Windows, Unix, Linux, etc.
In some embodiments, the electronic device 60 may further include a display 63, an input/output interface 64, a communication interface 65, a sensor 66, a power source 67, and a communication bus 68.
Of course, the structure of the electronic device shown in fig. 6 does not constitute a limitation of the electronic device in the embodiment of the present application, and the electronic device may include more or less components than those shown in fig. 6 or some components in combination in practical applications.
In another exemplary embodiment, there is also provided a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the operational auditing method performed by the server of any of the above embodiments.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. An operational auditing method, comprising:
acquiring an original operation log of a target enterprise, and extracting elements of the original operation log; the elements comprise standard elements and custom elements, wherein the standard elements comprise subjects, objects, time and operation types;
performing hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and storing a mapping relation between the operation original log and the hash value;
storing the hash value and the element into a target sub-block chain network corresponding to the target enterprise in a parent block chain network so that operation audit is conducted on the target enterprise by a supervision block chain node in the target sub-block chain network; the mother blockchain network comprises a plurality of sub blockchain networks, and data isolation is performed between the sub blockchain networks.
2. The operation auditing method according to claim 1, after extracting elements of the operation original log, further comprising:
determining sensitive information in the elements, and performing preprocessing operation on the sensitive information; wherein the sensitive information comprises user sensitive information and/or system sensitive information of the target enterprise.
3. The operation auditing method of claim 2 where performing preprocessing operations on the sensitive information includes:
and removing the system sensitive information in the elements or performing masking processing on the system sensitive information.
4. The operation auditing method of claim 2 where performing preprocessing operations on the sensitive information includes:
and encrypting the user sensitive information.
5. The operation auditing method of any one of claims 1-4 where storing the hash value and the element in a target sub-blockchain network corresponding to the target enterprise in a parent blockchain network comprises:
determining an operation summary field of the operation original log according to the element based on a standard reporting format;
and storing the hash value and the operation summary field into a target sub-block chain network corresponding to the target enterprise in a parent block chain network.
6. The operation auditing method according to claim 5, after said extracting elements of said operation raw log, further comprising:
acquiring element extension standards from the supervision block chain nodes, and determining an extension field corresponding to each element based on the element extension standards;
correspondingly, determining the operation summary field of the operation original log according to the element based on the standard reporting format comprises:
and determining an operation summary field of the operation original log based on a standard reporting format according to each element and the extension field corresponding to each element.
7. The operation auditing method according to claim 5, where the extended field of the operation type includes a category; the determining the extension field corresponding to each element based on the element extension standard comprises:
and acquiring operation type classification standard from the supervision block chain node, and determining the class of the operation type based on the operation type classification standard.
8. An operation auditing apparatus, comprising:
the extraction module is used for acquiring an original operation log of a target enterprise and extracting elements of the original operation log; the elements comprise standard elements and custom elements, wherein the standard elements comprise subjects, objects, time and operation types;
the calculation module is used for carrying out hash calculation on the operation original log to obtain a hash value corresponding to the operation original log and storing the mapping relation between the operation original log and the hash value;
the storage module is used for storing the hash value and the element into a target sub-block chain network corresponding to the target enterprise in a parent block chain network so that a supervision block chain node in the target sub-block chain network can perform operation audit on the target enterprise; the mother blockchain network comprises a plurality of sub blockchain networks, and data isolation is performed between the sub blockchain networks.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the operational auditing method of any one of claims 1 to 7 when executing said computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, carries out the steps of the operational auditing method of any one of claims 1 to 7.
CN202010037891.3A 2020-01-14 2020-01-14 Operation auditing method and device, electronic equipment and computer-readable storage medium Pending CN111241104A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010037891.3A CN111241104A (en) 2020-01-14 2020-01-14 Operation auditing method and device, electronic equipment and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010037891.3A CN111241104A (en) 2020-01-14 2020-01-14 Operation auditing method and device, electronic equipment and computer-readable storage medium

Publications (1)

Publication Number Publication Date
CN111241104A true CN111241104A (en) 2020-06-05

Family

ID=70871031

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010037891.3A Pending CN111241104A (en) 2020-01-14 2020-01-14 Operation auditing method and device, electronic equipment and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN111241104A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112347119A (en) * 2020-09-18 2021-02-09 杭州安恒信息安全技术有限公司 Data storage method and device applied to auditing system and computer equipment
CN113139181A (en) * 2021-04-30 2021-07-20 成都卫士通信息产业股份有限公司 Security audit method, device, equipment and readable storage medium
CN113254964A (en) * 2021-06-02 2021-08-13 杭州趣链科技有限公司 Log security certificate storage method and device, electronic equipment and storage medium
CN114756902A (en) * 2022-04-11 2022-07-15 敏于行(北京)科技有限公司 Security audit method and device for efficient trusted structured database
CN116015840A (en) * 2022-12-23 2023-04-25 星环信息科技(上海)股份有限公司 Data operation auditing method, system, equipment and storage medium

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112347119A (en) * 2020-09-18 2021-02-09 杭州安恒信息安全技术有限公司 Data storage method and device applied to auditing system and computer equipment
CN113139181A (en) * 2021-04-30 2021-07-20 成都卫士通信息产业股份有限公司 Security audit method, device, equipment and readable storage medium
CN113254964A (en) * 2021-06-02 2021-08-13 杭州趣链科技有限公司 Log security certificate storage method and device, electronic equipment and storage medium
CN114756902A (en) * 2022-04-11 2022-07-15 敏于行(北京)科技有限公司 Security audit method and device for efficient trusted structured database
CN116015840A (en) * 2022-12-23 2023-04-25 星环信息科技(上海)股份有限公司 Data operation auditing method, system, equipment and storage medium
CN116015840B (en) * 2022-12-23 2024-01-30 星环信息科技(上海)股份有限公司 Data operation auditing method, system, equipment and storage medium

Similar Documents

Publication Publication Date Title
US10841326B2 (en) Cybersecurity system
US20230164155A1 (en) Systems and methods for automated retrieval, processing, and distribution of cyber-threat information
CN111241104A (en) Operation auditing method and device, electronic equipment and computer-readable storage medium
US9646088B1 (en) Data collection and transmission
US10891552B1 (en) Automatic parser selection and usage
US9262519B1 (en) Log data analysis
US8862537B1 (en) Selective structure preserving obfuscation
CN111274276A (en) Operation auditing method and device, electronic equipment and computer-readable storage medium
Sadique et al. Automated structured threat information expression (stix) document generation with privacy preservation
US11297105B2 (en) Dynamically determining a trust level of an end-to-end link
US11799892B2 (en) Methods for public cloud database activity monitoring and devices thereof
US11693958B1 (en) Processing and storing event data in a knowledge graph format for anomaly detection
Söderström et al. Secure audit log management
CN112714118B (en) Network traffic detection method and device
Kozlovszky Cloud security monitoring and vulnerability management
Fehér et al. Log file authentication and storage on blockchain network
CN113778709B (en) Interface calling method, device, server and storage medium
CN112347066B (en) Log processing method and device, server and computer readable storage medium
CN112346938A (en) Operation auditing method and device, server and computer readable storage medium
Mokhov et al. Automating MAC spoofer evidence gathering and encoding for investigations
US12003517B2 (en) Enhanced cloud infrastructure security through runtime visibility into deployed software
US20230164148A1 (en) Enhanced cloud infrastructure security through runtime visibility into deployed software
US20240070287A1 (en) Faster web application scans of web page data based on deduplication
US20240064163A1 (en) System and method for risk-based observability of a computing platform
Forsberg Implementation of Centralized Log Management Solution for Ensuring Privacy of Individuals as Required by EU Regulation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40024815

Country of ref document: HK

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination