CN-116346592-B - Trusted third party audit method and system for deleting personal information

Abstract

The application relates to a trusted third party audit method and a system for deleting personal information, wherein the method comprises the steps of acquiring a plurality of log data of a person information source domain deleting main body and a related domain deleting main body in a network; normalizing the log data through a preset analysis rule and generating normalized log data, and carrying out notification consistency and operation compliance analysis on the normalized log data through a correlation analysis mode. According to the method, based on audit analysis of the log file, whether the information deleting process accords with multi-dimensional or multi-level audit judging conditions or not is obtained, and abnormal deleting behaviors of the personal information are obtained timely, so that the personal information deleting is ensured to meet the compliance internal control requirements, industry standards and policy regulations.

Inventors

• XU PENG
• SU YIXIN
• WANG WEI
• YU MENGYANG
• CHEN TIANYANG
• JIN HAI

Assignees

• 华中科技大学

Dates

Publication Date

20260505

Application Date

20230329

Claims (6)

1. 1. A trusted third party audit method for personal information deletion, the method comprising: Acquiring log data of any personal information source domain deleting main body and associated domain deleting main bodies in a network, wherein the personal information source domain deleting main body is a main body data platform or system for personal information management, and the associated domain deleting main body is other data platforms or systems which have personal information acquisition, use, sharing and backup relations with the personal information source domain deleting main body; Normalizing the log data through a preset analysis rule and generating normalized log data; Analyzing each item in a deletion notification normalized log of a personal information source domain deletion subject one by one and defining a current analysis item as a first item, finding a corresponding second item in the deletion notification confirmation normalized log of the related domain deletion subject according to a key field in the first item, and obtaining a notification consistency audit analysis result according to a presence correspondence result and a content correspondence result of the first item and the second item, wherein the presence correspondence result refers to the second item which corresponds to the deletion notification confirmation normalized log of the related domain deletion subject and can be found according to the key field in the first item; The method comprises the steps of analyzing each item in a deleting operation normalization log of a personal information source domain deleting main body and an associated domain deleting main body one by one, defining a current analysis item as a first item, finding a corresponding second item in the deleting effect self-evaluating normalization log in the same domain according to a key field in the first item, obtaining an operation compliance audit analysis result according to a corresponding result of the first item and the second item and a content compliance result, wherein the corresponding result refers to the second item which corresponds to the deleting effect self-evaluating normalization log in the same domain and can be found according to the key field in the first item, and the content compliance result refers to a deleting request consistency evaluation result, a deleting operation validity evaluation result and a deleting unrecoverability evaluation result in the second item.
2. 2. The method of claim 1, wherein obtaining log data for any one of the human information source domain deletion principals and their associated domain deletion principals within the network comprises: the log data comprises content data and tag data, and the content data is received after the tag data passes verification, wherein the content data comprises a deletion notification log, a deletion notification confirmation log, a deletion operation log and a deletion effect self-evaluation log.
3. 3. The method of claim 2, wherein normalizing the log data and generating normalized log data by a preset parsing rule comprises: and merging log information in a mode of filtering useless fields in the log, extracting key field information in the log data and recombining the key field information into a corresponding normalized log by using a corresponding normalized format.
4. 4. The method according to claim 1, wherein the method further comprises: after the association analysis of the normalized log data is completed, generating a personal information deletion third party audit log; and deleting the third-party audit log based on the personal information to obtain log data backtracking of personal information deletion abnormality and obtaining evidence of the original log data.
5. 5. The method of claim 4, wherein obtaining log data backtracking of personal information deletion exceptions based on the personal information deletion third party audit log and forensics of the original log data comprises: And acquiring notification consistency and operation compliance audit analysis results of personal information deletion, searching and positioning related log data items and giving evidence obtaining analysis results.
6. 6. A trusted third party audit system for personal information deletion, the system for performing the trusted third party audit method for personal information deletion of one of claims 1 to 5, the system comprising at least: the log acquisition module (1) is configured to acquire a plurality of log data of any one person information source domain deletion subject and a related domain deletion subject in a network; And the log analysis module (2) is configured to normalize the log data through a preset analysis rule and generate normalized log data, and carry out notification consistency and operation compliance analysis on the normalized log data through a correlation analysis mode.

Description

Trusted third party audit method and system for deleting personal information Technical Field The invention relates to the technical fields of information technology, computer technology, network technology and Internet, in particular to an auditing method and an information protection technology field, and specifically relates to a trusted third party auditing method and system for deleting personal information. Background With the wide circulation of personal information and the requirements of related laws and regulations, the deletion operation of personal information is becoming more and more popular, and various cases of data disclosure also make users more and more attach importance to the deletion of personal information and the protection of personal information. Although the existing internet enterprises generally promise that personal information can be completely deleted after the user does not need to provide services for the user, the existing data deleting technology is implemented variously, has different effects, and cannot ensure that the personal information is deleted safely. In order to better monitor and ensure the operation of the deleting main body in the personal information domain, timely identify the abnormal operation and internal violation conditions of the deleting main body, provide necessary information for post analysis, investigation and evidence collection of security events, and require trusted third party audit for the personal information deleting behavior. National policy regulations, industry standards and the like also clearly put forward requirements on log audit, and the log audit becomes a necessary function for enterprises to meet compliance internal control requirements. The existing personal information deletion auditing method mainly comprises two modes of manual auditing and automatic auditing. The manual audit generally needs professional personnel to operate, is tedious in operation, time-consuming and high in cost, and is difficult to audit the deleting process of the personal information association domain. Automatic auditing is generally to simply look at whether to delete a notification, making it difficult to ensure compliance of the notification and compliance of the operation. In the prior art, a technical scheme for improving audit efficiency and audit quality is also provided, for example, patent with bulletin number of CN106095575B discloses a device, a system and a method for log audit, the device for log audit is connected with at least two devices of a peripheral, each collecting process in a collecting unit is used for receiving log files sent by at least two devices of the peripheral when the device is idle, each normalizing process in a normalizing unit is used for determining a normalizing rule, each normalizing process in the normalizing unit is used for analyzing log file attributes, each normalizing rule and each log file attribute are used for determining association attributes of the log files, each associating process in a log associating unit is used for determining association rules and alarm rules, each log associating unit is used for carrying out log association according to the association rules when the associated attributes are received, each alarm unit is triggered when log association meets the alarm rules, and each alarm unit is used for carrying out log audit alarm. The technical scheme optimizes the log audit process through the processes of collection, normalization, association, judgment, alarm and the like to improve the audit efficiency, but the technical scheme does not relate to the examination of the specific content of the log and the judgment of the compliance of the log. The patent with the bulletin number of CN107818150B discloses a log auditing method and a log auditing device, which can realize the standardization of the initial logs of all components in big data platforms with different sources and formats by analyzing the original logs acquired from all big data platform components, field standardization mapping and operation type and operation item division processing of the logs, and then, according to the auditing requirements of big data security control, adopting corresponding auditing rules and analysis strategies to automatically audit and analyze the standardized logs of all the components in the big data platform so as to determine whether the management and data access operations of the big data platform and the components meet the security technical specifications and management requirements. The patent with the publication number of CN115408229A discloses an operation log auditing method, an operation log auditing device, electronic equipment and a storage medium, wherein the method comprises the steps of obtaining an operation log of an account to be audited, inputting the operation log of the account to be audited into a log auditing model to obtain an auditing result of the account to be audi