Search

CN-122001636-A - Scientific research data security access method and system

CN122001636ACN 122001636 ACN122001636 ACN 122001636ACN-122001636-A

Abstract

The invention relates to a scientific research data security access method which comprises the steps of S1, S2, marking the security level of the digital object of the scientific research data after decryption and desensitization, and S3, carrying out protocol layer authorized access setting of the scientific research data according to the marked security level. The invention also relates to a scientific research data security access system. The invention can rapidly and effectively perform centralized and unified management on the scientific research data and provide more choices for application of the scientific research data.

Inventors

  • FENG JICHENG
  • CHEN XIAOLONG
  • LI SONG
  • CHENG FANGLIANG

Assignees

  • 深圳市科南软件有限公司

Dates

Publication Date
20260508
Application Date
20260126

Claims (10)

  1. 1. The scientific research data security access method is characterized by comprising the following steps: Step S1, performing decryption and desensitization on a digital object of scientific research data; s2, carrying out security level marking on the digital object of the research data after decryption and desensitization; and S3, carrying out protocol layer authorized access setting of scientific research data according to the marked security level.
  2. 2. The method of claim 1, wherein the method further comprises: And S4, performing log recording and security audit on the access of the scientific research data.
  3. 3. The method of claim 2, wherein the decryption and desensitization include sensitive metadata removal or replacement, sensitive lexicon risk scanning.
  4. 4. A method according to claim 3, wherein said step S1 comprises: the privacy, trade secrets and technical secrets contained in the digital object of the scientific data are replaced or removed according to the description of the metadata, and the words comprising the sensitive word stock are replaced.
  5. 5. The method of claim 4, wherein the security level comprises public level, authorized access, secret, confidential, and impersonative.
  6. 6. The method of claim 5, wherein said step S2 comprises: The security access control is not needed for the public level, and the authorized access is needed for the authorized access; And configuring a security access rule for secret, confidential and secret, adopting data security protection with stricter authorized access, encrypted storage and encrypted transmission, and controlling the inability to issue or open access to Internet users.
  7. 7. The method of claim 6, wherein said step S3 comprises: Setting an access control model for each digital object to authorize, wherein the access control model consists of three key data items of { digital object ID, authorized role and access right }, and the method comprises the following steps: The digital object ID is unique coding data endowed to each digital object DO when modeling scientific research data; The authorized role refers to the set user or user group; the access rights define different levels of rights.
  8. 8. The method of claim 7, wherein said step S3 further comprises: the authorized access control system for the digital object is implemented at the DOIP protocol layer.
  9. 9. The method of claim 8, wherein said step S4 comprises: and the scientific research data is used for logging the access of the data when the external service and the external service are shared, and the log records comprise { access users, access time, access modes and access object IDs }, so that backtracking and security audit are carried out on the access records.
  10. 10. The scientific research data security access system is characterized by comprising a desensitization module, a labeling module and an authorization module, wherein: The desensitization module is used for carrying out decryption and desensitization on the digital object of the scientific research data; The labeling module is used for labeling the security level of the digital object of the research data after decryption and desensitization; The authorization module is used for carrying out protocol layer authorization access setting of scientific research data according to the marked security level.

Description

Scientific research data security access method and system Technical Field The invention relates to a scientific research data security access method and system. Background The scientific research data comprise related data resources such as scientific research project management data, scientific research resource data, experimental data of scientific research activities and the like. Scientific research data is an important way for playing the value of scientific research data and promoting technological innovation for external services and sharing. Scientific data is generally stored and managed based on Digital objects (Digital objects) through a database management technology, and external services and sharing of the scientific data are performed through a data access interface. The security problems of current scientific research data access include: 1) Desensitization and decryption of scientific research data The original digital object of the scientific data may contain information such as privacy, trade secrets, technical secrets, etc. The data such as gene data of life science, medical history and the like comprise personal privacy information, and some scientific research data comprise information such as personnel, research contents, technical schemes and the like of projects, such as trade secrets, technical secrets and even national secrets and the like. Therefore, scientific research data must be subjected to decryption or desensitization treatment on original digital objects before external services and sharing, and the desensitization is non-destructive treatment, so that the multiplexing of scientific research data cannot be influenced. 2) Problem of labeling security level of digital object of scientific research data And (3) carrying out security level marking on the digital object of the scientific research data, such as security classification of 'disclosure level, authorized access, secret, confidential, secret-proof', and the like, and flexibly adopting different security access strategies according to different security levels of the digital object. 3) Authorized access problem for scientific research data Scientific data is shared freely according to the value of the data content, and some data needs to be paid for use or authorized to be accessed. Therefore, scientific research data must provide access authorization for external services and sharing, and only authorized users can access the data. 4) Access log and security audit problem of scientific research data When external service and sharing are authorized to access the scientific research data, log records are needed to be carried out on the access of the data, including access users, access time, access modes and the like, so that backtracking and security audit are carried out on the access records. The drawbacks of prior art secure access control include: 1) Authorization by the application program limits the flexibility of data utilization: The security management of data access is generally performed by an application program, and the related management system can be operated only after the user authorization. The authorization mode is to conduct function authorization aiming at a specific data management application system, and flexibility is not enough. 2) The existing authorization based on the data set has thicker management granularity: The traditional data security access authorization is based on rules, certain data sets are authorized, granularity of authority control is thicker, and fine data protection cannot be achieved. Disclosure of Invention In view of this, it is necessary to provide a method and a system for securely accessing scientific research data. The invention provides a scientific research data security access method which comprises the steps of S1, S2, marking the security level of the digital object of the scientific research data after decryption and desensitization, and S3, carrying out protocol layer authorized access setting of the scientific research data according to the marked security level. Wherein the method further comprises the following steps: And S4, performing log recording and security audit on the access of the scientific research data. The decryption and desensitization comprise removal or replacement of sensitive metadata and risk scanning of a sensitive word stock. The step S1 comprises the following steps: the privacy, trade secrets and technical secrets contained in the digital object of the scientific data are replaced or removed according to the description of the metadata, and the words comprising the sensitive word stock are replaced. The security level includes public level, authorized access, secret, confidential, and impersonative. The step S2 includes: The security access control is not needed for the public level, and the authorized access is needed for the authorized access; And configuring a security access rule for secret, confidential and secret, adopting data