摘要
随着我国高速铁路的发展,铁路出行成为主要客运途径之一。作为铁路运输的主要营收系统,全国铁路客票预订与发售系统支持窗口、代理点、移动终端、网络等多种售票方式,成为全国最大的网上交易系统。由于铁路系统的分布式、跨地域、覆盖全国的特点,具有典型的大数据特征,服务旅客范围覆盖全国13亿民众。海量的铁路隐私信息处理,必然面临大数据条件下的隐私保护安全威胁。因此,铁路旅客数据隐私信息安全保护成为亟待解决的焦点问题。在全国铁路客票安全系统研发、工程实施、实际运维十余年的经验基础上,基于安全管理控制平台的优势,提出一种基于安全管理控制平台的铁路旅客隐私信息保护的技术框架体系。该框架体系具有分布式,多层级的防护特点,适合我国铁路旅客信息大数据安全保护场景。
With the development of China's high-speed railway,railway travel becomes one of the main passenger transportroutes.As the main revenue system of railway transportation,the railway ticket reservation and sale system now becomes the largest online trading system in Chinaby supportingvarious ticketing modes,such as window,agent point,mobile terminal,network and so on.Because of the distributed,cross-regional and nationwide characteristics of the railway system,it has the typical characteristics of big data,covering 1.3 billion people nationwide.Massive railway privacy information processing would inevitably face privacy protection security threats under big data conditions.Therefore,privacy and information security protection of railway passenger data becomesthe focus problem demanding prompt solution..Withmore than ten years' experience in research and development,project implementation and actual operation-andmaintenance of national passenger ticket security system,including the advantages of security management control platform,a technical framework system for railway passenger privacy information protection based on security management control platform is proposed.The framework system,for its distributed and multilevel protection features,isquitesuitable for the big data security protection scenario of railway passenger information in China.
引文
[1]i199IT.中国铁路总公司:2017年中国高铁通车里程已达2.5万公里[EB/OL].2018-1-2.http://www.199it.com/archives/670384.html I199IT.China Railway Corporation:ChineseHigh-speed Railway Has Reached a Total Mileage of 25 Thousand Kilometers[EB/OL].2018-1-2.http://www.199it.com/archives/670384.html
[2]中华人民共和国国务院新闻办公室,中国交通运输发展[N].人民日报,2016-12-30(003).The Information Office of The State Council of The People’s Republic of China,Chinese Transportation Development[N].The People’s Daily,2016-12-30(003).
[3]铁路客票发售与预定系统产品介绍[J].铁路计算机应用,2015,24(11):3-3;5-7.Introduction to Railway Ticket Sales and Reservation System[J].Railway Computer Application,2015,24(11):3-3;5-7.
[4]韩静.云计算环境下隐私保护的现状和对策[EB/OL].2018-12-04 13:36:12.http://kns.cnki.net/kcms/detail/10.1108.TP.20181204.1334.294.html HAN Jing.Current Situation and Countermeasures of Privacy Protection in Cloud Computing Environment[EB/OL].2018-12-04 13:36:12.http://kns.cnki.net/kcms/detail/10.1108.TP.20181204.1334.294.html
[5]吕欣,韩晓露.大数据安全和隐私保护技术架构研究[J].信息安全研究,2016,2(3):244-250.LV Xin,HAN Xiao-lu.Research on the Technology Architecture of Big Data Security and Privacy System[J].Journal of Information Security Research,2016,2(3):244-250.
[6]冯登国,张敏,李昊.大数据安全与隐私保护[J].计算机学报,2014,37(1):246-258.FENG Deng-Guo,ZHANG Min,LI Hao.Big Data Security and Privacy Protection[J].Chinese Journal of Computers,2014,2(3):246-258.
[7]曹珍富,董晓蕾,周俊,等.大数据安全与隐私保护研究进展[J].计算机研究与发展,2016,53(10):2137-2151.CAO Zhen-fu,DONG Xiao-lei,ZHOU Jun,et al.Research Advances on Big Data Security and Privacy Preserving[J].Journal of Computer Research and Develop ment,2016,53(10):2137-2151.
[8]史天运,刘军,李平等.铁路大数据平台总体方案及关键技术研究[J].铁路计算机应用,2016,25(9):1-6.SHI Tian-yun,LIU Jun,LI Ping,et al.Overall Scheme and Key Technologies of Big Data Platform for China Railway[J].Railway Computer Application,2016,25(9):1-6.
[9]戚建淮,伍立华,徐国前,等.基于网络事件流的SOC的网络安全解决方案[J].信息网络安全,2008(03):42-46.QI Jian-huai,WU Li-hua,XU Guo-qian,et al.SOCNetwork Security Solution Based on Network Event Flow[J].Information Network Security,2008(03):42-46.
[10]戚建淮,郑伟范,伍立华,等.基于多源事件融合的分布式SOC技术体系[J].信息安全与通信保密,2008(04):67-70.QI Jian-huai,ZHENG Wei-fan,WU Li-hua,et al.Distributed SOC Technology System Based on Multisource Events Fusion[J].Information Security and Communication Confidentiality,2008(04):67-70.
[11]戚建淮,郑伟范,宋晶,等.基于可信计算技术构建智能信息安全管理控制平台[J].信息网络安全,2009(05):14-16.QI Jian-huai,ZHENG Wei-fan,SONG Jing,et al.Intelligent Information Security Management and Control Platform Based on Trusted Computer[J].Information Network Security,2009(05):14-16.
[12]戚建淮,宋晶,汪暘,等.强制访问控制技术在数据库安全访问中的应用[J].通信技术,2018,51(3):692-695.QI Jian-huai,SONG Jing,WANG Yang,et al.Application of Mandatory Access Control Technology in Database Security Access[J].Communications Technology,2018,51(3):692-695.
[13]GB/T 25056-2010,信息安全技术证书认证系统密码及其相关安全技术规范[S].GB/T 25056-2010,Information Security TechniquesSpecifications of Cryptograph and Related Security Technology for Certificate Authentication System[S].