CN108600185A - A kind of data security transmission network system and its method - Google Patents

A kind of data security transmission network system and its method Download PDF

Info

Publication number
CN108600185A
CN108600185A CN201810271285.0A CN201810271285A CN108600185A CN 108600185 A CN108600185 A CN 108600185A CN 201810271285 A CN201810271285 A CN 201810271285A CN 108600185 A CN108600185 A CN 108600185A
Authority
CN
China
Prior art keywords
data
module
transmission
file
analysis
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201810271285.0A
Other languages
Chinese (zh)
Inventor
黄祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HONGXU INFORMATION TECHNOLOGY Co Ltd WUHAN
Original Assignee
HONGXU INFORMATION TECHNOLOGY Co Ltd WUHAN
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HONGXU INFORMATION TECHNOLOGY Co Ltd WUHAN filed Critical HONGXU INFORMATION TECHNOLOGY Co Ltd WUHAN
Priority to CN201810271285.0A priority Critical patent/CN108600185A/en
Publication of CN108600185A publication Critical patent/CN108600185A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

The invention discloses a kind of data security transmission network system and its methods, are related to Technology On Data Encryption.This system includes data acquisition module(100), data transmission module(200), data preprocessing module(300), data isolation module(400)And data analysis module(500);Its interactive relation is:Data acquisition module(100), data transmission module(200), data preprocessing module(300), data isolation module(400)And data analysis module(500)It interacts successively.1. the present invention can preferably realize the transmission of data;2. in conjunction with port mapping techniques, unauthorized access is shielded;3. using data isolation technology, ensure the one-way of data transmission, it is ensured that the safety of clear text file.The present invention has reached safe transmission of the data in network system by a series of data processing safe practice, and strong support is provided in data security transmission field.

Description

A kind of data security transmission network system and its method
Technical field
The present invention relates to Technology On Data Encryption more particularly to a kind of data security transmission network systems and its method.
Background technology
With the continuous development of network technology, all trades and professions, which are substantially all, has used electronic office, special at some In security fields, need to acquire some specific informations of locality, specific region, in real-time report to background server into Row analyzing processing.In whole system processing procedure, the safety for ensureing data transmission and data storage as much as possible is needed.
Currently, the most methods of transmission security are that data are encrypted in order to protect data.Encryption method includes Symmetrical and two class of asymmetric.Symmetry encryption is exactly encryption and decryption uses the same key, normally referred to as " Session Key " this encryption technology is widely adopted at present;Unsymmetrical tridiagonal matrix be exactly encryption and decryption used in not It is the same key, usually there are two key, referred to as " public key " and " private key ", both must match use, otherwise cannot Open encryption file.Here " public key " refers to externally announcing, " private key " then cannot, can only be known by one people of holder Road.Following disadvantage is individually present for this two classes Encryption Algorithm:
1, symmetry encryption method, before data transmission, sender and recipient must agree upon secret key, then make both sides can Keep secret key.If secondly as soon as the secret key of side is leaked, then encryption information is also dangerous.In addition, each pair of user is each When using symmetric encipherment algorithm, it is required for using other people ignorant unique secret keys, this can so that sending and receiving both sides are possessed Key enormous amount, key management become the burden of both sides;
2, unsymmetrical tridiagonal matrix method largely ensures the safety of data, but processing speed is slower;
3, symmetrical and unsymmetrical tridiagonal matrix algorithm is all the safety for ensureing data from software view, is not protected from physical layer Data transmission security is demonstrate,proved, all there is the danger broken through by hacker.
Invention content
The purpose of the present invention, which is that, overcomes current data transmission in network existing unsafe problems in the process, provides one Kind data security transmission network system and its method, reach data security transmission to realize using common web-transporting device Effect.
Realizing the technical solution of the object of the invention is:
Using port mapping technology, data encryption technology and data isolation technology, not only may be implemented to use to a certain extent The functional requirement at family, meanwhile, in turn ensure the safety of data transmission and storage.
One, data security transmission network system(Abbreviation system)
This system includes data acquisition module, data transmission module, data preprocessing module, data isolation module and data analysis Module;
Its interactive relation is:
Data acquisition module, data transmission module, data preprocessing module, data isolation module and data analysis module are handed over successively Mutually.
Two, data safe transmission method(Abbreviation method)
This method includes the following steps:
1. data acquisition module is obtained the target data of needs by front-end collection equipment, and collected data are utilized TCP/IP data packets are transferred to data preprocessing module by data transmission module and carry out a series of safe handlings;
2. data transmission module includes wired and wireless two kinds of transmission modes, it is responsible for providing data acquisition module and data prediction Communication link between module;
It is pushed away 3. data preprocessing module includes port mapping module, collecting device control module, data encryption module and data Send module four parts, by port come ensure access safety, then to data acquisition module upload data be encrypted with And push, while controlling to headend equipment;
4. data preprocessing module is handled later data file and is transported in data analysis module by data isolation module, and Ensure the one-way of data transmission, only data is allowed to be transmitted from data preprocessing module to data analysis module;
5. data analysis module includes data receiver and deciphering module and data loading and analysis module two parts, complete to receive number The data transmitted according to isolation module, and to the data deciphering, in storage to database, it is used for data analysis.
The present invention has following advantages and good effect:
1. the transmission of data can be realized preferably;
2. in conjunction with port mapping techniques, unauthorized access is shielded;
3. using data isolation technology, ensure the one-way of data transmission, it is ensured that the safety of clear text file.
In short, the present invention has reached safety of the data in network system by a series of data processing safe practice Transmission, strong support is provided in data security transmission field.
Description of the drawings
Fig. 1 is the block diagram of this system;
Wherein:
100-data acquisition modules;
200-data transmission modules,
201-wire transmission modules, 202-wireless transport modules;
300-data preprocessing modules,
301-port mapping modules, 302-collecting device control modules,
303-data encryption modules, 304-file push modules;
400-data isolation modules,
500-data analysis modules,
501-data receivers and deciphering module,
502-data loadings and analysis module.
English to Chinese
TCP/IP:Transmission control protocol/internet protocol;
AES:A kind of Encryption Algorithm standard.
Specific implementation mode
It is described in detail below in conjunction with drawings and examples:
One, system
1, overall
Such as Fig. 1, this system include data acquisition module 100, data transmission module 200, data preprocessing module 300, data every From module 400 and data analysis module 500;
Its interactive relation is:
Data acquisition module 100, data transmission module 200, data preprocessing module 300, data isolation module 400 and data point Analysis module 500 interacts successively.
2, function module
1)Data acquisition module 100
Data acquisition module 100 refers to any general name that can acquire target data and the equipment with certain data format.
2)Data transmission module 200
Data transmission module 200 includes wired transmission module 201 and wireless transport module 202, is responsible for providing network communication link;
(1)Wire transmission module 201 refers to providing communication link by cable interconnection;
(2)Wireless transport module 202 refers to by wireless backhaul real-time performance communication link.
3)Data preprocessing module 300
Data preprocessing module 300 includes port mapping module 301, collecting device control module 302, data encryption module 303 With data pushing module 304;
Port mapping module 301 is interacted with collecting device control module 302 and data encryption module 303 respectively, collecting device control Molding block 302 and data encryption module 303 are interacted with data-pushing module 304 respectively;
Data preprocessing module 300 ensures the safety accessed by port, the data then uploaded to data acquisition module 100 It is encrypted and push function, meanwhile, the control function to headend equipment is provided.
(1)Port mapping module 301
The submodule carries out port numbers general in public network to be mapped to the port numbers that are of little use, and in certain degree, prevents one A little simple network attacks;
(2)Collecting device control module 302
Submodule realization carries out relevant control function in background system to data acquisition module 100, for example, data acquire Parameter configuration, startup and the closing of module 100;
(3)Data encryption module 303
The data acquisition information that submodule parsing data acquisition module 100 uploads in real time, meanwhile, the data of acquisition are passed through AES encryption algorithm is encrypted, to which TCP/IP data packets are produced ciphertext, after preventing data preprocessing module 300 from being attacked, Data file loses the loss brought;
(4)File push module 304
The submodule realizes that the file that real time monitoring encrypting module generates passes through data in time once there is new ciphertext to generate The ciphertext is transported in data analysis module by isolation module, meanwhile, the file completed will be carried and deleted, dropped most possibly Low data leak probability.
4)Data isolation module 400
Data isolation module 400 is accomplished that file filter and ensures the one-way of data transmission, passes through specified special text Part type only allows certain types of file that can be handled upside down to limit;Meanwhile being ensured by limiting the one-way of data transmission The data being moved in data analysis module will not be obtained by third party.
5)Data analysis module 500
Data analysis module 500 includes the data receiver and deciphering module 501 and data loading and analysis module of front and back interaction 502;
Data are received, and to the data deciphering, are then stored into database, data analysis is used for.
3, working mechanism
Data acquisition module 100 passes through after specific data acquisition according to certain data format in data transmission module 200 Wire transmission module 201 or wireless transport module 202, by the data transmission of acquisition to data preprocessing module 300;Locating in advance It manages in module 300, first, a part of unauthorized access is filtered out by port mapping module 301, in collecting device control module Relevant control is carried out to collecting device in 302, is then ciphertext to the data encryption of reception by data encryption module 303, Finally, by data-pushing module 304 by ciphertext data-pushing to data isolation module 400;Data isolation module 400 passes through text Part carries technology to ensure the one-way of data transmission, only allows file from data preprocessing module 300 to data analysis module 500 transmission;In data analysis module 500, data receiver is decrypted the ciphertext of reception with deciphering module 501, obtains to solve Clear data is parsed deposit database by the clear data of analysis, finally, data loading with analysis module 502, is convenient for background system Analyzing processing.
Two, method
1, step is 1.
A, the target data refers to data that are any with certain data structure and being parsed by background system;
B, the data preprocessing module that transfers data to refers to the data that will be acquired in real time by TCP/IP data The form of packet is transmitted to data preprocessing module, convenient for real time parsing and encrypts;
2, step is 2.
A, wire transmission is referred to realizing by cable connection between data acquisition module and data preprocessing module and be communicated;
B, wireless transmission refers to mutually communicating to realize by wireless protocols between data acquisition module and data preprocessing module Letter, such as wireless 3g return module;
3, step is 3.
A, port mapping module carries out port numbers general in public network to be mapped to the port numbers that are of little use, and prevents to a certain extent Some simple network attacks;
B, collecting device control module carries out relevant control function in background system to data acquisition module, including data are adopted Collect parameter configuration, startup and the closing of module;
C, the data acquisition information that data encryption module parsing data acquisition module uploads in real time, meanwhile, the data of acquisition are led to AES encryption algorithm is crossed to be encrypted, to which TCP/IP data packets are produced ciphertext, after preventing data preprocessing module from being attacked, Data file loses the loss brought;
D, the file that file push module real time monitoring encrypting module generates passes through number in time once there is new ciphertext to generate The ciphertext is transported in data analysis module according to isolation module, meanwhile, the file completed will be carried and deleted, data are reduced and let out Leak probability;
4, step is 4.
Data isolation module makes file filter and ensures the one-way of data transmission, is limited by specified special file type System only allows certain types of file to be handled upside down;Meanwhile ensureing to be moved to data by limiting the one-way of data transmission Data in analysis module will not be obtained by third party;
5, step is 5.
A, data receiver and deciphering module go down to receive the ciphertext that the carrying of data isolation module comes in the catalogue of default, so Ciphertext is subjected to data deciphering according to the key decided through consultation afterwards, obtains clear text file, for the processing of other module analysis;
B, data loading and analysis module parse the clear data after decryption according to set data format, then, will parse In data storage to database afterwards, to which just called data carries out analyzing processing to background analysis module directly from database.

Claims (8)

1. a kind of data security transmission network system, it is characterised in that:
Including data acquisition module(100), data transmission module(200), data preprocessing module(300), data isolation module (400)And data analysis module(500);
Its interactive relation is:
Data acquisition module(100), data transmission module(200), data preprocessing module(300), data isolation module(400) And data analysis module(500)It interacts successively.
2. a kind of data security transmission network system as described in claim 1, it is characterised in that:
The data preprocessing module(300)Including port mapping module(301), collecting device control module(302), data Encrypting module(303)With data pushing module(304);
Port mapping module(301)Respectively with collecting device control module(302)And data encryption module(303)Interaction, acquisition Device control module(302)And data encryption module(303)Respectively with data-pushing module(304)Interaction;
The port mapping module(301)Port numbers general in public network are carried out to be mapped to the port numbers that are of little use;
The data encryption module(303)Parse data acquisition module(100)The data acquisition information uploaded in real time, meanwhile, The data of acquisition are encrypted by AES encryption algorithm, to which TCP/IP data packets are produced ciphertext;
The file push module(304)Monitor the file that encrypting module generates in real time, once there is new ciphertext to generate, in time The ciphertext is transported in data analysis module by ground by data isolation module, meanwhile, the file completed will be carried and deleted, most Data leak probability is possibly reduced greatly.
3. a kind of data security transmission network system as described in claim 1, it is characterised in that:
The data isolation module(400)It is by specifying special file type only to allow certain types of file to limit It can be handled upside down;Meanwhile ensureing that the data being moved in data analysis module will not by limiting the one-way of data transmission It is obtained by third party.
4. a kind of data security transmission network system as described in claim 1, it is characterised in that:
The data analysis module(500)Data receiver including front and back interaction and deciphering module(501)With data loading with Analysis module(502).
5. the data safe transmission method based on data security transmission network system described in claim 1-4, it is characterised in that:
1. data acquisition module is obtained the target data of needs by front-end collection equipment, and collected data are utilized TCP/IP data packets are transferred to data preprocessing module by data transmission module and carry out a series of safe handlings;
2. data transmission module includes wired and wireless two kinds of transmission modes, it is responsible for providing data acquisition module and data prediction Communication link between module;
It is pushed away 3. data preprocessing module includes port mapping module, collecting device control module, data encryption module and data Send module four parts, by port come ensure access safety, then to data acquisition module upload data be encrypted with And push, while controlling to headend equipment;
4. data preprocessing module is handled later data file and is transported in data analysis module by data isolation module, and Ensure the one-way of data transmission, only data is allowed to be transmitted from data preprocessing module to data analysis module;
5. data analysis module includes data receiver and deciphering module and data loading and analysis module two parts, complete to receive number The data transmitted according to isolation module, and to the data deciphering, in storage to database, it is used for data analysis.
6. data safe transmission method as described in claim 4, it is characterised in that:
The step is 3.:
A, port mapping module carries out port numbers general in public network to be mapped to the port numbers that are of little use, and prevents to a certain extent Some simple network attacks;
B, collecting device control module carries out relevant control function in background system to data acquisition module, including data are adopted Collect parameter configuration, startup and the closing of module;
C, the data acquisition information that data encryption module parsing data acquisition module uploads in real time, meanwhile, the data of acquisition are led to AES encryption algorithm is crossed to be encrypted, to which TCP/IP data packets are produced ciphertext, after preventing data preprocessing module from being attacked, Data file loses the loss brought;
D, the file that file push module real time monitoring encrypting module generates passes through number in time once there is new ciphertext to generate The ciphertext is transported in data analysis module according to isolation module, meanwhile, the file completed will be carried and deleted, data are reduced and let out Leak probability.
7. data safe transmission method as described in claim 4, it is characterised in that:
The step is 4.:
Data isolation module makes file filter and ensures the one-way of data transmission, is limited by specified special file type System only allows certain types of file to be handled upside down;Meanwhile ensureing to be moved to data by limiting the one-way of data transmission Data in analysis module will not be obtained by third party.
8. data safe transmission method as described in claim 4, it is characterised in that:
The step is 5.:
A, data receiver and deciphering module go down to receive the ciphertext that the carrying of data isolation module comes in the catalogue of default, so Ciphertext is subjected to data deciphering according to the key decided through consultation afterwards, obtains clear text file, for the processing of other module analysis;
B, data loading and analysis module parse the clear data after decryption according to set data format, then, will parse In data storage to database afterwards, to which just called data carries out analyzing processing to background analysis module directly from database.
CN201810271285.0A 2018-03-29 2018-03-29 A kind of data security transmission network system and its method Withdrawn CN108600185A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810271285.0A CN108600185A (en) 2018-03-29 2018-03-29 A kind of data security transmission network system and its method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810271285.0A CN108600185A (en) 2018-03-29 2018-03-29 A kind of data security transmission network system and its method

Publications (1)

Publication Number Publication Date
CN108600185A true CN108600185A (en) 2018-09-28

Family

ID=63623889

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810271285.0A Withdrawn CN108600185A (en) 2018-03-29 2018-03-29 A kind of data security transmission network system and its method

Country Status (1)

Country Link
CN (1) CN108600185A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115664841A (en) * 2022-11-14 2023-01-31 济南大学 Data acquisition system and method with network isolation and one-way encryption transmission functions

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101316381A (en) * 2007-05-30 2008-12-03 华源润通(北京)科技有限公司 Terminal and total system data security protection method for mobile inquiry system
CN102665055A (en) * 2012-03-28 2012-09-12 姜宁 Equipment and method for IO remote mapping
CN103997495A (en) * 2014-05-23 2014-08-20 中国人民解放军理工大学 Security isolation file transmission control method
CN106027463A (en) * 2016-01-21 2016-10-12 李明 Data transmission method
WO2017083514A1 (en) * 2015-11-10 2017-05-18 Idac Holdings, Inc. Downlink control channel design and signaling for beamformed systems
US20170302696A1 (en) * 2016-04-14 2017-10-19 Sophos Limited Intermediate encryption for exposed content

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101316381A (en) * 2007-05-30 2008-12-03 华源润通(北京)科技有限公司 Terminal and total system data security protection method for mobile inquiry system
CN102665055A (en) * 2012-03-28 2012-09-12 姜宁 Equipment and method for IO remote mapping
CN103997495A (en) * 2014-05-23 2014-08-20 中国人民解放军理工大学 Security isolation file transmission control method
WO2017083514A1 (en) * 2015-11-10 2017-05-18 Idac Holdings, Inc. Downlink control channel design and signaling for beamformed systems
CN106027463A (en) * 2016-01-21 2016-10-12 李明 Data transmission method
US20170302696A1 (en) * 2016-04-14 2017-10-19 Sophos Limited Intermediate encryption for exposed content

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
罗金满: "《智能电网信息安全交互模型及关键技术研究》", 《电力信息》 *
陈飞: "《智能电网信息安全交互模型及关键技术研究》", 《中国优秀博士学位论文全文数据库(电子期刊)信息科技辑》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115664841A (en) * 2022-11-14 2023-01-31 济南大学 Data acquisition system and method with network isolation and one-way encryption transmission functions

Similar Documents

Publication Publication Date Title
FI113119B (en) A method for securing communications over telecommunications networks
CN111245862A (en) System for safely receiving and sending terminal data of Internet of things
Lucena et al. Syntax and semantics-preserving application-layer protocol steganography
CN101931947A (en) WSN (Wireless Sensor Network) data safety processing method based on searchable cryptograph
CN102571790B (en) A kind of method and apparatus of the encrypted transmission for realize target file
CN102891848A (en) Method for carrying out encryption and decryption by using IPSec security association
CN107124385B (en) Mirror flow-based SSL/TLS protocol plaintext data acquisition method
CN112954048A (en) Internet of things system based on internet of things encryption gateway
CN101521667A (en) Method and device for safety data communication
Rabieh et al. Privacy-preserving and efficient sharing of drone videos in public safety scenarios using proxy re-encryption
CN109660568B (en) Method, equipment and system for realizing network talkback security mechanism based on SRTP
CN105743868A (en) Data acquisition system supporting encrypted and non-encrypted protocols and method
CN107276996A (en) The transmission method and system of a kind of journal file
CN113872956A (en) Method and system for inspecting IPSEC VPN transmission content
CN108600185A (en) A kind of data security transmission network system and its method
CN116015943B (en) Privacy protection method based on multi-level tunnel confusion
CN108174344B (en) GIS position information transmission encryption method and device in trunking communication
CN106685896A (en) Plaintext data acquisition method and system within SSH protocol multi-layer channel
CN109194650A (en) Encrypted transmission method based on the remote encryption transmission system of file
CN210839642U (en) Device for safely receiving and sending terminal data of Internet of things
CN115150076A (en) Encryption system and method based on quantum random number
Baboolal et al. Preserving privacy of drone videos using proxy re-encryption technique: poster
CN109788249B (en) Video monitoring control method based on industrial internet operating system
KR101919762B1 (en) An encrypted traffic management apparatus and method for decrypting encrypted traffics
CN101217532A (en) An anti-network attack data transmission method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20180928

WW01 Invention patent application withdrawn after publication