CN111526140A - Network security system based on virtualization technology - Google Patents
Network security system based on virtualization technology Download PDFInfo
- Publication number
- CN111526140A CN111526140A CN202010301246.8A CN202010301246A CN111526140A CN 111526140 A CN111526140 A CN 111526140A CN 202010301246 A CN202010301246 A CN 202010301246A CN 111526140 A CN111526140 A CN 111526140A
- Authority
- CN
- China
- Prior art keywords
- module
- main control
- dynamic verification
- cloud server
- control module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 claims abstract description 76
- 238000000034 method Methods 0.000 claims abstract description 17
- 238000004519 manufacturing process Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a network security system based on virtualization technology, and particularly relates to the technical field of network security, wherein the network security system comprises a main control module, a cloud server, a temporary cache, log management, a security auxiliary module, a storage module, a USBKey module, a dynamic verification module and a login module; the main control module is connected with the temporary cache, the log management module, the safety auxiliary module, the storage module, the cloud server, the USBKey module, the dynamic verification module and the login module, and is used for providing performance support for system operation and controlling the normal operation of each module through the upper computer. According to the invention, through multiple combined verification, the data stream in the data exchange process is cached independently, and after the access is finished, the cached data is deleted irreversibly, so that the safety of the virtualized network data is greatly improved, and the risk of data leakage is reduced.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security system based on a virtualization technology.
Background
In the continuous innovation and development process of the internet information technology, the virtualization technology is widely utilized, and great convenience is brought to related application industries.
The virtualization technology is widely applied to various industries and fields with unique advantages, after the virtualization technology is applied to the corresponding industry, effective connection to the enterprise virtualization application can be achieved through the mobile terminal without limitation of time and place, relevant work and business are completed anytime and anywhere, and the work efficiency is effectively improved while the virtualization technology is convenient to use. However, the virtualization technology provides convenience for users, and meanwhile, has a certain security problem, and in order to effectively improve the application degree of the virtualization technology, it is of great significance to implement the creation of a network security protection system for the virtualization application.
Disclosure of Invention
In order to achieve the purpose, the invention provides the following technical scheme: a network security system based on virtualization technology comprises a main control module, a cloud server, a temporary cache, log management, a security auxiliary module, a storage module, a USBKey module, a dynamic verification module and a login module;
the main control module is connected with the temporary cache, the log management, the safety auxiliary module, the storage module, the cloud server, the USBKey module, the dynamic verification module and the login module, is used for providing performance support for system operation, and controls the normal operation of each module through an upper computer;
the cloud server is a virtualization server and is used for storing big data for the main control module and downloading and exchanging the data;
the USBKey module is used for providing USBKey authentication when the main control module accesses the cloud server;
the dynamic verification module is used for providing dynamic verification for the USBKey during authentication;
the login module is used for sending a login request for logging in the cloud server;
log management, which is used for recording logs on the work production of a lower computer of the system;
the temporary cache is a cache unit independently generated in the system lower computer and used for storing cache data generated in the data exchange and downloading processes when the main control module is connected with the cloud server, and the part of data cannot be stored, copied and sent out locally;
the storage module is used for storing data generated in the operation process of the lower computer of the system;
the security auxiliary module specifically comprises a public key module and a private key module and is used for providing key verification for the main control module when the main control module accesses the cloud server.
In a preferred embodiment, the USBKey module authentication method is as follows:
(1) the user binds the mobile phone with the dynamic verification module, namely the dynamic verification module adopts a dynamic verification code, the dynamic verification code is from a short message received by the mobile phone of the user, the dynamic verification code replaces the private key function of the USBKey module, and the dynamic verification module and the USBKey module are bound to carry out joint verification;
(2) when the USBKey module is verified, the dynamic verification module sends a group of dynamic verification codes, a user completes the dynamic verification of the USBKey module through the dynamic verification codes, meanwhile, a public key contained in the USBKey module is verified with the main control module, and the main control module receives a verification request and controls the login module to complete the login request.
In a preferred embodiment, the security assistance module comprises, in operation:
after the login request is completed by the login module, a public key module in the safety auxiliary module can be started, a user inputs a public key through an external keyboard of the main control module, the public key corresponds to a mobile phone verified by the dynamic verification module, namely, one public key is used for one machine, after the public key verification is passed, the private key verification is started, the private key is a string of codes which are independently arranged, the codes are updated in real time, the updated codes can be sent to a private mailbox account of the user in real time, after the private key verification is completed, the main control module obtains connection with the cloud server, and the log management module can record all operations of the user when the user logs in the cloud server and stores the operations.
In a preferred embodiment, the storage module is configured as a pluggable TF card, and the main control module is further connected with a display module for displaying the working process of the main control module.
In a preferred embodiment, the temporary data stored in the temporary cache is irreversibly deleted after the main control module finishes the access of the cloud server.
The invention has the technical effects and advantages that:
through multiple combined verification, the data flow in the data exchange process is cached independently, and after the access is finished, the cached data is deleted irreversibly, so that the safety of the virtualized network data is greatly improved, and the risk of data leakage is reduced.
Drawings
FIG. 1 is a first schematic diagram of a system framework according to the present invention.
FIG. 2 is a schematic diagram of a system frame structure according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments. The embodiments of the present invention have been presented for purposes of illustration and description, and are not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.
As shown in fig. 1-2, a network security system based on virtualization technology includes a main control module, a cloud server, a temporary cache, log management, a security assistance module, a storage module, a USBKey module, a dynamic verification module, and a login module;
the main control module is connected with the temporary cache, the log management, the safety auxiliary module, the storage module, the cloud server, the USBKey module, the dynamic verification module and the login module, is used for providing performance support for system operation, and controls the normal operation of each module through an upper computer;
the cloud server is a virtualization server and is used for storing big data for the main control module and downloading and exchanging the data;
the USBKey module is used for providing USBKey authentication when the main control module accesses the cloud server;
the dynamic verification module is used for providing dynamic verification for the USBKey during authentication;
the login module is used for sending a login request for logging in the cloud server;
log management, which is used for recording logs on the work production of a lower computer of the system;
the temporary cache is a cache unit independently generated in the system lower computer and used for storing cache data generated in the data exchange and downloading processes when the main control module is connected with the cloud server, and the part of data cannot be stored, copied and sent out locally;
the storage module is used for storing data generated in the operation process of the lower computer of the system;
the safety auxiliary module specifically comprises a public key module and a private key module and is used for providing key verification for the main control module when accessing the cloud server;
furthermore, when the user uses the system, the user can butt and bind the mobile phone of the user and a dynamic verification module in the system, the dynamic verification module is used for providing a dynamic verification code when performing dynamic verification, a private mailbox is bound, the private mailbox is used for providing a code for verifying a private key when performing verification by the private key module, and the private mailbox can be any mailbox normally used;
the public key corresponds to the mobile phone verified by the dynamic verification module, namely the public key of the system operation at this time can be determined when the dynamic verification module obtains the dynamic verification code, the public key can be set freely by a person, once the setting is completed, the public key is bound with the mobile phone number of the user, and the private key and the dynamic verification code obtained by the mobile phone number can only be matched with the public key for use;
on the basis, when a user accesses a system, the USBKey module is verified firstly, a terminal of the USBKey module is inserted into a lower computer terminal of the main control module, a public key of the USBKey module is verified, after the verification is completed, the private key is verified, the private key of the USBKey module is verified through the dynamic verification module, namely the dynamic verification module adopts a dynamic verification code which is from a short message received by a mobile phone of the user and replaces the private key function of the USBKey module, the dynamic verification module sends a group of dynamic verification codes, the user completes the private key verification of the USBKey module through the dynamic verification codes, and after the dynamic verification code passes the verification code, the main control module receives a verification request and controls the login module to complete a login request;
after the login module completes a login request, a public key module in the safety auxiliary module is started, a user inputs a public key through an external keyboard of the main control module, the public key corresponds to a mobile phone verified by the dynamic verification module, namely, one public key is one machine, after the public key verification is passed, the private key verification is started, the private key is a string of codes which are independently arranged, the codes are updated in real time, the updated codes are sent to a private mailbox account of the user in real time, after the user logs in a mailbox and obtains the private key verification of the safety auxiliary module, the main control module obtains connection with the cloud server, and the log management module records all operations of the user when logging in the cloud server and stores the operations;
in the process of accessing the cloud server by the main control module, all behaviors of accessing the cloud server and data transmission behaviors through the cloud server generate data cache, the system stores the part of system cache in the temporary cache, and the data stored in the temporary cache cannot be locally stored, copied and sent out;
based on the above, the temporary data stored in the temporary cache can be irreversibly deleted after the access of the cloud server is finished by the main control module, the data stream in the data exchange process is separately cached through multiple combined verification, and the cached data is irreversibly deleted after the access is finished, so that the safety of the virtualized network data is greatly improved, and the risk of data leakage is reduced;
the storage module is set as a pluggable TF card, and the main control module is also connected with a display module for displaying the working process of the main control module.
It is to be understood that the described embodiments are merely a few embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by one of ordinary skill in the art and related arts based on the embodiments of the present invention without any creative effort, shall fall within the protection scope of the present invention. Structures, devices, and methods of operation not specifically described or illustrated herein are generally practiced in the art without specific recitation or limitation.
Claims (5)
1. A network security system based on virtualization technology is characterized by comprising a main control module, a cloud server, a temporary cache, log management, a security auxiliary module, a storage module, a USB Key module, a dynamic verification module and a login module;
the main control module is connected with the temporary cache, the log management, the safety auxiliary module, the storage module, the cloud server, the USB Key module, the dynamic verification module and the login module, is used for providing performance support for system operation, and controls the normal operation of each module through an upper computer;
the cloud server is a virtualization server and is used for storing big data for the main control module and downloading and exchanging the data;
the USB Key module is used for providing USB Key authentication when the main control module accesses the cloud server;
the dynamic verification module is used for providing dynamic verification for the USB Key during authentication;
the login module is used for sending a login request for logging in the cloud server;
log management, which is used for recording logs on the work production of a lower computer of the system;
the temporary cache is a cache unit independently generated in the system lower computer and used for storing cache data generated in the data exchange and downloading processes when the main control module is connected with the cloud server, and the part of data cannot be stored, copied and sent out locally;
the storage module is used for storing data generated in the operation process of the lower computer of the system;
the security auxiliary module specifically comprises a public key module and a private key module and is used for providing key verification for the main control module when the main control module accesses the cloud server.
2. The virtualization technology-based network security system of claim 1, wherein the USBKey module authentication method is as follows:
(1) the user binds the mobile phone with the dynamic verification module, namely the dynamic verification module adopts a dynamic verification code, the dynamic verification code is from a short message received by the mobile phone of the user, the dynamic verification code replaces the private Key function of the USB Key module, and the dynamic verification module and the USB Key module complete binding and carry out common verification;
(2) when the USB Key module is verified, the dynamic verification module sends a group of dynamic verification codes, a user completes the dynamic verification of the USB Key module through the dynamic verification codes, meanwhile, a public Key contained in the USB Key module is verified with the main control module, and the main control module receives a verification request and controls the login module to complete the login request.
3. A virtualization technology based network security system as claimed in claim 1, wherein the security assistance module is operable to:
after the login request is completed by the login module, a public key module in the safety auxiliary module can be started, a user inputs a public key through an external keyboard of the main control module, the public key corresponds to a mobile phone verified by the dynamic verification module, namely, one public key is used for one machine, after the public key verification is passed, the private key verification is started, the private key is a string of codes which are independently arranged, the codes are updated in real time, the updated codes can be sent to a private mailbox account of the user in real time, after the private key verification is completed, the main control module obtains connection with the cloud server, and the log management module can record all operations of the user when the user logs in the cloud server and stores the operations.
4. A virtualization technology-based network security system as claimed in claim 1, wherein: the storage module is set as a pluggable TF card, and the main control module is also connected with a display module for displaying the working process of the main control module.
5. A virtualization technology-based network security system as claimed in claim 1, wherein: and the temporary data stored in the temporary cache can be irreversibly deleted after the main control module finishes the access of the cloud server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010301246.8A CN111526140A (en) | 2020-04-16 | 2020-04-16 | Network security system based on virtualization technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010301246.8A CN111526140A (en) | 2020-04-16 | 2020-04-16 | Network security system based on virtualization technology |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111526140A true CN111526140A (en) | 2020-08-11 |
Family
ID=71904247
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010301246.8A Pending CN111526140A (en) | 2020-04-16 | 2020-04-16 | Network security system based on virtualization technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111526140A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115529209A (en) * | 2022-09-15 | 2022-12-27 | 贵州电网有限责任公司 | Gateway equipment for protecting data |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090013393A1 (en) * | 2007-07-02 | 2009-01-08 | Zhenxin Xi | Method and system for performing secure logon input on network |
CN102291391A (en) * | 2011-07-21 | 2011-12-21 | 西安百盛信息技术有限公司 | Safe transmission method for data in cloud service platform |
CN105847305A (en) * | 2016-06-21 | 2016-08-10 | 新昌县七星街道明盛模具厂 | Safe processing and accessing method of cloud resource |
CN109214206A (en) * | 2018-08-01 | 2019-01-15 | 武汉普利商用机器有限公司 | cloud backup storage system and method |
-
2020
- 2020-04-16 CN CN202010301246.8A patent/CN111526140A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090013393A1 (en) * | 2007-07-02 | 2009-01-08 | Zhenxin Xi | Method and system for performing secure logon input on network |
CN102291391A (en) * | 2011-07-21 | 2011-12-21 | 西安百盛信息技术有限公司 | Safe transmission method for data in cloud service platform |
CN105847305A (en) * | 2016-06-21 | 2016-08-10 | 新昌县七星街道明盛模具厂 | Safe processing and accessing method of cloud resource |
CN109214206A (en) * | 2018-08-01 | 2019-01-15 | 武汉普利商用机器有限公司 | cloud backup storage system and method |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115529209A (en) * | 2022-09-15 | 2022-12-27 | 贵州电网有限责任公司 | Gateway equipment for protecting data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110096857B (en) | Authority management method, device, equipment and medium for block chain system | |
US8042172B1 (en) | Remote access architecture enabling a client to perform an operation | |
CN105573828A (en) | Operation processing method and device | |
CN105262588A (en) | Log-in method based on dynamic password, account number management server and mobile terminal | |
EA007778B1 (en) | Application generator | |
CN108337210B (en) | Equipment configuration method, device and system | |
CN110008019B (en) | Method, device and system for sharing server resources | |
US8341127B1 (en) | Client initiated restore | |
CN112118269A (en) | Identity authentication method, system, computing equipment and readable storage medium | |
CN113259342A (en) | Login verification method, device, computer equipment and medium | |
US20040193885A1 (en) | Vault controller context manager and methods of operation for securely maintaining state information between successive browser connections in an electronic business system | |
CN111242462B (en) | Data processing method and device, computer storage medium and electronic equipment | |
CN107483477B (en) | Account management method and account management system | |
KR20210151172A (en) | Period management server, agent program and terminal loan system | |
KR20210103615A (en) | Blockchain-based user authentication model | |
CN113347163B (en) | Single sign-on method, device, equipment and medium | |
CN111311259A (en) | Bill processing method, device, terminal and computer readable storage medium | |
CN111526140A (en) | Network security system based on virtualization technology | |
CN107508810B (en) | Authentication management method, device and system based on mobile office application | |
CN106603567B (en) | A kind of login management method and device of WEB administrator | |
CN108241732B (en) | Electronic device, information processing method, and storage medium | |
CN116383799A (en) | Business processing method and device based on applet and electronic equipment | |
CN111447080B (en) | Private network decentralization control method, device and computer readable storage medium | |
CN113641360A (en) | Method, device and equipment for configuring system front end and storage medium | |
CN103051607B (en) | Access method, equipment and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200811 |
|
RJ01 | Rejection of invention patent application after publication |