CN111526140A - Network security system based on virtualization technology - Google Patents

Network security system based on virtualization technology Download PDF

Info

Publication number
CN111526140A
CN111526140A CN202010301246.8A CN202010301246A CN111526140A CN 111526140 A CN111526140 A CN 111526140A CN 202010301246 A CN202010301246 A CN 202010301246A CN 111526140 A CN111526140 A CN 111526140A
Authority
CN
China
Prior art keywords
module
main control
dynamic verification
cloud server
control module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010301246.8A
Other languages
Chinese (zh)
Inventor
陈立
孙肇博
周伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Lianlian Chain Technology Co ltd
Original Assignee
Hangzhou Lianlian Chain Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Lianlian Chain Technology Co ltd filed Critical Hangzhou Lianlian Chain Technology Co ltd
Priority to CN202010301246.8A priority Critical patent/CN111526140A/en
Publication of CN111526140A publication Critical patent/CN111526140A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a network security system based on virtualization technology, and particularly relates to the technical field of network security, wherein the network security system comprises a main control module, a cloud server, a temporary cache, log management, a security auxiliary module, a storage module, a USBKey module, a dynamic verification module and a login module; the main control module is connected with the temporary cache, the log management module, the safety auxiliary module, the storage module, the cloud server, the USBKey module, the dynamic verification module and the login module, and is used for providing performance support for system operation and controlling the normal operation of each module through the upper computer. According to the invention, through multiple combined verification, the data stream in the data exchange process is cached independently, and after the access is finished, the cached data is deleted irreversibly, so that the safety of the virtualized network data is greatly improved, and the risk of data leakage is reduced.

Description

Network security system based on virtualization technology
Technical Field
The invention relates to the technical field of network security, in particular to a network security system based on a virtualization technology.
Background
In the continuous innovation and development process of the internet information technology, the virtualization technology is widely utilized, and great convenience is brought to related application industries.
The virtualization technology is widely applied to various industries and fields with unique advantages, after the virtualization technology is applied to the corresponding industry, effective connection to the enterprise virtualization application can be achieved through the mobile terminal without limitation of time and place, relevant work and business are completed anytime and anywhere, and the work efficiency is effectively improved while the virtualization technology is convenient to use. However, the virtualization technology provides convenience for users, and meanwhile, has a certain security problem, and in order to effectively improve the application degree of the virtualization technology, it is of great significance to implement the creation of a network security protection system for the virtualization application.
Disclosure of Invention
In order to achieve the purpose, the invention provides the following technical scheme: a network security system based on virtualization technology comprises a main control module, a cloud server, a temporary cache, log management, a security auxiliary module, a storage module, a USBKey module, a dynamic verification module and a login module;
the main control module is connected with the temporary cache, the log management, the safety auxiliary module, the storage module, the cloud server, the USBKey module, the dynamic verification module and the login module, is used for providing performance support for system operation, and controls the normal operation of each module through an upper computer;
the cloud server is a virtualization server and is used for storing big data for the main control module and downloading and exchanging the data;
the USBKey module is used for providing USBKey authentication when the main control module accesses the cloud server;
the dynamic verification module is used for providing dynamic verification for the USBKey during authentication;
the login module is used for sending a login request for logging in the cloud server;
log management, which is used for recording logs on the work production of a lower computer of the system;
the temporary cache is a cache unit independently generated in the system lower computer and used for storing cache data generated in the data exchange and downloading processes when the main control module is connected with the cloud server, and the part of data cannot be stored, copied and sent out locally;
the storage module is used for storing data generated in the operation process of the lower computer of the system;
the security auxiliary module specifically comprises a public key module and a private key module and is used for providing key verification for the main control module when the main control module accesses the cloud server.
In a preferred embodiment, the USBKey module authentication method is as follows:
(1) the user binds the mobile phone with the dynamic verification module, namely the dynamic verification module adopts a dynamic verification code, the dynamic verification code is from a short message received by the mobile phone of the user, the dynamic verification code replaces the private key function of the USBKey module, and the dynamic verification module and the USBKey module are bound to carry out joint verification;
(2) when the USBKey module is verified, the dynamic verification module sends a group of dynamic verification codes, a user completes the dynamic verification of the USBKey module through the dynamic verification codes, meanwhile, a public key contained in the USBKey module is verified with the main control module, and the main control module receives a verification request and controls the login module to complete the login request.
In a preferred embodiment, the security assistance module comprises, in operation:
after the login request is completed by the login module, a public key module in the safety auxiliary module can be started, a user inputs a public key through an external keyboard of the main control module, the public key corresponds to a mobile phone verified by the dynamic verification module, namely, one public key is used for one machine, after the public key verification is passed, the private key verification is started, the private key is a string of codes which are independently arranged, the codes are updated in real time, the updated codes can be sent to a private mailbox account of the user in real time, after the private key verification is completed, the main control module obtains connection with the cloud server, and the log management module can record all operations of the user when the user logs in the cloud server and stores the operations.
In a preferred embodiment, the storage module is configured as a pluggable TF card, and the main control module is further connected with a display module for displaying the working process of the main control module.
In a preferred embodiment, the temporary data stored in the temporary cache is irreversibly deleted after the main control module finishes the access of the cloud server.
The invention has the technical effects and advantages that:
through multiple combined verification, the data flow in the data exchange process is cached independently, and after the access is finished, the cached data is deleted irreversibly, so that the safety of the virtualized network data is greatly improved, and the risk of data leakage is reduced.
Drawings
FIG. 1 is a first schematic diagram of a system framework according to the present invention.
FIG. 2 is a schematic diagram of a system frame structure according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments. The embodiments of the present invention have been presented for purposes of illustration and description, and are not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.
As shown in fig. 1-2, a network security system based on virtualization technology includes a main control module, a cloud server, a temporary cache, log management, a security assistance module, a storage module, a USBKey module, a dynamic verification module, and a login module;
the main control module is connected with the temporary cache, the log management, the safety auxiliary module, the storage module, the cloud server, the USBKey module, the dynamic verification module and the login module, is used for providing performance support for system operation, and controls the normal operation of each module through an upper computer;
the cloud server is a virtualization server and is used for storing big data for the main control module and downloading and exchanging the data;
the USBKey module is used for providing USBKey authentication when the main control module accesses the cloud server;
the dynamic verification module is used for providing dynamic verification for the USBKey during authentication;
the login module is used for sending a login request for logging in the cloud server;
log management, which is used for recording logs on the work production of a lower computer of the system;
the temporary cache is a cache unit independently generated in the system lower computer and used for storing cache data generated in the data exchange and downloading processes when the main control module is connected with the cloud server, and the part of data cannot be stored, copied and sent out locally;
the storage module is used for storing data generated in the operation process of the lower computer of the system;
the safety auxiliary module specifically comprises a public key module and a private key module and is used for providing key verification for the main control module when accessing the cloud server;
furthermore, when the user uses the system, the user can butt and bind the mobile phone of the user and a dynamic verification module in the system, the dynamic verification module is used for providing a dynamic verification code when performing dynamic verification, a private mailbox is bound, the private mailbox is used for providing a code for verifying a private key when performing verification by the private key module, and the private mailbox can be any mailbox normally used;
the public key corresponds to the mobile phone verified by the dynamic verification module, namely the public key of the system operation at this time can be determined when the dynamic verification module obtains the dynamic verification code, the public key can be set freely by a person, once the setting is completed, the public key is bound with the mobile phone number of the user, and the private key and the dynamic verification code obtained by the mobile phone number can only be matched with the public key for use;
on the basis, when a user accesses a system, the USBKey module is verified firstly, a terminal of the USBKey module is inserted into a lower computer terminal of the main control module, a public key of the USBKey module is verified, after the verification is completed, the private key is verified, the private key of the USBKey module is verified through the dynamic verification module, namely the dynamic verification module adopts a dynamic verification code which is from a short message received by a mobile phone of the user and replaces the private key function of the USBKey module, the dynamic verification module sends a group of dynamic verification codes, the user completes the private key verification of the USBKey module through the dynamic verification codes, and after the dynamic verification code passes the verification code, the main control module receives a verification request and controls the login module to complete a login request;
after the login module completes a login request, a public key module in the safety auxiliary module is started, a user inputs a public key through an external keyboard of the main control module, the public key corresponds to a mobile phone verified by the dynamic verification module, namely, one public key is one machine, after the public key verification is passed, the private key verification is started, the private key is a string of codes which are independently arranged, the codes are updated in real time, the updated codes are sent to a private mailbox account of the user in real time, after the user logs in a mailbox and obtains the private key verification of the safety auxiliary module, the main control module obtains connection with the cloud server, and the log management module records all operations of the user when logging in the cloud server and stores the operations;
in the process of accessing the cloud server by the main control module, all behaviors of accessing the cloud server and data transmission behaviors through the cloud server generate data cache, the system stores the part of system cache in the temporary cache, and the data stored in the temporary cache cannot be locally stored, copied and sent out;
based on the above, the temporary data stored in the temporary cache can be irreversibly deleted after the access of the cloud server is finished by the main control module, the data stream in the data exchange process is separately cached through multiple combined verification, and the cached data is irreversibly deleted after the access is finished, so that the safety of the virtualized network data is greatly improved, and the risk of data leakage is reduced;
the storage module is set as a pluggable TF card, and the main control module is also connected with a display module for displaying the working process of the main control module.
It is to be understood that the described embodiments are merely a few embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by one of ordinary skill in the art and related arts based on the embodiments of the present invention without any creative effort, shall fall within the protection scope of the present invention. Structures, devices, and methods of operation not specifically described or illustrated herein are generally practiced in the art without specific recitation or limitation.

Claims (5)

1. A network security system based on virtualization technology is characterized by comprising a main control module, a cloud server, a temporary cache, log management, a security auxiliary module, a storage module, a USB Key module, a dynamic verification module and a login module;
the main control module is connected with the temporary cache, the log management, the safety auxiliary module, the storage module, the cloud server, the USB Key module, the dynamic verification module and the login module, is used for providing performance support for system operation, and controls the normal operation of each module through an upper computer;
the cloud server is a virtualization server and is used for storing big data for the main control module and downloading and exchanging the data;
the USB Key module is used for providing USB Key authentication when the main control module accesses the cloud server;
the dynamic verification module is used for providing dynamic verification for the USB Key during authentication;
the login module is used for sending a login request for logging in the cloud server;
log management, which is used for recording logs on the work production of a lower computer of the system;
the temporary cache is a cache unit independently generated in the system lower computer and used for storing cache data generated in the data exchange and downloading processes when the main control module is connected with the cloud server, and the part of data cannot be stored, copied and sent out locally;
the storage module is used for storing data generated in the operation process of the lower computer of the system;
the security auxiliary module specifically comprises a public key module and a private key module and is used for providing key verification for the main control module when the main control module accesses the cloud server.
2. The virtualization technology-based network security system of claim 1, wherein the USBKey module authentication method is as follows:
(1) the user binds the mobile phone with the dynamic verification module, namely the dynamic verification module adopts a dynamic verification code, the dynamic verification code is from a short message received by the mobile phone of the user, the dynamic verification code replaces the private Key function of the USB Key module, and the dynamic verification module and the USB Key module complete binding and carry out common verification;
(2) when the USB Key module is verified, the dynamic verification module sends a group of dynamic verification codes, a user completes the dynamic verification of the USB Key module through the dynamic verification codes, meanwhile, a public Key contained in the USB Key module is verified with the main control module, and the main control module receives a verification request and controls the login module to complete the login request.
3. A virtualization technology based network security system as claimed in claim 1, wherein the security assistance module is operable to:
after the login request is completed by the login module, a public key module in the safety auxiliary module can be started, a user inputs a public key through an external keyboard of the main control module, the public key corresponds to a mobile phone verified by the dynamic verification module, namely, one public key is used for one machine, after the public key verification is passed, the private key verification is started, the private key is a string of codes which are independently arranged, the codes are updated in real time, the updated codes can be sent to a private mailbox account of the user in real time, after the private key verification is completed, the main control module obtains connection with the cloud server, and the log management module can record all operations of the user when the user logs in the cloud server and stores the operations.
4. A virtualization technology-based network security system as claimed in claim 1, wherein: the storage module is set as a pluggable TF card, and the main control module is also connected with a display module for displaying the working process of the main control module.
5. A virtualization technology-based network security system as claimed in claim 1, wherein: and the temporary data stored in the temporary cache can be irreversibly deleted after the main control module finishes the access of the cloud server.
CN202010301246.8A 2020-04-16 2020-04-16 Network security system based on virtualization technology Pending CN111526140A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010301246.8A CN111526140A (en) 2020-04-16 2020-04-16 Network security system based on virtualization technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010301246.8A CN111526140A (en) 2020-04-16 2020-04-16 Network security system based on virtualization technology

Publications (1)

Publication Number Publication Date
CN111526140A true CN111526140A (en) 2020-08-11

Family

ID=71904247

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010301246.8A Pending CN111526140A (en) 2020-04-16 2020-04-16 Network security system based on virtualization technology

Country Status (1)

Country Link
CN (1) CN111526140A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115529209A (en) * 2022-09-15 2022-12-27 贵州电网有限责任公司 Gateway equipment for protecting data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090013393A1 (en) * 2007-07-02 2009-01-08 Zhenxin Xi Method and system for performing secure logon input on network
CN102291391A (en) * 2011-07-21 2011-12-21 西安百盛信息技术有限公司 Safe transmission method for data in cloud service platform
CN105847305A (en) * 2016-06-21 2016-08-10 新昌县七星街道明盛模具厂 Safe processing and accessing method of cloud resource
CN109214206A (en) * 2018-08-01 2019-01-15 武汉普利商用机器有限公司 cloud backup storage system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090013393A1 (en) * 2007-07-02 2009-01-08 Zhenxin Xi Method and system for performing secure logon input on network
CN102291391A (en) * 2011-07-21 2011-12-21 西安百盛信息技术有限公司 Safe transmission method for data in cloud service platform
CN105847305A (en) * 2016-06-21 2016-08-10 新昌县七星街道明盛模具厂 Safe processing and accessing method of cloud resource
CN109214206A (en) * 2018-08-01 2019-01-15 武汉普利商用机器有限公司 cloud backup storage system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115529209A (en) * 2022-09-15 2022-12-27 贵州电网有限责任公司 Gateway equipment for protecting data

Similar Documents

Publication Publication Date Title
CN110096857B (en) Authority management method, device, equipment and medium for block chain system
US8042172B1 (en) Remote access architecture enabling a client to perform an operation
CN105573828A (en) Operation processing method and device
CN105262588A (en) Log-in method based on dynamic password, account number management server and mobile terminal
EA007778B1 (en) Application generator
CN108337210B (en) Equipment configuration method, device and system
CN110008019B (en) Method, device and system for sharing server resources
US8341127B1 (en) Client initiated restore
CN112118269A (en) Identity authentication method, system, computing equipment and readable storage medium
CN113259342A (en) Login verification method, device, computer equipment and medium
US20040193885A1 (en) Vault controller context manager and methods of operation for securely maintaining state information between successive browser connections in an electronic business system
CN111242462B (en) Data processing method and device, computer storage medium and electronic equipment
CN107483477B (en) Account management method and account management system
KR20210151172A (en) Period management server, agent program and terminal loan system
KR20210103615A (en) Blockchain-based user authentication model
CN113347163B (en) Single sign-on method, device, equipment and medium
CN111311259A (en) Bill processing method, device, terminal and computer readable storage medium
CN111526140A (en) Network security system based on virtualization technology
CN107508810B (en) Authentication management method, device and system based on mobile office application
CN106603567B (en) A kind of login management method and device of WEB administrator
CN108241732B (en) Electronic device, information processing method, and storage medium
CN116383799A (en) Business processing method and device based on applet and electronic equipment
CN111447080B (en) Private network decentralization control method, device and computer readable storage medium
CN113641360A (en) Method, device and equipment for configuring system front end and storage medium
CN103051607B (en) Access method, equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200811

RJ01 Rejection of invention patent application after publication