ERP server data safety management system and device
Technical Field
The invention relates to the technical field of ERP server data safety management, in particular to an ERP server data safety management system and device.
Background
Since the computers have entered the enterprise and began to serve the enterprise, the enterprise has begun to continually develop corresponding computer systems to serve the enterprise. At the beginning, application systems of various departments, such as a payroll system, a personnel system and the like, are generally developed. With the development of enterprises and the advancement of information technology, these systems are continuously expanded, modified and maintained in terms of functions to meet the needs of the development of enterprises in new situation, and by the 90 s of the 20 th century, the development of information technology has emerged Enterprise Resource Planning (ERP), and the application of this information technology in enterprises can solve the above-mentioned problems newly encountered by enterprises.
With the gradual establishment of modern enterprise systems, scientific management is generally regarded, many enterprises and government departments have own ERP systems, and an ERP server therein is responsible for storing and managing information, stores a large amount of data in a centralized manner, and is directly shared by many end users, so that huge loss is brought to the leakage or damage of the information, and enterprise paralysis is possibly caused.
Generally, the ERP system has a user login module, which is used for providing a user login interface, verifying the user identity and password, preventing an illegal user from entering, ensuring that only an authorized legal user can access the ERP server, and operating the database of the ERP server only within the authority range granted by the system. However, in the process of password transmission, there is a security problem that an attacker is easy to monitor, intercept and crack, so that the current user login module cannot play a role in effectively protecting the ERP server.
Therefore, how to ensure and enhance the security of data on the ERP server has become a problem to be urgently solved at present.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a data security management system and device for an ERP server, which are used for solving the technical problem of how to ensure and strengthen the data security on the ERP server.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
an ERP server data security management system, comprising: the system comprises an authentication server ASdsss, a computer terminal PCTi, a data safety management system server software and an ERP server, wherein the authentication server ASdsss is provided with and runs the data safety management system server software and is deployed in the ERP system;
the computer terminal PCTi is in communication connection with the authentication server ASdss;
the data security management system comprises a user login management module for managing the login authority of the ERP server, a data encryption and decryption module for carrying out encryption and decryption processing on data stored in the ERP server, and a security management module for managing the security of security management data, wherein the security management module is respectively in communication connection with the user login management module and the data encryption and decryption module;
and the user login management module performs login authority authentication on the enterprise user Ui on the computer terminal PCTi.
Further, the method for the user login management module to perform login authority authentication on the enterprise user Ui on the computer terminal PCTi includes:
the user login management module distributes a shared key pair (x/y) to the enterprise user Ui; wherein x and y are binary sequences, the lengths of the binary sequences are n, and the lengths of the binary sequences are even-numbered bits;
firstly, generating a random number c by an enterprise user Ui, wherein the random number c is a binary sequence, the length of the random number c is n, and the length n is an even number;
the following xor operation is then started:
thereafter, the enterprise user Ui sends a login authentication request to the user login management module, and s1And s2Sending the information to a user login management module;
user login management module receives s1And s2Then, the following exclusive or operation is started:
thereafter, authentication t is started1Whether or not the value of (A) is equal to t2A value of (d);
and if so, proving that the enterprise user Ui has legal login authority.
Further, the enterprise user Ui on the computer terminal PCTi has a legal login right, and is allowed to log in the ERP system to access the ERP server.
Further, the data encryption and decryption module uploads data m to the ERP server for the enterprise user UiuThe method for performing encryption processing includes the steps of:
the data encryption and decryption module carries out the following initialization settings:
setting n1=p1q1Wherein p is1、q1Two large prime numbers;
② selecting g1∈Z*n1 2So that gcd (L (g)1 k1modn1 2),n1)=1;
The above equivalence is k1(n1)=lcm((p1-1),(q1-1));
Thirdly secret keeping private key (p)1,q1);
Fourthly, the public key (n) is published to the Ui of the enterprise user1,g1);
Enterprise user Ui sets upload data muIs e.g. Zn, and mu<n, selecting a random number r1And r is1<n1Calculating the ciphertext C1=gmu*r1 n1modn1 2Sending C1Encrypting and decrypting the data and sending the ciphertext C1And storing the data in an ERP server.
Further, the data encryption and decryption module sends the Ui of the enterprise user to the ERP serverData mdThe method for carrying out decryption processing comprises the following steps:
the enterprise user Ui performs the following initialization settings:
setting n2=p2q2Wherein p is2、q2Two large prime numbers;
② selecting g2∈Z*n2 2So that gcd (L (g)2 k2modn2 2),n2)=1;
The above equivalence is k2(n2)=lcm((p2-1),(q2-1));
Thirdly secret keeping private key (p)2,q2);
Fourthly, the public key (n) is published to the data encryption and decryption module2,g2);
Data encryption and decryption module sets download data mdIs e.g. Zn, and md<n2Selecting a random number r2And r is2<n2Calculating the ciphertext C2=g2 mu*r2 n2modn2 2Sending C2Giving Ui to enterprise users;
the enterprise user Ui performs the following calculations:
when C is present2<n2 2While downloading data mdClear text m'd=L(C2 k2modn2 2)/L(g2 k2modn2 2)(modn2)。
Further, the computer terminal PCTi is in communication connection with a data security management system server running on the authentication server ASdsms through a data security management system client.
An ERP server data security management device, comprising: an authentication server asdsss and a computer terminal PCTi (i ═ 1,2, …, n) which are in communication with each other, on which authentication server asdsss data security management system server side software is installed and run, and on which computer terminal PCTi data security management system client side software is installed and run.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
in order to ensure and enhance the safety of data on the ERP server, prevent illegal users from entering and ensure that only authorized legal users can access the ERP server, when an enterprise user Ui on a computer terminal PCTi sends a data access request to the ERP server, a user login management module carries out login authority authentication on the enterprise user Ui on the computer terminal PCTi;
only if an enterprise user Ui on the computer terminal PCTi has legal login authority, the enterprise user Ui is allowed to log in the ERP system to access the ERP server;
in order to further ensure and strengthen the safety of the data on the ERP server, when an enterprise user Ui on a computer terminal PCTi uploads data m to the ERP serveruDownload data mdThen, the data encryption and decryption module is used for encrypting the uploaded data muPerforming encryption processing to download data mdCarrying out decryption processing;
therefore, the technical problem of how to ensure and strengthen the data security on the ERP server is solved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An ERP server data security management system, comprising: the system comprises an authentication server ASdss, a computer terminal PCTi (i-1, 2, …, n), a data security management system server software, an enterprise user Ui (i-1, 2, …, n) and an ERP server, wherein the authentication server ASdsss is installed and operated with the data security management system server software and is deployed in the ERP system;
the computer terminal PCTi is in communication connection with a data security management system server side running on an authentication server ASdss through a data security management system client side;
wherein, data security management system includes: the system comprises a user login management module for managing the login authority of the ERP server, a data encryption and decryption module for carrying out encryption and decryption processing on data stored in the ERP server, and a safety management module for managing the safety of safety management data, wherein the safety management module is respectively in communication connection with the user login management module and the data encryption and decryption module;
in order to ensure and strengthen the safety of data on the ERP server, prevent illegal users from entering and ensure that only authorized legal users can access the ERP server, when an enterprise user Ui on a computer terminal PCTi sends a data access request to the ERP server, a user login management module carries out login authority authentication on the enterprise user Ui on the computer terminal PCTi;
furthermore, only if an enterprise user Ui on the computer terminal PCTi has legal login authority, the enterprise user Ui is allowed to log in the ERP system to access the ERP server;
the method for the user login management module to perform login authority authentication on the enterprise user Ui on the computer terminal PCTi comprises the following steps:
the user login management module distributes a shared key pair (x/y) to the enterprise user Ui; wherein x and y are binary sequences, the lengths of the binary sequences are n, and the lengths of the binary sequences are even-numbered bits;
firstly, generating a random number c by an enterprise user Ui, wherein the random number c is a binary sequence, the length of the random number c is n, and the length n is an even number;
the following xor operation is then started:
thereafter, the enterprise user Ui sends a login authentication request to the user login management module, and s1And s2Sending the information to a user login management module;
user login management module receives s1And s2Then, the following exclusive or operation is started:
thereafter, authentication t is started1Whether or not the value of (A) is equal to t2A value of (d);
if the user identity is equal, the enterprise user Ui is proved to have legal login authority, otherwise, the protocol is terminated;
in order to further ensure and strengthen the safety of the data on the ERP server, when an enterprise user Ui on a computer terminal PCTi uploads data m to the ERP serveruDownload data mdThen, the data encryption and decryption module is used for encrypting the uploaded data muPerforming encryption processing to download data mdCarrying out decryption processing;
the data encryption and decryption module uploads data m to the ERP server for the enterprise user UiuThe method for performing encryption processing includes the steps of:
the data encryption and decryption module carries out the following initialization settings:
setting n1=p1q1Wherein p is1、q1Two large prime numbers;
② selecting g1∈Z*n1 2So that gcd (L (g)1 k1modn1 2),n1)=1;
The above equivalence is k1(n1)=lcm((p1-1),(q1-1));
Thirdly secret keeping private key (p)1,q1);
Fourthly, the public key (n) is published to the Ui of the enterprise user1,g1);
Enterprise user Ui sets upload data muIs e.g. Zn, and mu<n, selecting a random number r1And r is1<n1Calculating the ciphertext C1=gmu*r1 n1modn1 2Sending C1Encrypting and decrypting the data and sending the ciphertext C1Storing the data in an ERP server;
the data encryption and decryption module downloads data m to the ERP server for the enterprise user UidThe method for carrying out decryption processing comprises the following steps:
the enterprise user Ui performs the following initialization settings:
setting n2=p2q2Wherein p is2、q2Two large prime numbers;
② selecting g2∈Z*n2 2So that gcd (L (g)2 k2modn2 2),n2)=1;
The above equivalence is k2(n2)=lcm((p2-1),(q2-1));
Thirdly secret keeping private key (p)2,q2);
Fourthly, the public key (n) is published to the data encryption and decryption module2,g2);
Data encryption and decryption module sets download data mdIs e.g. Zn, and md<n2Selecting a random number r2And r is2<n2Calculating the ciphertext C2=g2 mu*r2 n2modn2 2Sending C2Giving Ui to enterprise users;
the enterprise user Ui performs the following calculations:
when C is present2<n2 2While downloading data mdClear text m'd=L(C2 k2modn2 2)/L(g2 k2modn2 2)(modn2)。
An ERP server data security management device, comprising: an authentication server asdsss and a computer terminal PCTi (i ═ 1,2, …, n) which are in communication with each other, on which authentication server asdsss data security management system server side software is installed and run, and on which computer terminal PCTi data security management system client side software is installed and run.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.