CN116579019B - Computer information safety supervision system - Google Patents
Computer information safety supervision system Download PDFInfo
- Publication number
- CN116579019B CN116579019B CN202310656247.8A CN202310656247A CN116579019B CN 116579019 B CN116579019 B CN 116579019B CN 202310656247 A CN202310656247 A CN 202310656247A CN 116579019 B CN116579019 B CN 116579019B
- Authority
- CN
- China
- Prior art keywords
- information
- access request
- access
- unit
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012790 confirmation Methods 0.000 claims description 16
- 230000005856 abnormality Effects 0.000 claims description 4
- 230000001172 regenerating effect Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 241000700605 Viruses Species 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the field of information safety supervision, which is used for solving the problem that the loss is caused to enterprises or individuals due to the fact that information stored in a computer is possibly leaked or lost, in particular to a computer information safety supervision system; in the application, the visitor is confirmed by the mode of authenticating the visitor, and the information access request generated by the visitor is relayed, so that the access request directly sent by the visitor is rewritten into the equivalent access request to call and access the information file, the safety problem caused when the access request is accessed to the database is avoided, the file in the database is fed back to the visitor, the called information file is ensured to correspond to the access request by the secondary check of the access request and the information file, and the visitor accesses the information file in the temporary access unit, so that the access request is isolated from the database, and the safety of the information in the database is ensured.
Description
Technical Field
The application relates to the field of information security supervision, in particular to a computer information security supervision system.
Background
The computer communication is a mode of information transmission between computers or between computers and terminal equipment in a data communication mode, is a product of integration of modern computer technology and communication technology, is widely applied to the fields of army command automation systems, weapon control systems, information processing systems, decision analysis systems, information retrieval systems, office automation systems and the like, and is a system for realizing information transmission and exchange among computers under the support of communication software by interconnecting a plurality of computers with independent functions through communication equipment and transmission media. The computer network is a system in which a plurality of independent computer systems, terminal devices and data devices distributed in a region are connected by communication means for the purpose of sharing resources, and data exchange is performed under the control of a protocol. The fundamental purpose of computer networks is resource sharing, and communication networks are ways to realize network resource sharing;
the rapid development of computer accompanying information technology is widely applied in various industries, and accordingly information safety problems are brought, information stored in a computer cannot be effectively monitored and managed in a storage process, so that illegal information and Trojan information can be easily transmitted, and particularly when important information is stored in the computer, the information safety problems such as information leakage or loss can cause larger loss, so that the information safety supervision of the computer is important;
the application provides a solution to the technical problem.
Disclosure of Invention
In the application, when the information is accessed, the visitor is confirmed by the mode of authenticating the visitor, and the information access request generated by the visitor is relayed, so that the access request directly sent by the visitor does not enter a database, but the information file is accessed in a calling mode of rewriting an equivalent access request by an information security supervision system, thereby avoiding the security problem caused when the access request is accessed to the database, ensuring that the fetched information file corresponds to the access request by the secondary check of the access request and the information file on the way of feeding back the file in the database to the visitor, avoiding the leakage of other information files, and simultaneously, the visitor accesses the information file in a temporary access unit to isolate the information file from the database, thereby ensuring the security of the information stored in the database, solving the problem that the information stored in a computer is likely to leak or be lost and the loss is caused to enterprises or individuals.
The aim of the application can be achieved by the following technical scheme:
the computer information security supervision system comprises an access request unit, an information relay unit, a temporary access unit and an information storage unit, wherein the access request unit is used for confirming the identity of a visitor, generating an information access request after confirming the identity information of the visitor, and sending the information access request to the information relay unit;
the information relay unit is used for analyzing the information access request, regenerating an equivalent access request in a security coding mode and sending the equivalent access request to the information storage unit;
the information storage unit is used for analyzing the equivalent access request, calling the corresponding information file according to the equivalent access request and sending the corresponding information file to the temporary access unit;
the temporary access unit acquires the equivalent access request through the information relay unit, acquires the information file through the information storage unit, and carries out secondary confirmation on the equivalent access request and the information file, if the confirmation is passed, the temporary access unit feeds back an access success signal to the access request, and if the confirmation is not passed, the temporary access unit feeds back an access failure signal to the access request unit and the information relay unit;
and after the access request unit generates an access signal, accessing the access request unit into the temporary access unit, and accessing the information file through the temporary access unit.
As a preferred embodiment of the present application, the access request unit collects the IP address of the visitor and compares the IP address with the common IP address when confirming the identity of the visitor, generates an identity confirmation signal if the IP address of the visitor is identical to the common IP address, and generates an identity abnormality signal if the IP address of the visitor is not identical to the common IP address, and the access request unit sends the information access request to the information relay unit after generating the identity confirmation signal.
As a preferred embodiment of the present application, before the information relay unit obtains the information access request, the information relay unit establishes a virtual operating environment, and receives the information access request into the virtual operating environment, the information relay unit parses the information access request in the virtual operating environment, re-encrypts and encodes the information access request according to the parsing result, generates an equivalent access request having the same file target access address as the information access request, and stores the equivalent access request into the information relay unit, and then the information relay unit thoroughly deletes the virtual operating environment, and re-establishes a new virtual operating environment for next information access request parsing.
As a preferred embodiment of the present application, after the information storage unit obtains the equivalent access request, file retrieval is performed according to the target file access address in the equivalent access request, and an information file is obtained and sent to the temporary access unit;
and after the temporary access unit acquires the information file, re-checking the file and the target file access address in the equivalent access request, generating an access success signal if the source address of the information file is the same as the address information in the equivalent access request, and generating an access failure signal if the source address of the information file is different from the address information in the equivalent access request.
In a preferred embodiment of the present application, the access request unit generates and checks the access failure signal, and the information relay unit re-transmits the equivalent access information to the information storage unit for information file retrieval after transmitting the access failure signal to the information relay unit, and re-transmits the equivalent access information to the temporary access unit for secondary check after the information file is re-transmitted to the temporary access unit, and if the access failure signal is generated again, the access request unit transmits an access failure prompt to the access request unit.
As a preferred embodiment of the present application, the access request unit performs complete deletion of the information file by the temporary access unit after the access of the information file by the temporary access unit is completed.
Compared with the prior art, the application has the beneficial effects that:
in the application, when the information is accessed, the visitor is confirmed by the mode of authenticating the visitor, and the information access request generated by the visitor is relayed, so that the access request directly sent by the visitor does not enter the database, but the information file is accessed in a calling way by the mode of rewriting the equivalent access request by the information security supervision system, thereby avoiding the security problem caused when the access request is accessed to the database.
In the application, the file in the database is fed back to the visitor, the access request and the secondary check of the information file are performed, so that the fetched information file is ensured to correspond to the access request, the leakage of other information files is avoided, and the visitor accesses the information file in the temporary access unit, so that the visitor is isolated from the database, and the safety of the information in the database is ensured.
Drawings
The present application is further described below with reference to the accompanying drawings for the convenience of understanding by those skilled in the art.
Fig. 1 is a system block diagram of the present application.
Detailed Description
The technical solutions of the present application will be clearly and completely described in connection with the embodiments, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Examples:
referring to fig. 1, a computer information security supervision system includes an access request unit, an information relay unit, a temporary access unit and an information storage unit, where the access request unit is used for confirming the identity of a visitor, when the access request unit confirms the identity of the visitor, the access request unit acquires the IP address of the visitor and compares the IP address with a common IP address, if the IP address of the visitor is the same as the common IP address, an identity confirmation signal is generated, if the IP address of the visitor is different from the common IP address, an identity abnormality signal is generated, the access request unit generates an information access request after generating the identity confirmation signal, and sends the information access request to the information relay unit, and after generating the identity abnormality signal, the access request unit prohibits the user from generating the information access request, thereby ensuring information security;
before the information relay unit obtains the information access request, a virtual operation environment is established, wherein the virtual operation environment is isolated from the environment of the information relay unit, so that the information access request is prevented from being damaged or leaked by files of the type such as virus files in the information access request, the information access request is received into the virtual operation environment, the information relay unit analyzes the information access request in the virtual operation environment, obtains a target file address to be accessed by the information access request, re-encrypts and encodes according to the analysis result, generates an equivalent access request with the same file access address as the information access request, stores the equivalent access request in the information relay unit, and then thoroughly deletes the virtual operation environment, so that the information access request sent by the information access unit is thoroughly cleared, the information access request is prevented from containing viruses or Trojan files, and a new virtual operation environment is re-established for next analysis of the information access request;
the information storage unit is used for resolving an equivalent access request, carrying out file retrieval according to a target file access address in the equivalent access request, obtaining an information file, transmitting the corresponding information file to the temporary access unit, wherein the information file is transmitted to the temporary access unit in a copying and transmitting mode, and after the information query value is transmitted to the temporary access unit, the data connection between the information storage unit and the temporary access unit is disconnected, so that the temporary access unit and the information storage unit cannot keep long-time data connection except for the transmission of the information file, and the information safety in the information storage unit is ensured;
the temporary access unit acquires the equivalent access request through the information relay unit, acquires the information file through the information storage unit, and carries out secondary confirmation on the equivalent access request and the information file, if the confirmation is passed, the access success signal is fed back to the access request, and if the confirmation is not passed, the access failure signal is fed back to the access request unit and the information relay unit at the same time, wherein the confirmation steps are as follows:
after the temporary access unit acquires the information file, the file is checked again with the target file access address in the equivalent access request, if the source address of the information file is the same as the address information in the equivalent access request, an access success signal is generated, and if the source address of the information file is different from the address information in the equivalent access request, an access failure signal is generated;
after the access request unit generates an access success signal, the access request unit is accessed to the temporary access unit to access the information file;
the access request unit generates and checks that after sending the access failure signal to the information relay unit, the information relay unit resends the equivalent access information to the information storage unit for information file retrieval, and resends the information file to the temporary access unit for secondary check, if the access failure signal is generated, the access request unit sends an access failure prompt to the access request unit if the access failure signal is generated again, and the access request unit prompts a user, so that the user regenerates the access request information or stops accessing.
After the access request unit generates an access success signal, the access request unit is accessed to the temporary access unit, the temporary access unit accesses the information file, and after the access request unit accesses the information file through the temporary access unit, the temporary access unit thoroughly deletes the information file and the information stored in the temporary access unit, so that information leakage caused by residual Trojan horse virus and other harmful information in the temporary access unit is avoided.
In the application, when the information is accessed, the visitor is confirmed by the mode of authenticating the visitor, the access forbidden mode is directly adopted for the abnormal visitor, the safety of the information storage is ensured, meanwhile, the information access request generated by the visitor is relayed, the access request directly sent by the visitor does not enter the database, the information file is called and accessed by the mode of re-compiling the equivalent access request by the information safety supervision system, the safety problem caused when the access request is accessed to the database is avoided, in addition, the information stored in the database is all high-importance information, the unimportant information related in the common work is not required to be acquired by accessing the information storage unit, thereby reducing the access amount and the workload of the information storage unit, reducing the personnel number capable of accessing the information storage unit, reducing the possibility of damaging or leaking the information file, and ensuring that the fetched information file corresponds to the access request by the way of the information file fed back to the visitor, and the information file is checked for the second time by the access request, and the information file is prevented from leaking, and the information file is isolated from the information storage unit in the database when the temporary visitor accesses the information storage unit.
The preferred embodiments of the application disclosed above are intended only to assist in the explanation of the application. The preferred embodiments are not intended to be exhaustive or to limit the application to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the application and the practical application, to thereby enable others skilled in the art to best understand and utilize the application. The application is limited only by the claims and the full scope and equivalents thereof.
Claims (4)
1. The computer information security supervision system is characterized by comprising an access request unit, an information relay unit, a temporary access unit and an information storage unit, wherein the access request unit is used for confirming the identity of a visitor, generating an information access request after confirming the identity information of the visitor, and sending the information access request to the information relay unit;
the information relay unit is used for analyzing the information access request and regenerating an equivalent access request in a safe coding mode, before the information relay unit acquires the information access request, a virtual operation environment is established, the information access request is received into the virtual operation environment, the information relay unit analyzes the information access request in the virtual operation environment, the information relay unit carries out encryption coding again according to the analysis result, generates the equivalent access request with the same target file access address as the information access request, stores the equivalent access request into the information relay unit, and then the information relay unit thoroughly deletes the virtual operation environment and reestablishes a new virtual operation environment for the next analysis of the information access request;
the information storage unit is used for analyzing the equivalent access request, calling the corresponding information file according to the equivalent access request and sending the corresponding information file to the temporary access unit;
the temporary access unit acquires the equivalent access request through the information relay unit, acquires the information file through the information storage unit, and carries out secondary confirmation on the equivalent access request and the information file, if the confirmation is passed, the temporary access unit feeds back an access success signal to the access request, and if the confirmation is not passed, the temporary access unit feeds back an access failure signal to the access request unit and the information relay unit;
after the access request unit generates an access signal, the access request unit is accessed to the temporary access unit, and the information file is accessed through the temporary access unit;
after the information storage unit acquires the equivalent access request, file retrieval is carried out according to the target file access address in the equivalent access request, an information file is acquired, and the information file is sent to the temporary access unit;
and after the temporary access unit acquires the information file, re-checking the file and the target file access address in the equivalent access request, generating an access success signal if the source address of the information file is the same as the address information in the equivalent access request, and generating an access failure signal if the source address of the information file is different from the address information in the equivalent access request.
2. The system according to claim 1, wherein the access request unit collects the IP address of the visitor and compares the IP address with the common IP address when confirming the identity of the visitor, generates an identity confirmation signal if the IP address of the visitor is identical to the common IP address, generates an identity abnormality signal if the IP address of the visitor is not identical to the common IP address, and transmits the information access request to the information relay unit after generating the identity confirmation signal.
3. The system according to claim 1, wherein the access request unit generates and checks that after the access failure signal is sent to the information relay unit, the information relay unit resends the equivalent access information to the information storage unit for information file retrieval, and resends the information file to the temporary access unit for secondary check, and if the access success signal is generated, the access of the information file is performed, and if the access failure signal is generated again, an access failure reminder is sent to the access request unit.
4. The system according to claim 1, wherein the access request unit completely deletes the information file after the access to the information file by the temporary access unit is completed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310656247.8A CN116579019B (en) | 2023-06-05 | 2023-06-05 | Computer information safety supervision system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310656247.8A CN116579019B (en) | 2023-06-05 | 2023-06-05 | Computer information safety supervision system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116579019A CN116579019A (en) | 2023-08-11 |
| CN116579019B true CN116579019B (en) | 2023-11-17 |
Family
ID=87534064
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310656247.8A Active CN116579019B (en) | 2023-06-05 | 2023-06-05 | Computer information safety supervision system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116579019B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117113411B (en) * | 2023-09-11 | 2024-03-08 | 北京发祥地科技发展有限责任公司 | Internet of things data processing technology based on artificial intelligence |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6968385B1 (en) * | 2000-12-22 | 2005-11-22 | Bellsouth Intellectual Property | Systems and methods for limiting web site access |
| CN109005161A (en) * | 2018-07-18 | 2018-12-14 | 安徽云图信息技术有限公司 | A kind of data safety monitoring system and its access monitoring method |
| CN113709162A (en) * | 2021-08-30 | 2021-11-26 | 康键信息技术(深圳)有限公司 | Method, device and equipment for acquiring intranet data and storage medium |
| CN115017480A (en) * | 2022-05-31 | 2022-09-06 | 山东云锦成智能科技有限公司 | Computer safety protection management and control system based on intelligent control |
| CN115470493A (en) * | 2022-06-24 | 2022-12-13 | 徐昊 | Information security risk assessment system of industrial control system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8667170B2 (en) * | 2004-04-14 | 2014-03-04 | Nippon Telegraph And Telephone Corporation | Address conversion method, access control method, and device using these methods |
-
2023
- 2023-06-05 CN CN202310656247.8A patent/CN116579019B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6968385B1 (en) * | 2000-12-22 | 2005-11-22 | Bellsouth Intellectual Property | Systems and methods for limiting web site access |
| CN109005161A (en) * | 2018-07-18 | 2018-12-14 | 安徽云图信息技术有限公司 | A kind of data safety monitoring system and its access monitoring method |
| CN113709162A (en) * | 2021-08-30 | 2021-11-26 | 康键信息技术(深圳)有限公司 | Method, device and equipment for acquiring intranet data and storage medium |
| CN115017480A (en) * | 2022-05-31 | 2022-09-06 | 山东云锦成智能科技有限公司 | Computer safety protection management and control system based on intelligent control |
| CN115470493A (en) * | 2022-06-24 | 2022-12-13 | 徐昊 | Information security risk assessment system of industrial control system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116579019A (en) | 2023-08-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116579019B (en) | Computer information safety supervision system | |
| CN102404326B (en) | Method, system and device for validating safety of messages | |
| CN112995233B (en) | RSSP-II protocol secure connection establishment method and system | |
| CN110557318B (en) | Method for realizing safe remote operation of IOT equipment | |
| CN109391694B (en) | SFTP-based file transmission method and related equipment | |
| CN113360475B (en) | Data operation and maintenance method, device and equipment based on intranet terminal and storage medium | |
| CN114257413B (en) | Reaction blocking method and device based on application container engine and computer equipment | |
| CN109241730B (en) | Container risk defense method, device, equipment and readable storage medium | |
| CN114143066A (en) | Intranet and extranet docking system and method based on agent isolation device | |
| CN110177100B (en) | Data communication protocol of security equipment for cooperative network defense | |
| CN111669371A (en) | Network attack restoration system and method suitable for power network | |
| CN113111005A (en) | Application program testing method and device | |
| CN103034811A (en) | File processing method and system and device | |
| CN112153055A (en) | Authentication method and device, computing equipment and medium | |
| CN111221764B (en) | Cross-link data transmission method and system | |
| CN111131152B (en) | Automatic verification method and system for cross-platform remote login protection system | |
| CN104618313A (en) | System and method for security management | |
| CN110933018B (en) | Network authentication method, device and computer storage medium | |
| CN105553720A (en) | Client and system with trusted operating environments | |
| CN108848156B (en) | Access gateway processing method, device and storage medium | |
| CN111708515A (en) | Data processing method based on distributed shared micromodule and salary grade integrating system | |
| CN110808943A (en) | Client connection emergency management method, client and computer readable storage medium | |
| CN114980103A (en) | Host behavior monitoring method and device based on block chain | |
| KR102221018B1 (en) | Relay system and method for deling with fault of secure session for DB connection | |
| CN114707128A (en) | Database access method, related device, storage medium and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Computer Information Security Supervision System Granted publication date: 20231117 Pledgee: Dongying rural commercial bank Limited by Share Ltd. Dongcheng sub branch Pledgor: Shandong Taihang Information Technology Co.,Ltd. Registration number: Y2024980003193 |