CN117040741A - Method and device for safely transmitting data based on FTTR networking mode - Google Patents
Method and device for safely transmitting data based on FTTR networking mode Download PDFInfo
- Publication number
- CN117040741A CN117040741A CN202311134959.XA CN202311134959A CN117040741A CN 117040741 A CN117040741 A CN 117040741A CN 202311134959 A CN202311134959 A CN 202311134959A CN 117040741 A CN117040741 A CN 117040741A
- Authority
- CN
- China
- Prior art keywords
- user
- fttr
- data
- access
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006855 networking Effects 0.000 title claims abstract description 43
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000005540 biological transmission Effects 0.000 claims abstract description 48
- 238000012544 monitoring process Methods 0.000 claims abstract description 42
- 238000012550 audit Methods 0.000 claims abstract description 29
- 230000003287 optical effect Effects 0.000 claims abstract description 29
- 238000007726 management method Methods 0.000 claims abstract description 17
- 230000007246 mechanism Effects 0.000 claims abstract description 15
- 238000012795 verification Methods 0.000 claims abstract description 14
- 230000004044 response Effects 0.000 claims abstract description 13
- 241000282326 Felis catus Species 0.000 claims description 19
- 230000002159 abnormal effect Effects 0.000 claims description 18
- 230000006870 function Effects 0.000 claims description 18
- 230000000694 effects Effects 0.000 claims description 14
- 238000004458 analytical method Methods 0.000 claims description 13
- 238000005516 engineering process Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 10
- 238000011835 investigation Methods 0.000 claims description 8
- 238000013475 authorization Methods 0.000 claims description 6
- 238000012546 transfer Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 3
- 230000000737 periodic effect Effects 0.000 claims description 3
- 230000009471 action Effects 0.000 claims description 2
- 238000011217 control strategy Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 10
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 5
- 239000000835 fiber Substances 0.000 description 5
- 239000013307 optical fiber Substances 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 238000005206 flow analysis Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000010921 in-depth analysis Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000010223 real-time analysis Methods 0.000 description 1
- 238000005316 response function Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Optics & Photonics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to the technical field of internet communication security, in particular to a method and a device for safely transmitting data based on an FTTR networking mode, wherein the method comprises the following steps: quantum encrypting data on an optical link; access control and authority management strictly to user identity information; monitoring and analyzing the FTTR networking in real time by using an intelligent monitoring mechanism; the application ensures the safety of data transmission in the FTTR network by using a series of technical means such as quantum encryption, user identity verification and authority management, intelligent monitoring mechanism, record audit and the like, and effectively improves the safety of data transmission and the user privacy protection level aiming at the characteristics of the FTTR networking mode by introducing innovative safety technical means, and simultaneously enhances the monitoring and response capability, thereby providing a beneficial solution to the data safety problem in the communication field.
Description
Technical Field
The application relates to the technical field of internet communication security, in particular to a method and a device for safely transmitting data based on an FTTR networking mode.
Background
In the field of modern communications, optical fiber has become one of the primary ways of high-speed internet access, one common implementation being FTTR networks, which refers to the transmission of optical fiber signals to remote sites or devices for high-speed data transmission and communication connections. The FTTR network transmits optical fiber signals to a cell or a building, and distributes the signals to different users through a distribution box, so that high-speed data transmission and internet access are realized.
However, while FTTR networks perform well in providing high-speed connections, the security of their data transmissions remains a critical issue. Due to the special architecture of FTTR networks, there may be a risk of data interception, theft or tampering, thereby affecting the privacy and data integrity of the user.
Disclosure of Invention
Aiming at the technical problems in the prior art, the application provides a method and a device for safely transmitting data based on an FTTR networking mode, which are used for solving the problem that the FTTR network possibly has risks of interception, theft or tampering of the data.
The technical scheme for solving the technical problems is as follows:
the method for safely transmitting the data based on the FTTR networking mode comprises the following steps:
quantum encrypting data on an optical link;
access control and authority management strictly to user identity information;
monitoring and analyzing the FTTR networking in real time by using an intelligent monitoring mechanism;
and recording access activities of the auditing users by using the FTTR networking.
Further, the quantum encryption includes the steps of:
key distribution: at the starting point of the optical link, a trusted network service provider is responsible for generating and distributing quantum keys to each optical modem, and the key distribution process is realized by using a quantum key distribution system so as to ensure the security and privacy of the keys;
and (3) data transmission: once the quantum key is distributed on the optical link, data transmission between the optical cats is started, the optical cats of the sender encrypt the data by using a public key, and the encrypted data is transmitted to the optical cats of the receiver through the optical link;
data encryption: in the optical link, the data is encrypted by using a symmetric encryption algorithm, and confidentiality in the data transmission process is ensured by adopting a strong cryptography algorithm and a security key management;
decryption: and decrypting the received encrypted data by the light cat of the receiver by using the private key of the receiver, and restoring the original data.
Further, the access control and rights management comprises the steps of:
user authentication: a process of validating the identity of the user to ensure that only authorized users can access the FTTR network, including two-factor authentication;
encrypted storage and transmission of user identity information: the identity information of the user is encrypted and stored by using a strong cryptography algorithm, so that the personal information of the user can be protected from unauthorized access even under the condition of data leakage;
user access rights control: and carrying out careful authorization management on the user, limiting the user to access specific resources and functions, and implementing a fine-grained access right control strategy in the FTTR networking.
Further, the two-factor authentication includes the steps of:
the user requests access: when a user wishes to access the FTTR network, identity information needs to be provided;
first factor verification: the identity information provided by the user is used as a first factor for verification and is used for verifying credentials known by the user;
second factor authentication: once the first factor verifies, the system will require the user to provide a second factor, the light cat as part of the second factor authentication, which is the OTP;
OTP input and verification the OTP obtained from the light cat is input into the system, which will verify if the OTP input by the user matches the expected OTP, if matching is successful, the user is authenticated by a second factor,
access control authorization: once a user is authenticated by two factors, the system will grant it the appropriate access rights, allowing it to access specific resources and functions in the FTTR network.
Further, the intelligent monitoring mechanism comprises the following steps:
intelligent monitoring camera shooting: monitoring key areas and equipment in the FTTR networking in real time, and capturing abnormal activities and potential security threats;
network traffic analysis: by monitoring and analyzing the network traffic, potential security vulnerabilities and abnormal activities can be identified;
real-time alert and event response: upon detection of abnormal activity or potential security threats, the system will immediately alert the relevant personnel, while the system will automatically take preset responsive action.
Further, the recording audit includes the steps of:
logging: the system can record the access activities and data transmission events of the user in a log file, wherein the log file comprises a time stamp, a user identifier, accessed resources and operation types, and is used for subsequent audit analysis and investigation of security events;
audit report: the system generates periodic audit reports that aggregate user access activity and data transfer events, providing statistical data and trend analysis regarding user access behavior to aid in the discovery of potential security issues and abnormal behavior.
Further, the logging comprises the steps of:
error log: recording errors and abnormal conditions during the operation of the system, wherein the error log can provide information about fault reasons and solutions;
warning log: recording warning information such as unauthorized access attempts and abnormal data transmission in the running process of the system, wherein the warning log can help to discover potential safety problems in time;
security event log: recording security events occurring in the system, such as intrusion attempts, malware attacks, the security event log may provide detailed information about the security event, facilitating investigation and response of the security event.
An apparatus for securely transmitting data based on FTTR networking is provided, the apparatus comprising:
the quantum encryption technology application module is used for carrying out quantum encryption on data on an optical link;
the user privacy protection module is used for strictly controlling access and managing authority of the user identity information;
the intelligent monitoring module is used for monitoring and analyzing the FTTR networking in real time;
the audit and log recording module is used for recording the access activity of the audit user;
memory for storing a computer program, and a processor for executing the computer program to implement the FTTR networking mode-based data secure transmission method according to any one of claims 1 to 7.
The beneficial effects of the application are as follows:
the application guarantees the security of data transmission in the FTTR network by using a series of technical means such as quantum encryption, user identity verification and authority management, intelligent monitoring mechanism, record audit and the like, and effectively improves the security of data transmission and the protection level of user privacy aiming at the characteristics of the FTTR networking mode by introducing innovative security technical means, and simultaneously enhances the monitoring and response capability, thereby providing a beneficial solution to the data security problem in the communication field, and the specific effects are as follows:
and (3) improving data security: while the traditional FTTR network may face the risk of data interception, theft or tampering, the application ensures confidentiality in the data transmission process by introducing the quantum encryption technology, and the characteristic of quantum encryption makes the data unable to be illegally stolen or cracked, thereby effectively improving the security of the data.
User privacy protection: through strict user identity verification, encryption storage and transmission of user identity information and fine-grained access right control, the application protects the privacy of users, and the two-factor authentication and encryption storage technology ensures that only authorized users can access the FTTR network, and can also protect personal information of the users from unauthorized access even under the condition of data leakage.
Real-time monitoring and response: through the intelligent monitoring mechanism, the system can monitor key areas and equipment in the FTTR networking in real time, identify abnormal activities and security threats, and once the abnormal activities are found, the system can immediately give an alarm and take preset response measures, so that potential security problems can be rapidly handled, and damage is prevented from being further expanded.
Audit and traceability capability: the logging audit module and logging technique allows the system to record user access activity and data transfer events, and this audit and traceability helps analyze user behavior, detect potential security issues, and provide detailed event information when security events occur, helping to investigate and respond.
Comprehensive safety scheme: the application provides a comprehensive data security transmission solution, which covers the aspects of quantum encryption, identity verification, authority management, real-time monitoring, record audit and the like, thereby constructing a multi-layer security system and providing comprehensive guarantee for the security of the FTTR network.
Drawings
FIG. 1 is a schematic diagram of a functional module networking of the present application;
FIG. 2 is a schematic diagram of a quantum cryptography processing logic of the present application;
FIG. 3 is a schematic diagram of a user privacy preserving module processing logic of the present application;
FIG. 4 is a schematic diagram of the processing logic of the intelligent detection module according to the present application;
FIG. 5 is a schematic diagram of the audit and logging module processing logic of the present application;
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. Examples of the embodiments are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements throughout or elements having like or similar functionality. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the application. Furthermore, it should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the present application.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more of the described features. In the description of the present application, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
In order to facilitate understanding of the embodiments of the present application, first, related concepts and technologies related to the embodiments of the present application will be briefly described.
FTTR networking, which is divided into two common implementations, namely fiber-to-cell/building (Fiber to the Building/Home, FTTB/FTTH for short), is a modern communication network architecture, mainly used for high-speed data transmission and internet access, which is based on fiber technology, and aims to transmit fiber signals to a cell, building or Home where a user is located, so as to provide high-speed and stable communication connection, in FTTB, the fiber signals are transmitted to a distribution box in the building and then distributed to different users through a local area network, while in FTTH, the fiber signals extend all the way to the user's Home, providing more direct high-speed access.
A quantum key distribution system, quantum key distribution (Quantum Key Distribution, QKD for short), which uses quantum mechanical properties to ensure communication security, and enables two parties of communication to generate and share a random, secure key to encrypt and decrypt messages; 2023, 5 months, chinese scientists realized 1002 km point-to-point remote quantum key distribution in optical fibers, creating a world record of the optical fiber unrepeatered quantum key distribution distance.
OTP, one-Time Password (OTP) is a form of Password used for authentication and secure access control. The method is a temporary password which is only effective in one verification process and is used for improving the security of the user account.
The present application provides the following preferred embodiments:
referring to fig. 1 to 5, the application provides a method and a device for data transmission security based on FTTR networking, and the method comprises an encryption technology application module, a user privacy protection module, an intelligent monitoring module, an audit and log recording module, which are used for protecting the data transmission security in the FTTR networking.
The embodiment provides a method for data transmission security based on an FTTR networking mode, which ensures confidentiality, integrity and reliability of data transmission in an FTTR network. The following describes the steps and technical details of the implementation of the method.
Quantum encryption technology application module
In order to protect the confidentiality and integrity of data transmissions, the present application introduces advanced encryption techniques. This includes quantum encrypting data over an optical link and symmetric encrypting the data using a strong cryptographic algorithm. Secure generation, distribution and management of keys is ensured by a quantum key distribution system (QKD) and a secure key management mechanism.
Key distribution: at the start of an optical link, it is typically the responsibility of a trusted entity (e.g., a network service provider) to generate and distribute quantum keys to individual cats. This process can be implemented using a quantum key distribution system (QKD) to ensure the security and privacy of the keys.
And (3) data transmission: once the quantum key distribution over the optical link is complete, data transmission between the optical cats can begin. The sender's optical modem encrypts data using the public key and transmits the encrypted data over the optical link to the receiver's optical modem.
Data encryption: in an optical link, data is encrypted using a symmetric encryption algorithm. And a strong cryptography algorithm and a secure key management are adopted to ensure confidentiality in the data transmission process.
Decryption: and decrypting the received encrypted data by the light cat of the receiver by using the private key of the receiver, and recovering the original data.
Second, user privacy protection module
In order to protect user privacy, the application provides a set of privacy protection mechanisms. This includes encrypted storage and transmission of user identity information, as well as strict access control and rights management. Only authorized users can access sensitive data and resources, and the security of user privacy is ensured.
1. User authentication
Authentication is the process of validating the identity of a user to ensure that only authorized users can access the FTTR network. The present application suggests the use of a strict authentication mechanism, including two-factor authentication. A two-factor authentication method requires a user to provide two or more different types of verification factors to confirm their identity. The following are the detailed steps of implementing two-factor authentication in FTTR networking:
the user requests access: when a user wishes to access the FTTR network, they need to provide identity information, such as, but not limited to, a user name and password.
First factor verification: the user name and password provided by the user will be authenticated as the first factor. This is a traditional authentication means for authenticating credentials known to a user.
Once the first factor is verified, the system will require the user to provide a second factor. In FTTR networking, a common second factor is one-time passcode (OTP).
Second factor authentication (light cat authentication):
in FTTR networking, the light cat may be authenticated as part of the second factor. The light cat may have certain intelligent functions, such as supporting one-time passcode (OTP) generation or reception. The user may generate or receive the OTP through a specific button or interface on the light cat.
OTP input and verification:
the user inputs the OTP obtained from the photo cat into the system. The system will verify whether the OTP entered by the user matches the expected one-time passcode. If the match is successful, the user is authenticated by the second factor.
Access control authorization:
once the user is authenticated by the two-factor, the system will grant it the appropriate access rights, allowing it to access specific resources and functions in the FTTR network.
Through the steps, the FTTR networking can realize the two-factor authentication. The user needs to provide a user name and password (first factor) and then generate a one-time passcode (second factor) using an authentication application on the handset. Only after both factors are authenticated can the user successfully access the FTTR network. This provides a higher level of security against unauthorized users accessing the network.
2. User identity information encryption storage and transmission
In order to protect the identity information of the user, the mechanism adopts an encryption technology to store and transmit the identity information of the user. The identity information of the user, such as a user name, a password, personal data and the like, is stored in an encrypted manner by using a strong cryptography algorithm, so that the personal information of the user can be protected from unauthorized access even under the condition of data leakage.
3. User access rights control
Access rights control refers to the careful authorization management of a user, restricting access to specific resources and functions. In FTTR networking, fine-grained access rights control policies may be implemented. This means that different users and groups of users are distinguished and each user is assigned the appropriate access rights. For example, an administrator may have a higher level of rights, may access and manage all resources and functions, and an average user may only access his particular room or resource.
Fine-grained access rights control may be implemented through the use of Access Control Lists (ACLs) or role-based access control (RBACs) mechanisms, among others. ACLs allow an administrator to define specific access rules for each user or group of users to control the resources and functions that they can access. RBAC authorizes based on user roles, assigns users to different roles, and assigns corresponding rights to each role.
With strict authentication and fine-grained access rights control, FTTR networking may ensure that only authorized users can access the network, and that each user can only access its specific resources and functions. This provides a higher level of security and privacy protection.
Third, intelligent monitoring module
The application proposes to use an intelligent monitoring mechanism to monitor and analyze the FTTR network in real time. Through intelligent monitoring cameras and network flow analysis, potential security threats can be found and dealt with in time. The intelligent monitoring system can also provide real-time alarm and event response to ensure the security of the network.
1. Intelligent monitoring camera
The intelligent monitoring camera is one of core components of the intelligent monitoring technology. These cameras have high definition, wide angle field of view and remote monitoring functions. They can monitor critical areas and devices in FTTR networks in real time, capturing abnormal activity and potential security threats. The intelligent monitoring camera can be further provided with motion detection and face recognition functions so as to improve the accuracy and efficiency of monitoring.
2. Network traffic analysis
Intelligent monitoring techniques also include real-time analysis of network traffic. Through monitoring and analysis of network traffic, potential security vulnerabilities and abnormal activities may be identified. Network traffic analysis may help detect network security threats such as DDoS attacks, port scanning, malicious code propagation, etc. Through in-depth analysis of network traffic, potential security issues can be discovered and addressed in advance.
3. Real-time alert and event response
The intelligent monitoring system may provide real-time alarm and event response functions. Upon detection of abnormal activity or potential security threats, the system will immediately alert the relevant personnel. Meanwhile, the system can automatically take preset response measures, such as preventing malicious IP addresses, isolating infected equipment and the like, so as to ensure the security of the network.
By comprehensively applying the intelligent monitoring camera and the network flow analysis, the intelligent monitoring technology can realize real-time monitoring and analysis of the FTTR network. Thus, potential security threats can be found and dealt with in time, and the security and reliability of the network are improved.
Fourth, audit and log recording module
In order to monitor and track access rights usage, the FTTR network should record and audit the access activity of the user. These log records can be used to detect potential security problems or violations and provide evidence for investigation and response.
1. Audit function
The audit function is used to record the access activity, data transfer log and security events of the user for security audit and investigation. It can track and record user access to the system, time of data transmission, source and destination, etc. The auditing function may be implemented by:
recording a log: the system may record the user's access activity and data transfer events in a log file. The log file may contain information such as a time stamp, user identification, resources accessed, type of operation, etc. These log files may be used for subsequent audit analysis and investigation of security events.
Audit report: the system may generate periodic audit reports summarizing the user's access activity and data transfer events. Audit reports may provide statistical data and trend analysis regarding user access behavior to help discover potential security issues and abnormal behavior.
2. Log recording function
The logging function is used to record the operational status, abnormal events and security events of the system to aid in the analysis and resolution of the problem. It can record error log, warning log and safety event log of system. The logging function may be implemented by:
error log: and recording errors and abnormal conditions in the running process of the system, such as network connection failure, data transmission errors and the like. The error log may provide information about the cause and solution of the fault.
Warning log: warning information during the operation of the system, such as unauthorized access attempts, abnormal data transmission behavior, etc., is recorded. The alert log may help discover potential security issues in a timely manner.
Security event log: security events occurring in the system, such as intrusion attempts, malware attacks, etc., are recorded. The security event log may provide detailed information about the security event, facilitating investigation and response of the security event.
By integrating the safety measures, the application provides a mechanism for data transmission safety based on an FTTR networking mode, and data transmission and user privacy are protected. The advantage of this approach is that the introduction of quantum cryptography and multi-level security control provides a higher level of protection and defense.
The foregoing description of the preferred embodiments of the application is not intended to limit the application, but rather to enable any modification, equivalent replacement, improvement or the like to be made within the spirit and principles of the application.
Claims (8)
1. A data security transmission method based on FTTR networking mode includes the following steps:
quantum encrypting data on an optical link;
access control and authority management strictly to user identity information;
monitoring and analyzing the FTTR networking in real time by using an intelligent monitoring mechanism;
and recording access activities of the auditing users by using the FTTR networking.
2. The FTTR networking mode-based data security transmission method of claim 1, wherein the quantum encryption comprises the steps of:
key distribution: at the starting point of the optical link, a trusted network service provider is responsible for generating and distributing quantum keys to each optical modem, and the key distribution process is realized by using a quantum key distribution system so as to ensure the security and privacy of the keys;
and (3) data transmission: once the quantum key is distributed on the optical link, data transmission between the optical cats is started, the optical cats of the sender encrypt the data by using a public key, and the encrypted data is transmitted to the optical cats of the receiver through the optical link;
data encryption: in the optical link, the data is encrypted by using a symmetric encryption algorithm, and confidentiality in the data transmission process is ensured by adopting a strong cryptography algorithm and a security key management;
decryption: and decrypting the received encrypted data by the light cat of the receiver by using the private key of the receiver, and restoring the original data.
3. The FTTR networking mode-based data security transmission method of claim 1, wherein the access control and rights management comprises the steps of:
user authentication: a process of validating the identity of the user to ensure that only authorized users can access the FTTR network, including two-factor authentication;
encrypted storage and transmission of user identity information: the identity information of the user is encrypted and stored by using a strong cryptography algorithm, so that the personal information of the user can be protected from unauthorized access even under the condition of data leakage;
user access rights control: and carrying out careful authorization management on the user, limiting the user to access specific resources and functions, and implementing a fine-grained access right control strategy in the FTTR networking.
4. The FTTR networking mode-based data security transmission method of claim 3, wherein the two-factor authentication comprises the steps of:
the user requests access: when a user wishes to access the FTTR network, identity information needs to be provided;
first factor verification: the identity information provided by the user is used as a first factor for verification and is used for verifying credentials known by the user;
second factor authentication: once the first factor verifies, the system will require the user to provide a second factor, the light cat as part of the second factor authentication, which is the OTP;
OTP input and verification the OTP obtained from the light cat is input into the system, which will verify if the OTP input by the user matches the expected OTP, if matching is successful, the user is authenticated by a second factor,
access control authorization: once a user is authenticated by two factors, the system will grant it the appropriate access rights, allowing it to access specific resources and functions in the FTTR network.
5. The FTTR networking mode-based data security transmission method of claim 1, wherein the intelligent monitoring mechanism comprises the steps of:
intelligent monitoring camera shooting: monitoring key areas and equipment in the FTTR networking in real time, and capturing abnormal activities and potential security threats;
network traffic analysis: by monitoring and analyzing the network traffic, potential security vulnerabilities and abnormal activities can be identified;
real-time alert and event response: upon detection of abnormal activity or potential security threats, the system will immediately alert the relevant personnel, while the system will automatically take preset responsive action.
6. The FTTR networking mode-based data security transmission method of claim 1, wherein the recording audit comprises the steps of:
logging: the system can record the access activities and data transmission events of the user in a log file, wherein the log file comprises a time stamp, a user identifier, accessed resources and operation types, and is used for subsequent audit analysis and investigation of security events;
audit report: the system generates periodic audit reports that aggregate user access activity and data transfer events, providing statistical data and trend analysis regarding user access behavior to aid in the discovery of potential security issues and abnormal behavior.
7. The FTTR networking mode-based data security transmission method of claim 6, wherein the log record comprises the steps of:
error log: recording errors and abnormal conditions during the operation of the system, wherein the error log can provide information about fault reasons and solutions;
warning log: recording warning information such as unauthorized access attempts and abnormal data transmission in the running process of the system, wherein the warning log can help to discover potential safety problems in time;
security event log: recording security events occurring in the system, such as intrusion attempts, malware attacks, the security event log may provide detailed information about the security event, facilitating investigation and response of the security event.
8. An apparatus for securely transmitting data based on FTTR networking, the apparatus comprising:
the quantum encryption technology application module is used for carrying out quantum encryption on data on an optical link;
the user privacy protection module is used for strictly controlling access and managing authority of the user identity information;
the intelligent monitoring module is used for monitoring and analyzing the FTTR networking in real time;
the audit and log recording module is used for recording the access activity of the audit user;
memory for storing a computer program, and a processor for executing the computer program to implement the FTTR networking mode-based data secure transmission method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311134959.XA CN117040741A (en) | 2023-09-05 | 2023-09-05 | Method and device for safely transmitting data based on FTTR networking mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311134959.XA CN117040741A (en) | 2023-09-05 | 2023-09-05 | Method and device for safely transmitting data based on FTTR networking mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117040741A true CN117040741A (en) | 2023-11-10 |
Family
ID=88624610
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311134959.XA Pending CN117040741A (en) | 2023-09-05 | 2023-09-05 | Method and device for safely transmitting data based on FTTR networking mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117040741A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117478423A (en) * | 2023-11-30 | 2024-01-30 | 东方物通科技(北京)有限公司 | Data security communication system and method |
| CN117831247A (en) * | 2024-03-04 | 2024-04-05 | 四川天邑康和通信股份有限公司 | Household security monitoring method, system, medium and equipment based on FTTR |
-
2023
- 2023-09-05 CN CN202311134959.XA patent/CN117040741A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117478423A (en) * | 2023-11-30 | 2024-01-30 | 东方物通科技(北京)有限公司 | Data security communication system and method |
| CN117478423B (en) * | 2023-11-30 | 2024-05-03 | 东方物通科技(北京)有限公司 | Data security communication system and method |
| CN117831247A (en) * | 2024-03-04 | 2024-04-05 | 四川天邑康和通信股份有限公司 | Household security monitoring method, system, medium and equipment based on FTTR |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
| Yu et al. | A view about cloud data security from data life cycle | |
| CN109361668A (en) | A kind of data trusted transmission method | |
| CN108600236A (en) | Video surveillance network intelligent information safety integrated management system | |
| US20080276309A1 (en) | System and Method for Securing Software Applications | |
| CN117040741A (en) | Method and device for safely transmitting data based on FTTR networking mode | |
| US7278023B1 (en) | System and method for distributed network acess and control enabling high availability, security and survivability | |
| CN103701792A (en) | Credibility authorization method, system, credibility security management center and server | |
| Rani et al. | Cyber security techniques, architectures, and design | |
| CN109936555A (en) | A kind of date storage method based on cloud platform, apparatus and system | |
| CN114584343A (en) | Data protection method and system for cloud computing center and readable storage medium | |
| CN117061556B (en) | Remote operation and maintenance safety protection device for power monitoring system | |
| KR101042234B1 (en) | Method for protecting from unauthorized reading a classified digital document using location authentication in client document protection program | |
| CN113365277A (en) | Wireless network safety protection system | |
| Sadavarte et al. | Data security and integrity in cloud computing: Threats and Solutions | |
| CN106685912A (en) | Secure access method of application system | |
| CN109600397A (en) | A kind of network security monitoring and managing method | |
| CN111683042A (en) | Power grid data safety communication transmission system and method | |
| KR100782695B1 (en) | Device of security and authentication for remote access to process control system and method of the same | |
| Udaykumar | A Study on Network Threats, Attacks & Security Measures | |
| CN114666079B (en) | Industrial control system access control method based on attribute certificate | |
| Shadmanov et al. | Summarization of various security aspects and attacks in distributed systems: A review | |
| Sakon et al. | Simple Cryptographic Key Management Scheme of the Electronic Control Unit in the Lifecycle of a Vehicle | |
| KR102160453B1 (en) | Protection system and method of electric power systems | |
| CN116866920A (en) | Network environment arrangement method and system based on personal wifi |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |