CN212969708U - Campus network safety protection system - Google Patents
Campus network safety protection system Download PDFInfo
- Publication number
- CN212969708U CN212969708U CN202021673015.1U CN202021673015U CN212969708U CN 212969708 U CN212969708 U CN 212969708U CN 202021673015 U CN202021673015 U CN 202021673015U CN 212969708 U CN212969708 U CN 212969708U
- Authority
- CN
- China
- Prior art keywords
- unit
- data
- encryption
- identity authentication
- campus network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The utility model discloses a campus network safety protection system, including data acquisition device, data processing apparatus and network server, data acquisition device includes acquisition unit, first identity authentication unit, encryption unit and transmission unit, acquisition unit with first identity authentication unit connects, and first identity authentication unit is connected with encryption unit, and encryption unit is connected with transmission unit, and data processing apparatus includes the processing unit who is connected with transmission unit, second identity authentication unit and encapsulation unit, and second identity authentication unit, encapsulation unit all are connected with processing unit, and network server includes special storage unit and public storage unit, and special storage unit is connected with processing unit, and public storage unit is connected with encapsulation unit. The campus network data protection method has the advantages that the campus network data layer-by-layer protection is improved, lawless persons are prevented from being stolen, the data safety of the campus network is effectively protected, the operation is simple and convenient, and the safety protection requirements of data transmission and storage of the campus network are met.
Description
Technical Field
The utility model relates to a data security transmission's technical field, concretely relates to campus net safety protection system.
Background
At present, a campus network of a higher-vocational college is convenient for teachers and students to acquire relevant information inside and outside the campus, study relevant specialties, course knowledge, mutual communication, exchange and the like, but the attack of the campus network of the higher-vocational college is a frequent occurrence, which causes sensitive information, important data and the like of the higher-vocational college to be leaked, even causes the campus network to be in a paralyzed state, the network security protection of the campus network generally adopts antivirus software, monitoring software and the like to prevent virus invasion, but the existing defense software such as the antivirus software cannot solve the condition that an attacker attacks legal software, so that data encryption is particularly important. The traditional data encryption has defects, the encrypted data is required to have high confidentiality, the internal information is protected from being read or rewritten by an attacker (such as the analysis behavior of confidential information), hidden dangers of identity cheating among devices, data tampering and the like exist, and the security of data on the campus network is difficult to guarantee.
SUMMERY OF THE UTILITY MODEL
In view of this, the present invention aims to solve the above problems and provide a campus network security protection system that can ensure credibility, integrity and no tampering of transmitted data through identification technology, data encryption technology and data encapsulation technology, and further can realize high security data transmission.
The utility model discloses a following technical scheme realizes:
a campus network safety protection system comprises a data acquisition device, a data processing device and a network server;
the data acquisition device comprises an acquisition unit, a first identity authentication unit, an encryption unit and a transmission unit, wherein the acquisition unit is connected with the first identity authentication unit, the first identity authentication unit is connected with the encryption unit, and the encryption unit is connected with the transmission unit;
the data processing device comprises a processing unit, a second identity authentication unit and an encapsulation unit which are connected with the transmission unit, wherein the second identity authentication unit and the encapsulation unit are both connected with the processing unit;
the network server comprises a special storage unit and a public storage unit, the special storage unit is connected with the processing unit, and the public storage unit is connected with the packaging unit.
As a further improvement of the technical scheme, the data acquisition device and the data processing device are both provided with antimagnetic shells.
As a further improvement of the above technical solution, the first identity authentication unit includes a keyboard and a display screen, and the display screen is used for displaying the verification code information input by the keyboard.
As a further improvement of the above technical solution, the second identity authentication unit includes a fingerprint module and a self-locking module, the fingerprint module is connected to the self-locking module, and the number of times of verification of the fingerprint module is set to three.
As a further improvement of the above technical solution, the transmission unit includes at least one of WIFI, bluetooth, optical fiber, or twisted pair.
As a further improvement of the above technical solution, the encryption unit includes a plurality of encryption sub-modules, a selection circuit, a look-up table, and a code generation circuit, the plurality of encryption sub-modules correspond to the data of the input data block acquired by the acquisition unit one by one and are used for encrypting single data, the code generation circuit is used for generating a selection code according to predetermined information when input data is input, sending the selection code together with an address value of the address data when input to the processing unit and storing the selection code to the special storage unit, the look-up table is used for enabling a plurality of selection codes generated by the code generating circuit to correspond to a plurality of encryption subunits one by one, the selection circuit is used for outputting encrypted data according to the look-up table information and sending the encrypted data to the processing unit, and the processing unit controls the packaging unit to package the input data and store the input data in the common storage unit.
The utility model provides a pair of campus net safety protection system's beneficial effect does: the data acquisition device, the data processing device and the network server are arranged on the campus network, when the acquisition unit receives real-time data which needs to be accessed by a user, the processing unit controls the encryption unit to encrypt the real-time data and store the encrypted real-time data in the special storage unit, the first identity authentication unit carries out identity authentication on the user, and the user can carry out decryption operation and access the special storage unit after the authentication is passed; when the acquisition unit receives that the user needs to access the non-real-time data, the processing unit controls the packaging unit to package the non-real-time data, the packaged non-real-time data are stored in the public storage unit, meanwhile, the second identity authentication unit carries out identity verification on the user, and the user can acquire the non-real-time data from the public storage unit after the verification is passed, so that the layer-by-layer protection of campus network data is improved, lawless persons are prevented from stealing the campus network data, the data safety of the campus network is effectively protected, the operation is simple and convenient, and the safety protection requirements of data transmission and storage of the campus network are met.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention, and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a block diagram of a campus network security system according to an embodiment of the present invention;
fig. 2 is a block diagram of a first identity authentication unit according to an embodiment of the present invention;
fig. 3 is a block diagram of a second identity authentication unit according to an embodiment of the present invention;
fig. 4 is a block diagram showing the structure of an encryption unit according to an embodiment of the present invention.
In the figure: 100-campus network security protection system; 110-a data acquisition device; 111-an acquisition unit; 112-first identity authentication unit; 113-an encryption unit; 114-a transmission unit; 120-a data processing device; 121-a processing unit; 122-a second identity authentication unit; 123-a packaging unit; 130-a web server; 131-a dedicated storage unit; 132-a common storage unit; 140-a keyboard; 150-a display screen; 160-a fingerprint module; 170-self-locking module.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present invention, and should not be construed as limiting the present invention.
Referring to fig. 1, fig. 2 and fig. 3, the present invention provides a campus network security protection system 100, which includes a data acquisition device 110, a data processing device 120 and a network server 130;
the data acquisition device 110 comprises an acquisition unit 111, a first identity authentication unit 112, an encryption unit 113 and a transmission unit 114, wherein the acquisition unit 111 is connected with the first identity authentication unit 112, the first identity authentication unit 112 is connected with the encryption unit 113, and the encryption unit 113 is connected with the transmission unit 114;
the data processing apparatus 120 includes a processing unit 121, a second identity authentication unit 122 and a packaging unit 123 connected to the transmission unit 114, and both the second identity authentication unit 122 and the packaging unit 123 are connected to the processing unit 121;
the network server 130 includes a private storage unit 131 and a public storage unit 132, the private storage unit 131 is connected to the processing unit 121, and the public storage unit 132 is connected to the packaging unit 123.
In this embodiment, the campus network is mainly used as a basic platform for teaching and research and as a basic condition for implementing networked administrative offices. The data acquisition device 110 is used for reading portable equipment storing basic information of a user, such as a device embedded with a U shield or an IC card, and the like, and can be accessed to a computer through a USB interface, when logging in the campus network, the data acquisition device 110 needs to be inserted in advance, the acquisition unit 111 can determine whether the operation is accessing real-time data or non-real-time data according to the operation of the user, when the acquisition unit 111 judges that the operation is accessing real-time data, the data acquisition device 110 is connected with the data processing device 114 through a transmission unit, the processing unit 121 controls the encryption unit 113 to encrypt and store the real-time data in the special storage unit 131, and simultaneously performs authentication on the user through the first identity authentication unit 112, and after the verification is passed, the encrypted real-time data is decrypted so as to ensure that the user can normally access the campus network and effectively avoid the real-time data from being tampered. When the acquisition unit 111 determines that the operation is accessing non-real-time data, the processing unit 121 of the data processing device 120 controls the second authentication unit 122 to perform authentication on the user, the second authentication unit 122 includes a fingerprint module 160 and a self-locking module 170, the fingerprint module 160 is connected to the self-locking module 170, the number of times of authentication of the fingerprint module 160 is set to three, the second authentication module 122 may be a fingerprint panel disposed on a laptop or a mobile phone, and only after the user passes the fingerprint authentication for three consecutive times, the non-real-time data can be acquired and downloaded or forwarded. Wherein, the processing unit can be CPU, also can be single chip microcomputer, and transmission unit 114 includes at least one in WIFI, bluetooth, optic fibre or the twisted pair, and first identity authentication unit includes keyboard 140 and display screen 150, and display screen 150 is used for showing the identifying code information of passing through keyboard 140 input to in the quick authentication to the user, effectively avoided non-manual operation.
In order to shield the interference of the external magnetic field to the data acquisition device 110 and the data processing device 120, the data acquisition device 110 and the data processing device 120 are both provided with antimagnetic shells to ensure the working stability of the equipment.
It should be noted that, the data processing apparatus 120 and the network server 130 may be connected by wire or wirelessly, the dedicated storage unit 131 may be regarded as a readable storage medium of a memory of the computer, the common storage unit 132 may be regarded as a readable storage medium of a hard disk of the computer, and the encapsulating unit 123 encapsulates the non-real-time data, that is, encapsulates the data, and has the following processes:
1. converting the user information into data for transmission over the network;
2. converting the data into data segments and establishing a reliable connection between the sender host and the receiver host;
3. converting the data section into data packets or datagrams, and placing a logical address in the header, so that each data packet can be transmitted over the internet;
4. packets or datagrams are converted into frames for transmission in the local network. On a local network segment, each host is uniquely identified by using a hardware address;
5. the frames are converted into a bit stream and a digital coding and clocking scheme is employed.
It will be appreciated that the transmission rate, integrity and credibility of the data may be improved by encapsulating the non-real time data during the data transmission process. If computer A wants to send some data in the application program to computer B, the application layer is used. The control information necessary for the application layer of computer a to contact the application layer of any computer B is by adding protocol headers to the data in advance. The result information element, which contains the protocol header, data and possibly the protocol trailer, is sent to the presentation layer, which in turn adds the protocol header as control information understood by the presentation layer of computer B. The size of the information unit increases with the addition of protocol headers and protocol trailers for each layer, which contain control information to be used by the corresponding layer of computer B. At the physical layer, the entire information unit is transmitted over the network medium. The physical layer in computer B receives the information unit and transmits it to the data link layer; then the data link layer in B reads the control information which is contained in the protocol header and is added in advance by the data link layer of the computer A; secondly, the protocol header and the protocol trailer are removed, and the rest is transmitted to a network layer. Each layer performs the same action: and reading the protocol head and the protocol tail from the corresponding layer, removing the protocol head and the protocol tail, and sending the residual information to a higher layer. After the application layer is executed, the data is transmitted to the application program receiving end in the computer B, and finally the received data is the data transmitted from the application program in the computer a.
In another embodiment, the encapsulating unit 123 may encapsulate the data into a text document, an audio document, or a video document in a specific format, so that the user can perform online reading and writing operations on the campus network, or perform offline reading-only, writing-only, or reading-and-writing-incapable, and the like, thereby ensuring the security of the campus network data to a certain extent.
Preferably, the encryption unit 113 includes a plurality of encryption sub-modules, a selection circuit, a look-up table and a code generation circuit, the plurality of encryption sub-modules correspond to the data of the input data block acquired by the acquisition unit one by one and are used for encrypting single data, the code generation circuit is used for generating a selection code according to predetermined information during input of the input data and sending the selection code together with an address value of address data during input to the processing unit and storing the selection code to the dedicated storage unit, the look-up table is used for enabling the plurality of selection codes generated by the code generation circuit to correspond to the plurality of encryption sub-modules one by one, the selection circuit is used for outputting encrypted data according to the information of the look-up table and sending the encrypted data to the processing unit, and the processing unit controls the encapsulation unit to encapsulate the input data and store the input data to the common storage unit.
Referring to fig. 4, in the present embodiment, it is easy to understand that the encryption unit 113 mainly includes an encryption circuit, taking two encryption submodules, i.e., a first encryption submodule S1 and a second encryption submodule S2 as an example, and mainly performs encryption processing through logic gate operation such as an exclusive or gate. The encryption process of the encryption circuit of the campus network security protection system is as follows: the 2 n-bit data to be encrypted is firstly divided into two data blocks AO and A1, the two data blocks AO and A1 both have n-bit data, wherein AO is 0-n-1 bit, A1 is n-1-2 n-1 bit, the A1 data block is encrypted by a first encryption submodule S1, the output data of the AO data block and the first encryption submodule S1 is subjected to XOR logic operation by an XOR gate B1, the output data is taken as an n-bit encrypted data block A1 ' processed by an encryption circuit, on the one hand, the output data is simultaneously subjected to encryption processing by a second encryption submodule S2, the output data after the encryption processing by a second encryption unit S2 is subjected to XOR logic operation with the A1 data block by a second XOR gate, the output data is taken as another n-bit encrypted data block AO ' processed by the encryption circuit, and the two data blocks AO ' and A1 of the original data are encrypted by the encryption circuit to obtain two encrypted data blocks AO ' and A1 ' And the encryption process is completed.
The encryption submodule S1 and the encryption submodule S2 have the same processing procedure, and generate different option codes using random numbers or the like each time according to n bits of input data DO to Dn-1 acquired by the acquisition unit, that is, information that has elapsed from the start time and address values BO to Bn1 of the address data, the number of generated option codes is limited to the number of encryption subunits (for example, Sa, Sb, Sc) in advance, and the code generation circuit stores the generated option codes in the option code storage unit together with the address values of the address data at that time. The look-up table generates a selection instruction signal instructing selection of 1 encryption subunit corresponding to the selection code generated by the code generation circuit, and the selection circuit selects intermediate output data from the encryption submodules selected according to the selection instruction signal and outputs the intermediate output data as output data SDO to SDn-1 of the encryption submodules.
The utility model provides a campus network safety protection system 100, through set up data acquisition device 110, data processing apparatus 120 and network server 130 on the campus network, when acquisition unit 111 received the user and needs to visit real-time data, processing unit 121 controlled encryption unit 113 encrypted this real-time data and stored to special memory cell 131, first identity authentication unit 112 carried out authentication to this user, the user can carry out the operation of deciphering and visit this special memory cell 131 after the authentication passes; when the acquisition unit 111 receives non-real-time data which needs to be accessed by a user, the processing unit 121 controls the encapsulation unit 123 to encapsulate the non-real-time data, the encapsulated non-real-time data is stored in the public storage unit 132, meanwhile, the second identity authentication unit 122 performs identity authentication on the user, and the user can acquire the non-real-time data from the public storage unit 132 after the authentication is passed, so that the layer-by-layer protection on campus network data is improved, lawless persons are prevented from stealing the campus network data, the data security of the campus network is effectively protected, the operation is simple and convenient, and the security protection requirements of data transmission and storage of the campus network are met.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," and "fixed" are to be construed broadly and may, for example, be fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly through intervening media, either internally or in any other relationship. The specific meaning of the above terms in the present invention can be understood according to specific situations by those skilled in the art.
In all examples shown and described herein, any particular value should be construed as merely exemplary, and not as a limitation, and thus other examples of example embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above-described embodiments are merely illustrative of several embodiments of the present invention, which are described in detail and specific, but not intended to be construed as limiting the scope of the present invention. It should be noted that, for those skilled in the art, without departing from the spirit of the present invention, several variations and modifications can be made, which are within the scope of the present invention.
Claims (5)
1. A campus network safety protection system is characterized by comprising a data acquisition device, a data processing device and a network server;
the data acquisition device comprises an acquisition unit, a first identity authentication unit, an encryption unit and a transmission unit, wherein the acquisition unit is connected with the first identity authentication unit, the first identity authentication unit is connected with the encryption unit, and the encryption unit is connected with the transmission unit;
the data processing device comprises a processing unit, a second identity authentication unit and an encapsulation unit which are connected with the transmission unit, wherein the second identity authentication unit and the encapsulation unit are both connected with the processing unit;
the network server comprises a special storage unit and a public storage unit, the special storage unit is connected with the processing unit, and the public storage unit is connected with the packaging unit;
the encryption unit comprises a plurality of encryption sub-modules, a selection circuit, a lookup table and a code generation circuit, the encryption sub-modules correspond to the data of the input data block acquired by the acquisition unit one by one and are used for encrypting single data, the code generation circuit is used for generating a selection code according to preset information during input of the input data and sending the selection code and the address value of the address data during input to the processing unit and storing the selection code and the address value of the address data to the special storage unit, the lookup table is used for enabling the selection codes generated by the code generation circuit to correspond to the encryption sub-modules one by one, the selection circuit is used for outputting encrypted data according to the information of the lookup table and sending the encrypted data to the processing unit, and the processing unit controls the packaging unit to package and store the input data to the public storage unit.
2. The campus network security protection system of claim 1, wherein the data acquisition device and the data processing device are each provided with a antimagnetic housing.
3. The campus network security system of claim 1, wherein the first identity module comprises a keyboard and a display screen, and the display screen is configured to display the verification code information entered via the keyboard.
4. The campus network security system of claim 1, wherein the second identity authentication unit comprises a fingerprint module and a self-locking module, the fingerprint module is connected to the self-locking module, and the number of verification times of the fingerprint module is set to three.
5. The campus network security protection system of claim 1, wherein the transmission unit comprises at least one of WIFI, bluetooth, fiber optic, or twisted pair.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202021673015.1U CN212969708U (en) | 2020-08-12 | 2020-08-12 | Campus network safety protection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202021673015.1U CN212969708U (en) | 2020-08-12 | 2020-08-12 | Campus network safety protection system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN212969708U true CN212969708U (en) | 2021-04-13 |
Family
ID=75351766
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202021673015.1U Active CN212969708U (en) | 2020-08-12 | 2020-08-12 | Campus network safety protection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN212969708U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113746943A (en) * | 2021-11-08 | 2021-12-03 | 云丁网络技术(北京)有限公司 | Method and device for transmitting data, server and Internet of things system |
-
2020
- 2020-08-12 CN CN202021673015.1U patent/CN212969708U/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113746943A (en) * | 2021-11-08 | 2021-12-03 | 云丁网络技术(北京)有限公司 | Method and device for transmitting data, server and Internet of things system |
| CN113746943B (en) * | 2021-11-08 | 2022-03-22 | 云丁网络技术(北京)有限公司 | Method and device for transmitting data, server and Internet of things system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103246842B (en) | For verifying the method and apparatus with data encryption | |
| CN100542085C (en) | The system and method for securing executable code | |
| US6445794B1 (en) | System and method for synchronizing one time pad encryption keys for secure communication and access control | |
| US8995653B2 (en) | Generating a secret key from an asymmetric private key | |
| US10341356B2 (en) | Method and apparatus for providing an adaptable security level in an electronic communication | |
| EP3185466B1 (en) | Encrypted communications method and communications terminal, and computer storage medium | |
| WO2001039429A1 (en) | Integrity check values (icv) based on pseudorandom binary matrices | |
| CN103034801B (en) | Secure microcontroller based on pattern | |
| US20120284534A1 (en) | Memory Device and Method for Accessing the Same | |
| KR101117588B1 (en) | Record carrier comprising encryption indication information | |
| CN212969708U (en) | Campus network safety protection system | |
| CN117640256B (en) | Data encryption method, recommendation device and storage medium of wireless network card | |
| CN1989728A (en) | System, device and method for providing encrypted content and decrypting said content by network | |
| CN113918977A (en) | User information transmission device based on Internet of things and big data analysis | |
| US20020191786A1 (en) | Polymorphous encryption system | |
| CN116455572A (en) | Data encryption method, device and equipment | |
| JP2005167942A (en) | Communication system and packet structure | |
| CN115175178A (en) | Data security processing method of nuclear power station, 5G terminal and system | |
| CN108701195B (en) | Data security protection method and device | |
| CN107579815A (en) | A kind of method and its device of safe programming key | |
| US9935770B1 (en) | Security alerting system with dynamic buffer size adaptation | |
| US6971020B1 (en) | Circuit and method for the securing of a coprocessor dedicated to cryptography | |
| JP6471136B2 (en) | Data encryption system using security key | |
| JP5361850B2 (en) | Access management system | |
| CN115456615A (en) | Processing method, control device and storage medium for data secure transmission |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |