CN101729259A - Highly-safe data checking method for data switching system - Google Patents
Highly-safe data checking method for data switching system Download PDFInfo
- Publication number
- CN101729259A CN101729259A CN200810201144A CN200810201144A CN101729259A CN 101729259 A CN101729259 A CN 101729259A CN 200810201144 A CN200810201144 A CN 200810201144A CN 200810201144 A CN200810201144 A CN 200810201144A CN 101729259 A CN101729259 A CN 101729259A
- Authority
- CN
- China
- Prior art keywords
- data
- inspection
- highly
- switching system
- checking method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a highly-safe data checking method for a data switching system. In the highly-safe data checking method for the data switching system, a workflow is formed by interconnecting service activities according to a time sequence or logic relationship; and in the workflow, data is transmitted, processed or executed according to the workflow to realize automatic and comprehensive data checking. The highly-safe data checking method for the data switching system comprises data filtering checking, anti-virus checking and file format checking. The workflow-based data checking method is adopted, is based on trusted computing technology and comprises the data filtering checking, the anti-virus checking and the file format checking to realize the automatic and comprehensive data checking so as to fulfill the aim of the invention.
Description
Technical field
The present invention relates to a kind of data checking, particularly a kind of use is at the highly-safe data checking method for data switching system of field of computer information security.
Background technology
Along with professional development such as E-Government, ecommerce, information realizes automatic, quick, safe exchange between different networks, system and data source, promptly " exchanges data " becomes the subject matter that E-Government, electronic commerce information are shared and information interconnects, and data are most important elements in the data exchange process, guarantee quality, fail safe, consistency and the confidentiality etc. of data in the data exchange process, data are carried out security inspection, are the key problems that exchanges data must solve.
But in existing data exchange process, between trustable network and the untrusted network, the exchanges data between heterogeneous system, the heterogeneous data source all compares difficulty, realizes more complicated; Simultaneously, can't guarantee quality, fail safe, consistency and the confidentiality etc. of data in the data exchange process, data are carried out security inspection.
Therefore, need a kind of highly-safe data checking method for data switching system especially, exchange profound demand at E-Government, electronic commerce data to the data fail safe, the complexity of data exchange service and the outstanding feature that demand constantly changes have been taken into full account, data to exchange are checked, reach the purpose of commencing business rapidly and alleviating amount of user effort to greatest extent.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of highly-safe data checking method for data switching system, in data exchange process, adopt working flow mode, data are carried out the wooden horse anti-virus filters, file format is checked, and these inspection methods of integrated use, guarantee safety of data, realization resource consolidation, information security are shared, and guarantee carrying out smoothly of disparate networks business.
Technical problem to be solved by this invention can be achieved through the following technical solutions:
A kind of highly-safe data checking method for data switching system, it is characterized in that, described highly-safe data checking method for data switching system is interconnected to constitute workflow according to business activity according to sequential or logical relation, in workflow, data transmit, handle or carry out according to workflow, have realized automation, comprehensive data checks; Described highly-safe data checking method for data switching system comprises data filter inspection, anti-virus inspection and file format inspection.
In one embodiment of the invention, described data filter inspection is tentatively filtered the data of needs exchange by firewall policy is set.
In one embodiment of the invention, described anti-virus inspection is for to handle virus by anti-virus software, and this processing is finished dealing with in internal memory.
In one embodiment of the invention, described anti-virus inspection has the duplication check function of document format data inspection, data traffic dynamic chek.
In one embodiment of the invention, the form whether file format suits the requirements and transmit is checked in described file format inspection.
In one embodiment of the invention, described file format inspection also need be carried out the classification of file as required, and described file type comprises text, picture file, audio files and video file.
In one embodiment of the invention, when exchange files,, when carrying out the file format inspection, also need carry out preliminary filtration to the content of text if the file that will transmit is a text.
Highly-safe data checking method for data switching system of the present invention, employing is based on the data checking of workflow, based on reliable computing technology, comprise that data filter inspection, anti-virus inspection, file format check contour data of safety inspection, realize automation, comprehensive data checks, realized purpose of the present invention.
Description of drawings
Fig. 1 is the flow chart of highly-safe data checking method for data switching system of the present invention;
Fig. 2 is the logic diagram that data filter of the present invention is checked;
Fig. 3 is the logic diagram that anti-virus of the present invention is checked;
Fig. 4 is the logic diagram that file format of the present invention is checked.
Embodiment
For technological means, creation characteristic that the present invention is realized, reach purpose and effect is easy to understand, below in conjunction with concrete diagram, further set forth the present invention.
As shown in Figure 1, a kind of highly-safe data checking method for data switching system, described highly-safe data checking method for data switching system is interconnected to constitute workflow according to business activity according to sequential or logical relation, in the course of the work, data transmit, handle or carry out according to workflow, have realized automation, comprehensive data checks.
Described highly-safe data checking method for data switching system comprises data filter inspection, anti-virus inspection and file format inspection.
In one embodiment of the invention, after beginning to carry out the data checks of described data exchange system high security, advanced line data filters to be checked, carry out anti-virus inspection and file format inspection then, the anti-virus inspection comprises virus treated and wooden horse processing, check that through anti-virus laggard line data cleans, the data after will checking are again synthesized, and finish whole data checks at last.
As shown in Figure 2, in one embodiment of the invention, described data filter inspection is tentatively filtered the data of needs exchange by firewall policy is set.
The general policies of fire compartment wall when at first setting data exchanges, as configuration of IP address, port, the application protocol that selection can be passed through is forbidden all unsafe as everyone knows NFS agreements etc.When carrying out the data filter inspection, the fire compartment wall data filter is as a node of workflow, and each fire compartment wall data filter inspection task (Job) is formed by connecting by data pipe (as " → " among Fig. 2) according to certain logical order by some independent functional units, and this is that a typical data filter is checked flow process.
The data filter inspection at first is the extract function unit, extracts data from two data sources (is database, and another is a file data) respectively; Pass to by two data pipelines and to read the filtering rule node, be delivered to according to rule by data pipe and check node, according to rule data are filtered, rule is as shown in table 1.
Table 1 data filter rule
Rule | Explanation |
??Joiner | Realize the checked operation of two data sets |
??Filter | Some characteristic value according to data checks, if that meet characteristic value then exchange |
??Switcher | Duplicate the data of input channel, toward a plurality of data pipe outputs |
??Duplicator | Duplicate the data of input channel, toward a plurality of data pipe outputs |
??Sorter | Data are sorted |
??Aggregator | Data are added up computing, for example polymerization computings such as Sum, Count, Max, Min |
??Clean | Data are carried out various cleanings comprise that type conversion, data computation, code disappearance detect replacement etc. |
??DataConflu | Invalid data is forced to transform |
The data of having filtered are passed to next node by a data pipeline handle, next node can be other data checking node, also can be that data are directly into database node.
As shown in Figure 3, in one embodiment of the invention, described anti-virus inspection is for to handle viral wooden horse by anti-virus software, and this processing is finished dealing with in internal memory.
Data are carried out the anti-virus inspection, inspection method adopts the tupe of workflow, and promptly each wooden horse, virus treated task (Job) are formed by connecting by data pipe according to certain logical order by some independent functional units, and this is a typical data checks flow process.
The anti-virus inspection at first is the data pick-up functional unit, extracts data from two data sources (is database, and another is a file data) respectively; After the anti-virus audit program starts, it is investigated according to above-mentioned regular logarithm and to kill the virus and wooden horse, then passing to processing node by a data pipeline handles, if find to have virus or wooden horse, data are abandoned, otherwise, detailed data that has checked and the combined data that finally produces is saved in target database, data warehouse, file, the target application system, can add data filter inspection and other inspection method nodes before the anti-virus inspection method as required.
In one embodiment of the invention, described anti-virus inspection has the duplication check function of document format data inspection, data traffic dynamic chek.
As shown in Figure 4, in one embodiment of the invention, the form whether file format suits the requirements and transmit is checked in described file format inspection.
The file format inspection mainly is the data at file type, and exchanges data is a service routine, and inspection method adopts the tupe of workflow, and the file format inspection at first is the data pick-up functional unit, extracts data from data source (mainly being file data); Pass to by data pipe and to read regular node, check node being delivered to by data pipe according to the file format rule, file format checks that rule is as shown in table 2.
The inspection rule that table 2 file format is checked
Rule | Explanation |
File type | ??Char2 |
File purpose IP address | ??Char?254 |
The data distributor to | ??Char?1 |
Record start position | ??Char?20 |
The recording start symbol | ??Char?30 |
The record decollator | ??Char?30 |
The recording feature field | ??Char254 |
Document location | ??Char?254 |
Table name or filename | ??Char?254 |
The data access License Info | ??Char?254 |
Program this moment first file type of check table 2 rules at first, file type is as shown in table 3.
The file type that table 3 file format is checked
Title | Code |
Can resolve | ??01 |
Image | ??02 |
Sound | ??03 |
Video | ??04 |
Text | ??05 |
Word document | ??06 |
Compression | ??07 |
Can carry out | ??08 |
Title | Code |
Can not resolve | ??09 |
Unknown | ??99 |
By configuration, file type as shown in table 3 can be divided into two kinds of blacklist and white lists, the file that meets white list then is delivered to next functional unit, the data that meet blacklist are then abandoned, and then other of traversal list 2 rules, so that check the content of file, passing to processing node by a data pipeline at last handles, the data that form and content are correct exchange, and detailed data that has checked and the combined data that finally produces is saved in target database, data warehouse, file, the target application system.Can add data filter inspection and other inspection method nodes before the file checking method as required.
Highly-safe data checking method for data switching system of the present invention, use the task scheduling of workflow, the above-mentioned various data checkings of integrated use carry out being embodied as of data checks: minimal data checks that thread is workflow (Workflow), and WorkFlow is a group task (Job) that is serially connected according to certain sequencing.By the encapsulation of data checks WorkFlow, the various data checkings of utilization that can be comprehensive are guaranteed the safety of data exchange process, based on the data security Integrated Checkout method of workflow as shown in Figure 1.When data checks begins, elder generation is by the filtration of fire compartment wall, as required data being carried out virus, wooden horse, content, form afterwards checks, the order of checking is according to the priority of task and workflow node, can call or never call or call arbitrarily wherein data security inspection task, reach the purpose that comprehensive safety is checked.
More than show and described basic principle of the present invention and principal character and advantage thereof.The technical staff of the industry should understand; the present invention is not restricted to the described embodiments; that describes in the foregoing description and the specification just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.The claimed scope of the present invention is defined by appending claims and equivalent thereof.
Claims (7)
1. highly-safe data checking method for data switching system, it is characterized in that, described highly-safe data checking method for data switching system is interconnected to constitute workflow according to business activity according to sequential or logical relation, in workflow, data transmit, handle or carry out according to workflow, have realized automation, comprehensive data checks; Described highly-safe data checking method for data switching system comprises data filter inspection, anti-virus inspection and file format inspection.
2. highly-safe data checking method for data switching system as claimed in claim 1 is characterized in that, described data filter inspection is tentatively filtered the data of needs exchange by firewall policy is set.
3. highly-safe data checking method for data switching system as claimed in claim 1 is characterized in that, described anti-virus inspection is for to handle virus by anti-virus software, and this processing is finished dealing with in internal memory.
4. highly-safe data checking method for data switching system as claimed in claim 1 is characterized in that, described anti-virus inspection has the duplication check function of document format data inspection, data traffic dynamic chek.
5. highly-safe data checking method for data switching system as claimed in claim 1 is characterized in that, the form whether file format suits the requirements and transmit is checked in described file format inspection.
6. highly-safe data checking method for data switching system as claimed in claim 1, it is characterized in that, described file format inspection also need be carried out the classification of file as required, and described file type comprises text, picture file, audio files and video file.
7. highly-safe data checking method for data switching system as claimed in claim 1, it is characterized in that, when exchange files, if the file that will transmit is a text, when carrying out the file format inspection, also need carry out preliminary filtration to the content of text.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810201144A CN101729259A (en) | 2008-10-14 | 2008-10-14 | Highly-safe data checking method for data switching system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810201144A CN101729259A (en) | 2008-10-14 | 2008-10-14 | Highly-safe data checking method for data switching system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101729259A true CN101729259A (en) | 2010-06-09 |
Family
ID=42449538
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200810201144A Pending CN101729259A (en) | 2008-10-14 | 2008-10-14 | Highly-safe data checking method for data switching system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101729259A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI461955B (en) * | 2012-02-20 | 2014-11-21 | Univ Nat Cheng Kung | Malicious scripts suppression system and suppression method thereof |
TWI492091B (en) * | 2013-11-29 | 2015-07-11 | Univ Nat Chiao Tung | Data detection system |
CN106776973A (en) * | 2016-12-05 | 2017-05-31 | 深圳前海微众银行股份有限公司 | Blacklist data generation method and device |
CN115208690A (en) * | 2022-08-09 | 2022-10-18 | 中国光大银行股份有限公司 | Screening processing system based on data classification and classification |
-
2008
- 2008-10-14 CN CN200810201144A patent/CN101729259A/en active Pending
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI461955B (en) * | 2012-02-20 | 2014-11-21 | Univ Nat Cheng Kung | Malicious scripts suppression system and suppression method thereof |
TWI492091B (en) * | 2013-11-29 | 2015-07-11 | Univ Nat Chiao Tung | Data detection system |
CN106776973A (en) * | 2016-12-05 | 2017-05-31 | 深圳前海微众银行股份有限公司 | Blacklist data generation method and device |
CN106776973B (en) * | 2016-12-05 | 2020-10-30 | 深圳前海微众银行股份有限公司 | Blacklist data generation method and apparatus |
CN115208690A (en) * | 2022-08-09 | 2022-10-18 | 中国光大银行股份有限公司 | Screening processing system based on data classification and classification |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TW202013234A (en) | Data processing method, device and storage medium | |
US8787391B2 (en) | Techniques for using the network as a memory device | |
CN103152352A (en) | Perfect information security and forensics monitoring method and system based on cloud computing environment | |
WO2017008598A1 (en) | Big data exchange method and device | |
WO2017028394A1 (en) | Example-based distributed data recovery method and apparatus | |
WO2020119476A1 (en) | Alliance chain information release control method and terminal equipment | |
CN102006245B (en) | Date exchanging and sharing platform | |
TW201520813A (en) | Anti-malware mobile content data management apparatus and method | |
CN104461826B (en) | The method, apparatus and system of Object flow monitoring | |
CN104077420A (en) | Method and device for importing data into HBase database | |
CN101729259A (en) | Highly-safe data checking method for data switching system | |
CN101459576A (en) | IP ACL mergence optimization process implementing method | |
CN112307501B (en) | Big data system based on block chain technology, storage method and using method | |
CN106649344B (en) | Weblog compression method and device | |
CN108449201B (en) | Evaluation method for safety management and control efficiency of intranet service data stream | |
CN115987972A (en) | File transmission method and device, electronic equipment and computer readable storage medium | |
CN201252571Y (en) | Automatic data exchanging device with high security | |
CN110019064A (en) | Eliminate the filter method and device for repeating log recording | |
CN105187490A (en) | Method for transferring data of IOT (Internet of Things) | |
Kaur et al. | Image processing on multinode hadoop cluster | |
CN103530297A (en) | Method and device capable of automatically carrying out website analysis | |
CN100479004C (en) | File security method | |
CN112291088B (en) | Method for automatically combing and classifying Web interfaces | |
US8700954B2 (en) | Common trouble case data generating method and non-transitory computer-readable medium storing common trouble case data generating program | |
CN112448972B (en) | Data exchange and sharing platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100609 |