CN105072107A - System and method for enhancing data transmission and storage security - Google Patents

System and method for enhancing data transmission and storage security Download PDF

Info

Publication number
CN105072107A
CN105072107A CN201510466514.0A CN201510466514A CN105072107A CN 105072107 A CN105072107 A CN 105072107A CN 201510466514 A CN201510466514 A CN 201510466514A CN 105072107 A CN105072107 A CN 105072107A
Authority
CN
China
Prior art keywords
data
information
unit
file
home server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510466514.0A
Other languages
Chinese (zh)
Inventor
梁效宁
汪羲
杨明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SICHUAN SALVATIONDATA INFORMATION SAFETY TECHNOLOGY Co Ltd
Original Assignee
SICHUAN SALVATIONDATA INFORMATION SAFETY TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SICHUAN SALVATIONDATA INFORMATION SAFETY TECHNOLOGY Co Ltd filed Critical SICHUAN SALVATIONDATA INFORMATION SAFETY TECHNOLOGY Co Ltd
Priority to CN201510466514.0A priority Critical patent/CN105072107A/en
Publication of CN105072107A publication Critical patent/CN105072107A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/10Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
    • H04L67/1097Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for distributed storage of data in a network, e.g. network file system [NFS], transport mechanisms for storage area networks [SAN] or network attached storage [NAS]

Abstract

The invention provides a system and method for enhancing data transmission and storage security, and belongs to the field of data security. The system comprises user units, an administrator unit and a local server unit, wherein the user units comprise at least more than one computer, and each computer needs to be provided with a USB (Universal Serial Bus) encryption dog; encryption and decryption operation is performed via the IDs of the USB encryption dogs; the administrator unit is used for managing information of all user units and information stored in files; and the local server unit is used for storing file data uploaded by all users, and deploying a Mysql database for recording the information of the users and the information stored in the files. The system and method have the beneficial effects that a data security uniform management platform is established; a data secure transmission protocol is established; all data is encrypted; permission control is set for data access; local backup and cloud backup of data are performed; and the information transmission and storage security can be enhanced on the basis of the abovementioned measures.

Description

Strengthen the system and method for transfer of data and storage security
Technical field
The invention belongs to data storage security field, be specifically related to a kind of system and method strengthening transfer of data and storage security.
Background technology
Under present social environment, no matter all there is unsafe leakage in personal information or company information.Particularly in corporate environment, various document, all there is the danger of leakage in source code etc. information.
Sharing of a lot of document of present enterprise is all adopt OA intra-sharing, although OA system right of possession limit controls, but all documents, source code etc. are all be stored in OA server with form expressly, and the OA system server of some company is connected to outer net, add unsafe factor, if meet with the attack of hacker, all data on server all face the risk of leakage.
Prior art major defect is as follows:
1. data store with stored in clear;
2. user can not control the access rights of data comprehensively;
3. there is no unified data resource management platform;
4. pair data backup memory method is perfect not.
The terminological interpretation related to:
OA system: office automation (OfficeAutomation is called for short OA) is a kind of novel working way modern office and computer network functions combined;
Data encryption: expressly will change ciphertext into by cryptographic algorithm and encryption key, deciphering is then revert to expressly by decipherment algorithm and decruption key by ciphertext;
AES: Advanced Encryption Standard (English: AdvancedEncryptionStandard, abbreviation: AES), also known as Rijndael enciphered method in cryptography;
Host-host protocol: in host-host protocol, each layer is all for last layer provides business function.In order to provide this business function, the data in last layer are incorporated in the data field of this layer by lower one deck, and then by adding header or telegram end realizes this layer service function, this process is called data encapsulation;
User Key: the present invention is all relates to user profile Key, is softdog id information;
Enterprise Key: the present invention is all relates to company information Key, is data encrypting and deciphering public keys;
USB softdog: the security product being a kind of software and hardware combining be inserted on parallel port of computer, also referred to as encryption lock.
Summary of the invention
The present invention is directed to the deficiencies in the prior art, provide a kind of system and method strengthening transfer of data and storage security, effectively can solve the problems such as individual and company information leakage.
For overcoming the above problems, the technical solution used in the present invention is as follows: a kind of system strengthening transfer of data and storage security, comprises with lower unit:
Subscriber unit: the computer comprising more than at least one, and every platform computer all needs outfit USB softdog, is encrypted and decryption oprerations by the ID of USB softdog;
Keeper's unit: the information having the information of subscriber unit and file to store for administrative institute;
Home server unit: for storing the file data that all users upload, disposes Mysql database and is used for the information of recording user and the information of file storage;
Wherein said keeper's unit, for carrying out control of authority operation by the database in home server unit to softdog and carrying out security control to the information of subscriber unit.
As preferably, also comprise with lower unit:
Backup server unit: for data backup and recovery, does not carry out networking operation.
As preferably, also comprise with lower unit:
Cloud Server unit: for the data of home server are stored in the network platform.
For overcoming the above problems, present invention also offers following technical scheme: a kind of method strengthening transfer of data and storage security, comprises the following steps:
101-selects the file of to be encrypted/deciphering;
102-subscriber unit or keeper's unit send request agreement to home server, whether have by the database verification active user of home server the operating right performed current file;
103-subscriber unit starts the file uploading/download to be encrypted/deciphering;
104-is by the file of encryption/decryption algorithm encrypt/decrypt when pre-treatment.
As preferably, 102 comprise the following steps:
1021 obtain active user USB softdog information by third party software timing scan, and monitor current USB softdog information constantly, if USB softdog information does not exist or be pulled out in the process of operation, then whole operating process exits, and does not allow user further to operate;
If 1022 exist multiple USB softdog, judge that user USB softdog information is invalid;
1023 get user USB softdog information after, subscriber unit sends request to home server, and whether verification active user USB softdog ID has the Authorized operation of this file;
1024 have this file operating right then enters step 103, otherwise returns current process and to home server sending permission change request, then perform step 103.
As preferably, 104 encryption/decryption algorithm used are AES or RSA.
Beneficial effect of the present invention is as follows: set up data security management platform (as Fig. 1); Set up Security Data Transmission agreement; All data are encrypted; Control of authority is arranged to data access; Local backup and cloud backup are done to data; The fail safe of information transmission and storage can be strengthened based on above-mentioned means.
Accompanying drawing explanation
Fig. 1 is the main flow schematic diagram of protecting data encryption;
Fig. 2 is the schematic flow sheet of request protocol;
Fig. 3 is the main flow schematic diagram of embodiment of the present invention protecting data encryption;
Fig. 4 is enciphered data flow process schematic diagram.
Embodiment
For making object of the present invention, technical scheme and advantage clearly understand, to develop simultaneously embodiment referring to accompanying drawing, the present invention is described in further details.
As shown in Figure 1, a kind of system strengthening transfer of data and storage security, comprises with lower unit:
Subscriber unit: the computer comprising more than at least one, and every platform computer all needs outfit USB softdog (each USB softdog ID is unique), is encrypted and decryption oprerations by the ID of USB softdog;
Keeper's unit: the information having the information of subscriber unit and file to store for administrative institute, namely can carry out control of authority operation by the database in home server unit to softdog and carry out security control to the information of subscriber unit;
Home server unit: for storing the file data that all users upload, disposes Mysql database and is used for the information of recording user and the information of file storage;
Backup server unit: for data backup and recovery, does not carry out networking operation, and website data can be avoided by remotely modifying;
Cloud Server unit: for the data of home server are stored in the network platform.
As shown in Figure 2, the schematic flow sheet of request protocol:
001-user profile, comprises subscriber unit and keeper's unit, and for the foundation of verified users data, the information of verification is softdog ID, here for subscriber unit;
002-service end (data security management platform server), comprise home server unit, backup server unit and Cloud Server unit, for the treatment of operations such as user's request, user right, data encrypting and deciphering enterprise Key, here for home server unit;
003-user sends request agreement to service end, the agreement of request is through AES encryption process, the process protocol information being issued to service end acceptance user carries out alternately with the form of ciphertext, all user's request protocol are all encrypted by user profile Key, the key of the agreement of each user is inconsistent, because this enhancing the fail safe of transfer of data.
Embodiment:
101-selects the file of to be encrypted/deciphering;
102-performs Fig. 2 operation to home server, namely obtains active user by database and whether has the operating right performed current file;
1021 obtain active user USB softdog information by third party software timing scan, and monitor current USB softdog information constantly, if USB softdog information does not exist or be pulled out in the process of operation, then whole operating process exits, and does not allow user further to operate;
If 1022 exist multiple USB softdog, judge that user USB softdog information is invalid;
1023 get user USB softdog information after, subscriber unit sends request to home server, and whether verification active user USB softdog ID has the Authorized operation of this file;
1024 have this file operating right then enters step 103, otherwise returns current process and to home server sending permission change request, then perform step 103;
103-user starts the file uploading/download to be encrypted/deciphering;
104-encryption and decryption user is when the file of pre-treatment;
1041 obtain current enterprise information encryption key, and enterprise encryption key leaves in home server unit, and obtain manner performs Fig. 2 by subscriber unit to home server unit and operates;
1042 get encryption Key information after, system performs encryption processing to current crypto information Key automatically; Cipher mode is encrypted Key by user USB softdog ID to enterprise and is done the encryption process; [AES (encryption key, encrypted content)=AES (user USB softdog ID, enterprise encryption key)]; Ensure that company information Key can not exist exposure, also can replace with RSA rivest, shamir, adelman with by AES symmetric encipherment algorithm, but deal with and do not have AES efficient;
1043 encrypt file flow processs:
1) perform step 2 and get enterprise encryption key;
2) enterprise encryption key is used to be encrypted the current encrypt file that needs;
3) home server unit is uploaded to after encryption, home server unit is by this information write stored data base, and the file write home server assigned catalogue that home server unit will be uploaded after this user encryption, this catalogue dynamically generates and is all created by ciphertext, comprise the physical pathway of file, data message can be prevented external leakage.
1044 file decryption flow processs:
1) perform step 2 and get enterprise deciphering Key;
2) acquisition adds encrypt file, judges whether the access rights having current crypto data file;
3) store by then obtaining encrypt file from home server and download to subscriber unit;
4) by step 1) in the enterprise deciphering Key that obtains, to step 3) the encrypt file of acquisition perform AES decryption oprerations, finally draw the plaintext of current file.
Those of ordinary skill in the art will appreciate that, embodiment described here is to help reader understanding's implementation method of the present invention, should be understood to that protection scope of the present invention is not limited to so special statement and embodiment.Those of ordinary skill in the art can make various other various concrete distortion and combination of not departing from essence of the present invention according to these technology enlightenment disclosed by the invention, and these distortion and combination are still in protection scope of the present invention.

Claims (6)

1. strengthen a system for transfer of data and storage security, it is characterized in that, comprise as lower unit:
Subscriber unit: the computer comprising more than at least one, and every platform computer all needs outfit USB softdog, is encrypted and decryption oprerations by the ID of USB softdog;
Keeper's unit: the information having the information of subscriber unit and file to store for administrative institute;
Home server unit: for storing the file data that all users upload, disposes Mysql database and is used for the information of recording user and the information of file storage;
Wherein said keeper's unit, for carrying out control of authority operation by the database in home server unit to softdog and carrying out security control to the information of subscriber unit.
2. a kind of system strengthening transfer of data and storage security according to claim 1, is characterized in that, also comprise with lower unit:
Backup server unit: for data backup and recovery, does not carry out networking operation.
3. a kind of system strengthening transfer of data and storage security according to claim 1 and 2, is characterized in that, also comprise with lower unit:
Cloud Server unit: for the data of home server are stored in the network platform.
4. a kind of method strengthening transfer of data and storage security according to claim 1, is characterized in that, comprise the following steps:
101-selects the file of to be encrypted/deciphering;
102-subscriber unit or keeper's unit send request agreement to home server, whether have by the database verification active user of home server the operating right performed current file;
103-subscriber unit starts the file uploading/download to be encrypted/deciphering;
104-is by the file of encryption/decryption algorithm encrypt/decrypt when pre-treatment.
5. a kind of method strengthening transfer of data and storage security according to claim 4, it is characterized in that, 102 comprise the following steps:
1021 obtain active user USB softdog information by third party software timing scan, and monitor current USB softdog information constantly, if USB softdog information does not exist or be pulled out in the process of operation, then whole operating process exits, and does not allow user further to operate;
If 1022 exist multiple USB softdog, judge that user USB softdog information is invalid;
1023 get user USB softdog information after, subscriber unit sends request to home server, and whether verification active user USB softdog ID has the Authorized operation of this file;
1024 have this file operating right then enters step 103, otherwise returns current process and to home server sending permission change request, then perform step 103.
6. a kind of method strengthening transfer of data and storage security according to claim 4 or 5, is characterized in that, 104 encryption/decryption algorithm used are AES or RSA.
CN201510466514.0A 2015-08-03 2015-08-03 System and method for enhancing data transmission and storage security Pending CN105072107A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510466514.0A CN105072107A (en) 2015-08-03 2015-08-03 System and method for enhancing data transmission and storage security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510466514.0A CN105072107A (en) 2015-08-03 2015-08-03 System and method for enhancing data transmission and storage security

Publications (1)

Publication Number Publication Date
CN105072107A true CN105072107A (en) 2015-11-18

Family

ID=54501387

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510466514.0A Pending CN105072107A (en) 2015-08-03 2015-08-03 System and method for enhancing data transmission and storage security

Country Status (1)

Country Link
CN (1) CN105072107A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106095656A (en) * 2016-05-31 2016-11-09 上海爱数信息技术股份有限公司 A kind of cloud backup and analysis method and system
CN106096438A (en) * 2016-06-01 2016-11-09 付晓玫 A kind of legal document smart storage device for judicial practice
CN106372545A (en) * 2016-08-29 2017-02-01 北京新能源汽车股份有限公司 Data processing method, on-board diagnostics (OBD) controller and vehicle
CN107077403A (en) * 2014-08-21 2017-08-18 安东·戈斯德夫 The user of file level restoration for being backed up from image level authorizes
CN107222500A (en) * 2017-07-04 2017-09-29 山东浪潮商用系统有限公司 A kind of data transmission system and method based on message queue
CN107465671A (en) * 2017-07-28 2017-12-12 杭州绿湾网络科技有限公司 Data transmission method and system
CN107480548A (en) * 2017-08-20 2017-12-15 成都才智圣有科技有限责任公司 Data automatic safety device based on big data processing
CN107729177A (en) * 2017-09-18 2018-02-23 中国科学院信息工程研究所 Backup data store management method, device and system based on cloud storage
CN110263556A (en) * 2019-05-22 2019-09-20 广东安创信息科技开发有限公司 A kind of encryption and decryption method and system of OA system data
CN110399342A (en) * 2019-07-17 2019-11-01 中科恒运股份有限公司 A kind of base application solution about data share exchange

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100037063A1 (en) * 2008-08-11 2010-02-11 International Business Machines Corporation Method, system and program product for securing data written to a storage device coupled to a computer system
CN102291391A (en) * 2011-07-21 2011-12-21 西安百盛信息技术有限公司 Safe transmission method for data in cloud service platform
US20120030475A1 (en) * 2010-08-02 2012-02-02 Ma Felix Kuo-We Machine-machine authentication method and human-machine authentication method for cloud computing
CN104252591A (en) * 2014-09-23 2014-12-31 江苏科大汇峰科技有限公司 Authorization and information encrypted communication method based on USBKey

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100037063A1 (en) * 2008-08-11 2010-02-11 International Business Machines Corporation Method, system and program product for securing data written to a storage device coupled to a computer system
US20120030475A1 (en) * 2010-08-02 2012-02-02 Ma Felix Kuo-We Machine-machine authentication method and human-machine authentication method for cloud computing
CN102291391A (en) * 2011-07-21 2011-12-21 西安百盛信息技术有限公司 Safe transmission method for data in cloud service platform
CN104252591A (en) * 2014-09-23 2014-12-31 江苏科大汇峰科技有限公司 Authorization and information encrypted communication method based on USBKey

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107077403A (en) * 2014-08-21 2017-08-18 安东·戈斯德夫 The user of file level restoration for being backed up from image level authorizes
CN107077403B (en) * 2014-08-21 2020-10-09 卫盟软件股份公司 Backup server, method and computer program product for user authorization
CN106095656B (en) * 2016-05-31 2018-10-12 上海爱数信息技术股份有限公司 A kind of backup of cloud and analysis method and system
CN106095656A (en) * 2016-05-31 2016-11-09 上海爱数信息技术股份有限公司 A kind of cloud backup and analysis method and system
CN106096438A (en) * 2016-06-01 2016-11-09 付晓玫 A kind of legal document smart storage device for judicial practice
CN106372545B (en) * 2016-08-29 2020-09-11 北京新能源汽车股份有限公司 Data processing method, vehicle-mounted automatic diagnosis system OBD controller and vehicle
CN106372545A (en) * 2016-08-29 2017-02-01 北京新能源汽车股份有限公司 Data processing method, on-board diagnostics (OBD) controller and vehicle
CN107222500A (en) * 2017-07-04 2017-09-29 山东浪潮商用系统有限公司 A kind of data transmission system and method based on message queue
CN107465671A (en) * 2017-07-28 2017-12-12 杭州绿湾网络科技有限公司 Data transmission method and system
CN107480548A (en) * 2017-08-20 2017-12-15 成都才智圣有科技有限责任公司 Data automatic safety device based on big data processing
CN107729177A (en) * 2017-09-18 2018-02-23 中国科学院信息工程研究所 Backup data store management method, device and system based on cloud storage
CN110263556A (en) * 2019-05-22 2019-09-20 广东安创信息科技开发有限公司 A kind of encryption and decryption method and system of OA system data
CN110399342A (en) * 2019-07-17 2019-11-01 中科恒运股份有限公司 A kind of base application solution about data share exchange

Similar Documents

Publication Publication Date Title
CN105072107A (en) System and method for enhancing data transmission and storage security
EP2697931B1 (en) Qkd key management system
US8059818B2 (en) Accessing protected data on network storage from multiple devices
CN104821874B (en) A kind of method that quantum key is applied to Internet of Things data encrypted transmission
CN104253694A (en) Encrypting method for network data transmission
US20170244687A1 (en) Techniques for confidential delivery of random data over a network
CN105100083B (en) A kind of secret protection and support user's revocation based on encryption attribute method and system
CN103795533A (en) Id-based encryption and decryption method, and apparatus for executing same
CN105681031B (en) A kind of storage encryption gateway key management system and method
CN106254342A (en) The secure cloud storage method of file encryption is supported under Android platform
CN102567688B (en) File confidentiality keeping system and file confidentiality keeping method on Android operating system
CN104158880B (en) User-end cloud data sharing solution
CN101771699A (en) Method and system for improving SaaS application security
CN105100076A (en) Cloud data security system based on USB Key
CN101605137A (en) Safe distribution file system
CN102185694A (en) Electronic file encrypting method and system based on fingerprint information
CN105245328A (en) User and file key generation and management method based on third party
CN104158827B (en) Ciphertext data sharing method, device, inquiry server and upload data client
CN103414682A (en) Method for cloud storage of data and system
CN204180095U (en) A kind of ciphering and deciphering device for network data encryption transmission
CN104270242A (en) Encryption and decryption device used for network data encryption transmission
CN102025744A (en) Import and export system of virtual machine image in cloud computing
CN102025503B (en) Data security implementation method in cluster environment and high-security cluster
CN105306194A (en) Multiple encryption method and multiple encryption system for encrypting file and/or communication protocol
CN104601571A (en) Data encryption system and method for interaction between tenants and cloud server memory

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
CB02 Change of applicant information

Address after: 641000 Sichuan province Neijiang City Songshan Road No. 183

Applicant after: SICHUAN XLY INFORMATION SAFETY TECHNOLOGY CO., LTD.

Address before: 641000 Sichuan province Neijiang City Songshan Road No. 183

Applicant before: Sichuan SalvationData Information Safety Technology Co., Ltd.

CB02 Change of applicant information
CB03 Change of inventor or designer information

Inventor after: Liang Xiaoning

Inventor after: Gan Yuanjun

Inventor after: Huang Xu

Inventor before: Liang Xiaoning

Inventor before: Wang Xi

Inventor before: Yang Ming

CB03 Change of inventor or designer information
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20151118

WD01 Invention patent application deemed withdrawn after publication