CN106131224A - A kind of data transmission system - Google Patents
A kind of data transmission system Download PDFInfo
- Publication number
- CN106131224A CN106131224A CN201610772039.4A CN201610772039A CN106131224A CN 106131224 A CN106131224 A CN 106131224A CN 201610772039 A CN201610772039 A CN 201610772039A CN 106131224 A CN106131224 A CN 106131224A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- module
- attribute
- cloud storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- G—PHYSICS
- G08—SIGNALLING
- G08C—TRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
- G08C17/00—Arrangements for transmitting signals characterised by the use of a wireless electrical link
- G08C17/02—Arrangements for transmitting signals characterised by the use of a wireless electrical link using a radio link
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a kind of data transmission system, including field detection equipment, cloud storage system and field detection mobile terminal;Described cloud storage system accesses the Internet, for storing detection data and the geographical location information of field detection mobile terminal;Described field detection mobile terminal includes data acquisition module, GPS locating module, wireless communication module;Described data acquisition module is for gathering the detection data of field detection equipment, and data acquisition module connects GPS locating module and wireless communication module, and described wireless communication module connects the Internet through mobile phone Cellular Networks.The present invention contributes to field work personnel and disposably gathers enough data, it is not necessary to repeatedly come and go being smoothed out of setting, beneficially field work, can shorten the duty cycle of field work, reduces field work cost, reduces the labor intensity of operating personnel.
Description
Technical field
The present invention relates to technical field of data transmission, be specifically related to a kind of data transmission system.
Background technology
Operating personnel is when conducting a field operation, it is often necessary to use various field detection equipment to gather various data, or
Shooting a large amount of picture, the such as operation such as geology investigation, detection, therefore field work personnel generally require and carry with Large Copacity shifting
Dynamic storage device is for storing the data and the picture of shooting gathered.Owing to the memory capacity of movable storage device is limited
, when the operation amount of counting is more and setting is distant, the memory capacity of movable storage device often cannot meet number
Memory requirement according to collection capacity so that field work personnel cannot disposably gather enough data, needs repeatedly to come and go setting,
Thus have influence on being smoothed out of field work, can cause extend the duty cycle of field work, operating cost increase, also can increase
Add the labor intensity of operating personnel.It addition, the price of Large Copacity movable storage device is the most costly.
Summary of the invention
For solving the problems referred to above, it is desirable to provide a kind of data transmission system.
The purpose of the present invention realizes by the following technical solutions:
Provide a kind of data transmission system, including field detection equipment, cloud storage system and field detection mobile terminal;
Described cloud storage system accesses the Internet, for storing detection data and the geographical location information of field detection mobile terminal;Institute
State field detection mobile terminal and include data acquisition module, GPS locating module, wireless communication module;Described data acquisition module
For gathering the detection data of field detection equipment, data acquisition module connects GPS locating module and wireless communication module, described
Wireless communication module connects the Internet through mobile phone Cellular Networks.
The invention have the benefit that field detection mobile terminal can be connected to cloud deposited by mobile phone Cellular Networks, the Internet
Storage system, utilizes field detection mobile terminal that field can be detected the detection data of equipment and setting geographical position is uploaded in real time
To cloud storage system, contribute to field work personnel and disposably gather enough data, it is not necessary to repeatedly come and go setting, be conducive to open country
Being smoothed out of outer operation, can shorten the duty cycle of field work, reduces field work cost, reduces the work of operating personnel
Intensity, and cloud storage system can store substantial amounts of detection data, thus solve above-mentioned technical problem.
Accompanying drawing explanation
The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limit to the present invention
System, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain according to the following drawings
Other accompanying drawing.
Fig. 1 is present configuration connection diagram.
Fig. 2 is the structural representation of data safety management system of the present invention.
Reference:
Cloud storage system 1, field detection mobile terminal 2, field detection equipment 3, data safety management system 4, data acquisition
Collection module 21, GPS locating module 22, wireless communication module 23, USB connector 24, serial communication connector 25, extension connector
26, data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43, security management center
44。
Detailed description of the invention
The invention will be further described with the following Examples.
Application scenarios 1
See Fig. 1, Fig. 2, the data transmission system of an embodiment of this application scene, detects equipment 3, cloud including field
Storage system 1 and field detection mobile terminal 2;Described cloud storage system 1 accesses the Internet, is used for storing field detection mobile eventually
The detection data of end and geographical location information;Described field detection mobile terminal 2 includes that data acquisition module 21, GPS position mould
Block 22, wireless communication module 23;Described data acquisition module 21 is for gathering the detection data of field detection equipment 3, data acquisition
Collection module 21 connects GPS locating module and wireless communication module 23, and described wireless communication module 23 connects mutually through mobile phone Cellular Networks
Networking.
Preferably, described wireless communication module 23 is GPRS module.
The field detection mobile terminal 2 that the above embodiment of the present invention is arranged can be connected to by mobile phone Cellular Networks, the Internet
Cloud storage system 1, utilizes field detection mobile terminal 2 that field can be detected detection data and the setting geographical position of equipment 3
It is uploaded to cloud storage system 1 in real time, contributes to field work personnel and disposably gather enough data, it is not necessary to repeatedly come and go operation
Being smoothed out of point, beneficially field work, can shorten the duty cycle of field work, reduces field work cost, reduces and makees
The labor intensity of industry personnel, and cloud storage system 1 can store substantial amounts of detection data, thus solve above-mentioned technology and ask
Topic.
Preferably, detection mobile terminal 2 in described field also includes USB connector 24, serial communication connector 25, extension even
Fitting 26, described data acquisition module 21 be provided with the usb communication unit for connecting USB connector 24, for serial communication
Serial communication unit that connector 25 connects, for and the extension FPGA module that is connected of connector 26.
This preferred embodiment arranges USB connector 24, serial communication connector 25, extension connector 26, it is simple to field
The interface of detection equipment 3 matches.
Preferably, described data transmission system also includes the data peace for managing the detection data in cloud storage system 1
Full management system 4;Described data safety management system 4 includes that data service system 40, data pretreatment 41, cloud storage add
Decryption system 42, control system 43 and security management center 44;Described data service system 40 is for being responsible for the storage of data, standby
Part and inquiry;Described data pretreatment 41 is for carrying out pretreatment by the data that need to maintain secrecy;Described cloud storage encryption and decryption system
System 42 is for being encrypted according to the access control safety strategy optimized the data that need to maintain secrecy or decipher;Described control system 43
For data are stored to corresponding storage device;Described security management center 44 is for carrying out unified monitoring to each security of system
Management.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, the storage of described responsible data, back up and inquire about, including:
(1) data form is changed, set up and be applicable to the form that non-relational database carries out storing;
(2) split data into basic data and expert data, use the strategy of centralized and distributed combination that data are entered
Row storage, during storage, all data all back up;The strategy of described centralized and distributed combination includes: for higher than presetting
The basic data of frequency uses centralised storage, is safeguarded, for the professional number less than predeterminated frequency by control data corporation is unified
According to using distributed storage, safeguard respectively at each expert data center;
(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue
Rope;Input key word at search engine, data are carried out precise search;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined
Consider, not only data are encrypted, the host-host protocol of data are encrypted simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace
Full policy optimization unit, described data partitioning unit for being divided into the data acquisition system of multiple mutual exclusion to the data that need to maintain secrecy;Institute
State data pick-up unit for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, by each data
First data cell in set sequentially extracts, and preserves as small block data, Qi Zhongsuo together with described ordering rule
State and there is not any association between the data cell two-by-two that mutual exclusion represents in data acquisition system;Described access control safety policy optimization
Unit generates the access control safety plan of system for access control safety policy optimization method based on fine granularity division of resources
Omit, including:
(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described
Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number
According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class
Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described data are stored to corresponding storage device, including:
(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out
Encryption;
(2) store in described cloud storage module after remaining data being encrypted by cloud storage encrypting and deciphering system 42;Wherein,
After cloud storage module receives data, cloud is saved in memory node after these data are carried out completeness check.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and
Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty
Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency;
Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety
Store after strategy to cloud storage module, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology
The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud from depositing
Storage manager illegally steals, distorts the private data of user, improves the security performance of the data storage that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described data to maintaining secrecy are encrypted or decipher, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
CKUAID=(∝AID,βAID)
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GK1For the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage module are carried out data to add
Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext
CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:
DK=IK | | AK
B, utilize data key DK that the data that need to store cloud storage module are carried out data encryption, after obtaining ciphertext CT,
Utilize attribute PKI that AK is encrypted, generate attribute key ciphertext CTA, utilize identity public key that IK is encrypted, generate identity key close
Literary composition CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close
Key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CKUAIDWith attribute private key CKAID
Decryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconstruct data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data
Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously;To the data that need to maintain secrecy, construct identity-based respectively
Encryption and decryption key, attribute encryption and decryption key, merge and constitute data encryption key these data are encrypted, thus only simultaneously
The user meeting identity and attribute double condition can decipher, and greatly improves the security performance of data safety management system 4.
In this application scenarios, update cycle T takes 6, and the safety of system improves 12% relatively.
Application scenarios 2
See Fig. 1, Fig. 2, the data transmission system of an embodiment of this application scene, detects equipment 3, cloud including field
Storage system 1 and field detection mobile terminal 2;Described cloud storage system 1 accesses the Internet, is used for storing field detection mobile eventually
The detection data of end and geographical location information;Described field detection mobile terminal 2 includes that data acquisition module 21, GPS position mould
Block 22, wireless communication module 23;Described data acquisition module 21 is for gathering the detection data of field detection equipment 3, data acquisition
Collection module 21 connects GPS locating module and wireless communication module 23, and described wireless communication module 23 connects mutually through mobile phone Cellular Networks
Networking.
Preferably, described wireless communication module 23 is GPRS module.
The field detection mobile terminal 2 that the above embodiment of the present invention is arranged can be connected to by mobile phone Cellular Networks, the Internet
Cloud storage system 1, utilizes field detection mobile terminal 2 that field can be detected detection data and the setting geographical position of equipment 3
It is uploaded to cloud storage system 1 in real time, contributes to field work personnel and disposably gather enough data, it is not necessary to repeatedly come and go operation
Being smoothed out of point, beneficially field work, can shorten the duty cycle of field work, reduces field work cost, reduces and makees
The labor intensity of industry personnel, and cloud storage system 1 can store substantial amounts of detection data, thus solve above-mentioned technology and ask
Topic.
Preferably, detection mobile terminal 2 in described field also includes USB connector 24, serial communication connector 25, extension even
Fitting 26, described data acquisition module 21 be provided with the usb communication unit for connecting USB connector 24, for serial communication
Serial communication unit that connector 25 connects, for and the extension FPGA module that is connected of connector 26.
This preferred embodiment arranges USB connector 24, serial communication connector 25, extension connector 26, it is simple to field
The interface of detection equipment 3 matches.
Preferably, described data transmission system also includes the data peace for managing the detection data in cloud storage system 1
Full management system 4;Described data safety management system 4 includes that data service system 40, data pretreatment 41, cloud storage add
Decryption system 42, control system 43 and security management center 44;Described data service system 40 is for being responsible for the storage of data, standby
Part and inquiry;Described data pretreatment 41 is for carrying out pretreatment by the data that need to maintain secrecy;Described cloud storage encryption and decryption system
System 42 is for being encrypted according to the access control safety strategy optimized the data that need to maintain secrecy or decipher;Described control system 43
For data are stored to corresponding storage device;Described security management center 44 is for carrying out unified monitoring to each security of system
Management.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, the storage of described responsible data, back up and inquire about, including:
(1) data form is changed, set up and be applicable to the form that non-relational database carries out storing;
(2) split data into basic data and expert data, use the strategy of centralized and distributed combination that data are entered
Row storage, during storage, all data all back up;The strategy of described centralized and distributed combination includes: for higher than presetting
The basic data of frequency uses centralised storage, is safeguarded, for the professional number less than predeterminated frequency by control data corporation is unified
According to using distributed storage, safeguard respectively at each expert data center;
(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue
Rope;Input key word at search engine, data are carried out precise search;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined
Consider, not only data are encrypted, the host-host protocol of data are encrypted simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace
Full policy optimization unit, described data partitioning unit for being divided into the data acquisition system of multiple mutual exclusion to the data that need to maintain secrecy;Institute
State data pick-up unit for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, by each data
First data cell in set sequentially extracts, and preserves as small block data, Qi Zhongsuo together with described ordering rule
State and there is not any association between the data cell two-by-two that mutual exclusion represents in data acquisition system;Described access control safety policy optimization
Unit generates the access control safety plan of system for access control safety policy optimization method based on fine granularity division of resources
Omit, including:
(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described
Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number
According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class
Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described data are stored to corresponding storage device, including:
(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out
Encryption;
(2) store in described cloud storage module after remaining data being encrypted by cloud storage encrypting and deciphering system 42;Wherein,
After cloud storage module receives data, cloud is saved in memory node after these data are carried out completeness check.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and
Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty
Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency;
Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety
Store after strategy to cloud storage module, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology
The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud from depositing
Storage manager illegally steals, distorts the private data of user, improves the security performance of the data storage that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described data to maintaining secrecy are encrypted or decipher, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
CKUAID=(∝AID,βAID)
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage module are carried out data to add
Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext
CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:
DK=IK | | AK
B, utilize data key DK that the data that need to store cloud storage module are carried out data encryption, after obtaining ciphertext CT,
Utilize attribute PKI that AK is encrypted, generate attribute key ciphertext CTA, utilize identity public key that IK is encrypted, generate identity key close
Literary composition CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close
Key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CKUAIDWith attribute private key CKAID
Decryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconstruct data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data
Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously;To the data that need to maintain secrecy, construct identity-based respectively
Encryption and decryption key, attribute encryption and decryption key, merge and constitute data encryption key these data are encrypted, thus only simultaneously
The user meeting identity and attribute double condition can decipher, and greatly improves the security performance of data safety management system 4.
In this application scenarios, update cycle T takes 7, and the safety of system improves 11% relatively.
Application scenarios 3
See Fig. 1, Fig. 2, the data transmission system of an embodiment of this application scene, detects equipment 3, cloud including field
Storage system 1 and field detection mobile terminal 2;Described cloud storage system 1 accesses the Internet, is used for storing field detection mobile eventually
The detection data of end and geographical location information;Described field detection mobile terminal 2 includes that data acquisition module 21, GPS position mould
Block 22, wireless communication module 23;Described data acquisition module 21 is for gathering the detection data of field detection equipment 3, data acquisition
Collection module 21 connects GPS locating module and wireless communication module 23, and described wireless communication module 23 connects mutually through mobile phone Cellular Networks
Networking.
Preferably, described wireless communication module 23 is GPRS module.
The field detection mobile terminal 2 that the above embodiment of the present invention is arranged can be connected to by mobile phone Cellular Networks, the Internet
Cloud storage system 1, utilizes field detection mobile terminal 2 that field can be detected detection data and the setting geographical position of equipment 3
It is uploaded to cloud storage system 1 in real time, contributes to field work personnel and disposably gather enough data, it is not necessary to repeatedly come and go operation
Being smoothed out of point, beneficially field work, can shorten the duty cycle of field work, reduces field work cost, reduces and makees
The labor intensity of industry personnel, and cloud storage system 1 can store substantial amounts of detection data, thus solve above-mentioned technology and ask
Topic.
Preferably, detection mobile terminal 2 in described field also includes USB connector 24, serial communication connector 25, extension even
Fitting 26, described data acquisition module 21 be provided with the usb communication unit for connecting USB connector 24, for serial communication
Serial communication unit that connector 25 connects, for and the extension FPGA module that is connected of connector 26.
This preferred embodiment arranges USB connector 24, serial communication connector 25, extension connector 26, it is simple to field
The interface of detection equipment 3 matches.
Preferably, described data transmission system also includes the data peace for managing the detection data in cloud storage system 1
Full management system 4;Described data safety management system 4 includes that data service system 40, data pretreatment 41, cloud storage add
Decryption system 42, control system 43 and security management center 44;Described data service system 40 is for being responsible for the storage of data, standby
Part and inquiry;Described data pretreatment 41 is for carrying out pretreatment by the data that need to maintain secrecy;Described cloud storage encryption and decryption system
System 42 is for being encrypted according to the access control safety strategy optimized the data that need to maintain secrecy or decipher;Described control system 43
For data are stored to corresponding storage device;Described security management center 44 is for carrying out unified monitoring to each security of system
Management.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, the storage of described responsible data, back up and inquire about, including:
(1) data form is changed, set up and be applicable to the form that non-relational database carries out storing;
(2) split data into basic data and expert data, use the strategy of centralized and distributed combination that data are entered
Row storage, during storage, all data all back up;The strategy of described centralized and distributed combination includes: for higher than presetting
The basic data of frequency uses centralised storage, is safeguarded, for the professional number less than predeterminated frequency by control data corporation is unified
According to using distributed storage, safeguard respectively at each expert data center;
(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue
Rope;Input key word at search engine, data are carried out precise search;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined
Consider, not only data are encrypted, the host-host protocol of data are encrypted simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace
Full policy optimization unit, described data partitioning unit for being divided into the data acquisition system of multiple mutual exclusion to the data that need to maintain secrecy;Institute
State data pick-up unit for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, by each data
First data cell in set sequentially extracts, and preserves as small block data, Qi Zhongsuo together with described ordering rule
State and there is not any association between the data cell two-by-two that mutual exclusion represents in data acquisition system;Described access control safety policy optimization
Unit generates the access control safety plan of system for access control safety policy optimization method based on fine granularity division of resources
Omit, including:
(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described
Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number
According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class
Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described data are stored to corresponding storage device, including:
(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out
Encryption;
(2) store in described cloud storage module after remaining data being encrypted by cloud storage encrypting and deciphering system 42;Wherein,
After cloud storage module receives data, cloud is saved in memory node after these data are carried out completeness check.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and
Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty
Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency;
Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety
Store after strategy to cloud storage module, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology
The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud from depositing
Storage manager illegally steals, distorts the private data of user, improves the security performance of the data storage that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described data to maintaining secrecy are encrypted or decipher, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
CKUAID=(∝AID,βAID)
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage module are carried out data to add
Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext
CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:
DK=IK | | AK
B, utilize data key DK that the data that need to store cloud storage module are carried out data encryption, after obtaining ciphertext CT,
Utilize attribute PKI that AK is encrypted, generate attribute key ciphertext CTA, utilize identity public key that IK is encrypted, generate identity key close
Literary composition CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close
Key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CKUAIDWith attribute private key CKAID
Decryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconstruct data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data
Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously;To the data that need to maintain secrecy, construct identity-based respectively
Encryption and decryption key, attribute encryption and decryption key, merge and constitute data encryption key these data are encrypted, thus only simultaneously
The user meeting identity and attribute double condition can decipher, and greatly improves the security performance of data safety management system 4.
In this application scenarios, update cycle T takes 8, and the safety of system improves 10% relatively.
Application scenarios 4
See Fig. 1, Fig. 2, the data transmission system of an embodiment of this application scene, detects equipment 3, cloud including field
Storage system 1 and field detection mobile terminal 2;Described cloud storage system 1 accesses the Internet, is used for storing field detection mobile eventually
The detection data of end and geographical location information;Described field detection mobile terminal 2 includes that data acquisition module 21, GPS position mould
Block 22, wireless communication module 23;Described data acquisition module 21 is for gathering the detection data of field detection equipment 3, data acquisition
Collection module 21 connects GPS locating module and wireless communication module 23, and described wireless communication module 23 connects mutually through mobile phone Cellular Networks
Networking.
Preferably, described wireless communication module 23 is GPRS module.
The field detection mobile terminal 2 that the above embodiment of the present invention is arranged can be connected to by mobile phone Cellular Networks, the Internet
Cloud storage system 1, utilizes field detection mobile terminal 2 that field can be detected detection data and the setting geographical position of equipment 3
It is uploaded to cloud storage system 1 in real time, contributes to field work personnel and disposably gather enough data, it is not necessary to repeatedly come and go operation
Being smoothed out of point, beneficially field work, can shorten the duty cycle of field work, reduces field work cost, reduces and makees
The labor intensity of industry personnel, and cloud storage system 1 can store substantial amounts of detection data, thus solve above-mentioned technology and ask
Topic.
Preferably, detection mobile terminal 2 in described field also includes USB connector 24, serial communication connector 25, extension even
Fitting 26, described data acquisition module 21 be provided with the usb communication unit for connecting USB connector 24, for serial communication
Serial communication unit that connector 25 connects, for and the extension FPGA module that is connected of connector 26.
This preferred embodiment arranges USB connector 24, serial communication connector 25, extension connector 26, it is simple to field
The interface of detection equipment 3 matches.
Preferably, described data transmission system also includes the data peace for managing the detection data in cloud storage system 1
Full management system 4;Described data safety management system 4 includes that data service system 40, data pretreatment 41, cloud storage add
Decryption system 42, control system 43 and security management center 44;Described data service system 40 is for being responsible for the storage of data, standby
Part and inquiry;Described data pretreatment 41 is for carrying out pretreatment by the data that need to maintain secrecy;Described cloud storage encryption and decryption system
System 42 is for being encrypted according to the access control safety strategy optimized the data that need to maintain secrecy or decipher;Described control system 43
For data are stored to corresponding storage device;Described security management center 44 is for carrying out unified monitoring to each security of system
Management.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, the storage of described responsible data, back up and inquire about, including:
(1) data form is changed, set up and be applicable to the form that non-relational database carries out storing;
(2) split data into basic data and expert data, use the strategy of centralized and distributed combination that data are entered
Row storage, during storage, all data all back up;The strategy of described centralized and distributed combination includes: for higher than presetting
The basic data of frequency uses centralised storage, is safeguarded, for the professional number less than predeterminated frequency by control data corporation is unified
According to using distributed storage, safeguard respectively at each expert data center;
(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue
Rope;Input key word at search engine, data are carried out precise search;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined
Consider, not only data are encrypted, the host-host protocol of data are encrypted simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace
Full policy optimization unit, described data partitioning unit for being divided into the data acquisition system of multiple mutual exclusion to the data that need to maintain secrecy;Institute
State data pick-up unit for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, by each data
First data cell in set sequentially extracts, and preserves as small block data, Qi Zhongsuo together with described ordering rule
State and there is not any association between the data cell two-by-two that mutual exclusion represents in data acquisition system;Described access control safety policy optimization
Unit generates the access control safety plan of system for access control safety policy optimization method based on fine granularity division of resources
Omit, including:
(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described
Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number
According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class
Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described data are stored to corresponding storage device, including:
(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out
Encryption;
(2) store in described cloud storage module after remaining data being encrypted by cloud storage encrypting and deciphering system 42;Wherein,
After cloud storage module receives data, cloud is saved in memory node after these data are carried out completeness check.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and
Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty
Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency;
Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety
Store after strategy to cloud storage module, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology
The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud from depositing
Storage manager illegally steals, distorts the private data of user, improves the security performance of the data storage that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described data to maintaining secrecy are encrypted or decipher, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
CKUAID=(∝AID,βAID)
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage module are carried out data to add
Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext
CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:
DK=IK | | AK
B, utilize data key DK that the data that need to store cloud storage module are carried out data encryption, after obtaining ciphertext CT,
Utilize attribute PKI that AK is encrypted, generate attribute key ciphertext CTA, utilize identity public key that IK is encrypted, generate identity key close
Literary composition CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close
Key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CKUAIDWith attribute private key CKAID
Decryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconstruct data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data
Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously;To the data that need to maintain secrecy, construct identity-based respectively
Encryption and decryption key, attribute encryption and decryption key, merge and constitute data encryption key these data are encrypted, thus only simultaneously
The user meeting identity and attribute double condition can decipher, and greatly improves the security performance of data safety management system 4.
In this application scenarios, update cycle T takes 9, and the safety of system improves 9% relatively.
Application scenarios 5
See Fig. 1, Fig. 2, the data transmission system of an embodiment of this application scene, detects equipment 3, cloud including field
Storage system 1 and field detection mobile terminal 2;Described cloud storage system 1 accesses the Internet, is used for storing field detection mobile eventually
The detection data of end and geographical location information;Described field detection mobile terminal 2 includes that data acquisition module 21, GPS position mould
Block 22, wireless communication module 23;Described data acquisition module 21 is for gathering the detection data of field detection equipment 3, data acquisition
Collection module 21 connects GPS locating module and wireless communication module 23, and described wireless communication module 23 connects mutually through mobile phone Cellular Networks
Networking.
Preferably, described wireless communication module 23 is GPRS module.
The field detection mobile terminal 2 that the above embodiment of the present invention is arranged can be connected to by mobile phone Cellular Networks, the Internet
Cloud storage system 1, utilizes field detection mobile terminal 2 that field can be detected detection data and the setting geographical position of equipment 3
It is uploaded to cloud storage system 1 in real time, contributes to field work personnel and disposably gather enough data, it is not necessary to repeatedly come and go operation
Being smoothed out of point, beneficially field work, can shorten the duty cycle of field work, reduces field work cost, reduces and makees
The labor intensity of industry personnel, and cloud storage system 1 can store substantial amounts of detection data, thus solve above-mentioned technology and ask
Topic.
Preferably, detection mobile terminal 2 in described field also includes USB connector 24, serial communication connector 25, extension even
Fitting 26, described data acquisition module 21 be provided with the usb communication unit for connecting USB connector 24, for serial communication
Serial communication unit that connector 25 connects, for and the extension FPGA module that is connected of connector 26.
This preferred embodiment arranges USB connector 24, serial communication connector 25, extension connector 26, it is simple to field
The interface of detection equipment 3 matches.
Preferably, described data transmission system also includes the data peace for managing the detection data in cloud storage system 1
Full management system 4;Described data safety management system 4 includes that data service system 40, data pretreatment 41, cloud storage add
Decryption system 42, control system 43 and security management center 44;Described data service system 40 is for being responsible for the storage of data, standby
Part and inquiry;Described data pretreatment 41 is for carrying out pretreatment by the data that need to maintain secrecy;Described cloud storage encryption and decryption system
System 42 is for being encrypted according to the access control safety strategy optimized the data that need to maintain secrecy or decipher;Described control system 43
For data are stored to corresponding storage device;Described security management center 44 is for carrying out unified monitoring to each security of system
Management.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, the storage of described responsible data, back up and inquire about, including:
(1) data form is changed, set up and be applicable to the form that non-relational database carries out storing;
(2) split data into basic data and expert data, use the strategy of centralized and distributed combination that data are entered
Row storage, during storage, all data all back up;The strategy of described centralized and distributed combination includes: for higher than presetting
The basic data of frequency uses centralised storage, is safeguarded, for the professional number less than predeterminated frequency by control data corporation is unified
According to using distributed storage, safeguard respectively at each expert data center;
(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue
Rope;Input key word at search engine, data are carried out precise search;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined
Consider, not only data are encrypted, the host-host protocol of data are encrypted simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace
Full policy optimization unit, described data partitioning unit for being divided into the data acquisition system of multiple mutual exclusion to the data that need to maintain secrecy;Institute
State data pick-up unit for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, by each data
First data cell in set sequentially extracts, and preserves as small block data, Qi Zhongsuo together with described ordering rule
State and there is not any association between the data cell two-by-two that mutual exclusion represents in data acquisition system;Described access control safety policy optimization
Unit generates the access control safety plan of system for access control safety policy optimization method based on fine granularity division of resources
Omit, including:
(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described
Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number
According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class
Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described data are stored to corresponding storage device, including:
(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out
Encryption;
(2) store in described cloud storage module after remaining data being encrypted by cloud storage encrypting and deciphering system 42;Wherein,
After cloud storage module receives data, cloud is saved in memory node after these data are carried out completeness check.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and
Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty
Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency;
Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety
Store after strategy to cloud storage module, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology
The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud from depositing
Storage manager illegally steals, distorts the private data of user, improves the security performance of the data storage that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described data to maintaining secrecy are encrypted or decipher, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
CKUAID=(∝AID,βAID)
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GK1For the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage module are carried out data to add
Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext
CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:
DK=IK | | AK
B, utilize data key DK that the data that need to store cloud storage module are carried out data encryption, after obtaining ciphertext CT,
Utilize attribute PKI that AK is encrypted, generate attribute key ciphertext CTA, utilize identity public key that IK is encrypted, generate identity key close
Literary composition CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close
Key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CKUAIDWith attribute private key CKAID
Decryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconstruct data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data
Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously;To the data that need to maintain secrecy, construct identity-based respectively
Encryption and decryption key, attribute encryption and decryption key, merge and constitute data encryption key these data are encrypted, thus only simultaneously
The user meeting identity and attribute double condition can decipher, and greatly improves the security performance of data safety management system 4.
In this application scenarios, update cycle T takes 10, and the safety of system improves 8% relatively.
Last it should be noted that, above example is only in order to illustrate technical scheme, rather than the present invention is protected
Protecting the restriction of scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should
Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention
Matter and scope.
Claims (3)
1. a data transmission system, it is characterised in that include that field detection equipment, cloud storage system and field detection are mobile eventually
End;Described cloud storage system accesses the Internet, for storing detection data and the geographical location information of field detection mobile terminal;
Described field detection mobile terminal includes data acquisition module, GPS locating module, wireless communication module;Described data acquisition module
Block is for gathering the detection data of field detection equipment, and data acquisition module connects GPS locating module and wireless communication module, institute
State wireless communication module and connect the Internet through mobile phone Cellular Networks.
A kind of data transmission system the most according to claim 1, it is characterised in that described wireless communication module is GPRS mould
Block.
A kind of data transmission system the most according to claim 2, it is characterised in that described field detection mobile terminal also wraps
Including USB connector, serial communication connector, extension connector, described data acquisition module is provided with for connecting USB connector
Usb communication unit, for the serial communication unit being connected with serial communication connector, for and extend the FPGA that is connected of connector
Module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610772039.4A CN106131224A (en) | 2016-08-30 | 2016-08-30 | A kind of data transmission system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610772039.4A CN106131224A (en) | 2016-08-30 | 2016-08-30 | A kind of data transmission system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106131224A true CN106131224A (en) | 2016-11-16 |
Family
ID=57273042
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610772039.4A Pending CN106131224A (en) | 2016-08-30 | 2016-08-30 | A kind of data transmission system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106131224A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107302524A (en) * | 2017-06-02 | 2017-10-27 | 西安电子科技大学 | A kind of ciphertext data-sharing systems under cloud computing environment |
CN108681543A (en) * | 2018-02-13 | 2018-10-19 | 贵州财经大学 | One kind is based on electronic information automation remote control production system and method |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102281314A (en) * | 2011-01-30 | 2011-12-14 | 程旭 | Realization method and apparatus for high-efficient and safe data cloud storage system |
CN202385134U (en) * | 2011-10-08 | 2012-08-15 | 胡宪亮 | Agricultural and forest diseases and insect pests intelligent monitoring service system based on PDA |
CN103139225A (en) * | 2011-11-22 | 2013-06-05 | 江苏省紫光智能系统有限公司 | Intelligent internet-of-things transmitting system and data transmitting method for field work |
CN104849250A (en) * | 2015-05-05 | 2015-08-19 | 浙江大学 | Portable intelligent plant physiological state detection system and method |
CN105335497A (en) * | 2015-10-26 | 2016-02-17 | 北斗恒星(北京)科技发展有限公司 | Beidou forestry data acquiring and processing method based on cloud computing |
CN105654313A (en) * | 2015-12-25 | 2016-06-08 | 惠州市元心软件有限公司 | Intelligent cloud scale and method for performing Internet-of-things tracing through same |
CN105898898A (en) * | 2016-06-12 | 2016-08-24 | 青岛科恩锐网互联科技有限公司 | Information monitoring system based on wireless sensor network |
-
2016
- 2016-08-30 CN CN201610772039.4A patent/CN106131224A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102281314A (en) * | 2011-01-30 | 2011-12-14 | 程旭 | Realization method and apparatus for high-efficient and safe data cloud storage system |
CN202385134U (en) * | 2011-10-08 | 2012-08-15 | 胡宪亮 | Agricultural and forest diseases and insect pests intelligent monitoring service system based on PDA |
CN103139225A (en) * | 2011-11-22 | 2013-06-05 | 江苏省紫光智能系统有限公司 | Intelligent internet-of-things transmitting system and data transmitting method for field work |
CN104849250A (en) * | 2015-05-05 | 2015-08-19 | 浙江大学 | Portable intelligent plant physiological state detection system and method |
CN105335497A (en) * | 2015-10-26 | 2016-02-17 | 北斗恒星(北京)科技发展有限公司 | Beidou forestry data acquiring and processing method based on cloud computing |
CN105654313A (en) * | 2015-12-25 | 2016-06-08 | 惠州市元心软件有限公司 | Intelligent cloud scale and method for performing Internet-of-things tracing through same |
CN105898898A (en) * | 2016-06-12 | 2016-08-24 | 青岛科恩锐网互联科技有限公司 | Information monitoring system based on wireless sensor network |
Non-Patent Citations (1)
Title |
---|
裴新: "云存储中数据安全模型设计及分析关键技术研究", 《中国博士学位论文全文数据库-信息科技辑》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107302524A (en) * | 2017-06-02 | 2017-10-27 | 西安电子科技大学 | A kind of ciphertext data-sharing systems under cloud computing environment |
CN107302524B (en) * | 2017-06-02 | 2020-10-09 | 西安电子科技大学 | Ciphertext data sharing system under cloud computing environment |
CN108681543A (en) * | 2018-02-13 | 2018-10-19 | 贵州财经大学 | One kind is based on electronic information automation remote control production system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106203146B (en) | Big data safety management system | |
CN108830601B (en) | Smart city information safe use method and system based on block chain | |
CN106127075B (en) | Encryption method can search for based on secret protection under a kind of cloud storage environment | |
CN109033855B (en) | Data transmission method and device based on block chain and storage medium | |
CN106503574B (en) | Block chain safe storage method | |
CN103502994B (en) | Method for handling privacy data | |
CN106131225A (en) | The security system accessed for medical treatment case information | |
CN104765848A (en) | Symmetrical searchable encryption method for supporting result high-efficiency sequencing in hybrid cloud storage | |
CN106326666A (en) | Health record information management service system | |
CN111008855B (en) | Retrospective data access control method based on improved proxy re-encryption | |
CN105516117A (en) | Cloud computing based power data security storage method | |
CN106356066A (en) | Speech recognition system based on cloud computing | |
CN105303455A (en) | Power enterprise user data storage and analysis system | |
Esther et al. | Trustworthy cloud storage data protection based on blockchain technology | |
CN106161654A (en) | A kind of cloud educational system | |
Yuan et al. | Towards privacy-preserving and practical image-centric social discovery | |
CN106254510A (en) | The Internet financial resources integrates shared system | |
CN113127927B (en) | Attribute reconstruction encryption method and system for license chain data sharing and supervision | |
CN106131224A (en) | A kind of data transmission system | |
Li et al. | BEIR: A blockchain-based encrypted image retrieval scheme | |
Liu et al. | The application of block chain technology in spot exchange | |
CN207099276U (en) | A kind of video data protection device | |
CN106230856A (en) | A kind of System of Industrial Device Controls based on Internet of Things | |
CN107332840A (en) | Authority intelligent management system and its method | |
Lin et al. | Power data blockchain sharing scheme based on homomorphic encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161116 |