CN108023884A - A kind of encryption method of Networks and information security - Google Patents

A kind of encryption method of Networks and information security Download PDF

Info

Publication number
CN108023884A
CN108023884A CN201711265139.9A CN201711265139A CN108023884A CN 108023884 A CN108023884 A CN 108023884A CN 201711265139 A CN201711265139 A CN 201711265139A CN 108023884 A CN108023884 A CN 108023884A
Authority
CN
China
Prior art keywords
data
deviant
network information
segment
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711265139.9A
Other languages
Chinese (zh)
Inventor
闵韻书
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Army Show Consulting Co Ltd
Original Assignee
Beijing Army Show Consulting Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Army Show Consulting Co Ltd filed Critical Beijing Army Show Consulting Co Ltd
Priority to CN201711265139.9A priority Critical patent/CN108023884A/en
Publication of CN108023884A publication Critical patent/CN108023884A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a kind of encryption method of Networks and information security, comprise the following steps:A, network information data is gathered by data collector and preserved into local storage;B, feature extraction is carried out to the network information data of collection;C, background terminal forward end database server sends cipher key acquisition request, wherein, cipher key acquisition request includes characteristic to be encrypted;D, background terminal generates key data according to characteristic to be encrypted, and key data is stored in data monitoring early warning system, and the encryption method that the present invention uses can effectively prevent that the network data of collection from illegally being distorted, and security performance is high.

Description

A kind of encryption method of Networks and information security
Technical field
The present invention relates to network information data encryption technology field, is specially a kind of encryption side of Networks and information security Method.
Background technology
The data encryption technology being used cooperatively with fire wall, is to improve the security and secrecy of information system and data Property, prevents one of technical way that secret data used by outside attack.Technically respectively from software and hardware two Aspect takes measures.According to the difference of effect, data encryption technology can be divided into data transfer encryption technology, data store encryption skill The authentication technique and key management technology of art, data integrity.
The purpose of data transfer encryption technology is to the traffic encryption in transmission, usually has link encryption to add with end-end Close two kinds.Link encryption stresses on the line and without considering information source and the stay of two nights, is using different to security information by each circuit Encryption key provide safeguard protection.End-end encryption refers to information and is encrypted automatically by transmitting terminal, and carries out data by TCP/IP Encapsulation, then conduct can not be read passes through internet with unrecognizable data, when these information arrive at, will by from Dynamic restructuring, decryption, and become readable data.
The purpose of data store encryption technology is to prevent the data in storage link from giving away secrets, and data store encryption technology can It is divided into two kinds of ciphertext storage and access control.The methods of the former changes generally by Encryption Algorithm, additional password, encrypting module Realize;The latter is then that user's qualification, authority are examined and limited, and prevents that disabled user from accessing data or validated user is gone beyond one's commission Access data;The purpose of data integrity authentication technique is to the identity of people of the transmission of intervention information, access and processing and related Data content is verified, generally comprises the discriminating of the items such as password, key, identity, data.System is defeated by contrast verification object Whether the characteristic value entered meets parameter set in advance, realizes the safeguard protection to data.
Current network information data is easily tampered, poor safety performance.
The content of the invention
It is an object of the invention to provide a kind of encryption method of Networks and information security, to solve in above-mentioned background technology The problem of proposition.
To achieve the above object, the present invention provides following technical solution:A kind of encryption method of Networks and information security, bag Include following steps:
A, network information data is gathered by data collector and preserved into local storage;
B, feature extraction is carried out to the network information data of collection;
C, background terminal forward end database server sends cipher key acquisition request, wherein, cipher key acquisition request includes treating Encrypted characteristic;
D, background terminal generates key data according to characteristic to be encrypted, and key data is stored in data monitoring In early warning system.
Preferably, feature extracting method comprises the following steps in the step B:
The network packet of collection is divided into the data segment of multiple regular lengths, obtain the data segment that segmentation obtains A, Deviant;
B, sorting out to data segment, generate segment type value corresponding with data segment and its deviant, and generates Segment type value with receive data packet it is corresponding;
C, according to the data packet generation sample set received, it is right in data packet of the segment type value in sample set to obtain The quantity for the deviant answered, extracts the deviant that its quantity is greater than or equal to deviant hit threshold;
D, the corresponding segment type value of deviant of the extraction is obtained, by the deviant of extraction and segment type value As condition code corresponding with sample set, the extraction to network information data feature is completed.
Preferably, date storage method is in local storage in the step A:Network information data to be stored is normal Plain text column in database table, while obtained after network information data to be stored is encrypted using the encryption chip of model SMEC98SP To ciphertext, then ciphertext is digitally signed to obtain ciphertext signature, completes the storage encryption to network information data.
Compared with prior art, the beneficial effects of the invention are as follows:The encryption method that the present invention uses can be prevented effectively The network data of collection is illegally distorted, and security performance is high;Wherein, the feature extracting method that the present invention uses can be according to data The regularity that data segment occurs in bag extracts corresponding segment type value as condition code so that data packet feature extraction side Method can be adapted to all data packet species, it is possible to increase data encryption efficiency;The date storage method of use can be realized To storing the encryption of data, and then the double-encryption to network data is realized, further increase security.
Brief description of the drawings
Fig. 1 is flow chart of the present invention.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without making creative work Embodiment, belongs to the scope of protection of the invention.
Embodiment one:
Referring to Fig. 1, the present invention provides following technical solution:A kind of encryption method of Networks and information security, including with Lower step:
A, network information data is gathered by data collector and preserved into local storage;
B, feature extraction is carried out to the network information data of collection;
C, background terminal forward end database server sends cipher key acquisition request, wherein, cipher key acquisition request includes treating Encrypted characteristic;
D, background terminal generates key data according to characteristic to be encrypted, and key data is stored in data monitoring In early warning system.
In the present invention, feature extracting method comprises the following steps in step B:
The network packet of collection is divided into the data segment of multiple regular lengths, obtain the data segment that segmentation obtains A, Deviant;
B, sorting out to data segment, generate segment type value corresponding with data segment and its deviant, and generates Segment type value with receive data packet it is corresponding;
C, according to the data packet generation sample set received, it is right in data packet of the segment type value in sample set to obtain The quantity for the deviant answered, extracts the deviant that its quantity is greater than or equal to deviant hit threshold;
D, the corresponding segment type value of deviant of the extraction is obtained, by the deviant of extraction and segment type value As condition code corresponding with sample set, the extraction to network information data feature is completed.
Embodiment two:
The present invention provides following technical solution:A kind of encryption method of Networks and information security, comprises the following steps:
A, network information data is gathered by data collector and preserved into local storage;
B, feature extraction is carried out to the network information data of collection;
C, background terminal forward end database server sends cipher key acquisition request, wherein, cipher key acquisition request includes treating Encrypted characteristic;
D, background terminal generates key data according to characteristic to be encrypted, and key data is stored in data monitoring In early warning system.
In the present invention, feature extracting method comprises the following steps in step B:
The network packet of collection is divided into the data segment of multiple regular lengths, obtain the data segment that segmentation obtains A, Deviant;
B, sorting out to data segment, generate segment type value corresponding with data segment and its deviant, and generates Segment type value with receive data packet it is corresponding;
C, according to the data packet generation sample set received, it is right in data packet of the segment type value in sample set to obtain The quantity for the deviant answered, extracts the deviant that its quantity is greater than or equal to deviant hit threshold;
D, the corresponding segment type value of deviant of the extraction is obtained, by the deviant of extraction and segment type value As condition code corresponding with sample set, the extraction to network information data feature is completed.
The difference between this embodiment and the first embodiment lies in:Further include data store encryption.
In the present embodiment, date storage method is in local storage in step A:Network information data to be stored is normal Plain text column in database table, while obtained after network information data to be stored is encrypted using the encryption chip of model SMEC98SP To ciphertext, then ciphertext is digitally signed to obtain ciphertext signature, completes the storage encryption to network information data.
The encryption method that the present invention uses can effectively prevent that the network data of collection from illegally being distorted, security performance It is high;Wherein, the feature extracting method that the present invention uses can extract accordingly according to the regularity that data segment in data packet occurs Segment type value as condition code so that data packet feature extracting method can be adapted to all data packet species, can Improve data encryption efficiency;The date storage method of use can be realized to storing the encryption of data, and then is realized to net The double-encryption of network data, further increases security.
Although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with Understanding without departing from the principles and spirit of the present invention can carry out these embodiments a variety of changes, modification, replace And modification, the scope of the present invention is defined by the appended.

Claims (3)

  1. A kind of 1. encryption method of Networks and information security, it is characterised in that:Comprise the following steps:
    A, network information data is gathered by data collector and preserved into local storage;
    B, feature extraction is carried out to the network information data of collection;
    C, background terminal forward end database server sends cipher key acquisition request, wherein, cipher key acquisition request includes to be encrypted Characteristic;
    D, background terminal generates key data according to characteristic to be encrypted, and key data is stored in data monitoring early warning In system.
  2. A kind of 2. encryption method of Networks and information security according to claim 1, it is characterised in that:In the step B Feature extracting method comprises the following steps:
    The network packet of collection is divided into the data segment of multiple regular lengths, obtain the offset for the data segment that segmentation obtains A, Value;
    B, sorting out to data segment, generate segment type value corresponding with data segment and its deviant, and the number generated It is corresponding with the data packet received according to segment type value;
    C, according to the data packet generation sample set received, obtain corresponding in data packet of the segment type value in sample set The quantity of deviant, extracts the deviant that its quantity is greater than or equal to deviant hit threshold;
    D, obtain the corresponding segment type value of deviant of the extraction, using the deviant of extraction and segment type value as Condition code corresponding with sample set, completes the extraction to network information data feature.
  3. A kind of 3. encryption method of Networks and information security according to claim 1, it is characterised in that:In the step A Date storage method is in local storage:By plain text column in network information data normal data storehouse table to be stored, while will treat Storage network information data obtains ciphertext after being encrypted using the encryption chip of model SMEC98SP, then digital label are carried out to ciphertext Name obtains ciphertext signature, completes the storage encryption to network information data.
CN201711265139.9A 2017-12-05 2017-12-05 A kind of encryption method of Networks and information security Pending CN108023884A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711265139.9A CN108023884A (en) 2017-12-05 2017-12-05 A kind of encryption method of Networks and information security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711265139.9A CN108023884A (en) 2017-12-05 2017-12-05 A kind of encryption method of Networks and information security

Publications (1)

Publication Number Publication Date
CN108023884A true CN108023884A (en) 2018-05-11

Family

ID=62078599

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711265139.9A Pending CN108023884A (en) 2017-12-05 2017-12-05 A kind of encryption method of Networks and information security

Country Status (1)

Country Link
CN (1) CN108023884A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111274583A (en) * 2020-01-17 2020-06-12 湖南城市学院 Big data computer network safety protection device and control method thereof
CN111865951A (en) * 2020-07-09 2020-10-30 福建奇点时空数字科技有限公司 Network data flow abnormity detection method based on data packet feature extraction
CN112187760A (en) * 2020-09-22 2021-01-05 宏图智能物流股份有限公司 Network request tamper-proof method based on data splitting

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968081A (en) * 2006-10-27 2007-05-23 祝万昌 Data encryption system and method for file transfer
US20120096564A1 (en) * 2010-10-13 2012-04-19 Sony Corporation Data integrity protecting and verifying methods, apparatuses and systems
CN103177219A (en) * 2013-03-29 2013-06-26 太原理工大学 Medical biochemical detection report critical data tamper-proofing method
CN105100023A (en) * 2014-05-21 2015-11-25 腾讯科技(深圳)有限公司 Data packet feature extraction method and device
CN105989482A (en) * 2015-02-04 2016-10-05 成都天地网信息科技有限公司 Data encryption method
CN106415632A (en) * 2014-02-24 2017-02-15 汉索知识产权私人有限公司 Method of use of a unique product identification code

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968081A (en) * 2006-10-27 2007-05-23 祝万昌 Data encryption system and method for file transfer
US20120096564A1 (en) * 2010-10-13 2012-04-19 Sony Corporation Data integrity protecting and verifying methods, apparatuses and systems
CN103177219A (en) * 2013-03-29 2013-06-26 太原理工大学 Medical biochemical detection report critical data tamper-proofing method
CN106415632A (en) * 2014-02-24 2017-02-15 汉索知识产权私人有限公司 Method of use of a unique product identification code
CN105100023A (en) * 2014-05-21 2015-11-25 腾讯科技(深圳)有限公司 Data packet feature extraction method and device
CN105989482A (en) * 2015-02-04 2016-10-05 成都天地网信息科技有限公司 Data encryption method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111274583A (en) * 2020-01-17 2020-06-12 湖南城市学院 Big data computer network safety protection device and control method thereof
CN111865951A (en) * 2020-07-09 2020-10-30 福建奇点时空数字科技有限公司 Network data flow abnormity detection method based on data packet feature extraction
CN112187760A (en) * 2020-09-22 2021-01-05 宏图智能物流股份有限公司 Network request tamper-proof method based on data splitting
CN112187760B (en) * 2020-09-22 2022-11-08 宏图智能物流股份有限公司 Network request tamper-proof method based on data splitting

Similar Documents

Publication Publication Date Title
CN106529327B9 (en) Data access system and method for encrypted database in hybrid cloud environment
CN111209334B (en) Power terminal data security management method based on block chain
CN107508812A (en) A kind of industry control network date storage method, call method and system
CN100536393C (en) Secret shared key mechanism based user management method
CN106953855B (en) Method for intrusion detection of GOOSE message of IEC61850 digital substation
CN104038934B (en) The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network
CN108023884A (en) A kind of encryption method of Networks and information security
CN106603561A (en) Block level encryption method in cloud storage and multi-granularity deduplication method
CN105656862A (en) Authentication method and device
CN109245894A (en) A kind of distributed cloud storage system based on intelligent contract
CN110177134A (en) A kind of security password manager and its application method based on cloudy storage
CN102857503B (en) A kind of safe finger print data radio transmitting method
CN105471901A (en) Industrial information security authentication system
CN109617875A (en) A kind of the secure accessing platform and its implementation of terminal communication network
CN110602083B (en) Secure transmission and storage method of digital identity authentication data
CN101997835A (en) Network security communication method, data security processing device and system for finance
CN102523201B (en) User privacy protection method under cloud security environment
CN104734856A (en) Password authentication method for preventing server-side information from being leaked
CN105162592B (en) A kind of method and system of certification wearable device
CN107835168A (en) A kind of authentication method being multiplied based on client information sequence spreading matrix transposition
CN107070925A (en) A kind of terminal applies and the anti-tamper method of background service communication packet
CN107995616A (en) The processing method and device of user behavior data
CN104901811B (en) A kind of symmetric cryptography table and symmetric cipher
CN104363098B (en) A kind of distributed monitoring end message safety protecting method based on digital encryption
CN110233735A (en) A kind of grid-connected power station industrial control system comprehensive safety protecting method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180511