CN108023884A - A kind of encryption method of Networks and information security - Google Patents
A kind of encryption method of Networks and information security Download PDFInfo
- Publication number
- CN108023884A CN108023884A CN201711265139.9A CN201711265139A CN108023884A CN 108023884 A CN108023884 A CN 108023884A CN 201711265139 A CN201711265139 A CN 201711265139A CN 108023884 A CN108023884 A CN 108023884A
- Authority
- CN
- China
- Prior art keywords
- data
- deviant
- network information
- segment
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention discloses a kind of encryption method of Networks and information security, comprise the following steps:A, network information data is gathered by data collector and preserved into local storage;B, feature extraction is carried out to the network information data of collection;C, background terminal forward end database server sends cipher key acquisition request, wherein, cipher key acquisition request includes characteristic to be encrypted;D, background terminal generates key data according to characteristic to be encrypted, and key data is stored in data monitoring early warning system, and the encryption method that the present invention uses can effectively prevent that the network data of collection from illegally being distorted, and security performance is high.
Description
Technical field
The present invention relates to network information data encryption technology field, is specially a kind of encryption side of Networks and information security
Method.
Background technology
The data encryption technology being used cooperatively with fire wall, is to improve the security and secrecy of information system and data
Property, prevents one of technical way that secret data used by outside attack.Technically respectively from software and hardware two
Aspect takes measures.According to the difference of effect, data encryption technology can be divided into data transfer encryption technology, data store encryption skill
The authentication technique and key management technology of art, data integrity.
The purpose of data transfer encryption technology is to the traffic encryption in transmission, usually has link encryption to add with end-end
Close two kinds.Link encryption stresses on the line and without considering information source and the stay of two nights, is using different to security information by each circuit
Encryption key provide safeguard protection.End-end encryption refers to information and is encrypted automatically by transmitting terminal, and carries out data by TCP/IP
Encapsulation, then conduct can not be read passes through internet with unrecognizable data, when these information arrive at, will by from
Dynamic restructuring, decryption, and become readable data.
The purpose of data store encryption technology is to prevent the data in storage link from giving away secrets, and data store encryption technology can
It is divided into two kinds of ciphertext storage and access control.The methods of the former changes generally by Encryption Algorithm, additional password, encrypting module
Realize;The latter is then that user's qualification, authority are examined and limited, and prevents that disabled user from accessing data or validated user is gone beyond one's commission
Access data;The purpose of data integrity authentication technique is to the identity of people of the transmission of intervention information, access and processing and related
Data content is verified, generally comprises the discriminating of the items such as password, key, identity, data.System is defeated by contrast verification object
Whether the characteristic value entered meets parameter set in advance, realizes the safeguard protection to data.
Current network information data is easily tampered, poor safety performance.
The content of the invention
It is an object of the invention to provide a kind of encryption method of Networks and information security, to solve in above-mentioned background technology
The problem of proposition.
To achieve the above object, the present invention provides following technical solution:A kind of encryption method of Networks and information security, bag
Include following steps:
A, network information data is gathered by data collector and preserved into local storage;
B, feature extraction is carried out to the network information data of collection;
C, background terminal forward end database server sends cipher key acquisition request, wherein, cipher key acquisition request includes treating
Encrypted characteristic;
D, background terminal generates key data according to characteristic to be encrypted, and key data is stored in data monitoring
In early warning system.
Preferably, feature extracting method comprises the following steps in the step B:
The network packet of collection is divided into the data segment of multiple regular lengths, obtain the data segment that segmentation obtains A,
Deviant;
B, sorting out to data segment, generate segment type value corresponding with data segment and its deviant, and generates
Segment type value with receive data packet it is corresponding;
C, according to the data packet generation sample set received, it is right in data packet of the segment type value in sample set to obtain
The quantity for the deviant answered, extracts the deviant that its quantity is greater than or equal to deviant hit threshold;
D, the corresponding segment type value of deviant of the extraction is obtained, by the deviant of extraction and segment type value
As condition code corresponding with sample set, the extraction to network information data feature is completed.
Preferably, date storage method is in local storage in the step A:Network information data to be stored is normal
Plain text column in database table, while obtained after network information data to be stored is encrypted using the encryption chip of model SMEC98SP
To ciphertext, then ciphertext is digitally signed to obtain ciphertext signature, completes the storage encryption to network information data.
Compared with prior art, the beneficial effects of the invention are as follows:The encryption method that the present invention uses can be prevented effectively
The network data of collection is illegally distorted, and security performance is high;Wherein, the feature extracting method that the present invention uses can be according to data
The regularity that data segment occurs in bag extracts corresponding segment type value as condition code so that data packet feature extraction side
Method can be adapted to all data packet species, it is possible to increase data encryption efficiency;The date storage method of use can be realized
To storing the encryption of data, and then the double-encryption to network data is realized, further increase security.
Brief description of the drawings
Fig. 1 is flow chart of the present invention.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without making creative work
Embodiment, belongs to the scope of protection of the invention.
Embodiment one:
Referring to Fig. 1, the present invention provides following technical solution:A kind of encryption method of Networks and information security, including with
Lower step:
A, network information data is gathered by data collector and preserved into local storage;
B, feature extraction is carried out to the network information data of collection;
C, background terminal forward end database server sends cipher key acquisition request, wherein, cipher key acquisition request includes treating
Encrypted characteristic;
D, background terminal generates key data according to characteristic to be encrypted, and key data is stored in data monitoring
In early warning system.
In the present invention, feature extracting method comprises the following steps in step B:
The network packet of collection is divided into the data segment of multiple regular lengths, obtain the data segment that segmentation obtains A,
Deviant;
B, sorting out to data segment, generate segment type value corresponding with data segment and its deviant, and generates
Segment type value with receive data packet it is corresponding;
C, according to the data packet generation sample set received, it is right in data packet of the segment type value in sample set to obtain
The quantity for the deviant answered, extracts the deviant that its quantity is greater than or equal to deviant hit threshold;
D, the corresponding segment type value of deviant of the extraction is obtained, by the deviant of extraction and segment type value
As condition code corresponding with sample set, the extraction to network information data feature is completed.
Embodiment two:
The present invention provides following technical solution:A kind of encryption method of Networks and information security, comprises the following steps:
A, network information data is gathered by data collector and preserved into local storage;
B, feature extraction is carried out to the network information data of collection;
C, background terminal forward end database server sends cipher key acquisition request, wherein, cipher key acquisition request includes treating
Encrypted characteristic;
D, background terminal generates key data according to characteristic to be encrypted, and key data is stored in data monitoring
In early warning system.
In the present invention, feature extracting method comprises the following steps in step B:
The network packet of collection is divided into the data segment of multiple regular lengths, obtain the data segment that segmentation obtains A,
Deviant;
B, sorting out to data segment, generate segment type value corresponding with data segment and its deviant, and generates
Segment type value with receive data packet it is corresponding;
C, according to the data packet generation sample set received, it is right in data packet of the segment type value in sample set to obtain
The quantity for the deviant answered, extracts the deviant that its quantity is greater than or equal to deviant hit threshold;
D, the corresponding segment type value of deviant of the extraction is obtained, by the deviant of extraction and segment type value
As condition code corresponding with sample set, the extraction to network information data feature is completed.
The difference between this embodiment and the first embodiment lies in:Further include data store encryption.
In the present embodiment, date storage method is in local storage in step A:Network information data to be stored is normal
Plain text column in database table, while obtained after network information data to be stored is encrypted using the encryption chip of model SMEC98SP
To ciphertext, then ciphertext is digitally signed to obtain ciphertext signature, completes the storage encryption to network information data.
The encryption method that the present invention uses can effectively prevent that the network data of collection from illegally being distorted, security performance
It is high;Wherein, the feature extracting method that the present invention uses can extract accordingly according to the regularity that data segment in data packet occurs
Segment type value as condition code so that data packet feature extracting method can be adapted to all data packet species, can
Improve data encryption efficiency;The date storage method of use can be realized to storing the encryption of data, and then is realized to net
The double-encryption of network data, further increases security.
Although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with
Understanding without departing from the principles and spirit of the present invention can carry out these embodiments a variety of changes, modification, replace
And modification, the scope of the present invention is defined by the appended.
Claims (3)
- A kind of 1. encryption method of Networks and information security, it is characterised in that:Comprise the following steps:A, network information data is gathered by data collector and preserved into local storage;B, feature extraction is carried out to the network information data of collection;C, background terminal forward end database server sends cipher key acquisition request, wherein, cipher key acquisition request includes to be encrypted Characteristic;D, background terminal generates key data according to characteristic to be encrypted, and key data is stored in data monitoring early warning In system.
- A kind of 2. encryption method of Networks and information security according to claim 1, it is characterised in that:In the step B Feature extracting method comprises the following steps:The network packet of collection is divided into the data segment of multiple regular lengths, obtain the offset for the data segment that segmentation obtains A, Value;B, sorting out to data segment, generate segment type value corresponding with data segment and its deviant, and the number generated It is corresponding with the data packet received according to segment type value;C, according to the data packet generation sample set received, obtain corresponding in data packet of the segment type value in sample set The quantity of deviant, extracts the deviant that its quantity is greater than or equal to deviant hit threshold;D, obtain the corresponding segment type value of deviant of the extraction, using the deviant of extraction and segment type value as Condition code corresponding with sample set, completes the extraction to network information data feature.
- A kind of 3. encryption method of Networks and information security according to claim 1, it is characterised in that:In the step A Date storage method is in local storage:By plain text column in network information data normal data storehouse table to be stored, while will treat Storage network information data obtains ciphertext after being encrypted using the encryption chip of model SMEC98SP, then digital label are carried out to ciphertext Name obtains ciphertext signature, completes the storage encryption to network information data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711265139.9A CN108023884A (en) | 2017-12-05 | 2017-12-05 | A kind of encryption method of Networks and information security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711265139.9A CN108023884A (en) | 2017-12-05 | 2017-12-05 | A kind of encryption method of Networks and information security |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108023884A true CN108023884A (en) | 2018-05-11 |
Family
ID=62078599
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711265139.9A Pending CN108023884A (en) | 2017-12-05 | 2017-12-05 | A kind of encryption method of Networks and information security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108023884A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111274583A (en) * | 2020-01-17 | 2020-06-12 | 湖南城市学院 | Big data computer network safety protection device and control method thereof |
CN111865951A (en) * | 2020-07-09 | 2020-10-30 | 福建奇点时空数字科技有限公司 | Network data flow abnormity detection method based on data packet feature extraction |
CN112187760A (en) * | 2020-09-22 | 2021-01-05 | 宏图智能物流股份有限公司 | Network request tamper-proof method based on data splitting |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1968081A (en) * | 2006-10-27 | 2007-05-23 | 祝万昌 | Data encryption system and method for file transfer |
US20120096564A1 (en) * | 2010-10-13 | 2012-04-19 | Sony Corporation | Data integrity protecting and verifying methods, apparatuses and systems |
CN103177219A (en) * | 2013-03-29 | 2013-06-26 | 太原理工大学 | Medical biochemical detection report critical data tamper-proofing method |
CN105100023A (en) * | 2014-05-21 | 2015-11-25 | 腾讯科技(深圳)有限公司 | Data packet feature extraction method and device |
CN105989482A (en) * | 2015-02-04 | 2016-10-05 | 成都天地网信息科技有限公司 | Data encryption method |
CN106415632A (en) * | 2014-02-24 | 2017-02-15 | 汉索知识产权私人有限公司 | Method of use of a unique product identification code |
-
2017
- 2017-12-05 CN CN201711265139.9A patent/CN108023884A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1968081A (en) * | 2006-10-27 | 2007-05-23 | 祝万昌 | Data encryption system and method for file transfer |
US20120096564A1 (en) * | 2010-10-13 | 2012-04-19 | Sony Corporation | Data integrity protecting and verifying methods, apparatuses and systems |
CN103177219A (en) * | 2013-03-29 | 2013-06-26 | 太原理工大学 | Medical biochemical detection report critical data tamper-proofing method |
CN106415632A (en) * | 2014-02-24 | 2017-02-15 | 汉索知识产权私人有限公司 | Method of use of a unique product identification code |
CN105100023A (en) * | 2014-05-21 | 2015-11-25 | 腾讯科技(深圳)有限公司 | Data packet feature extraction method and device |
CN105989482A (en) * | 2015-02-04 | 2016-10-05 | 成都天地网信息科技有限公司 | Data encryption method |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111274583A (en) * | 2020-01-17 | 2020-06-12 | 湖南城市学院 | Big data computer network safety protection device and control method thereof |
CN111865951A (en) * | 2020-07-09 | 2020-10-30 | 福建奇点时空数字科技有限公司 | Network data flow abnormity detection method based on data packet feature extraction |
CN112187760A (en) * | 2020-09-22 | 2021-01-05 | 宏图智能物流股份有限公司 | Network request tamper-proof method based on data splitting |
CN112187760B (en) * | 2020-09-22 | 2022-11-08 | 宏图智能物流股份有限公司 | Network request tamper-proof method based on data splitting |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106529327B9 (en) | Data access system and method for encrypted database in hybrid cloud environment | |
CN111209334B (en) | Power terminal data security management method based on block chain | |
CN107508812A (en) | A kind of industry control network date storage method, call method and system | |
CN100536393C (en) | Secret shared key mechanism based user management method | |
CN106953855B (en) | Method for intrusion detection of GOOSE message of IEC61850 digital substation | |
CN104038934B (en) | The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network | |
CN108023884A (en) | A kind of encryption method of Networks and information security | |
CN106603561A (en) | Block level encryption method in cloud storage and multi-granularity deduplication method | |
CN105656862A (en) | Authentication method and device | |
CN109245894A (en) | A kind of distributed cloud storage system based on intelligent contract | |
CN110177134A (en) | A kind of security password manager and its application method based on cloudy storage | |
CN102857503B (en) | A kind of safe finger print data radio transmitting method | |
CN105471901A (en) | Industrial information security authentication system | |
CN109617875A (en) | A kind of the secure accessing platform and its implementation of terminal communication network | |
CN110602083B (en) | Secure transmission and storage method of digital identity authentication data | |
CN101997835A (en) | Network security communication method, data security processing device and system for finance | |
CN102523201B (en) | User privacy protection method under cloud security environment | |
CN104734856A (en) | Password authentication method for preventing server-side information from being leaked | |
CN105162592B (en) | A kind of method and system of certification wearable device | |
CN107835168A (en) | A kind of authentication method being multiplied based on client information sequence spreading matrix transposition | |
CN107070925A (en) | A kind of terminal applies and the anti-tamper method of background service communication packet | |
CN107995616A (en) | The processing method and device of user behavior data | |
CN104901811B (en) | A kind of symmetric cryptography table and symmetric cipher | |
CN104363098B (en) | A kind of distributed monitoring end message safety protecting method based on digital encryption | |
CN110233735A (en) | A kind of grid-connected power station industrial control system comprehensive safety protecting method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180511 |