CN108566397B - Special remote data transmission system and transmission method for data recovery service - Google Patents

Special remote data transmission system and transmission method for data recovery service Download PDF

Info

Publication number
CN108566397B
CN108566397B CN201810365267.9A CN201810365267A CN108566397B CN 108566397 B CN108566397 B CN 108566397B CN 201810365267 A CN201810365267 A CN 201810365267A CN 108566397 B CN108566397 B CN 108566397B
Authority
CN
China
Prior art keywords
data
delivery
subsystem
module
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810365267.9A
Other languages
Chinese (zh)
Other versions
CN108566397A (en
Inventor
王孝余
韩冰
张凯
李丹丹
尚方
王莹莹
刘生
刘秀娥
樊永新
齐国顺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Heilongjiang Electric Power Co Ltd Electric Power Research Institute
State Grid Corp of China SGCC
Original Assignee
State Grid Heilongjiang Electric Power Co Ltd Electric Power Research Institute
State Grid Corp of China SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Heilongjiang Electric Power Co Ltd Electric Power Research Institute, State Grid Corp of China SGCC filed Critical State Grid Heilongjiang Electric Power Co Ltd Electric Power Research Institute
Priority to CN201810365267.9A priority Critical patent/CN108566397B/en
Publication of CN108566397A publication Critical patent/CN108566397A/en
Application granted granted Critical
Publication of CN108566397B publication Critical patent/CN108566397B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Abstract

The invention discloses a special remote data transmission system and a special remote data transmission method for data recovery services, and relates to a data transmission system and a data transmission method. The invention aims to solve the problems that the data delivered by the existing file transmission system is up to hundreds of gigabytes, consists of a large number of files, comprises tens of millions of files, is difficult to search and easily causes privacy leakage of users. The system comprises a data acquisition client subsystem, a transmission agent subsystem, a delivery data access subsystem, a delivery data storage subsystem and a data recovery personnel data delivery client subsystem. The data recovery personnel selects the data to be delivered through the data delivery client subsystem and transmits the data to the delivery data access subsystem for storage; the client connects the transmission agent subsystem through the data acquisition client subsystem, and transfers the information to the delivery data access subsystem, and the delivery data access subsystem decides to return the data or refuse the data. The invention is used in the field of remote data transmission.

Description

Special remote data transmission system and transmission method for data recovery service
Technical Field
The invention relates to a data transmission system and a data transmission method for data recovery service.
Background
The data recovery service generates large amount and capacity of recovery data files, and often involves sensitive information for enterprises or individuals, and in addition, the data recovery requires a certain operation period, and it is difficult to deliver the recovery data directly to users of the data in real time. Designing a dedicated remote data transmission system for implementing data recovery services as an aid to the remote delivery of recovery data will greatly accelerate the delivery of recovery data and reduce data delivery costs.
From the viewpoint of recovering data generated by service, the data to be delivered mainly has the following characteristics:
1) the delivered data is often the whole disk data, and the delivered data can be up to hundreds of gigabytes in terms of the current hard disk storage capacity;
2) delivered data consists of a large number of files, with a capacity of hundreds of grams containing tens of millions of large files;
3) the delivered data is subjected to a recovery process, the original file directory structure is not necessarily completely reserved, and the actual data owner may only need a few files, but due to the change of the directory structure, the searching becomes very difficult in tens of millions of files;
4) the privacy protection problem of delivered data is that after the data recovery service is completed, the delivered data can be stored on a file server for a long time before interaction with clients, and the privacy of users is easily leaked.
5) The existing file transmission system, such as FTP or HTTP, has very serious performance defects when processing a large number of small files, and lacks necessary support for retrieving and searching files, and in addition, the existing file transmission system only includes user name and password in authentication, and has a certain gap in privacy guarantee which needs to be supported by distance data recovery service.
In summary, the conventional file transfer system delivers data up to hundreds of gigabytes, which is composed of a large number of files, including tens of millions of files, and is difficult to search and prone to divulging user privacy.
Disclosure of Invention
The invention aims to solve the problems that the data delivered by the existing file transmission system is up to hundreds of gigabytes, consists of a large number of files, comprises tens of millions of files, is difficult to search and is easy to cause privacy leakage of users, and provides a special remote data transmission system and a transmission method facing data recovery service.
The special remote data transmission system facing the data recovery service comprises:
the system comprises a data acquisition client subsystem, a transmission agent subsystem, a delivery data access subsystem, a delivery data storage subsystem and a data recovery personnel data delivery client subsystem;
the data acquisition client subsystem is used for acquiring data of data recovery personnel and delivering the data which is held by the client subsystem and completes the recovery for a user to use;
the delivery data access subsystem is used for encrypting, indexing and storing data submitted by the data recovery personnel data delivery client subsystem, responding to query, browsing and acquisition requests of the data acquisition client subsystem and providing support for accessing data for a user;
the delivery data storage subsystem is used for storing the recovery data encrypted by the delivery data access subsystem, and is not directly connected with the data acquisition client subsystem and the data recovery personnel data delivery client subsystem;
the transmission agent subsystem is used for transmitting the encrypted, indexed and stored data of the delivery data access subsystem to the data acquisition client subsystem;
and the data recovery personnel data delivery client subsystem is used for remotely browsing, retrieving and downloading the recovered data by the data acquisition client subsystem.
The special remote data transmission method facing the data recovery service comprises the following specific processes:
step one, a data recovery person selects a top-level catalog of data to be delivered through a data delivery client subsystem, sets object information of the data to be delivered, selects whether to encrypt and search full text according to the object information, if encryption is selected, the data delivery client subsystem guides the data recovery person to generate a public and private Key pair, guides the data recovery person to store the private Key in a U disk or U-Key equipment, transmits the public Key and user information to a delivery data access subsystem through the data delivery client subsystem, then transmits the data to be delivered to the delivery data access subsystem, and the delivery data access subsystem performs encryption and storage operations;
if the full text search is selected, the data delivery client subsystem guides the data recovery personnel to generate a retrieval input frame, then the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out retrieval and storage operations;
if encryption is not selected, the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out storage operation;
if full-text search is not selected, the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out storage operation;
and step two, when the client needs to acquire the recovered data, the client connects with the transmission agent subsystem through the data acquisition client subsystem to submit the identification code of the client, the transmission agent subsystem forwards the identification code and the request to the delivery data access subsystem, and the delivery data access subsystem judges the validity of the identification code and the request and decides to return the recovered data or reject the recovered data.
The invention has the beneficial effects that:
the invention adopts a data acquisition client subsystem, a transmission agent subsystem, a delivery data access subsystem, a delivery data storage subsystem and a data recovery personnel data delivery client subsystem, and has the functions of encryption storage, transmission and supporting file retrieval.
The data acquisition client subsystem is used for acquiring data of data recovery personnel and delivering the data which is held by the client subsystem and completes the recovery for a user to use; the delivery data access subsystem is the core of the system and is used for encrypting, indexing, storing and the like data submitted by the data recovery personnel data delivery client subsystem, responding to the query, browsing and acquisition requests of the data acquisition client subsystem and providing support for accessing data for a user; the delivery data storage subsystem is a standard file server and is used for storing the recovery data encrypted by the delivery data access subsystem and is not directly connected with the data acquisition client subsystem and the data recovery personnel data delivery client subsystem; the transmission agent subsystem is used for transmitting the encrypted, indexed and stored data of the delivery data access subsystem to the data acquisition client subsystem; the bastion point of the special remote data acquisition system facing the data recovery service is exposed on the network, and the user acquires the recovered data through the transmission agency, so that the user cannot directly access the delivery data access system. The data recovery personnel data delivery client subsystem is held by a remote data owner requesting data recovery operation and is used for remotely browsing, retrieving and downloading recovered data by the data acquisition client subsystem.
For data needing network delivery, a data recovery person selects a top-level catalog of the data needing delivery through a data delivery client subsystem, sets object information of the data needing delivery, selects whether to encrypt and search full text according to the object information, if encryption is selected, the data delivery client subsystem guides the data recovery person to generate a public and private Key pair, guides the data recovery person to store the private Key in a U disk or U-Key equipment, transmits the public Key and related user information to a delivery data access subsystem through the data delivery client subsystem, then transmits the data to be delivered to the delivery data access subsystem, and the delivery data access subsystem performs encryption and storage operations; if the full text search is selected, the data delivery client subsystem guides the data recovery personnel to generate a retrieval input frame, then the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out retrieval and storage operations; if encryption is not selected, the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out storage operation; if full-text search is not selected, the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out storage operation;
when the client needs to acquire the recovered data, the client connects with the transmission agent subsystem through the data acquisition client subsystem to submit the identification code of the client, the transmission agent subsystem forwards the identification code and the request to the delivery data access subsystem, and the delivery data access subsystem judges the validity of the identification code (namely the encrypted fields of the user name and the password of the client) and the request and decides to return the recovered data or reject the recovered data.
In conclusion, the following effects are obtained:
1) the data acquisition client, the transmission agent subsystem and the data delivery subsystem are realized by the following functions:
at this stage, all communications take the form of clear text communications, with the exception of the user identification (username and password) which is communicated using encryption, the delivery data is presented to the delivery subsystem in its original organization upon recovery, and the delivery data is manually copied to the delivery data storage subsystem by the data recovery personnel. The automation and isolation of the recovery data delivery process is done at this stage;
2) realizing a data delivery client on the basis of 1), and realizing encrypted storage and transmission of all data:
at this stage, the data recovery personnel uses the special client to submit the delivery data, during the submission process, the data delivery client generates a public and private key pair, submits all the data to be delivered to the access subsystem and uses the public key to encrypt, and transmits the key to the appointed client in the form of a USB flash disk, etc., the client uses the client to submit the request and then delivers the data to the access subsystem to obtain the ciphertext data to be directly transmitted to the user, and the client of the user uses the private key in the USB flash disk of the user to decrypt and then delivers the ciphertext data to the client. The encrypted storage and transmission of the data are completed at this stage;
3) realizing a full-text retrieval engine for delivering data on the basis of 2):
at this stage, the client can directly perform full-text retrieval on the recovered data at the client, and particularly, under the condition that the directory structure and the file name are not completely recovered by the recovered data, the full-text retrieval brings great convenience to the user.
The invention can quickly search in a retrieval mode, is simple to search, ensures safety by transmission encryption, is not easy to cause user privacy leakage, and solves the problems that the data delivered by the existing file transmission system is up to hundreds of gigabytes, consists of a large number of files, comprises tens of millions of files, is difficult to search and is easy to cause user privacy leakage.
The data recovery service-oriented special remote data transmission system and the data recovery service-oriented special remote data transmission method are adopted to deliver the recovered data, compared with the traditional manual delivery, at least 90% of time is saved, and the provided retrieval query function can enable a user to find the needed data from 10G recovered data within 1 minute.
Drawings
FIG. 1 is a schematic diagram of a data recovery service-oriented remote data acquisition system module according to the present invention;
fig. 2 is a schematic diagram of a data recovery service-oriented remote data acquisition system according to the present invention.
Detailed Description
The first embodiment is as follows: the present embodiment is described with reference to fig. 1, and the dedicated remote data transmission system for data recovery service of the present embodiment includes:
the system comprises a data acquisition client subsystem, a transmission agent subsystem, a delivery data access subsystem, a delivery data storage subsystem and a data recovery personnel data delivery client subsystem;
the data acquisition client subsystem is used for acquiring data of data recovery personnel and delivering the data which is held by the client subsystem and completes the recovery for a user to use;
the delivery data access subsystem is the core of the system and is used for encrypting, indexing, storing and the like data submitted by the data recovery personnel data delivery client subsystem, responding to the query, browsing and acquisition requests of the data acquisition client subsystem and providing support for accessing data for a user;
the delivery data storage subsystem is a standard file server and is used for storing the recovery data encrypted by the delivery data access subsystem and is not directly connected with the data acquisition client subsystem and the data recovery personnel data delivery client subsystem;
the transmission agent subsystem is used for transmitting the encrypted, indexed and stored data of the delivery data access subsystem to the data acquisition client subsystem; the bastion point of the special remote data acquisition system facing the data recovery service is exposed on the network, and the user acquires the recovered data through the transmission agency, so that the user cannot directly access the delivery data access system.
The data recovery personnel data delivery client subsystem is held by a remote data owner requesting data recovery operation and is used for remotely browsing, retrieving and downloading recovered data by the data acquisition client subsystem.
The delivery data refers to data which is recovered from a medium to be recovered by a client and needs to be recovered by a user after operation of a data recovery worker;
the data owner refers to a medium submitting data to be recovered, and is the owner of the recovered data.
From the overall architecture of the dedicated remote data acquisition system oriented to the data recovery service, the transfer agent subsystem is the whole system bastion host, which is exposed between the data recovery service intranet and the user, and the device to which the user can directly connect only contains this connection agent. From the perspective of network deployment, the transmission agent subsystem can be deployed outside a firewall of the whole system, the transmission agent and the storage for really storing the recovered data are isolated through the firewall, and the transmission protocol adopts a special transmission protocol, so that even if the transmission agent is attacked and trapped, a channel for directly accessing the recovered data does not exist, and the data privacy of a client can be effectively protected. Fig. 2 shows a deployment situation of a remote data acquisition system facing a data recovery service.
According to the construction speed of the project, all design functions can be realized in steps, and finally, the safe and convenient remote data acquisition system facing the data recovery service is deployed and finished. Depending on the importance of the function, all functions can be implemented step by step in the following order:
1) implementing partial functionality of a data acquisition client, a transfer agent subsystem, and a data delivery subsystem
At this stage, all communications take the form of clear text communications, with the exception of the user identification (username and password) which is communicated using encryption, the delivery data is presented to the delivery subsystem in its original organization upon recovery, and the delivery data is manually copied to the delivery data storage subsystem by the data recovery personnel. The automation and isolation of the recovery data delivery process is done at this stage;
2) realizing data delivery client based on 1), and realizing encrypted storage and transmission of all data
At this stage, the data recovery personnel uses the special client to submit the delivery data, during the submission process, the data delivery client generates a public and private key pair, submits all the data to be delivered to the access subsystem and uses the public key to encrypt, and transmits the key to the appointed client in the form of a USB flash disk, etc., the client uses the client to submit the request and then delivers the data to the access subsystem to obtain the ciphertext data to be directly transmitted to the user, and the client of the user uses the private key in the USB flash disk of the user to decrypt and then delivers the ciphertext data to the client. The encrypted storage and transmission of the data are completed at this stage;
3) full-text retrieval engine for realizing delivery data based on 2)
At this stage, the client can directly perform full-text retrieval on the recovered data at the client, and particularly, under the condition that the directory structure and the file name are not completely recovered by the recovered data, the full-text retrieval brings great convenience to the user.
The second embodiment is as follows: the first difference between the present embodiment and the specific embodiment is: the data recovery personnel data delivery client subsystem comprises:
and the data delivery client operates in an intranet for data recovery personnel to deliver data. The client provides an interface for data recovery personnel to perform resource submission operation and encryption related option operation, and completes the transmission of delivery data to the storage system.
Functional description of data recovery personnel data delivery client:
the data delivery client provides an interface similar to a Windows resource manager, and the data recovery personnel selects a top-level directory of data to be delivered through the interface and sets object information of the data to be delivered, such as a remote IP address range, a user name and the like. And selecting whether to encrypt and full-text search information according to the information, if the encryption is selected, the data delivery client guides a data recovery person to generate a public and private Key pair, and guides an operator to store the private Key into a specific U disk or U-Key equipment.
When the operator selects to transfer the data to the storage, the client preferably transmits the public key and the related user information to the data delivery access subsystem, then transmits the data to be delivered to the access subsystem, and the access subsystem performs encryption, storage and indexing operations. It should be noted that when the delivery data is saved to the storage server by the access subsystem, the delivery data is already in an encrypted format and cannot be viewed unless it has the user's private key.
The system comprises a user UI management module, a key generation management module, a private key storage management module, a delivery data transmission module and a key transmission module;
the user UI (user interface) management module is used for user UI operation module management, including selection of a directory structure, selection of a private key storage device, delivery data access subsystem information management, user information management and the like;
the key generation management module is used for generating public and private key information required by encrypted data;
the private Key storage management module is used for storing the generated private Key information, and the storage method comprises a U-Key or a U disk;
the delivery data transmission module is used for packaging and transmitting the data to be delivered;
the key transmission module is used for transmitting the user information, the key information and the like to the delivery data access subsystem;
the user information is information of name and unit when the user registers.
Other steps and parameters are the same as those in the first embodiment.
The third concrete implementation mode: the present embodiment differs from the first or second embodiment in that: the delivery data access subsystem comprises:
the data access subsystem is the core of a dedicated remote data acquisition system facing data recovery services and is also the only interface for operating access to delivered data, and functions of the data access subsystem include encryption management, full-text index management, network transmission management and the like.
Functional description of the delivery data access subsystem:
the delivery data access subsystem is connected with all relevant components of the special remote data acquisition system facing the data recovery service, acquires data to be delivered from a delivery client, stores the processed delivery data into the file storage subsystem, judges the legality of the request when receiving the data acquisition request transmitted by the transmission agent subsystem, and sends an appropriate response back to the agent system. If the data is the request data, the corresponding content is obtained from the file storage subsystem to be transmitted.
The primary functions of the delivery data access subsystem include:
the data encryption function can encrypt and store the data to be delivered according to a public key system;
the full-text retrieval engine can perform full-text indexing on the data to be delivered and provides a full-text retrieval engine;
and the network request response can receive the network request and respond to the request. Specifically, when a storage request of a delivery client is received, an index creation module of a corresponding encryption and full-text retrieval engine is called to perform request-related operation of delivery data storage; when receiving a full text retrieval request forwarded by a transfer agent, calling a full text retrieval engine to perform full text retrieval on data to be delivered of a client and returning corresponding retrieval contents; when receiving the data acquisition request forwarded by the transmission agent, the corresponding content is read from the storage subsystem for responding. The network request response also comprises functions of browsing a delivery data directory structure and the like.
Delivery data access subsystem internal module
Figure BDA0001634483800000071
The system comprises a user information authentication and authentication module, a data browsing processing module, a data acquisition request processing module, a data delivery request processing module, a data encryption engine module, a full-text retrieval engine module, a full-text index engine module, a public key, a user information management module and a file storage service access interface module;
the user information authentication and authorization module is used for analyzing all received requests, extracting user authentication information in all the requests and verifying the identity of the user and the legality of the requests;
the data browsing processing module is used for receiving a browsing request of a user and returning a directory result which is requested to be browsed by the user; if the user submits a retrieval request, calling a full-text retrieval engine to perform retrieval and returning a full-text retrieval result; the data acquisition request processing module is used for receiving a file name and a data section (the position of a file corresponding to the file name in storage) requested by a user, acquiring specified data (the requested file name and the requested data section) through a file storage service interface and returning the specified data;
the data delivery request processing module is used for listening to a data storage request of a delivery person, storing information such as a public key and a user, receiving delivery data, calling the data encryption engine module and the full-text retrieval engine module according to configuration (the data is encrypted by the public keys corresponding to different users) to process the delivery data, and storing the processed delivery data by using a file storage service access interface;
the data encryption engine module is used for encrypting the delivery data in full text,
the full-text retrieval engine module is used for performing full-text retrieval on the data to be delivered;
the full-text index engine module is used for performing full-text index on the data to be delivered;
the public key and user information management module is used for storing the data to be delivered;
the file storage service access interface module is used for storing the information processed by the data encryption engine and the full-text retrieval engine.
Other steps and parameters are the same as those in the first or second embodiment.
The fourth concrete implementation mode: the difference between this embodiment mode and one of the first to third embodiment modes is: the transfer agent subsystem includes:
the transmission agent subsystem is used as a bridgehead host of a special remote data acquisition system facing data recovery service, and the functions of the transmission agent subsystem comprise data forwarding and filtering.
Functional description of the transfer agent subsystem:
the function is very simple: receiving user data, carrying out strong filtering on the user data, filtering forged and illegal requests, and then forwarding the filtered data to a data access agent of a firewall; and collecting the data of the data access agent and forwarding the data to the user.
In order to avoid the access agent being attacked by the external network, the transfer agent needs to manage the requests of the users and the connection of the access subsystem, so as to avoid the attack on the access subsystem caused by excessive requests of the users.
Internal module of transmission proxy subsystem
Figure BDA0001634483800000091
The system comprises a user connection management module, a user response forwarding module, a user request content filtering module, a user request forwarding module and an access subsystem connection management module;
the user connection management module is used for limiting and restricting the connection of the users, on one hand, the same user is prevented from generating more than or equal to 2 connections at the same time, on the other hand, the number of the simultaneous connections is limited, and the impact of more than or equal to 2 requests on the transmission agent subsystem and the delivery data access subsystem is avoided;
the user request content filtering module is used for carrying out detailed analysis on the content sent by the user, wherein the content comprises protocol legality, request legality and content legality, but authentication information (user name and password) is not verified, and only the request completely conforming to the system protocol submits the user request for forwarding and sends data to a data delivery access subsystem in the firewall through the access subsystem connection management module;
the user response forwarding module is used for receiving the data returned by the delivery data access subsystem and returning the data to a corresponding user;
the access subsystem connection management module is used for maintaining the connection between the transmission agent subsystem and the delivery data access subsystem and managing data receiving and transmitting.
And the user request forwarding module is used for sending the data to the delivery data access subsystem in the firewall through the access subsystem connection management module to search the data.
Other steps and parameters are the same as those in one of the first to third embodiments.
The fifth concrete implementation mode: the difference between this embodiment and one of the first to fourth embodiments is: the data acquisition client subsystem comprises:
the data acquisition client is the only means for a data owner to access the remote recovery data, and the owner is connected to the data recovery center through the client and completes the query and download of the recovered data on the client.
Function description of the data acquisition client:
the main functions of the data acquisition client include:
a user information reading function capable of reading user private key information and preset user identity information on the mobile medium as a basis for subsequent operation of the client (a user network connection management module function);
the delivery data browsing function can browse the remote catalog and file name of the data to be delivered;
the delivery data retrieval function can carry out full-text retrieval on word, pdf, excel, ppt and txt files of remote delivery data;
a data acquisition function capable of acquiring remote recovery data (data download module function);
and the data decryption function can decrypt the remotely acquired data.
The system comprises a user network connection management module, a data browsing module, a data retrieval module, a data downloading module, a decryption module, a private key management module, a local file operation module and a UI management module;
the user network connection management module is used for network connection and related operation of the user client and the remote transmission agent;
the data browsing module is used for browsing the remote directory and file name of the data to be delivered after recovery;
the data retrieval module is used for carrying out full-text retrieval on word, pdf, excel, ppt and txt files after the delivery data is recovered remotely;
the data downloading module is used for downloading the delivery data after the remote recovery;
the decryption module is used for decrypting the recovered data acquired remotely;
the private key management module is used for providing private key information required by decryption for the decryption module;
the local file operation module is used for managing and storing the decrypted (recovered) file;
the UI management module is used for selecting and restoring the data storage directory structure, user information management and the like.
Other steps and parameters are the same as in one of the first to fourth embodiments.
The sixth specific implementation mode: the specific process of the special remote data transmission method for the data recovery service of the embodiment is as follows:
step one, for the data needing network delivery, the data recovery personnel selects a top-level catalog of the data needing delivery through a data delivery client subsystem, and sets object information (such as remote IP address range, user name, etc.) to be delivered, and selects whether to encrypt and search full text (with a retrieval input box) according to the object information, if encryption is selected, the data delivery client subsystem directs the data recovery personnel to generate a public-private key pair, and guides the data recovery personnel to store the private Key into a specific U disk or U-Key equipment, the public key and associated user information (name, entity, etc. information at the time of user registration) is passed through the data delivery client subsystem to the delivery data access subsystem, then the data to be delivered is transmitted to a delivery data access subsystem, and the delivery data access subsystem carries out encryption and storage operations; it should be noted that when the delivery data is saved to the storage server by the access subsystem, the delivery data is already in an encrypted format and cannot be viewed unless it has the user's private key.
If the full text search is selected, the data delivery client subsystem guides the data recovery personnel to generate a retrieval input frame, then the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out retrieval and storage operations;
if encryption is not selected, the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out storage operation;
if full-text search is not selected, the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out storage operation;
and step two, when the client needs to acquire the recovered data, the client connects the transmission agent subsystem through the data acquisition client subsystem to submit the identification code of the client, the transmission agent subsystem forwards the identification code and the request to the delivery data access subsystem, and the delivery data access subsystem judges the validity of the identification code (the encrypted fields of the user name and the password of the client) and the request and decides to return the recovered data or reject the recovered data.
For data needing network delivery, after data recovery personnel complete data recovery operation, data is submitted to a delivery data access subsystem of a special remote data acquisition system facing data recovery service through a data delivery client, and the data is stored in a delivery data storage subsystem after being processed by the access subsystem.
When the client needs to acquire the recovered data, the client connects with the transmission agent subsystem through the data acquisition client and submits the identification code of the client, the transmission agent subsystem forwards the identification code and the request to the delivery data access subsystem, and the delivery data access subsystem determines to return the data of the user or refuse the data according to the identification code and the request.

Claims (5)

1. The special remote data transmission system facing the data recovery service is characterized in that: the special remote data transmission system facing the data recovery service comprises:
the system comprises a data acquisition client subsystem, a transmission agent subsystem, a delivery data access subsystem, a delivery data storage subsystem and a data recovery personnel data delivery client subsystem;
the data acquisition client subsystem is used for acquiring data of data recovery personnel and delivering the data which is held by the client subsystem and completes the recovery for a user to use;
the delivery data access subsystem is used for encrypting, indexing and storing data submitted by the data recovery personnel data delivery client subsystem, responding to query, browsing and acquisition requests of the data acquisition client subsystem and providing support for accessing data for a user;
the delivery data storage subsystem is used for storing the recovery data encrypted by the delivery data access subsystem, and is not directly connected with the data acquisition client subsystem and the data recovery personnel data delivery client subsystem;
the transmission agent subsystem is used for transmitting the encrypted, indexed and stored data of the delivery data access subsystem to the data acquisition client subsystem;
the transfer agent subsystem includes:
the system comprises a user connection management module, a user response forwarding module, a user request content filtering module, a user request forwarding module and an access subsystem connection management module;
the user connection management module is used for limiting and restricting the connection of the users, on one hand, the same user is prevented from generating more than or equal to 2 connections at the same time, on the other hand, the number of the simultaneous connections is limited, and the impact of more than or equal to 2 requests on the transmission agent subsystem and the delivery data access subsystem is avoided;
the user request content filtering module is used for analyzing the request content sent by the user, wherein the request content comprises protocol legality, request legality and content legality, but authentication information is not verified, and only the request content completely conforming to the system protocol submits a user request for forwarding and sends data to a data delivery access subsystem in the firewall through the access subsystem connection management module;
the user response forwarding module is used for receiving the data returned by the delivery data access subsystem and returning the data to a corresponding user;
the access subsystem connection management module is used for maintaining the connection between the transmission agent subsystem and the delivery data access subsystem and managing data receiving and transmitting;
the user request forwarding module is used for sending the data to the delivery data access subsystem in the firewall through the access subsystem connection management module;
and the data recovery personnel data delivery client subsystem is used for remotely browsing, retrieving and downloading the recovered data by the data acquisition client subsystem.
2. The data recovery service-oriented dedicated remote data transmission system according to claim 1, wherein: the data recovery personnel data delivery client subsystem comprises:
the system comprises a user UI management module, a key generation management module, a private key storage management module, a delivery data transmission module and a key transmission module;
the user UI management module is a user interface management module;
the user UI management module is used for user UI operation module management and comprises a selection directory structure, a selection private key storage device, a delivery data access subsystem information management and a user information management;
the key generation management module is used for generating public and private key information required by encrypted data;
the private Key storage management module is used for storing the generated private Key information, and the storage method comprises a U-Key or a U disk;
the delivery data transmission module is used for packaging and transmitting the data to be delivered;
the key transmission module is used for transmitting the user information and the key information to the delivery data access subsystem;
the user information is information of name and unit when the user registers.
3. Dedicated remote data transmission system for data recovery services according to claim 1 or 2, characterized in that: the delivery data access subsystem comprises:
the system comprises a user information authentication and authentication module, a data browsing processing module, a data acquisition request processing module, a data delivery request processing module, a data encryption engine module, a full-text retrieval engine module, a full-text index engine module, a public key, a user information management module and a file storage service access interface module;
the user information authentication and authorization module is used for analyzing all received requests, extracting user authentication information in all the requests and verifying the identity of the user and the legality of the requests;
the data browsing processing module is used for receiving a browsing request of a user and returning a directory result which is requested to be browsed by the user;
the data acquisition request processing module is used for receiving the file name and the data section requested by the user, acquiring the specified data through the file storage service interface and returning the specified data;
the data delivery request processing module is used for listening to a data storage request of a delivery person, storing a public key and user information, receiving delivery data, calling the data encryption engine module and the full-text retrieval engine module to process the delivery data, and storing the processed delivery data by using the file storage service access interface;
the data encryption engine module is used for encrypting the delivered data in full text;
the full-text retrieval engine module is used for performing full-text retrieval on the data to be delivered;
the full-text index engine module is used for performing full-text index on the data to be delivered;
the public key and user information management module is used for storing the data to be delivered;
the file storage service access interface module is used for storing the information processed by the data encryption engine and the full-text retrieval engine.
4. The data recovery service oriented dedicated remote data transmission system according to claim 3, wherein: the data acquisition client subsystem comprises:
the system comprises a user network connection management module, a data browsing module, a data retrieval module, a data downloading module, a decryption module, a private key management module, a local file operation module and a UI management module;
the user network connection management module is used for network connection between the user client and the remote transmission agent;
the data browsing module is used for browsing the remote directory and file name of the data to be delivered after recovery;
the data retrieval module is used for carrying out full-text retrieval on word, pdf, excel, ppt and txt files after the delivery data is recovered remotely;
the data downloading module is used for downloading the delivery data after the remote recovery;
the decryption module is used for decrypting the recovered data acquired remotely;
the private key management module is used for providing private key information required by decryption for the decryption module;
the local file operation module is used for managing and storing the decrypted file;
the UI management module is used for selecting and restoring the data storage directory structure and managing the user information.
5. The transmission method of the dedicated remote data transmission system for data recovery services according to claim 1, characterized in that: the special remote data transmission method facing the data recovery service comprises the following specific processes:
step one, a data recovery person selects data to be delivered through a data delivery client subsystem, sets object information of the data to be delivered, and selects whether to encrypt and search full text according to the object information;
if encryption is selected, the data delivery client subsystem guides a data recovery person to generate a public and private Key pair, guides the data recovery person to store a private Key in a U disk or U-Key equipment, transmits the public Key and user information to the delivery data access subsystem through the data delivery client subsystem, then transmits data to be delivered to the delivery data access subsystem, and performs encryption and storage operations through the delivery data access subsystem;
the object information is a remote IP address range and a user name;
the user information is information of name and unit when the user registers;
if the full text search is selected, the data delivery client subsystem guides the data recovery personnel to generate a retrieval input frame, then the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out retrieval and storage operations;
if encryption is not selected, the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out storage operation;
if full-text search is not selected, the data to be delivered is transmitted to the delivery data access subsystem, and the delivery data access subsystem carries out storage operation;
and step two, when the client needs to acquire the recovered data, the client connects with the transmission agent subsystem through the data acquisition client subsystem to submit the identification code of the client, the transmission agent subsystem forwards the identification code and the request to the delivery data access subsystem, and the delivery data access subsystem judges the validity of the identification code and the request and decides to return the recovered data or reject the recovered data.
CN201810365267.9A 2018-04-19 2018-04-19 Special remote data transmission system and transmission method for data recovery service Active CN108566397B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810365267.9A CN108566397B (en) 2018-04-19 2018-04-19 Special remote data transmission system and transmission method for data recovery service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810365267.9A CN108566397B (en) 2018-04-19 2018-04-19 Special remote data transmission system and transmission method for data recovery service

Publications (2)

Publication Number Publication Date
CN108566397A CN108566397A (en) 2018-09-21
CN108566397B true CN108566397B (en) 2020-12-01

Family

ID=63536421

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810365267.9A Active CN108566397B (en) 2018-04-19 2018-04-19 Special remote data transmission system and transmission method for data recovery service

Country Status (1)

Country Link
CN (1) CN108566397B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111666521A (en) * 2020-05-15 2020-09-15 上海东方泵业(集团)有限公司 Human-computer interface data processing system and method
CN116108475B (en) * 2023-04-13 2023-06-23 北京互时科技股份有限公司 Collaborative management system for digital delivery

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101122938A (en) * 2007-09-25 2008-02-13 北大方正集团有限公司 Data file safe treatment method and system
CN101324898A (en) * 2008-08-05 2008-12-17 北京蓝色星际软件技术发展有限公司 Rapid search and recovery method based on file attribute
CN101770462A (en) * 2008-12-30 2010-07-07 日电(中国)有限公司 Device for ciphertext index and search and method thereof
CN101923573A (en) * 2010-08-09 2010-12-22 哈尔滨工程大学 Rapid database data recovery method aiming at data loss
CN103347061A (en) * 2013-06-21 2013-10-09 国家电网公司 Different place electronic data recovery system based on intranet of enterprise
CN107766643A (en) * 2017-10-16 2018-03-06 华为技术有限公司 Data processing method and relevant apparatus

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8321688B2 (en) * 2009-06-12 2012-11-27 Microsoft Corporation Secure and private backup storage and processing for trusted computing and data services

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101122938A (en) * 2007-09-25 2008-02-13 北大方正集团有限公司 Data file safe treatment method and system
CN101324898A (en) * 2008-08-05 2008-12-17 北京蓝色星际软件技术发展有限公司 Rapid search and recovery method based on file attribute
CN101770462A (en) * 2008-12-30 2010-07-07 日电(中国)有限公司 Device for ciphertext index and search and method thereof
CN101923573A (en) * 2010-08-09 2010-12-22 哈尔滨工程大学 Rapid database data recovery method aiming at data loss
CN103347061A (en) * 2013-06-21 2013-10-09 国家电网公司 Different place electronic data recovery system based on intranet of enterprise
CN107766643A (en) * 2017-10-16 2018-03-06 华为技术有限公司 Data processing method and relevant apparatus

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"电子恢复数据交付平台的研制";齐国顺;《电力信息与通信技术》;20170531;论文第1.1至3节,图1-3 *

Also Published As

Publication number Publication date
CN108566397A (en) 2018-09-21

Similar Documents

Publication Publication Date Title
CN103051600B (en) document access control method and system
CN104662870B (en) Data safety management system
CN111147255B (en) Data security service system, method and computer readable storage medium
US8464057B2 (en) Enterprise computer investigation system
US20040010699A1 (en) Secure data management techniques
US10050944B2 (en) Process to access a data storage device of a cloud computer system with the help of a modified Domain Name System (DNS)
JP2006344212A (en) Securely printing of electronic document
US20120054296A1 (en) Constant access gateway and de-duplicated data cache server
US11652642B2 (en) Digital data locker system providing enhanced security and protection for data storage and retrieval
CN107463848B (en) Application-oriented ciphertext search method, device, proxy server and system
CN104992100B (en) Iris dynamic encryption decryption system and method for electronic document circulation
CN111639357B (en) Encryption network disk system and authentication method and device thereof
JP2006155554A (en) Database encryption and access control method, and security management device
CN108566397B (en) Special remote data transmission system and transmission method for data recovery service
US11314873B2 (en) Storage system
CN105812218A (en) Method for realizing multi-VPN-protocol application access, middleware and mobile terminal
KR101881856B1 (en) Data encryption/decryption process method under cloud network environment
WO2021058936A2 (en) Imagery acquisition method and apparatus
JP2014229182A (en) Web browsing history acquisition device, method, and program
CN107209751A (en) Method for processing business and device
KR101712153B1 (en) Method for Processing Electronic Document
CN112968874A (en) Login method and device
JP2001290773A (en) Network type system for providing service
WO2015117414A1 (en) Method and apparatus for accessing electronic device
JPH11308208A (en) Information storage management system and its method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant