CN109145557A - A kind of computer data protection system - Google Patents
A kind of computer data protection system Download PDFInfo
- Publication number
- CN109145557A CN109145557A CN201810857922.2A CN201810857922A CN109145557A CN 109145557 A CN109145557 A CN 109145557A CN 201810857922 A CN201810857922 A CN 201810857922A CN 109145557 A CN109145557 A CN 109145557A
- Authority
- CN
- China
- Prior art keywords
- data
- memory space
- secure memory
- module
- mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a kind of computer datas to protect system, secure memory space, for storing to data;Human-machine operation module for preparatory typing and verifies the access authority of biological characteristic model cootrol secure memory space;Encrypting module, the encryption for data;Data conversion module, the biological characteristic model for being inputted according to human-machine operation module is to data deciphering;Mode of operation monitoring modular carries out the real-time assessment of current user operation state, obtains monitoring result for recording the mode of operation of user;Data migration module judges whether to data transfer operation for receiving the monitoring result that mode of operation monitoring modular obtains.The present invention realizes the encrypted transmission of data, encryption storage and sharing in permission, system carries mode of operation safety monitoring function, substantially increase the safety of data, the storage of structured grid and physical quantity, the locality of memory access data are greatly improved simultaneously, further ensures the safety of data.
Description
Technical field
The invention belongs to computer data management technical fields, and in particular to a kind of computer data protection system.
Background technique
With information-based continuous development, problem of data safety has become the major issue of today's society.Currently, passing through
Hardware protection data, can be using the method encipherment protection data of the similar peripheral hardware hardware such as IC card or UKEY, but use peripheral hardware
The guard method of hardware is like in addition to have matched a key, is decrypted every time using " key " is required, inconvenient in use.
On the other hand, since peripheral hardware hardware can not be bound with host system, there is also the security risks lost and be stolen, and lose " key
Spoon " may not only be leaked using user data, resulted even in user oneself and be not also available encrypted data.
Data protection is carried out by regular software, is using pseudo random number or user password as on key encryption disk
Data.It debugs and breaking cryptographic keys, can not have to encryption data since cipher mode too can be simply tracked
The protection of power is difficult to reach required safety when especially for more important computer data.
Summary of the invention
The object of the present invention is to provide a kind of computer datas to protect system, solves traditional data and protects safety not high
The problem of.
The technical scheme adopted by the invention is that a kind of computer data protection system includes:
Secure memory space, for being stored to data;
Human-machine operation module for preparatory typing and verifies the access right of biological characteristic model cootrol secure memory space
Limit;
Encrypting module, the encryption for data;
Data conversion module, the biological characteristic model for being inputted according to human-machine operation module are empty to secure storage is stored in
Interior data deciphering, and decrypted result is fed back to client and is shown;
Mode of operation monitoring modular, it is excellent using population for recording the mode of operation of user by way of script recording
Change, the real-time assessment of algorithm of support vector machine progress current user operation state, obtains monitoring result;
Data migration module judges whether to data turn for receiving the monitoring result that mode of operation monitoring modular obtains
Move operation.
The features of the present invention also characterized in that
Secure memory space is divided into several nonoverlapping grid regions mutually, and each grid regions, which assign, has unique logic to compile
Number, each grid regions are mapped to unique server computing node.
There are emergency data transmission channels between secure memory space described in every two, the transfer operation for data.
Transfer operation is specially that will judge that monitoring result is shifted for dangerous data packing by emergency data transmission channel
To another secure memory space, and the data before removing risk data in corresponding secure memory space.
Between secure memory space and encrypting module, pass through two mutual independences between client and data conversion module
Binary channels connection.
A channel is communicated in binary channels, another channel carries out key updating.
After secure memory space accesses each time, with regard to carrying out a key updating.
Biological characteristic model is voice print database, and the voice print database is to read aloud in text voice to obtain from the user of preparatory typing
The vocal print feature and lip taken moves interval time data.
Further include alarm module, open/close for the monitoring result according to mode of operation monitoring modular, and send
Early warning short message, the early warning short message include at least current operator's information and monitoring result.
The invention has the advantages that a kind of computer data protection system of the invention can be to avoid data protection process
The various loopholes of middle appearance, realize encrypted transmission, encryption storage and the sharing in permission of data, and system carries mode of operation
Safety monitoring function, substantially increases the safety of data, while greatly improving the storage of structured grid and physical quantity, memory access
The locality of data further ensures the safety of data.
Specific embodiment
The present invention is described in detail With reference to embodiment.
A kind of computer data of the invention protects system, comprising:
Secure memory space is set in server, secure memory space is divided into several nonoverlapping grid regions mutually,
Each grid regions, which assign, unique logical number, and each grid regions are mapped to unique server computing node, realizes network
Address information digitlization, for storing to data, there are emergency data transmission between secure memory space described in every two
Channel, the transfer operation for data.
Human-machine operation module, it is empty for preparatory typing biological characteristic model and verifying biological characteristic model cootrol secure storage
Between access authority.
It is provided with encrypting module in secure memory space, for the encryption of data, is additionally provided with data conversion module, is used for
According to the biological characteristic model of human-machine operation module input to the data deciphering being stored in secure memory space, and decryption is tied
Fruit feedback is shown that the biological characteristic model is voice print database to client, and the voice print database is the use from preparatory typing
The vocal print feature obtained in text voice is read aloud at family and lip moves interval time data.
Mode of operation monitoring modular, in a manner of being deployed in the form of static jar packet on server and be used to record by script
The mode of operation for recording user carries out commenting in real time for current user operation state using particle group optimizing, algorithm of support vector machine
Estimate, obtains monitoring result, be provided with alarm module in mode of operation monitoring modular, for the prison according to mode of operation monitoring modular
It surveys result open/close, and sends early warning short message, the early warning short message includes at least current operator's information and monitoring
As a result.
It is provided with data migration module in each secure memory space, is obtained for receiving mode of operation monitoring modular
Monitoring result judges whether to data transfer operation, will judge that monitoring result is packaged for dangerous data and is passed by emergency data
Defeated channel is transferred in another secure memory space, and the number before removing risk data in corresponding secure memory space
According to.
Between secure memory space and encrypting module, pass through two mutual independences between client and data conversion module
Binary channels connection, a channel is communicated in binary channels, another channel carries out key updating.
After secure memory space accesses each time, with regard to carrying out a key updating.
A kind of computer data protection System Working Principle of the present invention is as follows: user can first pass through the record of human-machine operation module in advance
Enter access authority of the specific biological characteristic model as " password " control secure memory space to secure memory space, safety
Memory space carries out storage to data and inside is divided into several nonoverlapping grid regions mutually, and each grid regions, which assign, to be had uniquely
Logical number, each grid regions are mapped to unique server computing node, and node between secure memory space by existing
Emergency data transmission channel sent, receive data, encrypting module carries out the data being stored in secure memory space
Key encryption, every time access encryption data where secure memory space when, mode of operation monitoring modular is to current user operation
State is monitored, if the biological characteristic model of user's input is consistent with pre-set biological characteristic model, data conversion
Module is shown to the data deciphering being stored in secure memory space and by decrypted result feedback to client, if user is defeated
The biological characteristic model entered is not inconsistent with pre-set biological characteristic model, and mode of operation monitoring modular will judge that data are in
Judging result is simultaneously sent to data migration module by precarious position, and data are packaged and are transmitted by emergency data by data migration module
Channel is transferred in another secure memory space, and the data before removing risk data in corresponding secure memory space,
And start alarm module and send early warning short message to user terminal, after in addition accessing every time to secure memory space, with regard to carrying out one
Secondary key updates the safety for ensuring data, between secure memory space and encrypting module, between client and data conversion module
It is connected by two mutual independent binary channels, a channel is communicated in binary channels, another channel carries out key more
Newly.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the principle of the present invention, it can also make several improvements and retouch, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (9)
1. a kind of computer data protects system characterized by comprising
Secure memory space, for being stored to data;
Human-machine operation module for preparatory typing and verifies the access authority of biological characteristic model cootrol secure memory space;
Encrypting module, the encryption for data;
Data conversion module, biological characteristic model for being inputted according to human-machine operation module is to being stored in secure memory space
Data deciphering, and decrypted result is fed back and is shown to client;
Mode of operation monitoring modular, for recording the mode of operation of user by way of script recording, using particle group optimizing, branch
The real-time assessment that vector machine algorithm carries out current user operation state is held, monitoring result is obtained;
Data migration module judges whether to data transfer behaviour for receiving the monitoring result that mode of operation monitoring modular obtains
Make.
2. a kind of computer data according to claim 1 protects system, which is characterized in that the secure memory space is drawn
It is divided into several nonoverlapping grid regions mutually, each grid regions, which assign, unique logical number, and each grid regions are mapped to only
One server computing node.
3. a kind of computer data according to claim 1 protects system, which is characterized in that secure storage described in every two
There are emergency data transmission channels between space, the transfer operation for data.
4. a kind of computer data according to claim 3 protects system, which is characterized in that the transfer operation is specially
It will judge that monitoring result is transferred in another secure memory space for dangerous data packing by emergency data transmission channel,
And the data before removing risk data in corresponding secure memory space.
5. a kind of computer data according to claim 1 protects system, which is characterized in that the secure memory space with
Between encrypting module, pass through two independent binary channels connections mutually between client and data conversion module.
6. a kind of computer data according to claim 5 protects system, which is characterized in that one leads in the binary channels
Road is communicated, another channel carries out key updating.
7. a kind of computer data according to claim 1 protects system, which is characterized in that the secure memory space is every
After once accessing, with regard to carrying out a key updating.
8. a kind of computer data according to claim 1 protects system, which is characterized in that the biological characteristic model is
Voice print database, the voice print database are that the vocal print feature obtained in text voice and the dynamic interval of lip are read aloud from the user of preparatory typing
Time data.
9. a kind of computer data according to claim 1 protects system, which is characterized in that further include alarm module, use
Open/close in the monitoring result according to mode of operation monitoring modular, and send early warning short message, the early warning short message is at least
Including current operator's information and monitoring result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810857922.2A CN109145557A (en) | 2018-07-31 | 2018-07-31 | A kind of computer data protection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810857922.2A CN109145557A (en) | 2018-07-31 | 2018-07-31 | A kind of computer data protection system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109145557A true CN109145557A (en) | 2019-01-04 |
Family
ID=64799365
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810857922.2A Pending CN109145557A (en) | 2018-07-31 | 2018-07-31 | A kind of computer data protection system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109145557A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109902513A (en) * | 2019-03-05 | 2019-06-18 | 黄冈职业技术学院 | A kind of intelligent computer security system |
CN113806778A (en) * | 2021-09-23 | 2021-12-17 | 深圳市电子商务安全证书管理有限公司 | Data management method, system and storage medium based on big data platform |
CN114726641A (en) * | 2022-04-26 | 2022-07-08 | 王善侠 | Security authentication method and system based on computer |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140250304A1 (en) * | 1998-05-07 | 2014-09-04 | Maz Encryption Technologies Llc | User Authentication System and Method for Encryption and Decryption |
CN105787324A (en) * | 2016-02-03 | 2016-07-20 | 周口师范学院 | Computer information security system |
CN107967331A (en) * | 2017-11-27 | 2018-04-27 | 国家海洋环境预报中心 | It is matched with the data preparation method of high-performance computer structure |
CN108092999A (en) * | 2018-02-08 | 2018-05-29 | 王振辉 | A kind of Computer Data Security shared platform |
CN108288224A (en) * | 2018-04-16 | 2018-07-17 | 洛阳师范学院 | A kind of finicial administration of enterprise system |
-
2018
- 2018-07-31 CN CN201810857922.2A patent/CN109145557A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140250304A1 (en) * | 1998-05-07 | 2014-09-04 | Maz Encryption Technologies Llc | User Authentication System and Method for Encryption and Decryption |
CN105787324A (en) * | 2016-02-03 | 2016-07-20 | 周口师范学院 | Computer information security system |
CN107967331A (en) * | 2017-11-27 | 2018-04-27 | 国家海洋环境预报中心 | It is matched with the data preparation method of high-performance computer structure |
CN108092999A (en) * | 2018-02-08 | 2018-05-29 | 王振辉 | A kind of Computer Data Security shared platform |
CN108288224A (en) * | 2018-04-16 | 2018-07-17 | 洛阳师范学院 | A kind of finicial administration of enterprise system |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109902513A (en) * | 2019-03-05 | 2019-06-18 | 黄冈职业技术学院 | A kind of intelligent computer security system |
CN113806778A (en) * | 2021-09-23 | 2021-12-17 | 深圳市电子商务安全证书管理有限公司 | Data management method, system and storage medium based on big data platform |
CN113806778B (en) * | 2021-09-23 | 2022-08-02 | 深圳市电子商务安全证书管理有限公司 | Data management method, system and storage medium based on big data platform |
CN114726641A (en) * | 2022-04-26 | 2022-07-08 | 王善侠 | Security authentication method and system based on computer |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106650482A (en) | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system | |
CN106980794A (en) | TrustZone-based file encryption and decryption method and device and terminal equipment | |
CN106063183A (en) | Method and apparatus for cloud-assisted cryptography | |
CN102567688B (en) | File confidentiality keeping system and file confidentiality keeping method on Android operating system | |
ATE309604T1 (en) | METHOD AND SYSTEM FOR PROVIDING BUS ENCRYPTION BASED ON CRYPTOGRAPHIC KEY EXCHANGE | |
CN101465727B (en) | Method for ensuring communication safety, network appliance, device and communication system | |
CN103378971B (en) | A kind of data encryption system and method | |
CN107453880B (en) | Cloud data secure storage method and system | |
CN103955654A (en) | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system | |
CN107566374A (en) | A kind of cloud storage data guard method and system based on user isolation storage | |
CN105740725A (en) | File protection method and system | |
CN109145557A (en) | A kind of computer data protection system | |
CN107864157A (en) | Protecting data encryption and ownership mandate decryption application process and system based on ownership | |
US9444622B2 (en) | Computing platform with system key | |
CN110996319A (en) | System and method for performing activation authorization management on software service | |
CN104601820A (en) | Mobile terminal information protection method based on TF password card | |
CN103177225A (en) | Method and system of data management | |
CN106992978A (en) | Network safety managing method and server | |
CN102752112A (en) | Authority control method and device based on signed message 1 (SM1)/SM2 algorithm | |
CN113722741A (en) | Data encryption method and device and data decryption method and device | |
CN106713372B (en) | A kind of method of controlling security and safety control system based on permission control | |
Oli et al. | Confidentiality technique to encrypt and obfuscate non-numerical and numerical data to enhance security in public cloud storage | |
CN109726584B (en) | Cloud database key management system | |
CN103390135A (en) | File protection system and implement method thereof | |
CN101325486B (en) | Method and apparatus for transferring field permission cryptographic key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190104 |
|
RJ01 | Rejection of invention patent application after publication |