CN109145557A - A kind of computer data protection system - Google Patents

A kind of computer data protection system Download PDF

Info

Publication number
CN109145557A
CN109145557A CN201810857922.2A CN201810857922A CN109145557A CN 109145557 A CN109145557 A CN 109145557A CN 201810857922 A CN201810857922 A CN 201810857922A CN 109145557 A CN109145557 A CN 109145557A
Authority
CN
China
Prior art keywords
data
memory space
secure memory
module
mode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810857922.2A
Other languages
Chinese (zh)
Inventor
李欣
王玙
先梦瑜
刘婉莹
吴春静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Aeronautical Polytechnic Institute
Original Assignee
Xian Aeronautical Polytechnic Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Aeronautical Polytechnic Institute filed Critical Xian Aeronautical Polytechnic Institute
Priority to CN201810857922.2A priority Critical patent/CN109145557A/en
Publication of CN109145557A publication Critical patent/CN109145557A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention discloses a kind of computer datas to protect system, secure memory space, for storing to data;Human-machine operation module for preparatory typing and verifies the access authority of biological characteristic model cootrol secure memory space;Encrypting module, the encryption for data;Data conversion module, the biological characteristic model for being inputted according to human-machine operation module is to data deciphering;Mode of operation monitoring modular carries out the real-time assessment of current user operation state, obtains monitoring result for recording the mode of operation of user;Data migration module judges whether to data transfer operation for receiving the monitoring result that mode of operation monitoring modular obtains.The present invention realizes the encrypted transmission of data, encryption storage and sharing in permission, system carries mode of operation safety monitoring function, substantially increase the safety of data, the storage of structured grid and physical quantity, the locality of memory access data are greatly improved simultaneously, further ensures the safety of data.

Description

A kind of computer data protection system
Technical field
The invention belongs to computer data management technical fields, and in particular to a kind of computer data protection system.
Background technique
With information-based continuous development, problem of data safety has become the major issue of today's society.Currently, passing through Hardware protection data, can be using the method encipherment protection data of the similar peripheral hardware hardware such as IC card or UKEY, but use peripheral hardware The guard method of hardware is like in addition to have matched a key, is decrypted every time using " key " is required, inconvenient in use. On the other hand, since peripheral hardware hardware can not be bound with host system, there is also the security risks lost and be stolen, and lose " key Spoon " may not only be leaked using user data, resulted even in user oneself and be not also available encrypted data.
Data protection is carried out by regular software, is using pseudo random number or user password as on key encryption disk Data.It debugs and breaking cryptographic keys, can not have to encryption data since cipher mode too can be simply tracked The protection of power is difficult to reach required safety when especially for more important computer data.
Summary of the invention
The object of the present invention is to provide a kind of computer datas to protect system, solves traditional data and protects safety not high The problem of.
The technical scheme adopted by the invention is that a kind of computer data protection system includes:
Secure memory space, for being stored to data;
Human-machine operation module for preparatory typing and verifies the access right of biological characteristic model cootrol secure memory space Limit;
Encrypting module, the encryption for data;
Data conversion module, the biological characteristic model for being inputted according to human-machine operation module are empty to secure storage is stored in Interior data deciphering, and decrypted result is fed back to client and is shown;
Mode of operation monitoring modular, it is excellent using population for recording the mode of operation of user by way of script recording Change, the real-time assessment of algorithm of support vector machine progress current user operation state, obtains monitoring result;
Data migration module judges whether to data turn for receiving the monitoring result that mode of operation monitoring modular obtains Move operation.
The features of the present invention also characterized in that
Secure memory space is divided into several nonoverlapping grid regions mutually, and each grid regions, which assign, has unique logic to compile Number, each grid regions are mapped to unique server computing node.
There are emergency data transmission channels between secure memory space described in every two, the transfer operation for data.
Transfer operation is specially that will judge that monitoring result is shifted for dangerous data packing by emergency data transmission channel To another secure memory space, and the data before removing risk data in corresponding secure memory space.
Between secure memory space and encrypting module, pass through two mutual independences between client and data conversion module Binary channels connection.
A channel is communicated in binary channels, another channel carries out key updating.
After secure memory space accesses each time, with regard to carrying out a key updating.
Biological characteristic model is voice print database, and the voice print database is to read aloud in text voice to obtain from the user of preparatory typing The vocal print feature and lip taken moves interval time data.
Further include alarm module, open/close for the monitoring result according to mode of operation monitoring modular, and send Early warning short message, the early warning short message include at least current operator's information and monitoring result.
The invention has the advantages that a kind of computer data protection system of the invention can be to avoid data protection process The various loopholes of middle appearance, realize encrypted transmission, encryption storage and the sharing in permission of data, and system carries mode of operation Safety monitoring function, substantially increases the safety of data, while greatly improving the storage of structured grid and physical quantity, memory access The locality of data further ensures the safety of data.
Specific embodiment
The present invention is described in detail With reference to embodiment.
A kind of computer data of the invention protects system, comprising:
Secure memory space is set in server, secure memory space is divided into several nonoverlapping grid regions mutually, Each grid regions, which assign, unique logical number, and each grid regions are mapped to unique server computing node, realizes network Address information digitlization, for storing to data, there are emergency data transmission between secure memory space described in every two Channel, the transfer operation for data.
Human-machine operation module, it is empty for preparatory typing biological characteristic model and verifying biological characteristic model cootrol secure storage Between access authority.
It is provided with encrypting module in secure memory space, for the encryption of data, is additionally provided with data conversion module, is used for According to the biological characteristic model of human-machine operation module input to the data deciphering being stored in secure memory space, and decryption is tied Fruit feedback is shown that the biological characteristic model is voice print database to client, and the voice print database is the use from preparatory typing The vocal print feature obtained in text voice is read aloud at family and lip moves interval time data.
Mode of operation monitoring modular, in a manner of being deployed in the form of static jar packet on server and be used to record by script The mode of operation for recording user carries out commenting in real time for current user operation state using particle group optimizing, algorithm of support vector machine Estimate, obtains monitoring result, be provided with alarm module in mode of operation monitoring modular, for the prison according to mode of operation monitoring modular It surveys result open/close, and sends early warning short message, the early warning short message includes at least current operator's information and monitoring As a result.
It is provided with data migration module in each secure memory space, is obtained for receiving mode of operation monitoring modular Monitoring result judges whether to data transfer operation, will judge that monitoring result is packaged for dangerous data and is passed by emergency data Defeated channel is transferred in another secure memory space, and the number before removing risk data in corresponding secure memory space According to.
Between secure memory space and encrypting module, pass through two mutual independences between client and data conversion module Binary channels connection, a channel is communicated in binary channels, another channel carries out key updating.
After secure memory space accesses each time, with regard to carrying out a key updating.
A kind of computer data protection System Working Principle of the present invention is as follows: user can first pass through the record of human-machine operation module in advance Enter access authority of the specific biological characteristic model as " password " control secure memory space to secure memory space, safety Memory space carries out storage to data and inside is divided into several nonoverlapping grid regions mutually, and each grid regions, which assign, to be had uniquely Logical number, each grid regions are mapped to unique server computing node, and node between secure memory space by existing Emergency data transmission channel sent, receive data, encrypting module carries out the data being stored in secure memory space Key encryption, every time access encryption data where secure memory space when, mode of operation monitoring modular is to current user operation State is monitored, if the biological characteristic model of user's input is consistent with pre-set biological characteristic model, data conversion Module is shown to the data deciphering being stored in secure memory space and by decrypted result feedback to client, if user is defeated The biological characteristic model entered is not inconsistent with pre-set biological characteristic model, and mode of operation monitoring modular will judge that data are in Judging result is simultaneously sent to data migration module by precarious position, and data are packaged and are transmitted by emergency data by data migration module Channel is transferred in another secure memory space, and the data before removing risk data in corresponding secure memory space, And start alarm module and send early warning short message to user terminal, after in addition accessing every time to secure memory space, with regard to carrying out one Secondary key updates the safety for ensuring data, between secure memory space and encrypting module, between client and data conversion module It is connected by two mutual independent binary channels, a channel is communicated in binary channels, another channel carries out key more Newly.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the principle of the present invention, it can also make several improvements and retouch, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (9)

1. a kind of computer data protects system characterized by comprising
Secure memory space, for being stored to data;
Human-machine operation module for preparatory typing and verifies the access authority of biological characteristic model cootrol secure memory space;
Encrypting module, the encryption for data;
Data conversion module, biological characteristic model for being inputted according to human-machine operation module is to being stored in secure memory space Data deciphering, and decrypted result is fed back and is shown to client;
Mode of operation monitoring modular, for recording the mode of operation of user by way of script recording, using particle group optimizing, branch The real-time assessment that vector machine algorithm carries out current user operation state is held, monitoring result is obtained;
Data migration module judges whether to data transfer behaviour for receiving the monitoring result that mode of operation monitoring modular obtains Make.
2. a kind of computer data according to claim 1 protects system, which is characterized in that the secure memory space is drawn It is divided into several nonoverlapping grid regions mutually, each grid regions, which assign, unique logical number, and each grid regions are mapped to only One server computing node.
3. a kind of computer data according to claim 1 protects system, which is characterized in that secure storage described in every two There are emergency data transmission channels between space, the transfer operation for data.
4. a kind of computer data according to claim 3 protects system, which is characterized in that the transfer operation is specially It will judge that monitoring result is transferred in another secure memory space for dangerous data packing by emergency data transmission channel, And the data before removing risk data in corresponding secure memory space.
5. a kind of computer data according to claim 1 protects system, which is characterized in that the secure memory space with Between encrypting module, pass through two independent binary channels connections mutually between client and data conversion module.
6. a kind of computer data according to claim 5 protects system, which is characterized in that one leads in the binary channels Road is communicated, another channel carries out key updating.
7. a kind of computer data according to claim 1 protects system, which is characterized in that the secure memory space is every After once accessing, with regard to carrying out a key updating.
8. a kind of computer data according to claim 1 protects system, which is characterized in that the biological characteristic model is Voice print database, the voice print database are that the vocal print feature obtained in text voice and the dynamic interval of lip are read aloud from the user of preparatory typing Time data.
9. a kind of computer data according to claim 1 protects system, which is characterized in that further include alarm module, use Open/close in the monitoring result according to mode of operation monitoring modular, and send early warning short message, the early warning short message is at least Including current operator's information and monitoring result.
CN201810857922.2A 2018-07-31 2018-07-31 A kind of computer data protection system Pending CN109145557A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810857922.2A CN109145557A (en) 2018-07-31 2018-07-31 A kind of computer data protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810857922.2A CN109145557A (en) 2018-07-31 2018-07-31 A kind of computer data protection system

Publications (1)

Publication Number Publication Date
CN109145557A true CN109145557A (en) 2019-01-04

Family

ID=64799365

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810857922.2A Pending CN109145557A (en) 2018-07-31 2018-07-31 A kind of computer data protection system

Country Status (1)

Country Link
CN (1) CN109145557A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109902513A (en) * 2019-03-05 2019-06-18 黄冈职业技术学院 A kind of intelligent computer security system
CN113806778A (en) * 2021-09-23 2021-12-17 深圳市电子商务安全证书管理有限公司 Data management method, system and storage medium based on big data platform
CN114726641A (en) * 2022-04-26 2022-07-08 王善侠 Security authentication method and system based on computer

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140250304A1 (en) * 1998-05-07 2014-09-04 Maz Encryption Technologies Llc User Authentication System and Method for Encryption and Decryption
CN105787324A (en) * 2016-02-03 2016-07-20 周口师范学院 Computer information security system
CN107967331A (en) * 2017-11-27 2018-04-27 国家海洋环境预报中心 It is matched with the data preparation method of high-performance computer structure
CN108092999A (en) * 2018-02-08 2018-05-29 王振辉 A kind of Computer Data Security shared platform
CN108288224A (en) * 2018-04-16 2018-07-17 洛阳师范学院 A kind of finicial administration of enterprise system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140250304A1 (en) * 1998-05-07 2014-09-04 Maz Encryption Technologies Llc User Authentication System and Method for Encryption and Decryption
CN105787324A (en) * 2016-02-03 2016-07-20 周口师范学院 Computer information security system
CN107967331A (en) * 2017-11-27 2018-04-27 国家海洋环境预报中心 It is matched with the data preparation method of high-performance computer structure
CN108092999A (en) * 2018-02-08 2018-05-29 王振辉 A kind of Computer Data Security shared platform
CN108288224A (en) * 2018-04-16 2018-07-17 洛阳师范学院 A kind of finicial administration of enterprise system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109902513A (en) * 2019-03-05 2019-06-18 黄冈职业技术学院 A kind of intelligent computer security system
CN113806778A (en) * 2021-09-23 2021-12-17 深圳市电子商务安全证书管理有限公司 Data management method, system and storage medium based on big data platform
CN113806778B (en) * 2021-09-23 2022-08-02 深圳市电子商务安全证书管理有限公司 Data management method, system and storage medium based on big data platform
CN114726641A (en) * 2022-04-26 2022-07-08 王善侠 Security authentication method and system based on computer

Similar Documents

Publication Publication Date Title
CN106650482A (en) Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system
CN106980794A (en) TrustZone-based file encryption and decryption method and device and terminal equipment
CN106063183A (en) Method and apparatus for cloud-assisted cryptography
CN102567688B (en) File confidentiality keeping system and file confidentiality keeping method on Android operating system
ATE309604T1 (en) METHOD AND SYSTEM FOR PROVIDING BUS ENCRYPTION BASED ON CRYPTOGRAPHIC KEY EXCHANGE
CN101465727B (en) Method for ensuring communication safety, network appliance, device and communication system
CN103378971B (en) A kind of data encryption system and method
CN107453880B (en) Cloud data secure storage method and system
CN103955654A (en) USB (Universal Serial Bus) flash disk secure storage method based on virtual file system
CN107566374A (en) A kind of cloud storage data guard method and system based on user isolation storage
CN105740725A (en) File protection method and system
CN109145557A (en) A kind of computer data protection system
CN107864157A (en) Protecting data encryption and ownership mandate decryption application process and system based on ownership
US9444622B2 (en) Computing platform with system key
CN110996319A (en) System and method for performing activation authorization management on software service
CN104601820A (en) Mobile terminal information protection method based on TF password card
CN103177225A (en) Method and system of data management
CN106992978A (en) Network safety managing method and server
CN102752112A (en) Authority control method and device based on signed message 1 (SM1)/SM2 algorithm
CN113722741A (en) Data encryption method and device and data decryption method and device
CN106713372B (en) A kind of method of controlling security and safety control system based on permission control
Oli et al. Confidentiality technique to encrypt and obfuscate non-numerical and numerical data to enhance security in public cloud storage
CN109726584B (en) Cloud database key management system
CN103390135A (en) File protection system and implement method thereof
CN101325486B (en) Method and apparatus for transferring field permission cryptographic key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190104

RJ01 Rejection of invention patent application after publication