CN109474583B - Data security management system - Google Patents
Data security management system Download PDFInfo
- Publication number
- CN109474583B CN109474583B CN201811254675.3A CN201811254675A CN109474583B CN 109474583 B CN109474583 B CN 109474583B CN 201811254675 A CN201811254675 A CN 201811254675A CN 109474583 B CN109474583 B CN 109474583B
- Authority
- CN
- China
- Prior art keywords
- module
- encryption
- data
- algorithm
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Abstract
The invention relates to the technical field of data security management, in particular to a data security management system which comprises a security monitoring host, wherein the security monitoring host is connected with a plurality of encryption transmission modules through a network, the encryption transmission modules are respectively connected with a remote user end and a cloud database through the network, the cloud database is connected with a cloud computing module through the network, the encryption transmission modules are respectively connected with an encryption algorithm database through the network, and the security monitoring host is connected with an identity authentication module through a lead. The invention sets the encryption algorithm database, encrypts the transmitted data segment through the randomly obtained encryption algorithm, and then decrypts the data segment through the identity authentication of the user, thereby improving the security of data transmission.
Description
Technical Field
The invention relates to the technical field of data security management, in particular to a data security management system.
Background
With the rapid development of information network technology, cloud computing ecological chain is increasingly perfected, and cloud computing has become a high-value productivity tool.
At present, more and more government agencies, enterprises, public institutions and individuals begin to migrate applications to the cloud, and balance between self business requirements and resource optimization configuration is achieved; core business applications are rarely migrated to the cloud based on data security concerns.
In addition, in the data transmission process in the prior art, although encryption transmission is adopted, only one encryption mode is usually adopted, so that the data transmission process is easy to attack and leak, and the security is general. There is therefore a need for a data security management system to improve the security of cloud computing.
Disclosure of Invention
The invention aims to solve the defect of poor safety in the prior art, and provides a data safety management system.
In order to achieve the purpose, the invention adopts the following technical scheme:
a data security management system is designed, comprising a security monitoring host, wherein the security monitoring host is connected with a plurality of encryption transmission modules through a network, the security monitoring host carries out security monitoring on data transmitted in the encryption transmission modules, the encryption transmission modules are respectively connected with a remote user end and a cloud database through the network, the encryption transmission modules are used for encrypting data to and from a user and the cloud database so as to ensure the security of data transmission, the cloud database is connected with a cloud computing module through the network, the data uploaded by the user is calculated and analyzed through the cloud computing module so as to maximally utilize network resources, the encryption transmission modules are connected with an encryption algorithm database through the network, the encryption algorithm database is used for storing a large number of encryption algorithms, and when the encryption transmission modules carry out encryption transmission, one encryption algorithm is randomly selected from the encryption algorithms for encryption, therefore, the security of data transmission can be greatly improved, the security monitoring host is connected with the identity verification module through a wire, and when data are transmitted to the cloud database end, the security monitoring host decrypts the identity of a decryptor according to the identity verification module, so that a decryption algorithm meeting the conditions is provided.
Preferably, the security monitoring host is connected with a firewall through a network, and intercepts viruses through the firewall.
Preferably, the identity verification module is connected with the fingerprint identification module, the gesture identification module and the face identification module through wires, the identity of the requester is verified through the fingerprint identification module, the gesture identification module and the face identification module, and verification is performed through multiple modes, so that the verification accuracy can be guaranteed.
Preferably, the encryption algorithm database is connected with an algorithm maintenance module through a wire, and the algorithm maintenance module is used for updating the encryption algorithm so as to improve the encryption security.
Preferably, the encryption transmission module comprises a secure encryption host and a decryption server, the secure encryption host and the decryption server are in signal connection through a wireless transmission module and a wired transmission module, the secure encryption host is connected with an uninterruptible power supply through a wire, the secure encryption host is connected with a random matching module through a wire, the random matching module is connected with an algorithm acquisition module through a wire, the algorithm acquisition module is connected with an encryption algorithm database through a network, the secure encryption host encrypts transmitted data, the random matching module is used for generating random numbers, the algorithm acquisition module is used for acquiring encryption algorithms from the encryption algorithm database, the acquisition process is that the algorithms in the encryption algorithm database are numbered, the range of the generated random numbers is the range of the numbers, and then the encryption algorithms with corresponding numbers can be retrieved according to the random numbers, and finally, the decryption server decrypts the encrypted data after acquiring the authentication of the security monitoring host.
Preferably, the decryption server is connected with a safety alarm module through a wire, the safety alarm module is connected with a short message prompt module and a mail prompt module through wires, when the authentication fails, a user is prompted to have potential safety hazards through the safety alarm module, the short message prompt module and the mail prompt module are fed back to a mobile user side used by the user through two modes of short messages and mails, the mobile user side is specifically a mobile phone side or a tablet personal computer side, and the user remotely inquires about the safety condition of the system through the mobile user side so as to know and process problems in time.
Preferably, the secure encryption host is connected with the code insertion module, the segmentation compression module and the code generation module through wires, identification codes corresponding to the encryption algorithm one to one are formed through the code generation module, the identification codes are inserted into the data segment when the encryption is performed through the code insertion module, and the transmission data are compressed and then segmented through the segmentation compression module, so that the transmission security is improved.
Preferably, the decryption server is connected with a merging and decompressing module, a decryption request module and a code identification module through a lead, the decryption request module is in signal connection with the safety monitoring host, the identification codes are distinguished through the code identification module, then a decryption request is sent to the safety monitoring host through the decryption request module, the safety monitoring host determines whether to return an encryption algorithm according to an authentication result, and the merging and decompressing module merges, decompresses and decrypts data through the returned encryption algorithm.
The data security management system provided by the invention has the beneficial effects that: the invention sets the encryption algorithm database, encrypts the transmitted data segment through the randomly obtained encryption algorithm, and then decrypts the data segment through the identity authentication of the user, thereby improving the security of data transmission.
Drawings
Fig. 1 is a system block diagram of a data security management system according to the present invention;
fig. 2 is a system block diagram of an encryption transmission module of a data security management system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1-2, a data security management system includes a security monitoring host connected to a plurality of encryption transmission modules through a network, the security monitoring host securely monitors data transmitted in the encryption transmission modules, the encryption transmission modules are respectively connected to a remote user terminal and a cloud database through the network, the encryption transmission modules are used for encrypting data to and from a user and the cloud database to ensure security of data transmission, the cloud database is connected to a cloud computing module through the network, data uploaded by the user is computed and analyzed through the cloud computing module to maximize utilization of network resources, the encryption transmission modules are connected to an encryption algorithm database through the network, the encryption algorithm database is used for storing a large number of encryption algorithms, and when the encryption transmission modules perform encryption transmission, an encryption algorithm is randomly selected from the plurality of encryption algorithms for encryption, therefore, the security of data transmission can be greatly improved, the security monitoring host is connected with the identity verification module through a wire, and when data are transmitted to the cloud database end, the security monitoring host decrypts the identity of a decryptor according to the identity verification module, so that a decryption algorithm meeting the conditions is provided.
The safety monitoring host is connected with a firewall through a network and intercepts viruses through the firewall.
The identity verification module is connected with the fingerprint identification module, the gesture identification module and the face identification module through wires, the identity of the requester is verified through the fingerprint identification module, the gesture identification module and the face identification module, verification is conducted through multiple modes, and verification accuracy can be guaranteed.
The encryption algorithm database is connected with an algorithm maintenance module through a lead, and the algorithm maintenance module is used for updating the encryption algorithm so as to improve the encryption security.
The encryption transmission module comprises a safe encryption host and a decryption server, the safe encryption host and the decryption server are in signal connection through a wireless transmission module and a wired transmission module, the safe encryption host is connected with an uninterrupted power supply through a lead, the safe encryption host is connected with a random matching module through a lead, the random matching module is connected with an algorithm acquisition module through a lead, the algorithm acquisition module is connected with an encryption algorithm database through a network, the safe encryption host encrypts transmitted data, the random matching module is used for generating random numbers, the algorithm acquisition module is used for acquiring encryption algorithms from the encryption algorithm database, the acquisition process comprises the steps of numbering the algorithms in the encryption algorithm database, the range of the generated random numbers is the range of the numbers, then the encryption algorithms with corresponding numbers can be modulated according to the random numbers, and then the safe encryption host encrypts the encrypted algorithms modulated by the modulated encryption host, and finally, the decryption server decrypts the encrypted data after acquiring the authentication of the safety monitoring host.
The decryption server is connected with a safety alarm module through a wire, the safety alarm module is connected with a short message prompt module and a mail prompt module through wires, when authentication fails, a user is prompted to have potential safety hazards through the safety alarm module, the short message prompt module and the mail prompt module are fed back to a mobile user side used by the user through two modes of short messages and mails, the mobile user side is specifically a mobile phone side or a tablet computer side, and the user inquires about the safety condition of the system through the remote mobile user side so as to know and process problems in time.
The safe encryption host is connected with the code inserting module, the segmentation compression module and the code generating module through a wire, the code generating module forms identification codes which correspond to the encryption algorithm one to one, the identification codes are inserted into the data segment when the encryption is carried out through the code inserting module, and the segmentation is carried out after the transmission data is compressed through the segmentation compression module, so that the transmission safety is improved.
The decryption server is connected with a merging and decompressing module, a decryption request module and a code identification module through leads, the decryption request module is in signal connection with the safety monitoring host, identification codes are distinguished through the code identification module, then a decryption request is sent to the safety monitoring host through the decryption request module, the safety monitoring host determines whether to return an encryption algorithm according to an authentication result, and the merging and decompressing module merges, decompresses and decrypts data through the returned encryption algorithm.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (1)
1. A data security management system comprises a security monitoring host, and is characterized in that: the security monitoring host is connected with a plurality of encryption transmission modules through a network, the security monitoring host carries out security monitoring on data transmitted in the encryption transmission modules, the encryption transmission modules are respectively connected with a remote user end and a cloud database through the network, the encryption transmission modules are used for encrypting data to and from the user and the cloud database so as to ensure the security of data transmission, the cloud database is connected with a cloud computing module through the network, the data uploaded by the user is computed and analyzed through the cloud computing module, network resources are maximally utilized, the encryption transmission modules are connected with an encryption algorithm database through the network, a large number of encryption algorithms are stored in the encryption algorithm database, when the encryption transmission modules carry out encryption transmission, one encryption algorithm is randomly selected from the encryption algorithms for encryption, so that the security of data transmission can be greatly improved, the security monitoring host is connected with an identity verification module through a lead, and when data are transmitted to the cloud database end, the security monitoring host decrypts the identity of a decryptor according to the identity verification module, so that a decryption algorithm meeting the conditions is provided; the safety monitoring host is connected with a firewall through a network, and intercepts viruses through the firewall; the identity verification module is connected with the fingerprint identification module, the gesture identification module and the face identification module through conducting wires, the identity of the requester is verified through the fingerprint identification module, the gesture identification module and the face identification module, and verification is performed through various modes, so that the verification accuracy can be guaranteed; the encryption algorithm database is connected with an algorithm maintenance module through a lead, and the algorithm maintenance module is used for updating an encryption algorithm so as to improve the encryption security; the encryption transmission module comprises a safe encryption host and a decryption server, the safe encryption host and the decryption server are in signal connection through a wireless transmission module and a wired transmission module, the safe encryption host is connected with an uninterrupted power supply through a lead, the safe encryption host is connected with a random matching module through a lead, the random matching module is connected with an algorithm acquisition module through a lead, the algorithm acquisition module is connected with an encryption algorithm database through a network, the safe encryption host encrypts transmitted data, the random matching module is used for generating random numbers, the algorithm acquisition module is used for acquiring encryption algorithms from the encryption algorithm database, the acquisition process comprises the steps of numbering the algorithms in the encryption algorithm database, the range of the generated random numbers is the range of numbering, and then the encryption algorithms with corresponding numbers can be modulated according to the random numbers, then the security encryption host encrypts through the called encryption algorithm, and finally the decryption server decrypts the encrypted data after acquiring the authentication of the security monitoring host; the decryption server is connected with a safety alarm module through a lead, the safety alarm module is connected with a short message prompt module and a mail prompt module through leads, when the identity authentication fails, a prompt that potential safety hazards possibly exist is sent to a user through the safety alarm module, the short message prompt module and the mail prompt module are fed back to a mobile user side used by the user through two modes of short messages and mails, the mobile user side is specifically a mobile phone side or a tablet personal computer side, and the user remotely inquires about the safety condition of the system through the mobile user side so as to know and process problems in time; the safe encryption host is connected with the code inserting module, the segmentation compression module and the code generating module through a wire, identification codes which correspond to encryption algorithms one by one are formed through the code generating module, the identification codes are inserted into the data segment when the encryption is carried out through the code inserting module, and the transmission data are compressed and then segmented through the segmentation compression module, so that the transmission safety is improved; the decryption server is connected with a merging and decompressing module, a decryption request module and a code identification module through leads, the decryption request module is in signal connection with the safety monitoring host, identification codes are distinguished through the code identification module, then a decryption request is sent to the safety monitoring host through the decryption request module, the safety monitoring host determines whether to return an encryption algorithm according to an authentication result, and the merging and decompressing module merges, decompresses and decrypts data through the returned encryption algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811254675.3A CN109474583B (en) | 2018-10-26 | 2018-10-26 | Data security management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811254675.3A CN109474583B (en) | 2018-10-26 | 2018-10-26 | Data security management system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109474583A CN109474583A (en) | 2019-03-15 |
CN109474583B true CN109474583B (en) | 2021-03-23 |
Family
ID=65666042
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811254675.3A Active CN109474583B (en) | 2018-10-26 | 2018-10-26 | Data security management system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109474583B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109993005A (en) * | 2019-04-11 | 2019-07-09 | 北京智芯微电子科技有限公司 | To the method and device of the data-signal Reinforced turf of cpu bus |
CN110474693A (en) * | 2019-08-20 | 2019-11-19 | 武汉飞沃科技有限公司 | A kind of optical mode block encryption method, optical mode block identifying method and identification device |
CN111800418B (en) * | 2020-07-06 | 2022-10-11 | 雅生活智慧城市服务股份有限公司 | Use method of CDS data security encryption system |
CN113821819B (en) * | 2021-11-22 | 2022-03-08 | 深圳竹云科技有限公司 | Data reading and writing method and device, electronic equipment and computer readable storage medium |
CN116776346B (en) * | 2023-06-08 | 2024-03-05 | 南京师范大学常州创新发展研究院 | Data security management system |
CN117459931A (en) * | 2023-10-10 | 2024-01-26 | 山东三木众合信息科技股份有限公司 | Data encryption method, system and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739689A (en) * | 2012-07-16 | 2012-10-17 | 四川师范大学 | File data transmission device and method used for cloud storage system |
CN108449324A (en) * | 2018-02-14 | 2018-08-24 | 北京明朝万达科技股份有限公司 | The secure exchange method and system of data between a kind of net |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103227770B (en) * | 2012-01-30 | 2016-01-20 | 凌群电脑股份有限公司 | The safe delivery module of end-point data and method |
CN106209366A (en) * | 2016-06-25 | 2016-12-07 | 郑州财经学院 | A kind of data guard method of fail-safe computer |
CN107154091A (en) * | 2017-04-24 | 2017-09-12 | 孟庆国 | The identification of identity-based card and method for unlocking, the apparatus and system of recognition of face |
CN108694313A (en) * | 2018-05-07 | 2018-10-23 | 襄阳市尚贤信息科技有限公司 | A kind of computer user's identification system |
-
2018
- 2018-10-26 CN CN201811254675.3A patent/CN109474583B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739689A (en) * | 2012-07-16 | 2012-10-17 | 四川师范大学 | File data transmission device and method used for cloud storage system |
CN108449324A (en) * | 2018-02-14 | 2018-08-24 | 北京明朝万达科技股份有限公司 | The secure exchange method and system of data between a kind of net |
Also Published As
Publication number | Publication date |
---|---|
CN109474583A (en) | 2019-03-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109474583B (en) | Data security management system | |
CN107171805B (en) | Internet of things terminal digital certificate issuing system and method | |
CN101465735B (en) | Network user identification verification method, server and client terminal | |
CN108377272B (en) | Method and system for managing terminal of Internet of things | |
CN105812366B (en) | Server, anti-crawler system and anti-crawler verification method | |
CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
CN105553667A (en) | Dynamic password generating method | |
CN114218322B (en) | Data display method, device, equipment and medium based on ciphertext transmission | |
CN113347143B (en) | Identity verification method, device, equipment and storage medium | |
CN104038336A (en) | Data encryption method based on 3DES | |
CN103326856A (en) | Cloud storage data responsibility confirmation structure and method based on two-way digital signature | |
CN107872315B (en) | Data processing method and intelligent terminal | |
CN109726578B (en) | Dynamic two-dimensional code anti-counterfeiting solution | |
CN111181920A (en) | Encryption and decryption method and device | |
CN105306200A (en) | Method and device for encrypting network account password | |
CN104703180A (en) | Implicit multiple authentication method based on mobile Internet and intelligent terminal | |
CN109005187A (en) | A kind of communication information guard method and device | |
CN209881821U (en) | Intelligent identity recognition system based on 5G network | |
CN110210199B (en) | Internet of things equipment identity authentication method based on fingerprint acquisition and identification | |
CN105049206A (en) | Method employing SM2 elliptical curve algorithm to achieve encryption in OpenSSL | |
CN114581091A (en) | Identity authentication method and device, computer equipment and storage medium | |
CN116346423A (en) | Client data multiple encryption system and method in intelligent Internet of things energy system | |
CN116546011A (en) | Intelligent substation business data braiding method based on multi-access edge computing technology | |
CN109726584A (en) | Cloud database key management system | |
CN111885069B (en) | Computer network safety system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |