CN112565279A - Sensor signal processing system based on safety network - Google Patents

Sensor signal processing system based on safety network Download PDF

Info

Publication number
CN112565279A
CN112565279A CN202011445394.3A CN202011445394A CN112565279A CN 112565279 A CN112565279 A CN 112565279A CN 202011445394 A CN202011445394 A CN 202011445394A CN 112565279 A CN112565279 A CN 112565279A
Authority
CN
China
Prior art keywords
network
module
data
unit
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011445394.3A
Other languages
Chinese (zh)
Inventor
苗改燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202011445394.3A priority Critical patent/CN112565279A/en
Publication of CN112565279A publication Critical patent/CN112565279A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Virology (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a sensor signal processing system based on a secure network, which comprises a sensor module, a sensor interface unit, a data transmission unit, a data processing unit, a data encryption unit, a data transmission unit, a secure network module, a network protection module, an identity authentication module, a security management module, a network repair module, a network detection module and a network authentication module, wherein after the data of the sensor module is processed by the data processing unit, the data transmission unit transmits the data through the secure network module, the network used for transmitting the data is protected and detected through the network protection module and the network detection module, the data is encrypted by the data encryption unit, and the security information of a user and the network is authenticated through the identity authentication module and the network authentication module, so that the security of the data in the process of transmitting through the network is ensured, data loss or leakage is avoided, and data transmission safety of the sensor module is improved.

Description

Sensor signal processing system based on safety network
Technical Field
The invention relates to the technical field of sensor signal processing, in particular to a sensor signal processing system based on a secure network.
Background
The sensor is a detection device which can sense the measured information and convert the sensed information into an electric signal or other information in a required form according to a certain rule to output so as to meet the requirements of information transmission, processing, storage, display, recording, control and the like. The sensor features include: miniaturization, digitalization, intellectualization, multifunction, systematization and networking. The method is the first link for realizing automatic detection and automatic control. The existence and development of the sensor enable the object to have the senses of touch, taste, smell and the like, and the object slowly becomes alive. Generally, the security network is classified into ten categories, i.e., a thermosensitive element, a photosensitive element, a gas-sensitive element, a force-sensitive element, a magnetic-sensitive element, a humidity-sensitive element, an acoustic-sensitive element, a radiation-sensitive element, a color-sensitive element, and a taste-sensitive element, according to their basic sensing functions. Or a secure network during transmission, the sensor data may be transmitted using the network during transmission.
In the use process of the existing sensor signal processing system, after the data of the sensor is processed, in the process of transmitting the data of the sensor through the network, the security of the network cannot be guaranteed, so that the data is easy to attack by an external network in the transmission process, the data is lost or leaked, and the transmission security of the data of the sensor is reduced.
Disclosure of Invention
The present invention is directed to a sensor signal processing system for secure network, which solves the above problems of the related art.
In order to achieve the purpose, the invention provides the following technical scheme: a sensor signal processing system based on a secure network comprises a sensor module, a sensor interface unit, a data transmission unit, a data processing unit, a data encryption unit, a data transmission unit, a secure network module, a network protection module, an identity authentication module, a security management module, a network repair module, a network detection module and a network authentication module, wherein the sensor module is connected with the sensor interface unit, the data interface unit is connected with the data transmission unit, the data transmission unit is connected with the data processing unit, the data processing unit is connected with the data encryption unit, the data encryption unit is connected with the data transmission unit, the data transmission unit is connected with the secure network module, the secure network module is interactively connected with the network protection module, and the secure network module is interactively connected with the identity authentication module, the safety network module is interactively connected with the safety management module, the safety network module is interactively connected with the network repair module, the safety network module is interactively connected with the network detection module, and the safety network module is interactively connected with the network authentication module;
the sensor interface unit is used for receiving data detected by the sensor module;
the data transmission unit is used for transmitting the data detected by the sensor to the data processing unit;
the data processing unit is used for processing the data in the data transmission unit;
the data encryption unit is used for encrypting the data processed by the data processing unit;
the data sending unit is used for sending the data encrypted by the data encryption unit;
the network protection module is used for protecting a network used for data transmission;
the identity authentication module is used for carrying out identity authentication on a user using a network;
the security management module is used for analyzing the network state;
the network repairing module is used for repairing the network;
the network detection module is used for detecting the security problem of the network;
and the network authentication module is used for authenticating the used network.
As further preferable in the present technical solution: the network protection module is interactively connected with a firewall unit;
the firewall unit is used for controlling data access among networks, and the firewall technology monitors and checks data packet communication among a plurality of networks according to a set security policy to determine whether the communication behavior is allowed or not, allows data communication among trusted sites authenticated by the security policy, prevents data communication of dangerous sites, and analyzes communication data.
As further preferable in the present technical solution: the identity authentication module is interactively connected with an authentication unit;
the authentication unit is used for ensuring the reliability of the access user through accurate identity authentication and positioning, the user authentication system provides a network access control function aiming at the network access behavior of the user, and simultaneously, the static binding, the dynamic binding and the automatic binding of a user account, a user IP, a user MAC, an equipment IP and an equipment port ensure the uniqueness of the network access identity of the user.
As further preferable in the present technical solution: the security management module is interactively connected with a policy unit;
the strategy unit is used for managing the security equipment and the system security strategy in the security network module, realizing the uniform configuration, distribution and management of the security strategy of the whole system, realizing the centralized management of the network security equipment, collecting and managing all security logs and security events in the security network module in a centralized manner, realizing the centralized log analysis, audit and report, carrying out the centralized analysis and audit, and discovering potential attack symptoms and security development trends.
As further preferable in the present technical solution: the network repair module is interactively connected with a repair unit;
the repair unit is used for tracking the change of the security vulnerability, effectively performing system patching and virus feature codes on the secure network module, and automatically and forcibly distributing and deploying the patch program according to different security strategies.
As further preferable in the present technical solution: the network detection module is interactively connected with a monitoring unit;
the interception unit is used for detecting and intercepting behaviors which are not consistent with the established security policy in the security network module, and performing behavior prevention and information protection according to a preset rule for operations which can threaten network information.
As further preferable in the present technical solution: the network authentication module is interactively connected with an authentication unit;
the authentication unit is used for authenticating the authenticity of the information sending source, verifying whether both communication parties hold correct communication keys or communication passwords, and verifying the communication information, wherein the data is not tampered.
As further preferable in the present technical solution: the data encryption unit encrypts the data by using a key or an encryption function and converts the data into a ciphertext, so that the ciphertext can be restored into a plaintext by using the transmitted data only by using a decryption key or a decryption function in response, and the actual content of the transmitted data is obtained.
Compared with the prior art, the invention has the beneficial effects that: in the using process of the invention, after the data processing unit processes the data of the sensor module, the data sending unit transmits the data through the security network module, the network used for transmitting the data is protected and detected through the network protection module and the network detection module, meanwhile, the data is encrypted through the data encryption unit, and the security information of the user and the network is authenticated through the identity authentication module and the network authentication module, so that the security of the data in the network transmission process is ensured, the data loss or leakage is avoided, and the data transmission security of the sensor module is improved.
Drawings
FIG. 1 is a block diagram of a system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
Referring to fig. 1, the present invention provides a technical solution: a sensor signal processing system based on a safety network comprises a sensor module, a sensor interface unit, a data transmission unit, a data processing unit, a data encryption unit, a data transmission unit, a safety network module, a network protection module, an identity authentication module, a safety management module, a network repair module, a network detection module and a network authentication module, wherein the sensor module is connected with the sensor interface unit, the data interface unit is connected with the data transmission unit, the data transmission unit is connected with the data processing unit, the data processing unit is connected with the data encryption unit, the data encryption unit is connected with the data transmission unit, the data transmission unit is connected with the safety network module, the safety network module is interactively connected with the network protection module, the safety network module is interactively connected with the identity authentication module, and the safety network module is interactively connected with the safety management module, the safety network module is interactively connected with the network repairing module, the safety network module is interactively connected with the network detecting module, and the safety network module is interactively connected with the network authentication module;
the sensor interface unit is used for receiving data detected by the sensor module;
the data transmission unit is used for transmitting the data detected by the sensor to the data processing unit;
the data processing unit is used for processing the data in the slave data transmission unit;
the data encryption unit is used for encrypting the data processed by the data processing unit;
the data sending unit is used for sending the data encrypted by the data encryption unit;
the network protection module is used for protecting the network used for data transmission;
the identity authentication module is used for carrying out identity authentication on a user using the network;
the safety management module is used for analyzing the network state;
the network repairing module is used for repairing the network;
the network detection module is used for detecting the security problem of the network;
and the network authentication module is used for authenticating the used network.
In this embodiment, specifically: the network protection module is interactively connected with a firewall unit;
and the firewall unit is used for controlling data access among networks, and the firewall technology monitors and checks data packet communication among a plurality of networks according to a set security policy so as to determine whether the communication behavior is allowed or not, allow data communication among trusted sites authenticated by the security policy, prevent data communication of dangerous sites and analyze communication data.
In this embodiment, specifically: the identity authentication module is interactively connected with an authentication unit;
the authentication unit is used for ensuring the reliability of the access user through accurate identity authentication and positioning, the user authentication system provides a network access control function aiming at the network access behavior of the user, and simultaneously, the static binding, the dynamic binding and the automatic binding of a user account, a user IP, a user MAC, an equipment IP and an equipment port ensure the uniqueness of the network access identity of the user.
In this embodiment, specifically: the safety management module is interactively connected with a strategy unit;
the strategy unit is used for managing the security equipment and the system security strategy in the security network module, realizing the uniform configuration, distribution and management of the security strategy of the whole system, realizing the centralized management of the network security equipment, collecting and managing all security logs and security events in the security network module in a centralized manner, realizing the centralized log analysis, audit and report, carrying out the centralized analysis and audit, and discovering potential attack symptoms and security development trends.
In this embodiment, specifically: the network repair module is interactively connected with a repair unit;
and the repairing unit is used for tracking the change of the security vulnerability, effectively performing system patching and virus feature codes on the secure network module, and automatically and forcibly distributing and deploying the patch program according to different security strategies.
In this embodiment, specifically: the network detection module is interactively connected with a monitoring unit;
and the interception unit is used for detecting and intercepting behaviors which are not consistent with the established security policy in the security network module, and performing behavior prevention and information protection according to a preset rule on operations which can threaten network information.
In this embodiment, specifically: the network authentication module is interactively connected with an authentication unit;
and the authentication unit is used for authenticating the authenticity of the information sending source, verifying whether both communication parties hold correct communication keys or communication passwords, and verifying the communication information, wherein the data is not tampered.
In this embodiment, specifically: and the data encryption unit is used for encrypting the data by using the key or the encryption function and converting the data into the ciphertext, so that the ciphertext can be restored into the plaintext only by using the decryption key or the decryption function which responds to the transmitted data, and the actual content of the transmitted data is obtained.
When the sensor module is used, after the data processing unit processes the data of the sensor module, the data sending unit transmits the data through the safety network module, the network protection module and the network detection module are used for protecting and detecting the network used for transmitting the data, the data encryption unit is used for encrypting the data, and the identity authentication module and the network authentication module are used for authenticating the safety information of a user and the network, so that the safety of the data in the network transmission process is ensured, the data loss or leakage is avoided, and the data transmission safety of the sensor module is improved.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (8)

1. The utility model provides a sensor signal processing system for based on secure network, includes sensor module, sensor interface unit, data transmission unit, data processing unit, data encryption unit, data transmission unit, secure network module, network protection module, identity authentication module, safety management module, network repair module, network detection module and network authentication module, its characterized in that: the sensor module is connected with the sensor interface unit, the data interface unit is connected with the data transmission unit, the data transmission unit is connected with the data processing unit, the data processing unit is connected with the data encryption unit, the data encryption unit is connected with the data transmission unit, the data transmission unit is connected with the safety network module, the safety network module is interactively connected with the network protection module, the safety network module is interactively connected with the identity authentication module, the safety network module is interactively connected with the safety management module, the safety network module is interactively connected with the network repair module, the safety network module is interactively connected with the network detection module, and the safety network module is interactively connected with the network authentication module;
the sensor interface unit is used for receiving data detected by the sensor module;
the data transmission unit is used for transmitting the data detected by the sensor to the data processing unit;
the data processing unit is used for processing the data in the data transmission unit;
the data encryption unit is used for encrypting the data processed by the data processing unit;
the data sending unit is used for sending the data encrypted by the data encryption unit;
the network protection module is used for protecting a network used for data transmission;
the identity authentication module is used for carrying out identity authentication on a user using a network;
the security management module is used for analyzing the network state;
the network repairing module is used for repairing the network;
the network detection module is used for detecting the security problem of the network;
and the network authentication module is used for authenticating the used network.
2. The secure network-based sensor signal processing system of claim 1, wherein: the network protection module is interactively connected with a firewall unit;
the firewall unit is used for controlling data access among networks, and the firewall technology monitors and checks data packet communication among a plurality of networks according to a set security policy to determine whether the communication behavior is allowed or not, allows data communication among trusted sites authenticated by the security policy, prevents data communication of dangerous sites, and analyzes communication data.
3. The secure network-based sensor signal processing system of claim 1, wherein: the identity authentication module is interactively connected with an authentication unit;
the authentication unit is used for ensuring the reliability of the access user through accurate identity authentication and positioning, the user authentication system provides a network access control function aiming at the network access behavior of the user, and simultaneously performs static binding, dynamic binding and automatic binding on a user account, a user IP, a user MAC, an equipment IP and an equipment port.
4. The secure network-based sensor signal processing system of claim 1, wherein: the security management module is interactively connected with a policy unit;
the strategy unit is used for managing the security equipment and the system security strategy in the security network module, realizing the uniform configuration, distribution and management of the security strategy of the whole system, realizing the centralized management of the network security equipment, collecting and managing all security logs and security events in the security network module in a centralized manner, realizing the centralized log analysis, audit and report, carrying out the centralized analysis and audit, and discovering potential attack symptoms and security development trends.
5. The secure network-based sensor signal processing system of claim 1, wherein: the network repair module is interactively connected with a repair unit;
and the repair unit is used for tracking the change of the security vulnerability, performing system patching and virus feature codes on the secure network module, and automatically and forcibly distributing and deploying the patch program according to different security strategies.
6. The secure network-based sensor signal processing system of claim 1, wherein: the network detection module is interactively connected with a monitoring unit;
the interception unit is used for detecting and intercepting behaviors which are not consistent with the established security policy in the security network module, and performing behavior prevention and information protection according to a preset rule for operations which can threaten network information.
7. The secure network-based sensor signal processing system of claim 1, wherein: the network authentication module is interactively connected with an authentication unit;
the authentication unit is used for authenticating the authenticity of the information sending source, verifying whether both communication parties hold correct communication keys or communication passwords, and verifying the communication information, wherein the data is not tampered.
8. The secure network-based sensor signal processing system of claim 1, wherein: the data encryption unit encrypts the data by using a key or an encryption function and converts the data into a ciphertext, so that the ciphertext can be restored into a plaintext by using the transmitted data only by using a decryption key or a decryption function in response, and the actual content of the transmitted data is obtained.
CN202011445394.3A 2020-12-09 2020-12-09 Sensor signal processing system based on safety network Pending CN112565279A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011445394.3A CN112565279A (en) 2020-12-09 2020-12-09 Sensor signal processing system based on safety network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011445394.3A CN112565279A (en) 2020-12-09 2020-12-09 Sensor signal processing system based on safety network

Publications (1)

Publication Number Publication Date
CN112565279A true CN112565279A (en) 2021-03-26

Family

ID=75062895

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011445394.3A Pending CN112565279A (en) 2020-12-09 2020-12-09 Sensor signal processing system based on safety network

Country Status (1)

Country Link
CN (1) CN112565279A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115021964A (en) * 2022-04-29 2022-09-06 北京旋极安辰计算科技有限公司 Distributed security supervision engine system based on trusted verification

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916968A (en) * 2012-10-29 2013-02-06 北京天诚盛业科技有限公司 Identity authentication method, identity authentication server and identity authentication device
CN105282178A (en) * 2015-11-29 2016-01-27 国网江西省电力公司信息通信分公司 Cloud computing security technology platform
CN108683549A (en) * 2018-06-08 2018-10-19 湖北鑫英泰系统技术股份有限公司 A kind of network security applied in electric power monitoring system monitors system
US10419931B1 (en) * 2016-08-25 2019-09-17 EMC IP Holding Company LLC Security for network computing environment using centralized security system
CN111756693A (en) * 2020-05-20 2020-10-09 国网河北省电力有限公司电力科学研究院 Encryption type electric power monitored control system network safety monitoring device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916968A (en) * 2012-10-29 2013-02-06 北京天诚盛业科技有限公司 Identity authentication method, identity authentication server and identity authentication device
CN105282178A (en) * 2015-11-29 2016-01-27 国网江西省电力公司信息通信分公司 Cloud computing security technology platform
US10419931B1 (en) * 2016-08-25 2019-09-17 EMC IP Holding Company LLC Security for network computing environment using centralized security system
CN108683549A (en) * 2018-06-08 2018-10-19 湖北鑫英泰系统技术股份有限公司 A kind of network security applied in electric power monitoring system monitors system
CN111756693A (en) * 2020-05-20 2020-10-09 国网河北省电力有限公司电力科学研究院 Encryption type electric power monitored control system network safety monitoring device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115021964A (en) * 2022-04-29 2022-09-06 北京旋极安辰计算科技有限公司 Distributed security supervision engine system based on trusted verification

Similar Documents

Publication Publication Date Title
EP1436937B1 (en) Arrangement and method for execution of code
CN112217835B (en) Message data processing method and device, server and terminal equipment
CN103903187A (en) Fast detection method for potential safety hazards of power distribution automation system information
AU2020104272A4 (en) Blockchain-based industrial internet data security monitoring method and system
JP2015534681A (en) Server-side application assurance against security vulnerabilities
CN114338019B (en) Network communication method, system, device and storage medium based on quantum key distribution
CN106685775A (en) Self-inspection type invasion prevention method and system for intelligent household electrical appliance
CN111314381A (en) Safety isolation gateway
CN106341819A (en) Phishing WiFi identification system and method based on honeypot technology
Essa et al. Cyber physical sensors system security: threats, vulnerabilities, and solutions
Mendel Smart grid cyber security challenges: Overview and classification
Flå et al. Tool-assisted threat modeling for smart grid cyber security
CN112565279A (en) Sensor signal processing system based on safety network
CN112202773B (en) Computer network information security monitoring and protection system based on internet
Gao Cyberthreats, attacks and intrusion detection in supervisory control and data acquisition networks
Patel et al. Analysis of SCADA Security models
CN114024957A (en) Method for carrying out risk judgment on user behavior in zero trust architecture
Ravindrababu et al. Analysis of Vulnerability Trends and Attacks in OT Systems
Sorge IT Security measures and their relation to data protection
CN117390708B (en) Privacy data security protection method and system
CN109450644A (en) Home energy source management system protecting information safety scheme Internet-based
Kiuchi et al. Security technologies, usage and guidelines in SCADA system networks
Conte de Leon et al. Cybersecurity
Cunha Cybersecurity Threats for a Web Development
CN117252599B (en) Dual security authentication method and system for intelligent POS machine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20210326

WD01 Invention patent application deemed withdrawn after publication