CN113746791A - Data transmission encryption and desensitization system - Google Patents
Data transmission encryption and desensitization system Download PDFInfo
- Publication number
- CN113746791A CN113746791A CN202010934514.XA CN202010934514A CN113746791A CN 113746791 A CN113746791 A CN 113746791A CN 202010934514 A CN202010934514 A CN 202010934514A CN 113746791 A CN113746791 A CN 113746791A
- Authority
- CN
- China
- Prior art keywords
- module
- desensitization
- data
- encryption
- lead
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 134
- 230000005540 biological transmission Effects 0.000 title claims abstract description 38
- 238000013475 authorization Methods 0.000 claims abstract description 49
- 238000012216 screening Methods 0.000 claims abstract description 27
- 238000013500 data storage Methods 0.000 claims description 18
- 238000012545 processing Methods 0.000 abstract description 20
- 238000000034 method Methods 0.000 abstract description 7
- 238000013461 design Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of data transmission encryption, and particularly relates to a data transmission encryption and desensitization system. This data transmission encrypts and desensitization system, adopt neotype processing algorithm, filter the processing through data screening module to data, the authorization is carried out the module and is examined the authority of data authorization, further detailed analysis processes through data reception analysis module to the data on the authorization module, desensitization encryption module carries out desensitization encryption processing to the data on the desensitization building module, self-checking module is to the data of handling the completion on the desensitization module check, avoid the mistake to leak, secondary encryption module carries out further encryption processing to the information on the self-checking module, realize the further promotion of the security of user side server received data.
Description
Technical Field
The invention relates to the technical field of data transmission encryption, in particular to a data transmission encryption and desensitization system.
Background
In the data transmission process, data in a source database is often required to be encrypted, sensitive information of a user is prevented from being leaked by encrypting the data, and desensitization algorithm processing is performed on the data by adopting a desensitization technology in order to give consideration to data security and data use.
The traditional data transmission encryption decryption processing system and method have the advantages that the processing steps are single, after data needing desensitization processing are encrypted, malicious operators can crack and recognize the data according to decryption encryption modules in the system, sensitive information of users is leaked, desensitization encryption safety of the system is low, the system does not have a recording self-checking function, and when the data needing desensitization processing are mistakenly and leaked, wrong information cannot be shielded in time.
In order to solve the above problems, innovative design based on the original data transmission encryption system is urgently needed.
Disclosure of Invention
The present invention is directed to a data transmission encryption and desensitization system, which solves the above problems in the prior art.
In order to achieve the purpose, the invention provides the following technical scheme: the data transmission encryption and desensitization system comprises a database server and a user side server, wherein the database server is electrically output and connected with an authorization module through a wire, the authorization module is electrically output and connected with a desensitization module through a wire, the desensitization module is linearly output and connected with an execution module through a wire, and the user side server is electrically input and connected with the execution module through a wire.
Preferably, the database server, the authorization module, the desensitization module, the execution module and the client server are electrically connected in series through wires.
Preferably, the authorization module is composed of a data reading module, a data screening module, an authorization implementation module and an access control module, the data reading module and the data screening module are electrically output and connected through a wire, the data screening module and the authorization implementation module are electrically output and connected through a wire, and the authorization implementation module and the access control module are electrically output and connected through a wire.
Preferably, the data reading module, the data screening module, the authorization implementation module and the access control module are electrically connected in series through a wire.
Preferably, the desensitization module comprises a data receiving and analyzing module, a desensitization establishing module, a desensitization encryption module, a desensitization data generating module, a desensitization decryption module and a data transmission module, the data receiving and analyzing module is electrically output and connected with the desensitization establishing module through a wire, the desensitization establishing module is electrically output and connected with the desensitization encryption module through a wire, the desensitization encryption module is electrically output and connected with the desensitization data generating module through a wire, the desensitization establishing module is electrically output and connected with the desensitization decryption module through a wire, and the desensitization decryption module is electrically output and connected with the data transmission module through a wire.
Preferably, the desensitization encryption module and the desensitization data generation module are electrically connected in series through a wire, the desensitization encryption module and the desensitization decryption module are electrically connected in parallel through a wire, and the desensitization decryption module and the data transmission module are electrically connected in series through a wire.
Preferably, the execution module comprises a self-checking module, a secondary encryption module, a target data storage module, an instruction receiving and sending module and a secondary decryption module, the self-checking module and the secondary encryption module are electrically output and connected through a wire, the secondary encryption module and the target data storage module are electrically output and connected through a wire, meanwhile, the target data storage module and the instruction receiving and sending module are electrically output and connected through a wire, and the instruction receiving and sending module and the secondary decryption module are electrically output and connected through a wire.
Preferably, the self-checking module, the secondary encryption module, the target data storage module, the instruction receiving and sending module and the secondary decryption module are all electrically connected in series through wires.
Compared with the prior art, the invention has the beneficial effects that: this data transmission encrypts and desensitization system, adopt neotype processing algorithm, filter the processing through data screening module to data, the authorization is carried out the module and is examined the authority of data authorization, further detailed analysis processes through data reception analysis module to the data on the authorization module, desensitization encryption module carries out desensitization encryption processing to the data on the desensitization building module, self-checking module is to the data of handling the completion on the desensitization module check, avoid the mistake to leak, secondary encryption module carries out further encryption processing to the information on the self-checking module, realize the further promotion of the security of user side server received data.
Drawings
FIG. 1 is a schematic view of the overall flow structure of the present invention;
FIG. 2 is a schematic diagram of the internal flow structure of the authorization module according to the present invention;
FIG. 3 is a schematic view of the internal flow structure of the desensitization module of the present invention;
FIG. 4 is a schematic diagram of an internal flow structure of an execution module according to the present invention.
In the figure: 1. a database server; 2. an authorization module; 201. a data reading module; 202. a data screening module; 203. an authorization enforcement module; 204. an access control module; 3. a desensitization module; 301. a data receiving and analyzing module; 302. a desensitization establishing module; 303. a desensitization encryption module; 304. a desensitization data generation module; 305. a desensitization decryption module; 306. a data transmission module; 4. an execution module; 401. a self-checking module; 402. a secondary encryption module; 403. a target data storage module; 404. an instruction receiving and sending module; 405. a secondary decryption module; 5. and a client server.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-4, the present invention provides a technical solution: a data transmission encryption and desensitization system comprises a database server 1, an authorization module 2, a data reading module 201, a data screening module 202, an authorization implementation module 203, an access control module 204, a desensitization module 3, a data receiving and analyzing module 301, a desensitization establishing module 302, a desensitization encryption module 303, a desensitization data generating module 304, a desensitization decryption module 305, a data transmission module 306, an execution module 4, a self-checking module 401, a secondary encryption module 402, a target data storage module 403, an instruction receiving and sending module 404, a secondary decryption module 405 and a client server 5, wherein the database server 1 is electrically output and connected with the authorization module 2 through a lead, and the authorization module 2 is electrically output and connected with the desensitization module 3 through a lead, the desensitization module 3 and the execution module 4 are connected through linear output of a lead, and the client server 5 and the execution module 4 are electrically connected through input of a lead.
In the embodiment, the database server 1, the authorization module 2, the desensitization module 3, the execution module 4 and the client server 5 are electrically connected in series through wires, and the design ensures that data in the database server 1 can be transmitted to the client server 5 through the authorization module 2, the desensitization module 3 and the execution module 4, so that desensitization encryption transmission of the data on the database server 1 is further realized;
the authorization module 2 is composed of a data reading module 201, a data screening module 202, an authorization implementation module 203 and an access control module 204, the data reading module 201 is electrically output and connected with the data screening module 202 through a wire, the data screening module 202 is electrically output and connected with the authorization implementation module 203 through a wire, and meanwhile, the authorization implementation module 203 is electrically output and connected with the access control module 204 through a wire, so that the data reading module 201, the data screening module 202, the authorization implementation module 203 and the access control module 204 can sequentially process data on the database server 1, and the data transmission security on the database server 1 is further improved;
the data reading module 201, the data screening module 202, the authorization implementation module 203 and the access control module 204 are electrically connected in series through wires, and the design ensures that the data reading module 201, the data screening module 202, the authorization implementation module 203 and the access control module 204 can effectively realize reading, screening, authorization and access control on data in the database server 1, further improve the security of the data in the database server 1, and avoid accidental leakage of the data in the database server 1 and influence on personal privacy of users;
the desensitization module 3 comprises a data receiving and analyzing module 301, a desensitization establishing module 302, a desensitization encryption module 303, a desensitization data generating module 304, a desensitization decryption module 305 and a data transmission module 306, the data receiving and analyzing module 301 and the desensitization establishing module 302 are electrically output and connected through a lead, the desensitization establishing module 302 and the desensitization encryption module 303 are electrically output and connected through a lead, the desensitization encryption module 303 and the desensitization data generating module 304 are electrically output and connected through a lead, the desensitization establishing module 302 and the desensitization decryption module 305 are electrically output and connected through a lead, and the desensitization decryption module 305 and the data transmission module 306 are electrically output and connected through a lead Then, desensitization encryption processing on the information on the database server 1 is further realized, and protection on the data inside the database server 1 is realized;
the desensitization encryption module 303 and the desensitization data generation module 304 are electrically connected in series through a lead, the desensitization encryption module 303 and the desensitization decryption module 305 are electrically connected in parallel through a lead, and the desensitization decryption module 305 and the data transmission module 306 are electrically connected in series through a lead, so that the data receiving and analyzing module 301 and the desensitization establishing module 302 can sequentially analyze and process information on the authorization module 2, separation of information needing desensitization on the authorization module 2 is further realized, and the desensitization encryption module 303, the desensitization data generation module 304, the desensitization decryption module 305 and the data transmission module 306 can effectively encrypt and decrypt data needing desensitization;
the execution module 4 is composed of a self-checking module 401, a secondary encryption module 402, a target data storage module 403, an instruction receiving and sending module 404 and a secondary decryption module 405, the self-checking module 401 and the secondary encryption module 402 are electrically output and connected through a lead, the secondary encryption module 402 and the target data storage module 403 are electrically output and connected through a lead, the target data storage module 403 and the instruction receiving and sending module 404 are electrically output and connected through a lead, and the instruction receiving and sending module 404 and the secondary decryption module 405 are electrically output and connected through a lead, so that the design ensures that the self-checking module 401, the secondary encryption module 402, the target data storage module 403, the instruction receiving and sending module 404 and the secondary decryption module 405 can effectively check and further encrypt and decrypt the data processed on the desensitization module 3, and the security of the decrypted data on the desensitization module 3 is improved, meanwhile, the recording and storage of the encrypted data can be realized;
the self-checking module 401, the secondary encryption module 402, the target data storage module 403, the instruction receiving and sending module 404 and the secondary decryption module 405 are all electrically connected in series through wires, and the design ensures that the self-checking module 401, the secondary encryption module 402, the target data storage module 403, the instruction receiving and sending module 404 and the secondary decryption module 405 can sequentially check, encrypt, store, send and decrypt the data decrypted on the desensitization module 3, so that further encryption transmission of the data is realized, and the high-efficiency receiving of the data by the user side server 5 is facilitated.
The working principle is as follows: when the data transmission encryption and desensitization system is used, firstly, the authorization module 2 receives data on the database server 1, wherein the data reading module 201 performs primary processing on the data on the database server 1, the data preliminarily selected by the data reading module 201 is sent to the data screening module 202, the data screening module 202 performs screening processing on the data reading module 201, the authorization authority of the data on the data screening module 202 is checked through the authorization implementation module 203, when the data authorization on the data screening module 202 passes, the authorization implementation module 203 transmits the data on the data screening module 202 to the access control module 204, the access control module 204 performs access control and arrangement on the data screening module 202, the processed data on the data reading module 201, the data screening module 202, the authorization implementation module 203 and the access control module 204 further enter the desensitization module 3, the data receiving and analyzing module 301 receives data on the authorization module 2, wherein the data receiving and analyzing module 301 further analyzes and processes the data on the authorization module 2 in detail, desensitization data information is established through the desensitization establishing module 302, an operator can decrypt the desensitization information on the desensitization establishing module 302 through the desensitization decrypting module 305, further receives and sends the desensitization information through the data transmitting module 306, further desensitization encrypting module 303 performs desensitization encrypting processing on the desensitization establishing module 302, the data on the desensitization encrypting module 303 is transmitted to the desensitization data generating module 304, the desensitization data generating module 304 arranges and generates the data after the desensitization processing of the desensitization encrypting module 303, further transmits the generated data to the executing module 4, and the self-checking module 401 checks the data after the processing on the desensitization module 3, the method includes the steps that mistakes and omissions of decryption information after processing on the desensitization module 3 are avoided, the secondary encryption module 402 further encrypts the information on the self-checking module 401, data processed on the secondary encryption module 402 are recorded through the target data storage module 403, the data in the target data storage module 403 are further sent through the instruction receiving and sending module 404, the secondary decryption module 405 decrypts the data, and the user side server 5 receives the encrypted data.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (8)
1. A data transmission encryption and desensitization system comprises a database server (1) and a client server (5), and is characterized in that: the database server (1) is electrically connected with the authorization module (2) through a lead in an output mode, the authorization module (2) is electrically connected with the desensitization module (3) through a lead in an output mode, the desensitization module (3) is linearly connected with the execution module (4) through a lead in an output mode, and the client server (5) is electrically connected with the execution module (4) through a lead in an input mode.
2. A data transmission encryption and desensitization system according to claim 1, wherein: the database server (1), the authorization module (2), the desensitization module (3), the execution module (4) and the user side server (5) are electrically connected in series through wires.
3. A data transmission encryption and desensitization system according to claim 1, wherein: the authorization module (2) is composed of a data reading module (201), a data screening module (202), an authorization implementation module (203) and an access control module (204), the data reading module (201) is electrically output and connected with the data screening module (202) through a lead, the data screening module (202) is electrically output and connected with the authorization implementation module (203) through a lead, and the authorization implementation module (203) is electrically output and connected with the access control module (204) through a lead.
4. A data transmission encryption and desensitization system according to claim 3, wherein: the data reading module (201), the data screening module (202), the authorization implementation module (203) and the access control module (204) are electrically connected in series through conducting wires.
5. A data transmission encryption and desensitization system according to claim 1, wherein: the desensitization module (3) comprises a data receiving and analyzing module (301), a desensitization establishing module (302), a desensitization encryption module (303), a desensitization data generating module (304), a desensitization decryption module (305) and a data transmission module (306), the data receiving and analyzing module (301) and the desensitization establishing module (302) are electrically output and connected through a lead, the desensitization establishing module (302) and the desensitization encryption module (303) are electrically output and connected through a lead, the desensitization encryption module (303) and the desensitization data generating module (304) are electrically output and connected through a lead, the desensitization establishing module (302) and the desensitization decryption module (305) are electrically output and connected through a lead, and the desensitization decryption module (305) and the data transmission module (306) are electrically output and connected through a lead.
6. A data transmission encryption and desensitization system according to claim 5, wherein: the desensitization encryption module (303) and the desensitization data generation module (304) are electrically connected in series through a lead, the desensitization encryption module (303) and the desensitization decryption module (305) are electrically connected in parallel through a lead, and the desensitization decryption module (305) and the data transmission module (306) are electrically connected in series through a lead.
7. A data transmission encryption and desensitization system according to claim 1, wherein: the execution module (4) comprises a self-checking module (401), a secondary encryption module (402), a target data storage module (403), an instruction receiving and sending module (404) and a secondary decryption module (405), the self-checking module (401) is electrically connected with the secondary encryption module (402) through a lead, the secondary encryption module (402) is electrically connected with the target data storage module (403) through a lead, the target data storage module (403) is electrically connected with the instruction receiving and sending module (404) through a lead, and the instruction receiving and sending module (404) is electrically connected with the secondary decryption module (405) through a lead.
8. A data transmission encryption and desensitization system according to claim 7, wherein: the self-checking module (401), the secondary encryption module (402), the target data storage module (403), the instruction receiving and sending module (404) and the secondary decryption module (405) are electrically connected in series through wires.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010934514.XA CN113746791A (en) | 2020-09-08 | 2020-09-08 | Data transmission encryption and desensitization system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010934514.XA CN113746791A (en) | 2020-09-08 | 2020-09-08 | Data transmission encryption and desensitization system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113746791A true CN113746791A (en) | 2021-12-03 |
Family
ID=78728013
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010934514.XA Pending CN113746791A (en) | 2020-09-08 | 2020-09-08 | Data transmission encryption and desensitization system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113746791A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070294539A1 (en) * | 2006-01-27 | 2007-12-20 | Imperva, Inc. | Method and system for transparently encrypting sensitive information |
| US20100228987A1 (en) * | 2009-03-06 | 2010-09-09 | Sony Corporation | System and method for securing information using remote access control and data encryption |
| CN104270465A (en) * | 2014-10-23 | 2015-01-07 | 成都双奥阳科技有限公司 | Cloud storage protection system |
| CN107766741A (en) * | 2017-10-23 | 2018-03-06 | 中恒华瑞(北京)信息技术有限公司 | Data desensitization system and method |
| CN111274611A (en) * | 2020-02-04 | 2020-06-12 | 北京同邦卓益科技有限公司 | Data desensitization method, device and computer readable storage medium |
-
2020
- 2020-09-08 CN CN202010934514.XA patent/CN113746791A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070294539A1 (en) * | 2006-01-27 | 2007-12-20 | Imperva, Inc. | Method and system for transparently encrypting sensitive information |
| US20100228987A1 (en) * | 2009-03-06 | 2010-09-09 | Sony Corporation | System and method for securing information using remote access control and data encryption |
| CN104270465A (en) * | 2014-10-23 | 2015-01-07 | 成都双奥阳科技有限公司 | Cloud storage protection system |
| CN107766741A (en) * | 2017-10-23 | 2018-03-06 | 中恒华瑞(北京)信息技术有限公司 | Data desensitization system and method |
| CN111274611A (en) * | 2020-02-04 | 2020-06-12 | 北京同邦卓益科技有限公司 | Data desensitization method, device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10903982B2 (en) | Smart contract-based data transfer method and system | |
| CN107251476A (en) | Secret communication is managed | |
| CN110891061B (en) | Data encryption and decryption method and device, storage medium and encrypted file | |
| CN112202754B (en) | Data encryption method and device, electronic equipment and storage medium | |
| CN109067814B (en) | Media data encryption method, system, device and storage medium | |
| CN105574445A (en) | Safety communication method and device for self-service terminal equipment hardware | |
| CN110191136A (en) | A kind of convenient and fast file secure transmission method and equipment | |
| CN106326767A (en) | File encryption method, file decryption method and devices | |
| CN107743120B (en) | Detachable encrypted test question data transmission system and method | |
| CN112865965B (en) | Train service data processing method and system based on quantum key | |
| CN111125788B (en) | Encryption calculation method, computer equipment and storage medium | |
| CN103457723B (en) | A kind of encryption method and the encryption device based on it | |
| CN109194467A (en) | A kind of safe transmission method and system of encryption data | |
| CN113746791A (en) | Data transmission encryption and desensitization system | |
| CN116527228A (en) | Big data transmission method with verification function | |
| CN105450597A (en) | Information transmission method and device | |
| Park et al. | Secure Message Transmission against Remote Control System | |
| CN110233735B (en) | Comprehensive safety protection method and system for grid-connected power station industrial control system | |
| CN113472770A (en) | Safe outsourcing computing architecture suitable for big data of power grid | |
| CN215300666U (en) | Industrial internet safety transmission device | |
| CN203423701U (en) | Cipher machine | |
| CN114826729B (en) | Data processing method, page updating method and related hardware | |
| CN114928756B (en) | Video data protection, encryption and verification method, system and equipment | |
| Resul et al. | Cryptolog: A new approach to provide log security for digital forensics | |
| CN115643113B (en) | Secure transmission method and device for private data and financial private data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20211203 |
|
| WD01 | Invention patent application deemed withdrawn after publication |