CN114443594A - Network security data interaction method, system, device and storage medium - Google Patents

Network security data interaction method, system, device and storage medium Download PDF

Info

Publication number
CN114443594A
CN114443594A CN202111556337.7A CN202111556337A CN114443594A CN 114443594 A CN114443594 A CN 114443594A CN 202111556337 A CN202111556337 A CN 202111556337A CN 114443594 A CN114443594 A CN 114443594A
Authority
CN
China
Prior art keywords
data
sharing
unit
management
transmission interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111556337.7A
Other languages
Chinese (zh)
Inventor
张之刚
李若峰
付卫宁
王方玉
杨杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongnan Electric Power Test and Research Institute of China Datang Group Science and Technology Research Institute Co Ltd
Original Assignee
Zhongnan Electric Power Test and Research Institute of China Datang Group Science and Technology Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongnan Electric Power Test and Research Institute of China Datang Group Science and Technology Research Institute Co Ltd filed Critical Zhongnan Electric Power Test and Research Institute of China Datang Group Science and Technology Research Institute Co Ltd
Priority to CN202111556337.7A priority Critical patent/CN114443594A/en
Publication of CN114443594A publication Critical patent/CN114443594A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The method comprises the steps of constructing a data transmission interface, wherein the data transmission interface comprises a first data transmission interface and a second data transmission interface, and realizing uniform reading, uniform output and uniform data format conversion of data sharing resources according to the first data transmission interface and the second data transmission interface; acquiring sharing demand information of each unit, and carrying out support management on the sharing demand information so as to realize paperless office of sharing demand; authorizing the sharing requirement of each unit based on the authorization authority; encrypting the data sharing resource based on the data encryption rule; and exchanging and transmitting the data sharing resources based on the first data transmission interface and the second data transmission interface, and monitoring the exchanging and transmitting process of the data sharing resources in real time.

Description

Network security data interaction method, system, device and storage medium
Technical Field
The present application relates to the field of data interaction, and in particular, to a method, a system, a device, and a storage medium for network security data interaction.
Background
The internal network of an enterprise and public institution and the like must be physically isolated from the external network due to the business secret or sensitive data, but the real-time data of the external network is often acquired, and the physical isolation data exchange technology comprises the technology of a mesh gate and an optical gate.
At present, according to the requirement of national energy on network division of a power monitoring system, a network of each unit is divided into a production control large area and a management information large area, the management information large area is divided into an intranet office area and an extranet office area, the office intranet and the extranet of the management information large area are logically isolated, data are transmitted between the extranet and the intranet due to business requirements, and data interaction is mainly carried out through a dual-network gatekeeper at present.
However, the intranet and the extranet lack data management and control, effective approval, safe encryption, controllable data circulation and the like in the data interaction process, and meanwhile, the office intranet and the office extranet lack effective boundary protection.
Disclosure of Invention
In order to realize data management and control, effective approval, data encryption and network boundary protection, the application provides a network security data interaction method, system, device and storage medium.
In a first aspect, the present application provides a network security data interaction method, which adopts the following technical scheme:
a network security data interaction method comprises the following steps:
constructing a data transmission interface, wherein the data transmission interface comprises a first data transmission interface and a second data transmission interface, and realizes uniform reading and uniform output of data sharing resources and uniform data format conversion according to the first data transmission interface and the second data transmission interface;
acquiring sharing demand information of each unit, and carrying out support management on the sharing demand information so as to realize paperless office of sharing demand;
authorizing the sharing requirement of each unit based on the authorization authority;
encrypting the data sharing resource based on the data encryption rule;
and exchanging and transmitting the data sharing resources based on the first data transmission interface and the second data transmission interface, and monitoring the exchanging and transmitting process of the data sharing resources in real time.
In a second aspect, the present application provides a network security data interaction system, which adopts the following technical solutions:
a network security data interaction system comprises an inner network end, an outer network end and a data sharing exchange platform arranged at the boundary of the inner network end and the outer network end, wherein the data sharing exchange platform comprises:
the configuration management module is used for respectively configuring data transmission interfaces of the internal network end and the external network end to realize uniform reading and uniform output of data and uniform data format conversion;
the resource management module is used for uniformly managing the data sharing resources and updating the data sharing resources in real time;
the flow management module is used for managing and supporting the sharing requirement flows of all units and realizing paperless office of the sharing requirement flows;
the authorization management module is used for authorizing the sharing requirements of all units;
the safety management module is used for encrypting the data sharing resources;
the operation management module is used for controlling and managing the exchange of the data sharing resources;
and the monitoring management module is used for monitoring and managing the exchange of the data sharing resources in real time.
Further, the process management module comprises:
the exchange engine unit is used for realizing data exchange according to the data exchange and data push engine of the BPML international standard;
the flow customizing unit is used for customizing a data exchange flow;
the business rule definition unit is used for defining business rules in the execution process of the business process;
and the data conversion unit is used for defining tools according to the data conversion rule of the XML and realizing the data format conversion of the same semantic different structures among systems.
Further, the authorization management module includes:
the hierarchical authorization management unit is used for classifying the authority of each unit, and each unit authorizes the sharing requirement according to the corresponding authorization authority;
the user authorization management unit is used for carrying out authorization management on user authority;
the directory service authorization unit is used for carrying out authorization management on the authority of the data sharing resource directory;
the exchange management authorization unit is used for carrying out authorization management on the authority of data information exchange;
and the sharing management authorization unit is used for carrying out authorization management on the sharing management authority of the data sharing resource.
Furthermore, the security management module encrypts the data sharing resource by adopting a mode of combining symmetric encryption and asymmetric encryption.
Further, the monitoring management module comprises:
the operation monitoring unit is used for monitoring the operation state of the system, including remote management and monitoring of the data sharing exchange platform and the service components thereof, remotely monitoring the operation condition of the distributed node adapter and giving an alarm when an abnormal condition occurs;
the flow monitoring unit is used for monitoring the business flow;
the statistical analysis unit is used for inquiring and counting the exchange flow of the data sharing resources and the downloading condition of the data sharing resources, analyzing the inquiry and counting result and displaying the running state of the data sharing exchange platform in a chart mode;
and the log management unit is used for managing various message logs generated in the data sharing resource exchange process and browsing logs operated by the data sharing exchange platform.
In a third aspect, the present application provides a computer apparatus, which adopts the following technical solutions:
a computer apparatus comprising a memory, a processor and a computer program stored on the memory and operable on the processor, the processor when loaded with the computer program performing the method of the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium, which adopts the following technical solutions:
a computer-readable storage medium having stored thereon a computer program which, when loaded by a processor, performs the method of the first aspect.
To sum up, the application has the following beneficial effects:
according to the application, the approval and the control of the application of the data sharing resources are increased, the encryption transmission of the data sharing resources is increased, the safety of the data sharing resources is ensured, the access control of a network boundary is increased, and the compliance is realized.
Drawings
Fig. 1 is a schematic method flow diagram of the network security data interaction method of the present invention.
FIG. 2 is a block diagram of the network security data interaction system of the present invention.
FIG. 3 is a block diagram of a data sharing switching platform according to the present invention.
FIG. 4 is a block diagram of a process management module according to the present invention.
FIG. 5 is a block diagram of an authorization management module according to the present invention.
Fig. 6 is a schematic diagram of a module framework of the monitoring management module according to the present invention.
Description of the reference numerals
1. An intranet end; 2. an outer net end; 3. a data sharing exchange platform; 31. configuring a management module; 32. a resource management module; 33. a process management module; 331. a switching engine unit; 332. a flow customization unit; 333. a business rule definition unit; 334. a data conversion unit; 34. an authorization management module; 341. a hierarchical authorization management unit; 342. a user authorization management unit; 343. a directory service authorization unit; 344. an exchange management authorization unit; 345. a sharing management authorization unit; 35. a security management module; 36. an operation management module; 37. a monitoring management module; 371. an operation monitoring unit; 372. a process monitoring unit; 373. a statistical analysis unit; 374. a log management unit.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is further described in detail below with reference to fig. 1-6 and the embodiments. It should be understood that the specific embodiments described herein are for purposes of explanation and are not intended to limit the present application.
The network security data interaction method mainly solves the problem of data security interaction between an office intranet and an office extranet, and particularly realizes effective approval, data encryption and network boundary protection of data aiming at management and control of data or software interfaces providing technical services externally.
Referring to fig. 1, a network security data interaction method provided in an embodiment of the present application specifically includes:
s1: and constructing a data transmission interface which comprises a first data transmission interface and a second data transmission interface, and realizing uniform reading and uniform output of data sharing resources and uniform data format conversion according to the first data transmission interface and the second data transmission interface.
In this step, a data transmission interface is constructed by using an existing interface construction tool, for example, a first data transmission interface is constructed at an office intranet server, a second data transmission interface is constructed at an office extranet server, and then the office intranet server can establish a communication relationship with the office extranet through the first data transmission interface and the second data transmission interface.
S2: and acquiring the sharing demand information of each unit, and carrying out support management on the sharing demand information so as to realize paperless office of sharing demand.
In this step, the shared demand information may include an application flow, a review flow, an approval flow, and a feedback flow, specifically, the application flow is a flow in which the user requests the data sharing resource, the review flow is a flow in which the review is performed on the data sharing resource flow requested by the user, the approval flow is a flow in which the request flow of the data sharing resource is approved after the review flow passes, and the feedback flow is a return visit flow after the data sharing resource is used up.
S3: and authorizing the sharing requirement of each unit based on the authorization authority.
In the step, the authorization authority is graded, and the sharing requirement of each unit is authorized according to the corresponding graded authorization authority.
S4: and encrypting the data sharing resource based on the data encryption rule.
In the step, the data encryption rule adopts a mode of combining symmetric encryption and asymmetric encryption, the symmetric encryption can realize the encryption of data, the asymmetric encryption can carry out the regular replacement of a secret key, and the encryption and decryption efficiency is higher and safer by adopting a mode of combining the symmetric encryption and the asymmetric encryption.
The symmetric encryption method comprises the following steps:
when a communication connection establishment request initiated by an external network server is acquired, initiating a block chain admission authentication request of the external network server;
distributing the access certificate request to at least one authentication entity for authentication through an authentication center configured by an intranet server;
merging the authentication results fed back by at least one authentication entity through an authentication center to obtain a final authentication result of the extranet server;
and controlling the communication connection between the outer network server and the inner network server according to the final authentication result.
S5: and exchanging and transmitting the data sharing resources based on the first data transmission interface and the second data transmission interface, and monitoring the exchanging and transmitting process of the data sharing resources in real time.
In this step, when the exchange and transmission process of the data sharing resources is monitored in real time, the data exchange task can be started or stopped remotely in a manual or automatic mode, and the storage, backup and recovery functions of various management data can be realized, so that the method has multi-level backup and recovery capabilities of components, services, systems and the like.
In this step, when the exchange transmission process of the data sharing resource is monitored in real time, the operation condition, the operation flow, the statistical analysis and the log management can be monitored.
Referring to fig. 2, an embodiment of the present application provides a network security data interaction system, which is applied to the energy industry, such as an electric network, and the system includes an intranet terminal 1, an extranet terminal 2, and a data sharing and exchanging platform 3 disposed at a boundary between the intranet terminal 1 and the extranet terminal 2, that is, the data sharing and exchanging platform 3 communicates with the intranet terminal 1 and the extranet terminal 2, where the intranet terminal 1 is an office intranet server and the extranet terminal 2 is an office extranet server, respectively.
Referring to fig. 3, the data sharing switching platform 3 in this embodiment includes a configuration management module 31, a resource management module 32, a process management module 33, an authorization management module 34, a security management module 35, an operation management module 36, and a monitoring management module 37.
Specifically, the configuration management module 31 in this embodiment is configured to configure the data transmission interfaces of the internal network end 1 and the external network end 2 respectively, so as to implement uniform reading, uniform output, and uniform data format conversion of data.
A configuration management module 31 is used to configure a first data transmission interface at the intranet terminal 1, and then the intranet terminal 1 can send and receive data information through the first data transmission interface; the configuration management module 31 is used to configure the second data transmission interface at the external network end 2, and then the external network end 2 can send and receive data information through the second data transmission interface, that is, the internal network end 1 and the external network end 2 can be communicated through the configured first data transmission interface and the configured second data transmission interface.
The data information to be transmitted can be uniformly read, uniformly output and uniformly converted in data format through the configured first data transmission interface and the second data transmission interface.
Specifically, the resource management module 32 of this embodiment is configured to uniformly manage the data sharing resources and update the data sharing resources in real time.
The resource management module 32 may provide a data sharing resource directory, and the data sharing resource directory has a plurality of resource directory nodes, where the resource directory nodes in this embodiment are metadata of the data sharing resources, and further, a user may update the data sharing resource directory at regular time by registering an account on the data sharing exchange platform 3, so as to query the required data sharing resources through navigation of the data sharing resource directory.
Specifically, the process management module 33 of this embodiment is configured to manage and support the shared requirement processes of each unit, so as to implement paperless office of the shared requirement processes, where the shared requirement processes include application, audit, approval, and feedback.
The application is a flow for requesting the data sharing resource for the user, the audit is a flow for auditing the flow of the data sharing resource requested by the user, the approval is a flow for approving the request flow of the data sharing resource after the audit flow passes, and the feedback is a return visit flow after the data sharing resource is used up.
Referring to fig. 4, in the present embodiment, the flow management module 33 includes a switching engine unit 331, a flow customizing unit 332, a business rule defining unit 333, and a data converting unit 334; the exchange engine unit 331 is configured to implement data exchange according to a data exchange and data push engine of the BPML international standard, the flow customization unit 332 is configured to customize a data exchange flow, the business rule definition unit 333 is configured to define a business rule in a business flow execution process, and the data conversion unit 334 is configured to implement data format conversion of the same semantic different structures between systems according to a data conversion rule definition tool of XML.
When defining the service rule, the service rule defining unit 333 receives a certain file type, for example, and calls a corresponding file parsing adapter to analyze and store data files of different formats, thereby implementing full automation of file transmission and processing.
Specifically, the authorization management module 34 of the present embodiment is used for authorizing the sharing requirement of each unit.
Referring to fig. 5, in the present embodiment, the authorization management module 34 includes a hierarchical authorization management unit 341, a user authorization management unit 342, a directory service authorization unit 343, an exchange management authorization unit 344, and a shared management authorization unit 345; the hierarchical authorization management unit 341 is configured to rank the authority of each unit, each unit authorizes the sharing requirement according to the corresponding authorization authority, the user authorization management unit 342 is configured to authorize and manage the user authority, the directory service authorization unit 343 is configured to authorize and manage the authority of the data sharing resource directory, the exchange management authorization unit 344 is configured to authorize and manage the authority of data information exchange, and the sharing management authorization unit 345 is configured to authorize and manage the data sharing resource sharing management authority.
Specifically, the security management module 35 of this embodiment is configured to perform encryption processing on the data sharing resource.
In this embodiment, the transmission of the data sharing resource needs to be encrypted by a symmetric cryptographic algorithm, and the key of the data ensures more than 128 bits, so as to improve the transmission security of the data sharing resource.
For the problems of safety and data efficiency, the encryption key is not suitable for being too long, asymmetric encryption and symmetric encryption are added for confidentiality, the symmetric encryption can realize data encryption, the asymmetric encryption can be used for regularly replacing the key, and the encryption and decryption efficiency is higher and safer by adopting a mode of combining the symmetric encryption and the asymmetric encryption.
In this embodiment, the symmetric encryption algorithm includes:
when a communication connection establishment request initiated by the external network terminal 2 is acquired, initiating a block chain admission authentication request of the external network terminal 2;
distributing the access authentication request to at least one authentication entity for authentication through an authentication center configured by the intranet terminal 1;
respectively authenticating the access authentication requests through the authentication entities and feeding back the access authentication requests to the authentication center;
merging the authentication results fed back by at least one authentication entity through the authentication center to obtain the final authentication result of the external network terminal 2;
and controlling the communication connection between the external network end 2 and the internal network end 1 according to the final authentication result.
Specifically, the operation management module 36 of the present embodiment is configured to perform control management on the exchange of the data sharing resource.
In the embodiment, when data sharing resources are exchanged, a data exchange task can be started or stopped remotely in a manual or automatic mode; in addition, the storage, backup and recovery functions of various management data can be realized, and the system has multi-level backup and recovery capabilities of components, services, systems and the like.
Specifically, the monitoring management module 37 of this embodiment is configured to perform real-time monitoring management on the exchange of the data sharing resource.
Referring to fig. 6, in the present embodiment, the monitoring management module 37 includes an operation monitoring unit 371, a flow monitoring unit 372, a statistical analysis unit 373, and a log management unit 374; the operation monitoring unit 371 is used for monitoring the operation state of the system, including remote management and monitoring of the data sharing exchange platform 3 and its service components, and can remotely monitor the operation state of the distributed node adapter, and alarm when abnormal conditions occur, the process monitoring unit 372 is used for monitoring the business process, the statistical analysis unit 373 is used for inquiring and counting the exchange process of the data sharing resources and the download condition of the data sharing resources, and analyzing the inquiry and counting result, and shows the operation state of the data sharing exchange platform 3 in a chart mode, the log management unit 374 is used for managing various message logs generated in the data sharing resource exchange process and the operation and browsing logs of the data sharing exchange platform 3, and mainly carries out log statistics by inputting the initial date, the exchange name, the type, and the like, and tracks and audits the data sharing resource exchange task afterwards, each operation by the system operator is also logged.
The embodiment of the application discloses a computer device, which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein when the processor loads the computer program, the network security data interaction method is executed.
The computer device may be a desktop computer, a notebook computer, a cloud server, an embedded system, a programmable gate array system, an application specific integrated circuit system, or the like, and includes but is not limited to a processor and a memory, for example, the computer device may further include an input/output device, a network access device, a bus, and the like.
The processor may be a Central Processing Unit (CPU), and of course, according to an actual use situation, other general processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like may also be used, and the general processor may be a microprocessor or any conventional processor, and the present application does not limit the present invention.
The memory may be an internal storage unit of the computer apparatus, for example, a hard disk or a memory of the computer apparatus, or an external storage device of the computer apparatus, for example, a plug-in hard disk, a smart card (SMC), a secure digital card (SD), a flash memory card (FC), etc. provided on the computer apparatus, and may also be a combination of the internal storage unit of the computer apparatus and the external storage device, the memory is used for storing a computer program and other programs and data required by the computer apparatus, and the memory is also used for temporarily storing data that has been output or will be output, which is not limited in this application.
The network security data interaction method of the embodiment is stored in a memory of the computer device through the computer device, and is loaded and executed on a processor of the computer device, so as to be convenient for a user to use.
The embodiment of the application discloses a computer readable storage medium, and a computer program is stored in the computer readable storage medium, wherein when the computer program is loaded by a processor, the network security data interaction method is executed.
The computer program may be stored in a computer readable medium, the computer program includes computer program code, the computer program code may be in a source code form, an object code form, an executable file or some intermediate form, and the like, the computer readable medium includes any entity or device capable of carrying the computer program code, a recording medium, a usb disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a Read Only Memory (ROM), a Random Access Memory (RAM), an electrical carrier signal, a telecommunication signal, a software distribution medium, and the like, and the computer readable medium includes but is not limited to the above components.
The network security data interaction method of the above embodiment is stored in the computer readable storage medium through the computer readable storage medium, and is loaded and executed on the processor, so as to facilitate storage and application of the network security data interaction method.
The foregoing is a preferred embodiment of the present application and is not intended to limit the scope of the application in any way, and any features disclosed in this specification (including the abstract and drawings) may be replaced by alternative features serving equivalent or similar purposes, unless expressly stated otherwise. That is, unless expressly stated otherwise, each feature is only an example of a generic series of equivalent or similar features.

Claims (8)

1. A network security data interaction method is characterized by comprising the following steps:
constructing a data transmission interface, wherein the data transmission interface comprises a first data transmission interface and a second data transmission interface, and realizes uniform reading and uniform output of data sharing resources and uniform data format conversion according to the first data transmission interface and the second data transmission interface;
acquiring sharing demand information of each unit, and carrying out support management on the sharing demand information so as to realize paperless office of sharing demand;
authorizing the sharing requirement of each unit based on the authorization authority;
encrypting the data sharing resource based on the data encryption rule;
and exchanging and transmitting the data sharing resources based on the first data transmission interface and the second data transmission interface, and monitoring the exchanging and transmitting process of the data sharing resources in real time.
2. The network security data interaction system is characterized by comprising an inner network end (1), an outer network end (2) and a data sharing exchange platform (3) arranged at the boundary of the inner network end (1) and the outer network end (2), wherein the data sharing exchange platform (3) comprises:
the configuration management module (31) is used for respectively configuring data transmission interfaces of the internal network end (1) and the external network end (2) to realize uniform reading, uniform output and uniform data format conversion of data;
the resource management module (32) is used for uniformly managing the data sharing resources and updating the data sharing resources in real time;
the flow management module (33) is used for managing and supporting the sharing requirement flow of each unit and realizing paperless office of the sharing requirement flow;
an authorization management module (34) for authorizing the sharing requirements of each unit;
the security management module (35) is used for encrypting the data sharing resource;
the operation management module (36) is used for controlling and managing the exchange of the data sharing resources;
and the monitoring management module (37) is used for carrying out real-time monitoring management on the exchange of the data sharing resources.
3. The network security data interaction system according to claim 2, wherein the process management module (33) comprises:
a switching engine unit (331) for implementing data switching according to the data switching and data pushing engine of BPML international standard;
a flow customization unit (332) for customizing the data exchange flow;
a business rule definition unit (333) used for defining business rules in the execution process of the business process;
and the data conversion unit (334) is used for realizing the data format conversion of the same semantic different structures among systems according to the XML data conversion rule definition tool.
4. The network security data interaction system of claim 2, wherein the authorization management module (34) comprises:
the hierarchical authorization management unit (341) is used for classifying the authority of each unit, and each unit authorizes the sharing requirement according to the corresponding authorization authority;
a user authorization management unit (342) for performing authorization management on user rights;
the directory service authorization unit (343), is used for authorizing the administration to the authority of the data sharing resource directory;
an exchange management authorization unit (344) for performing authorization management on the authority of data information exchange;
and the sharing management authorization unit (345) is used for carrying out authorization management on the sharing management authority of the data sharing resource.
5. The network security data interaction system of claim 2, wherein the security management module (35) encrypts the data sharing resource by a combination of symmetric encryption and asymmetric encryption.
6. The network security data interaction system according to claim 2, wherein the monitoring management module (37) comprises:
the operation monitoring unit (371) is used for monitoring the operation state of the system, including remote management and monitoring of the data sharing exchange platform (3) and the service components thereof, and can remotely monitor the operation condition of the distributed node adapter and give an alarm when abnormal conditions occur;
the flow monitoring unit (372) is used for monitoring the business flow;
the statistical analysis unit (373) is used for performing query statistics on the exchange flow of the data sharing resources and the downloading condition of the data sharing resources, analyzing the query statistical result and displaying the operation state of the data sharing exchange platform (3) in a chart mode;
and the log management unit (374) is used for managing various message logs generated in the data sharing resource exchange process and browsing logs run by the data sharing exchange platform (3).
7. A computer arrangement comprising a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor, when loaded with the computer program, performs the method of claim 1.
8. A computer-readable storage medium, in which a computer program is stored which, when loaded by a processor, performs the method of claim 1.
CN202111556337.7A 2021-12-18 2021-12-18 Network security data interaction method, system, device and storage medium Pending CN114443594A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111556337.7A CN114443594A (en) 2021-12-18 2021-12-18 Network security data interaction method, system, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111556337.7A CN114443594A (en) 2021-12-18 2021-12-18 Network security data interaction method, system, device and storage medium

Publications (1)

Publication Number Publication Date
CN114443594A true CN114443594A (en) 2022-05-06

Family

ID=81364596

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111556337.7A Pending CN114443594A (en) 2021-12-18 2021-12-18 Network security data interaction method, system, device and storage medium

Country Status (1)

Country Link
CN (1) CN114443594A (en)

Similar Documents

Publication Publication Date Title
Awaysheh et al. Next-generation big data federation access control: A reference model
CN111783075B (en) Authority management method, device and medium based on secret key and electronic equipment
US9864868B2 (en) Method and apparatus for process enforced configuration management
CN110543464B (en) Big data platform applied to intelligent park and operation method
US11811907B2 (en) Data processing permits system with keys
CN111543031A (en) Method and control system for controlling and/or monitoring a device
KR102207072B1 (en) System for auditing data access based on block chain and the method thereof
CN111740826B (en) Encryption method, decryption method, device and equipment based on encryption proxy gateway
CN105635320A (en) Method and equipment for calling configuration information
CN102316152A (en) The Distributed Services empowerment management
CN112035438A (en) Government affair big data platform system
US10318413B1 (en) Scalable enterprise platform for automated functional and integration regression testing
CN116090000A (en) File security management method, system, device, medium and program product
US11513507B2 (en) Systems and methods for distributed control of manufacturing processes
CN114443594A (en) Network security data interaction method, system, device and storage medium
KR20190087807A (en) Datalake framework
TWI829218B (en) De-centralized data authorization control system capable of indirectly transferring read token through third-party service subsystem
CN112565367A (en) Data exchange platform and data exchange method based on symmetric algorithm
CN113409021B (en) Power grid data sharing system
TWI829215B (en) De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token
US11936773B2 (en) Encryption key management method in data subscription system
TWI829221B (en) De-centralized data authorization control system capable of allowing data requestetr device to inspect correctness of data authorization policy stored in block chain subsystem
TWI766430B (en) De-centralized data authorization control system capable of dynamically adjusting data authorization policy
KR20240017995A (en) System and method for creating input and output layouts through application programming interface for collecting public data set and computer program for the same
CN113010854A (en) Authorization file monitoring method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination