CN114584370A - Server data interaction network security system - Google Patents

Server data interaction network security system Download PDF

Info

Publication number
CN114584370A
CN114584370A CN202210203026.0A CN202210203026A CN114584370A CN 114584370 A CN114584370 A CN 114584370A CN 202210203026 A CN202210203026 A CN 202210203026A CN 114584370 A CN114584370 A CN 114584370A
Authority
CN
China
Prior art keywords
data
server
interactive
information
firewall
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210203026.0A
Other languages
Chinese (zh)
Inventor
谢彬泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lemike Information Technology Shenzhen Co ltd
Original Assignee
Lemike Information Technology Shenzhen Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lemike Information Technology Shenzhen Co ltd filed Critical Lemike Information Technology Shenzhen Co ltd
Priority to CN202210203026.0A priority Critical patent/CN114584370A/en
Publication of CN114584370A publication Critical patent/CN114584370A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0852Delays
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to the technical field of network security, and discloses a server data interaction network security system, which comprises: the system comprises a server, a first data firewall, a second data firewall, an application server access module, a data interaction center module and terminal equipment; the server is connected with the application server access module, the application server access module is connected with the first data firewall, and the output end of the first data firewall is connected with the second data firewall; the other end of the second data firewall is connected with the data interaction center module, and the data interaction center module is further connected with the terminal equipment. According to the server data interaction network security system provided by the invention, multiple encryption modes are doubly encrypted through the first data firewall and the second data firewall, so that the network security is improved.

Description

Server data interaction network safety system
Technical Field
The invention relates to the technical field of network security, in particular to a server data interaction network security system.
Background
The security of the network is very important to the network design, and the reasonable network security control can effectively protect the information resources in the application environment, effectively control the access of the network and flexibly implement the security control strategy of the network. The traditional network security system for server data interaction is usually encrypted by adopting a single encryption mode, the security performance is low, and data can be easily decrypted and stolen.
Disclosure of Invention
In view of the deficiencies of the prior art, the present invention provides a server data interaction network security system to solve the problems set forth in the background art.
In order to achieve the purpose, the invention provides the following technical scheme: a server data interaction network security system, the server data interaction network security system comprising: the system comprises a server, a first data firewall, a second data firewall, an application server access module, a data interaction center module and terminal equipment; the server is connected with the application server access module, the application server access module is connected with the first data firewall, and the output end of the first data firewall is connected with the second data firewall; the other end of the second data firewall is connected with the data interaction center module, and the data interaction center module is further connected with the terminal equipment.
Preferably, the server data interaction network security system further includes: a secure network backup module; the safety network backup module is connected between the data interaction center module and the terminal equipment and used for processing and planning the received data information and transmitting the received data information according to a planning scheme.
Preferably, the terminal device includes: the system comprises a one-piece machine, a mobile intelligent terminal and an IPAD, wherein a plurality of terminal devices can be simultaneously connected to the secure network backup module, and the server can also be a plurality of servers simultaneously connected to the application server access module.
Preferably, the first data firewall is configured to perform a first operation on the interactive data information transmitted by the server, where the first operation includes: receiving interactive data information transmitted by the server; analyzing whether the interactive data information comes from the same server or not, if the interactive data information comes from the same server, directly performing first data processing on the interactive data information, and if the interactive data information comes from different servers, dividing the interactive data information into a plurality of interactive data information according to data sources and then respectively performing first data processing on the interactive data information; wherein the first data processing comprises: expanding the interactive data information by adding false data to obtain expanded interactive data; and encrypting the expanded interactive data by adopting a first encryption algorithm to obtain first encrypted interactive data.
Preferably, the first data firewall transmits the first encrypted interaction data to the second data firewall after obtaining the first encrypted interaction data, and the second data firewall performs second operation processing on the first encrypted interaction data transmitted by the first data firewall, where the second operation processing includes: performing data fuzzification processing on the first encrypted interactive data, and modifying the title and/or the address of the first encrypted interactive data to fuzzify the title and/or the address of the information of the first encrypted interactive data to obtain fuzzified first encrypted interactive data; dividing the fuzzified first encrypted interactive data, dividing the fuzzified first encrypted interactive data into a plurality of data blocks, and scrambling the sequence of the data blocks to obtain the disordered and fuzzy first encrypted interactive data; and local data hiding is carried out on the disordered and fuzzy first encryption state interactive data, and second encryption interactive data are obtained after partial data information in the disordered and fuzzy first encryption state interactive data is hidden.
Preferably, when local data hiding is performed on the confusedly and fuzzily first encryption state interactive data, hiding is performed according to the number of the data blocks, and a target number of data blocks is selected from the confusedly and fuzzily first encryption state interactive data for hiding, where the target number is forty percent to sixty percent of the total number of the data blocks.
Preferably, the secure network backup module includes: the system comprises a safety protection unit, a first data processing unit, a data decryption unit, a second data processing unit, a data transmission unit and a data recording unit; the first data processing unit is connected with the data interaction center module and the data decryption unit, the data decryption unit is further connected with the second data processing unit, the output end of the second data processing unit is connected with the data transmission unit, and the other end of the data transmission unit is connected with the terminal equipment; when the safety network backup module performs data processing and planning on received data information and transmits the received data information according to a planning scheme, the first data processing unit receives second encrypted interactive data transmitted by the data interaction center module, and meanwhile, the safety protection module performs safety environment detection on each unit in the safety network backup module to obtain a safety detection result; the data decryption unit acquires and decrypts a key according to the completely processed interactive data information to acquire decrypted data information; the second data processing unit carries out false data elimination on the original data information, and retains real effective data to obtain original interactive data information; the data transmission unit plans the original interactive data information to obtain a planning scheme, transmits the original interactive data information to the terminal equipment according to the planning scheme, and simultaneously the data recording unit records the transmission flow direction of the original interactive data information aiming at the data transmission unit, produces a data log and stores the data log aiming at the data log.
Preferably, when generating a data log, the data recording unit generates the data log according to the transmission flow direction of the terminal device, and specifies the type of the required data, the required data acquiring frequency, and the required data acquiring time of the terminal device in the data log, performs key marking on the required data with high acquiring frequency through analysis, and feeds back the key marked content to the data interaction center module.
Preferably, when the application server access module is connected to the server, the application server access module performs connection management for the server, when the server is connected to the application server access module, the application server access module obtains an address of the server and generates a virtual signal to test the server, if the server transmits a correct reply data information signal according to the virtual signal feedback, the server is a legal server, at this time, the server is successfully connected to the application server access module, if the server transmits an incorrect reply data information signal according to the virtual signal feedback, the server is an illegal server, at this time, the connection between the server and the application server access module fails, and when a plurality of servers and the application server access module are successfully connected, and the application server access module also performs data acquisition management on the manager according to the data acquisition request information transmitted by the terminal equipment.
Preferably, the first data processing, when augmenting the interactive data information by adding dummy data, includes: determining a false data segment according to the interactive data information, wherein when the false data segment is determined, data in the false data segment refers to data which does not generate substantial change on the interactive data information; calculating the adding number of the false data fragments according to the size of the target data and the interactive data information to obtain the number of the false data; and adding the false data into the interactive data information according to the number of the false data, so that the expanded interactive data information reaches the target requirement, thereby obtaining expanded interactive data.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of a server data interaction network security system according to the present invention;
FIG. 2 is a schematic diagram of a server data interaction network security system according to the present invention;
FIG. 3 is an architecture diagram of a first data firewall in a server data interaction network security system according to the present invention;
FIG. 4 is an architecture diagram of a second data firewall in a server data interaction network security system according to the present invention;
fig. 5 is an architecture diagram of a secure network backup module in a server data interaction network security system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The present invention provides a server data interaction network security system, as shown in fig. 1, the server data interaction network security system includes: the system comprises a server, a first data firewall, a second data firewall, an application server access module, a data interaction center module and terminal equipment; the server is connected with the application server access module, the application server access module is connected with the first data firewall, and the output end of the first data firewall is connected with the second data firewall; the other end of the second data firewall is connected with the data interaction center module, and the data interaction center module is further connected with the terminal equipment.
The above technical solution provides a server data interaction network security system, which at least includes: the system comprises a server, a first data firewall, a second data firewall, an application server access module, a data interaction center module and terminal equipment, wherein the server is connected with the application server access module, the application server access module is connected with the first data firewall, and the output end of the first data firewall is connected with the second data firewall; the other end of the second data firewall is connected with the data interaction center module, the data interaction center module is further connected with the terminal device, when the server data interaction network security system operates, the terminal device makes a data request to the server, then the application server access module obtains interaction data from the server according to the data request, the server transmits interaction data information to the application server access module, then the application server access module transmits the interaction data information to the first data firewall, the first data firewall and the second data firewall encrypt the interaction data in sequence, and then the data interaction center module transmits the encrypted interaction data information to enable the interaction data information to reach the terminal device, so that an interaction process is achieved.
According to the technical scheme, the first data firewall and the second data firewall are used for carrying out multiple encryption modes and double encryption, the defects that the encryption is single and the server is easy to steal in the current technical scheme are overcome, the safety of the server data interaction network safety system is improved, and the server is managed through the application server access module, so that the server can be managed; and in addition, a core bridge between the terminal equipment and the server is established through the data interaction center module, so that accurate interaction is realized.
In an embodiment provided by the present invention, as shown in fig. 2, the server data interaction network security system further includes: a secure network backup module; the safety network backup module is connected between the data interaction center module and the terminal equipment and used for processing and planning the received data information and transmitting the received data information according to a planning scheme.
The server data interaction network security system of the above technical solution further includes: and the safety network backup module is connected between the data interaction center module and the terminal equipment, receives the data information transmitted by the data interaction center module when the data interaction center module transmits the data information to the terminal equipment, processes and plans the received data information, and then transmits the received data information according to the planning scheme.
According to the technical scheme, the received data information is subjected to data processing and planning through the safety network backup module, so that the data information can be transmitted after being planned, disordered information transmission is avoided, the effective transmission efficiency of the data information can be improved, and data transmission loss is avoided.
In one embodiment provided by the present invention, the terminal device includes: the system comprises a one-piece machine, a mobile intelligent terminal and an IPAD, wherein a plurality of terminal devices can be simultaneously connected to the secure network backup module, and the server can also be a plurality of servers simultaneously connected to the application server access module.
The terminal equipment in the technical scheme can be an all-in-one machine, a mobile intelligent terminal or an IPAD (internet protocol ad), or other intelligent equipment, and the server data interaction network safety system can be connected with a plurality of terminal equipment at the same time, or connected with a plurality of servers at the same time.
According to the technical scheme, the performance of the server data interaction network safety system is improved by simultaneously connecting the plurality of terminal devices and the plurality of servers, so that the server data interaction network safety system can efficiently realize data interaction, the terminal devices are not limited, and the application range of the server data interaction network safety system is improved.
In an embodiment provided by the present invention, as shown in fig. 3, the first data firewall is configured to perform a first operation process on the interactive data information transmitted by the server, where the first operation process includes: receiving interactive data information transmitted by the server; analyzing whether the interactive data information comes from the same server or not, if the interactive data information comes from the same server, directly performing first data processing on the interactive data information, and if the interactive data information comes from different servers, dividing the interactive data information into a plurality of interactive data information according to data sources and then respectively performing first data processing on the interactive data information; wherein the first data processing includes: expanding the interactive data information by adding false data to obtain expanded interactive data; and encrypting the expanded interactive data by adopting a first encryption algorithm to obtain first encrypted interactive data.
The first data firewall in the above technical solution is configured to perform a first operation on the interactive data information transmitted by the server, where the first operation includes: receiving interactive data information transmitted by a server; analyzing whether the interactive data information comes from the same server, if the interactive data information comes from the same server, directly performing first data processing on the interactive data information, and if the interactive data information comes from different servers, dividing the interactive data information into a plurality of interactive data information according to data sources and then respectively performing first data processing; wherein the first data processing includes: expanding the interactive data information by adding false data to obtain expanded interactive data; and encrypting the expanded interactive data by adopting a first encryption algorithm to obtain first encrypted interactive data.
According to the technical scheme, the first encryption processing of the interactive data is realized through the first data firewall, the safety of the interactive data information is improved, the interactive data information is prevented from being falsified and damaged, whether the interactive data information comes from the same server or not is analyzed, the data interaction information transmitted by different servers is prevented from being mixed, the confusion of the interactive data information is reduced, meanwhile, the errors of the transmitted terminal equipment can be avoided, the accuracy of the server data interaction network safety system is improved, the interactive data can be standardized by adding false data to the interactive data information for expansion, the encryption processing is conveniently carried out through the first encryption algorithm, and the encryption processing efficiency is improved.
In an embodiment provided by the present invention, after obtaining the first encrypted interactive data, the first data firewall transmits the first encrypted interactive data to the second data firewall, as shown in fig. 4, where the second data firewall performs a second operation on the first encrypted interactive data transmitted by the first data firewall, where the second operation includes: performing data fuzzification processing on the first encrypted interactive data, and modifying the title and/or the address of the first encrypted interactive data to fuzzify the title and/or the address of the information of the first encrypted interactive data to obtain fuzzified first encrypted interactive data; dividing the fuzzified first encrypted interactive data, dividing the fuzzified first encrypted interactive data into a plurality of data blocks, and scrambling the sequence of the data blocks to obtain the disordered and fuzzy first encrypted interactive data; and local data hiding is carried out on the disordered and fuzzy first encryption state interactive data, and second encryption interactive data are obtained after partial data information in the disordered and fuzzy first encryption state interactive data is hidden.
In the technical scheme, after first encrypted interactive data is obtained by a first data firewall, the first encrypted interactive data is transmitted to a second data firewall, then the second data firewall performs second operation processing on the first encrypted interactive data, and when the second operation processing is performed, data fuzzification processing is performed on the first encrypted interactive data, and a title and/or an address of the first encrypted interactive data are modified, so that the title and/or the address of information of the first encrypted interactive data cover real original information, a fuzzy purpose is achieved, and the fuzzified first encrypted interactive data is obtained; then, the fuzzified first encrypted interactive data is divided, the fuzzified first encrypted interactive data is integrally divided into a plurality of data blocks, and the sequence of the data blocks is disordered, so that the disordered and fuzzy first encrypted interactive data is obtained; and recently, partial data in the disordered and fuzzy first encryption state interactive data are subjected to local data hiding, and then second encryption interactive data are obtained.
According to the technical scheme, the secondary encryption of the interactive data information is realized through the second operation processing, the problems of single encryption and simplicity in the prior art are solved, the data required by the terminal equipment can be protected in a non-single mode, the safety of the data is ensured before the data is sent to the terminal equipment, the interactive process cannot trace back the source of the interactive data through fuzzification, the interactive data is prevented from being acquired and changed again, the original state of the interactive data is hidden through the data block sequence disorder, the secondary encryption of the interactive data is realized, and the safety of the interactive data in a server data interaction network safety system is improved.
In an embodiment provided by the present invention, when local data hiding is performed on the confusingly and fuzzily first encryption state interactive data, hiding is performed according to the number of the data blocks, and a target number of data blocks is selected from the confusingly and fuzzily first encryption state interactive data to be hidden, wherein the target number is forty percent to sixty percent of the total number of the data blocks.
According to the technical scheme, when local data hiding is carried out on the disordered and fuzzy first encryption state interactive data, the quantity of the data blocks is analyzed, and the quantity of the data blocks of forty percent to sixty percent of the quantity of the data blocks is hidden
According to the technical scheme, the risk that data are excessively exposed and damaged is avoided by hiding the local data, the safety of interactive data is improved, the size of the data can be effectively reduced by hiding forty percent to six decimal lines of the total number of the data blocks, the data can be conveniently transmitted in a server data interaction network safety system, and the data interaction efficiency is improved.
In one embodiment of the present invention, as shown in fig. 5, the secure network backup module includes: the system comprises a safety protection unit, a first data processing unit, a data decryption unit, a second data processing unit, a data transmission unit and a data recording unit; the first data processing unit is connected with the data interaction center module and the data decryption unit, the data decryption unit is further connected with the second data processing unit, the output end of the second data processing unit is connected with the data transmission unit, and the other end of the data transmission unit is connected with the terminal equipment; when the safety network backup module performs data processing and planning on received data information and transmits the received data information according to a planning scheme, the first data processing unit receives second encrypted interactive data transmitted by the data interaction center module, and meanwhile, the safety protection module performs safety environment detection on each unit in the safety network backup module to obtain a safety detection result; the data decryption unit acquires and decrypts a key for the completely processed interactive data information to acquire decrypted data information; the second data processing unit carries out false data elimination on the original data information, and retains real effective data to obtain original interactive data information; the data transmission unit plans the original interactive data information to obtain a planning scheme, transmits the original interactive data information to the terminal equipment according to the planning scheme, and simultaneously the data recording unit records the transmission flow direction of the original interactive data information aiming at the data transmission unit, produces a data log and stores the data log aiming at the data log.
The security network backup module in the above technical solution includes: the system comprises a safety protection unit, a first data processing unit, a data decryption unit, a second data processing unit, a data transmission unit and a data recording unit; the first data processing unit is connected with the data interaction center module and the data decryption unit, the data decryption unit is also connected with the second data processing unit, the output end of the second data processing unit is connected with the data transmission unit, and the other end of the data transmission unit is connected with the terminal equipment; when the safety network backup module processes and plans the received data information and transmits the received data information according to the planning scheme, the first data processing unit receives second encrypted interactive data transmitted by the data interaction center module, and the safety protection module performs safety environment detection on the first data processing unit, the data decryption unit, the second data processing unit, the data transmission unit and the data recording unit in the safety network backup module to obtain safety environment detection information of each unit, and further obtains a safety detection result according to the safety environment detection information of each unit, then the first data processing unit performs data display on the second encrypted interactive data under the condition that the environment atmosphere of the first data processing unit, the data decryption unit, the second data processing unit, the data transmission unit and the data recording unit is safe according to the safety detection result, the first encrypted interactive data hidden data is unhidden, and completely processed interactive data information is obtained; then, the data decryption unit carries out key acquisition and decryption processing on the completely processed interactive data information to obtain decrypted data information; then, the second data processing unit eliminates false data in the original data information, and retains real effective data to obtain original interactive data information; and finally, planning the original interactive data information by the data conveying unit to obtain a planning scheme, transmitting the original interactive data information to the terminal equipment according to the planning scheme, recording the transmission flow direction of the original interactive data information by the data recording unit aiming at the data transmission unit when the data conveying unit transmits the data information to the terminal equipment, producing a data log, and storing the data log aiming at the data.
When planning the original interactive data information to obtain a planning scheme, the data transmission unit comprises the following steps:
firstly, dividing original interactive data information according to terminal equipment, and determining original interactive data to be transmitted of each terminal equipment;
then, calculating the data delay time of the original interactive data to be transmitted of each terminal device by the following formula;
Figure BDA0003530309310000111
in the formula, T represents data delay time, a represents the length of an original interactive data frame to be transmitted, m represents the length of the shortest data frame in the original interactive data to be transmitted, r represents signal propagation delay, c represents signal transmission speed, T represents the width of a digital pulse signal, and N represents the number of modulation levels;
then, the data delay time of the original interactive data to be transmitted of each terminal device is judged by combining the preset delay time threshold value,
d=t-u
wherein d is a judgment value of the data delay time and a preset delay time threshold; u is a preset delay time, which is generally set according to the sensitivity of the server data interaction network security system,
when d is larger than or equal to 0, the data delay time of the original interactive data to be transmitted of each terminal device exceeds a preset delay time threshold, at this time, a transmission channel needs to be added for transmission, and the transmission channel is added for calculation through the following formula:
Figure BDA0003530309310000121
where n is the increased number of transmission channels, tnIndicating the data delay time when n transmission channels are added,
then continuing to judge the preset delay time until the data delay time of the original interactive data to be transmitted of each terminal device is smaller than a preset delay time threshold; in the planning scheme, n +1 transmission channels are adopted for transmission when the original interactive data to be transmitted are transmitted to the corresponding terminal equipment.
The transmission channel which needs to be started for transmitting the original interactive data to be transmitted by the terminal equipment is calculated and determined in the planning scheme, so that the resource waste can be effectively avoided, the transmission effect cannot be influenced, and the space waste is saved while the transmission efficiency is better.
The technical scheme realizes the interpretation of the transmitted data through the secure network backup module, so that the terminal equipment can receive the original interactive data transmitted by the server, the recovery of the received second encrypted interactive data transmitted by the data interaction center module is realized through the first data processing unit, the data decryption unit and the second data processing unit, the safety of the whole secure network backup module is ensured through the safety protection unit in the secure network backup module, the recovered data exists in a safe environment, the recovery data is guaranteed, the recovered data can be quickly and accurately transmitted to the corresponding terminal equipment through the data transmission unit, a planning scheme is established before the transmission so that the transmission can be carried out according to the planning scheme, and the transmission disorder or the excessive and insufficient transmission in the transmission process is avoided, the efficiency and the quality of transmission are improved, in addition, the flow direction of data is made clear and definite through the data recording unit, make things convenient for the later stage to verify, the person of being convenient for to supervise carries out security status's inspection to terminal equipment, makes the data that every terminal equipment required have the traceability.
In an embodiment provided by the present invention, when generating a data log, the data recording unit generates the data log according to a transmission flow direction of the terminal device, and specifies a type of required data, a required data acquisition frequency, and a required data acquisition time of the terminal device in the data log, performs a key mark on the required data with a high acquisition frequency by analysis, and feeds back the content of the key mark to the data interaction center module.
According to the technical scheme, when the data log is generated by the data recording unit, the transmission condition of the original interactive data is generated according to the data transmission unit, the type of the required data, the required data acquisition frequency and the required data acquisition time of the terminal equipment are analyzed in the data log, the required data with high acquisition frequency are subjected to key marking, and the content of the key marking is fed back to the data interaction center module.
According to the technical scheme, the data recording unit is used for determining the requirements of the terminal equipment on the data, so that the server data interaction network safety system can specifically know the flow direction of the terminal equipment and the data according to feedback, and then the monitoring personnel in the later stage can conveniently check the safety state of the terminal equipment, and the data required by each terminal equipment has the traceability. And the content of the key mark is fed back to the data interaction center module to increase the knowledge of the data interaction center module on the terminal equipment, so that convenience is provided for the terminal equipment to obtain data again.
In an embodiment provided by the present invention, when the application server access module is connected to the server, the application server access module performs connection management for the server, when the server is connected to the application server access module, the application server access module obtains an address of the server and generates a virtual signal to test the server, if the server transmits a correct reply data information signal according to the virtual signal feedback, the server is a legal server, at this time, the server is successfully connected to the application server access module, if the server transmits an incorrect reply data information signal according to the virtual signal feedback, the server is an illegal server, at this time, the connection between the server and the application server access module fails, and when the plurality of servers are successfully connected with the application server access module, the application server access module also performs data acquisition management on the manager according to the data acquisition request information transmitted by the terminal equipment.
When the application server access module in the above technical solution is connected to the server, the connection management is performed on the connected server, and when the application server access module performs the connection management on the connection server, the method includes the following steps:
acquiring an address of a server;
generating a virtual signal to test the server according to the acquired address of the server, so that the server generates a reply data information signal aiming at the virtual signal and feeds the reply data information signal back to the application server;
analyzing the reply data information signal to obtain a test result, if the server transmits a correct reply data information signal according to the virtual signal feedback, the server is a legal server, at the moment, the server is successfully connected to the application server access module, if the server transmits an incorrect reply data information signal according to the virtual signal feedback, the server is an illegal server, at the moment, the connection between the server and the application server access module fails, and when the connection between a plurality of servers and the application server access module is successful, the application server access module also performs data acquisition management on the manager according to data acquisition request information transmitted by the terminal equipment.
According to the technical scheme, when the server is connected to the application server access module, the application server access module adopts the virtual signal to test so that the accessed servers are legal servers, and therefore the phenomenon that the illegal server transmits dangerous data to the terminal equipment is avoided, and further the damage to the terminal equipment is avoided.
In an embodiment provided by the present invention, when the first data processing expands the interactive data information by adding dummy data, the first data processing includes: determining a false data segment according to the interactive data information, wherein when the false data segment is determined, the data in the false data segment refers to data which does not generate substantial change on the interactive data information; calculating the adding number of the false data fragments according to the size of the target data and the interactive data information to obtain the number of the false data; and adding the false data into the interactive data information according to the number of the false data, so that the expanded interactive data information reaches the target requirement, thereby obtaining expanded interactive data.
When the interactive data information is expanded by adding the false data in the first data processing in the technical scheme, firstly, a false data segment is determined according to the interactive data information, wherein the data in the false data segment is data which does not substantially change the interactive data information; then, calculating the adding number of the false data fragments according to the size of the target data and the interactive data information, and determining the number of the false data; and then, adding the false data into the interactive data information according to the determined number of the false data to achieve the purpose of expanding the interactive data, so that the expanded interactive data information reaches the target requirement, and the expanded interactive data is obtained.
The technical scheme expands the interactive data with any specification by the dummy data fragments, so that the size of the target data can be achieved by expanding different numbers of the dummy data fragments, the data processing is convenient, and the interactive data information cannot be influenced.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. A server data interaction network security system, characterized by: the server data interaction network security system comprises: the system comprises a server, a first data firewall, a second data firewall, an application server access module, a data interaction center module and terminal equipment; the server is connected with the application server access module, the application server access module is connected with the first data firewall, and the output end of the first data firewall is connected with the second data firewall; the other end of the second data firewall is connected with the data interaction center module, and the data interaction center module is further connected with the terminal equipment.
2. The server data interaction network security system of claim 1, wherein: the server data interaction network security system further comprises: a secure network backup module; the safety network backup module is connected between the data interaction center module and the terminal equipment and used for processing and planning the received data information and transmitting the received data information according to a planning scheme.
3. The server data interaction network security system of claim 2, wherein: the terminal device includes: the system comprises a one-piece machine, a mobile intelligent terminal and an IPAD, wherein a plurality of terminal devices can be simultaneously connected to the secure network backup module, and the server can also be a plurality of servers simultaneously connected to the application server access module.
4. The server data interaction network security system of claim 3, wherein: the first data firewall is configured to perform first operation processing on the interactive data information transmitted by the server, where the first operation processing includes: receiving interactive data information transmitted by the server; analyzing whether the interactive data information is from the same server, if the interactive data information is from the same server, directly performing first data processing on the interactive data information, and if the interactive data information is from different servers, dividing the interactive data information into a plurality of interactive data information according to data sources and then respectively performing first data processing; wherein the first data processing includes: expanding the interactive data information by adding false data to obtain expanded interactive data; and encrypting the expanded interactive data by adopting a first encryption algorithm to obtain first encrypted interactive data.
5. The server data interaction network security system of claim 4, wherein: the first data firewall transmits the first encrypted interaction data to the second data firewall after obtaining the first encrypted interaction data, and the second data firewall performs second operation processing on the first encrypted interaction data transmitted by the first data firewall, wherein the second operation processing includes: performing data fuzzification processing on the first encrypted interactive data, and modifying the title and/or the address of the first encrypted interactive data to fuzzify the title and/or the address of the information of the first encrypted interactive data to obtain fuzzified first encrypted interactive data; dividing the fuzzified first encrypted interactive data, dividing the fuzzified first encrypted interactive data into a plurality of data blocks, and scrambling the sequence of the data blocks to obtain the disordered and fuzzy first encrypted interactive data; and partial data hiding is carried out on the disordered and fuzzy first encryption state interactive data, and second encryption interactive data are obtained after partial data information in the disordered and fuzzy first encryption state interactive data is hidden.
6. The server data interaction network security system of claim 5, wherein: when local data hiding is conducted on the messy and fuzzy first encryption state interactive data, hiding is conducted according to the number of the data blocks, and data blocks with a target number are selected from the messy and fuzzy first encryption state interactive data to be hidden, wherein the target number is forty percent to sixty percent of the total number of the data blocks.
7. The server data interaction network security system of claim 5, wherein: the secure network backup module includes: the system comprises a safety protection unit, a first data processing unit, a data decryption unit, a second data processing unit, a data transmission unit and a data recording unit; the first data processing unit is connected with the data interaction center module and the data decryption unit, the data decryption unit is further connected with the second data processing unit, the output end of the second data processing unit is connected with the data transmission unit, and the other end of the data transmission unit is connected with the terminal equipment; when the safety network backup module performs data processing and planning on received data information and transmits the received data information according to a planning scheme, the first data processing unit receives second encrypted interactive data transmitted by the data interaction center module, and meanwhile, the safety protection module performs safety environment detection on each unit in the safety network backup module to obtain a safety detection result; the data decryption unit acquires and decrypts a key according to the completely processed interactive data information to acquire decrypted data information; the second data processing unit carries out false data elimination on the original data information, and retains real effective data to obtain original interactive data information; the data transmission unit plans the original interactive data information to obtain a planning scheme, transmits the original interactive data information to the terminal equipment according to the planning scheme, and simultaneously the data recording unit records the transmission flow direction of the original interactive data information aiming at the data transmission unit, produces a data log and stores the data log aiming at the data log.
8. The server data interaction network security system of claim 7, wherein: when the data log is generated by the data recording unit, the data log is generated according to the transmission flow direction of the terminal equipment, the type of the required data, the required data acquisition frequency and the required data acquisition time of the terminal equipment are determined in the data log, the required data with high acquisition frequency are subjected to key marking through analysis, and the content of the key marking is fed back to the data interaction center module.
9. The server data interaction network security system of claim 3, wherein: when the application server access module is connected with the server, the application server access module respectively carries out connection management aiming at the server, when the server is connected with the application server access module, the application server access module acquires the address of the server and generates a virtual signal to test the server, if the server transmits a correct reply data information signal according to the virtual signal feedback, the server is a legal server, at the moment, the server is successfully connected with the application server access module, if the server transmits an incorrect reply data information signal according to the virtual signal feedback, the server is an illegal server, at the moment, the connection between the server and the application server access module fails, and when a plurality of servers are successfully connected with the application server access module, and the application server access module also performs data acquisition management on the manager according to the data acquisition request information transmitted by the terminal equipment.
10. The server data interaction network security system of claim 4, wherein: when the interactive data information is expanded by adding dummy data, the first data processing comprises the following steps: determining a false data segment according to the interactive data information, wherein when the false data segment is determined, data in the false data segment refers to data which does not generate substantial change on the interactive data information; calculating the adding number of the false data fragments according to the size of the target data and the interactive data information to obtain the number of the false data; and adding the false data into the interactive data information according to the number of the false data, so that the expanded interactive data information reaches the target requirement, thereby obtaining expanded interactive data.
CN202210203026.0A 2022-03-03 2022-03-03 Server data interaction network security system Withdrawn CN114584370A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210203026.0A CN114584370A (en) 2022-03-03 2022-03-03 Server data interaction network security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210203026.0A CN114584370A (en) 2022-03-03 2022-03-03 Server data interaction network security system

Publications (1)

Publication Number Publication Date
CN114584370A true CN114584370A (en) 2022-06-03

Family

ID=81771103

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210203026.0A Withdrawn CN114584370A (en) 2022-03-03 2022-03-03 Server data interaction network security system

Country Status (1)

Country Link
CN (1) CN114584370A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115426633A (en) * 2022-08-31 2022-12-02 广州泽尔测试技术有限公司 Intelligent network communication equipment and core board card thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115426633A (en) * 2022-08-31 2022-12-02 广州泽尔测试技术有限公司 Intelligent network communication equipment and core board card thereof
CN115426633B (en) * 2022-08-31 2024-02-20 广州泽尔测试技术有限公司 Intelligent network communication equipment and core board card thereof

Similar Documents

Publication Publication Date Title
CN104270614A (en) Video encryption and decryption method and device
CN110138731B (en) Network anti-attack method based on big data
CN114584370A (en) Server data interaction network security system
CN111324517A (en) Application service supervision method, supervision server and storage medium
CN117149521A (en) Network-connected automobile data backup method and system
CN113098852A (en) Log processing method and device
CN112115657A (en) Chip security simulation analysis method and device for preventing single time attack
CN115001700B (en) Ecological environment supervision method and system based on blockchain
CN116996408A (en) Data transmission monitoring method and device, electronic equipment and storage medium
CN112087301A (en) Gas meter safety certification system based on state cryptographic algorithm
US12034708B2 (en) Method and reproduction unit for reproducing protected messages
CN111327624B (en) On-chain detection method and system for key information system
CN111190824B (en) Monitoring method, device, terminal equipment and storage medium
CN114189359A (en) Internet of things equipment for avoiding data tampering, and data secure transmission method and system
CN108777601B (en) Clock synchronization method, device and network equipment
CN117220992B (en) Cloud security management monitoring method and system supporting commercial cryptographic algorithm
CN116502251B (en) Data encryption storage method, device, equipment and storage medium
CN114401126B (en) Interface security monitoring method and device
CN117240610B (en) PLC module operation data transmission method and system based on data encryption
CN117194334B (en) Log storage method, device, equipment and medium of distributed log storage system
CN110661759B (en) Access detection method and device
CN115550916B (en) Information transmission method, information transmission device, computer equipment and storage medium
CN213276647U (en) Safety simulation analysis device for preventing time attack
CN117499156A (en) Network information transmission security detection method and system
CN116522393A (en) Cable information reading method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20220603

WW01 Invention patent application withdrawn after publication