CN116528225B - Data security management method, system and device for WAPI terminal access network - Google Patents
Data security management method, system and device for WAPI terminal access network Download PDFInfo
- Publication number
- CN116528225B CN116528225B CN202310799395.5A CN202310799395A CN116528225B CN 116528225 B CN116528225 B CN 116528225B CN 202310799395 A CN202310799395 A CN 202310799395A CN 116528225 B CN116528225 B CN 116528225B
- Authority
- CN
- China
- Prior art keywords
- information data
- access
- data
- access information
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title abstract description 41
- 238000000034 method Methods 0.000 claims abstract description 10
- 230000015654 memory Effects 0.000 claims description 38
- 230000008030 elimination Effects 0.000 claims description 36
- 238000003379 elimination reaction Methods 0.000 claims description 36
- 230000003993 interaction Effects 0.000 claims description 29
- 230000000873 masking effect Effects 0.000 claims description 15
- 238000006243 chemical reaction Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 238000013138 pruning Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Abstract
The application discloses a data security management method and a system for WAPI terminal access network, which relate to the technical field of data security management, and the method comprises the following steps: acquiring access information data of the WAPI terminal accessed to a network; when encrypting, splitting the access information data into access data and an access name, and carrying out combined encryption on the access data and the access name based on a preset encryption rule and a random shielding index to obtain encrypted access information data; and in decryption, the encrypted access information data is decrypted based on a preset decryption rule and the random shielding index to obtain decrypted access information data, so that the whole data is prevented from being encrypted and decrypted by adopting a constant encryption protocol, and the security of the access information data is improved.
Description
Technical Field
The application relates to the technical field of data security management, in particular to a data security management method and system for a WAPI terminal access network.
Background
It is becoming more and more common to access Web application sites on the internet through WAPI terminals, many Web application site websites require users to perform identity verification before accessing a network, and perform data access after identifying identities, while WAPI terminals complete identity authentication when accessing the network, so that the WAPI terminals are widely used, and it is necessary to ensure security of data transmission when the WAPI terminals access the network.
The prior WAPI terminal accesses the network, when the WAPI terminal, the access point and the server are started to finish mutual authentication, the server encrypts the data requested by the WAPI terminal by using an encryption protocol specified by the WAPI protocol, and then the encrypted data is sent to the WAPI terminal through the access point, so that the safety of data transmission can be improved.
Disclosure of Invention
The application provides a data security management method, a system and a device for a WAPI terminal access network, which are used for solving the technical problem that the existing data security management method for the WAPI terminal access network has no flexibility for protecting data.
The first aspect of the present application provides a data security management method for a WAPI terminal to access a network, including:
acquiring access information data of the WAPI terminal accessed to a network;
when encrypting, splitting the access information data into access data and an access name, and carrying out combined encryption on the access data and the access name based on a preset encryption rule and a random shielding index to obtain encrypted access information data;
and in decryption, decrypting the encrypted access information data based on a preset decryption rule and the random shading index to obtain decrypted access information data.
Preferably, the step of performing combined encryption on the access data and the access name based on a preset encryption rule and a random masking index to obtain encrypted access information data includes:
acquiring an access name and access data of the access information data, marking the access name as an information name, and marking the access data as information data;
numbering the information names to obtain information name numbers;
and based on a preset encryption rule and a random shielding index, carrying out combined encryption on the access data and the access name according to the information name number and the information data to obtain encrypted access information data.
Preferably, the step of performing combined encryption on the access data and the access name according to the information name number and the information data based on a preset encryption rule and a random shielding index to obtain encrypted access information data includes:
acquiring a random shielding index;
based on a preset encryption rule and a random shielding index, carrying out combined encryption on the access data and the access name according to the information name number and the information data to obtain first initial encrypted access information data;
;
wherein ,represent the firstiFirst initial encrypted access information data; />Representing a random masking index; />Represent the firstiA personal information name number; />Represent the firstiInformation data;irepresent the firstiPersonal connectorEntering information data;nrepresenting the total number of access information data;
splicing the first initial encrypted access information data and the information name number to obtain second initial encrypted access information data, and performing binary conversion on the second initial encrypted access information data to obtain an interaction avoidance value;
;
wherein ,represent the firstiFirst initial encrypted access information data; />Represent the firstiA personal information name number; />Represent the firstiInformation data; />Represent the firstiSecond initial encrypted access information data; />Represent the firstiA personal interaction avoidance value;irepresent the firstiAccess information data;nrepresenting the total number of access information data;
the information names are in one-to-one correspondence with the information name numbers to obtain an information name table;
and recording the information name table and the interaction avoidance value as encrypted access information data.
Preferably, the decrypting the interaction avoidance value and the information name table based on a preset decryption rule and the random shading index to obtain decrypted access information data includes:
acquiring the encrypted access information data;
determining the information name table and the interaction avoidance value according to the encrypted access information data;
performing decimal conversion on the interaction avoidance value to obtain second initial encrypted access information data;
;
wherein ,represent the firstiA personal interaction avoidance value; />Represent the firstiSecond initial encrypted access information data;irepresent the firstiAccess information data;nrepresenting the total number of access information data;
carrying out data splitting on the second initial encrypted access information data to obtain first initial encrypted access information data and the information name number;
;
wherein ,represent the firstiSecond initial encrypted access information data; />Represent the firstiFirst initial encrypted access information data; />Represent the firstiA personal information name number;irepresent the firstiAccess information data;nrepresenting the total number of access information data;
determining an information name corresponding to the information name number according to the information name number and the information name table;
decrypting the first initial encrypted access information data based on a preset decryption rule, the random shading index and the information name number to obtain the information data;
;
wherein ,represent the firstiInformation data; />Represent the firstiFirst initial encrypted access information data; />Represent the firstiA personal information name number; />Representing a random masking index;irepresent the firstiAccess information data;nrepresenting the total number of access information data;
and splicing the information data and the information name to obtain decrypted access information data.
Preferably, the data security management method further includes:
acquiring an access record of the encrypted access information data;
storing the encrypted access information data and the access record;
judging whether the memory occupancy rate of the preset storage space exceeds a preset memory threshold value, if so, deleting the access information data and the access records based on a preset management rule.
Preferably, the deleting the access information data and the access record based on a preset management rule includes:
acquiring an access memory of the encrypted access information data;
determining the storage time length of the encrypted access information data according to the access record; wherein the access record includes access time;
calculating an elimination value of the encrypted access information data based on a preset management rule according to the access memory and the access time, and deleting the encrypted access information data with the elimination value larger than a preset elimination threshold value and the access record of the encrypted access information data;
;
wherein ,a cull value representing the ith encrypted access information data; />Representing a preset elimination coefficient; />Representing the storage time length of the ith encrypted access information data; />An access memory representing the ith encrypted access information data;irepresent the firstiAccess information data;nrepresenting the total number of access information data.
Preferably, the deleting the encrypted access information data with the elimination value greater than a preset elimination threshold value and the access record of the encrypted access information data includes:
the encrypted access information data with the elimination value larger than a preset elimination threshold value is recorded as elimination target encrypted access information data;
sorting the obsolete target encrypted access information data according to the obsolete value from large to small;
and deleting the access records of the deselected target encrypted access information data and the deselected target encrypted access information data with the larger deselected value and the first preset proportion.
Preferably, the deleting the access record of the deselected target encrypted access information data and the deselected target encrypted access information data with the first preset proportion with the larger deselected value includes:
the encrypted access information data with the elimination value larger than a preset elimination threshold value is recorded as the elimination target encrypted access information data;
acquiring the storage time length of the obsolete target encrypted access information data, and sequencing the obsolete target encrypted access information data according to the storage time length from long to short;
and deleting the access records of the obsolete target encrypted access information data and the obsolete target encrypted access information data with the second preset proportion and longer storage duration.
The second aspect of the present application also provides a data security management system for a WAPI terminal access network, including:
the data acquisition module is used for acquiring access information data of the WAPI terminal accessed to the network;
the data encryption module is used for splitting the access information data into access data and access names, and carrying out combined encryption on the access data and the access names based on preset encryption rules and random shielding indexes to obtain encrypted access information data;
and the data decryption module is used for decrypting the encrypted access information data based on a preset decryption rule and the random shading index to obtain decrypted access information data.
The third aspect of the present application also provides a data security management device for a WAPI terminal to access a network, including: a memory and a processor;
the memory is used for storing a computer program;
the processor is configured to implement the data security management method for the WAPI terminal access network according to the first aspect of the present application when executing the computer program.
The data security management method provided by the technical scheme of the application has the following advantages: the access information data of the WAPI terminal access network is obtained, the access information data is split into the access data and the access name during encryption, the integral encryption of the data by adopting a constant encryption protocol is avoided, the access data and the access name are combined and encrypted based on a preset encryption rule and a random shielding index, the encrypted access information data is obtained, the encrypted access information data is decrypted based on a preset decryption rule and a random shielding index during decryption, the decrypted access information data is obtained, and the flexibility and the safety of the encryption/decryption of the access information data are improved.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the application, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
Fig. 1 is a flow chart of a data security management method of a WAPI terminal access network according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a data security management method for a WAPI terminal access network according to an embodiment of the present application.
Detailed Description
In order to make the objects, features and advantages of the present application more obvious and understandable, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the embodiments described below are only some embodiments of the present application, not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
An embodiment 1 of the present application provides a data security management method for a WAPI terminal to access a network, referring to fig. 1, in embodiment 1, the data security management method includes:
and acquiring access information data of the WAPI terminal accessed to the network.
When the WAPI terminal accesses the network, access information data is generated, where the access information data includes, but is not limited to, IP address of the WAPI terminal, duration of data link, consumed traffic, and the like. In order to ensure secure transmission of access information data, encryption processing of the access information data is generally required.
And in encryption, splitting the access information data into access data and an access name, and carrying out combined encryption on the access data and the access name based on a preset encryption rule and a random shielding index to obtain encrypted access information data.
The embodiment is different from the conventional method for encrypting the whole data by utilizing a constant encryption protocol, but splits the access information data into the access data and the access name, then carries out combined encryption on the split access data and the access name based on a preset encryption rule and a random shielding index, realizes flexible encryption on the access information data through the variable random shielding index, and improves encryption flexibility and security of the access information data.
And in decryption, decrypting the encrypted access information data based on a preset decryption rule and the random shading index to obtain decrypted access information data.
Meanwhile, during decryption, unlike the conventional decryption protocol which utilizes unchanged decryption protocol to decrypt the whole data, the embodiment realizes decryption of encrypted access information data based on the preset decryption rule and the random shielding index, realizes safe decryption of the access information data through the changed random shielding index, improves the decryption difficulty of the access information data, and increases the security of the access information data.
In the embodiment 1, access information data of a WAPI terminal access network is obtained, the access information data is split into access data and an access name during encryption, the whole encryption of the data by adopting a constant encryption protocol is avoided, the access data and the access name are subjected to combined encryption based on a preset encryption rule and a random shielding index to obtain encrypted access information data, the encrypted access information data is decrypted based on a preset decryption rule and a random shielding index during decryption to obtain decrypted access information data, the flexible encryption and decryption of the access information data are realized through the variable random shielding index, and the flexibility and the security of the encryption/decryption of the access information data are improved.
On the basis of the foregoing embodiment, the present application provides another preferred embodiment 2, in which in embodiment 2, the combination encryption of the access data and the access name based on a preset encryption rule and a random masking index may be specifically implemented in the following manner, to obtain encrypted access information data.
And acquiring an access name and access data of the access information data, marking the access name as an information name, and marking the access data as information data.
For example, the access information data is a WAPI terminal IP address (169.168.167.166), the access name and access data of the WAPI terminal IP address are acquired, the access name is "IP address", the access data is "169.168.167.166", the "IP address" is referred to as an information name, and the "169.168.167.166" is referred to as information data.
And numbering the information names to obtain the information name numbers.
It should be noted that the number of access information data is plural, some WAPI terminals are first access networks, when some WAPI terminals exist, the WAPI terminals are not first access networks, the information names of the access information data of the WAPI terminals accessed to the networks are numbered for the WAPI terminals of the first access networks to obtain information name numbers, and the information names before the access information data of the WAPI terminals accessed to the networks are used for the WAPI terminals which are not first access networks.
And carrying out combined encryption on the access data and the access name according to the information name number and the information data based on a preset encryption rule and a random shielding index to obtain encrypted access information data. Specific:
a random masking index is obtained.
The random shading index is randomly generated by the system, the size is not fixed, and flexible encryption of access information data is realized through the changed random shading index.
Based on a preset encryption rule and a random shielding index, carrying out combined encryption on the access data and the access name according to the information name number and the information data to obtain first initial encrypted access information data;
;
wherein ,represent the firstiFirst initial encrypted access information data; />Representing a random masking index; />Represent the firstiA personal information name number; />Represent the firstiInformation data;irepresent the firstiAccess information data;nrepresenting the total number of access information data.
It should be noted that the number of the components,is the information name after processing, +.>The information names are processed information data, and the information names are in one-to-one correspondence with the information name numbers to obtain an information name table. Taking the above access information data as the WAPI terminal IP address (169.168.167.166), the information name is "IP address", the access data is "169.168.167.166", and if the above WAPI terminal IP address (169.168.167.166) is the first access information data, then->Is "IP address", ">Is "169.168.167.166". In a specific example, <' > a->Can take the value asiI.e. +.>。
Splicing the first initial encrypted access information data and the information name number to obtain second initial encrypted access information data, and performing binary conversion on the second initial encrypted access information data to obtain an interaction avoidance value;
;
wherein ,represent the firstiFirst initial encrypted access information data; />Represent the firstiA personal information name number; />Represent the firstiInformation data; />Represent the firstiSecond initial encrypted access information data; />Represent the firstiA personal interaction avoidance value;irepresent the firstiAccess information data;nrepresenting the total number of access information data.
It should be noted that, the above data splicing may be to splice the information name number after the first initial encrypted access information data, or splice the information name number before the first initial encrypted access information data, and the specific mode of data splicing may be performed by using the prior art, which is not described herein in detail in this embodiment. By packaging the information name number and the first initial encrypted access information data together, on one hand, the encryption flexibility and security are improved, and on the other hand, the information name number can be rapidly and accurately determined during decryption, so that decryption errors are avoided. Furthermore, the second initial encrypted access information data is binary converted to obtain the interaction avoidance value, so that the interaction avoidance value is convenient to transmit and store.
And finally, the information name table and the interaction avoidance value are recorded as encrypted access information data.
It will be appreciated that the above(ith information name number),>(first)iPersonal information data), -a person is provided with (a) a person is provided with (b)>(first)iFirst initial encrypted access information data), a first encrypted access information data>(first)iSecond initial encrypted access information data) and +.>(first)iPersonal interaction avoidance value) one-to-one by +.>(ith information name number) and +.>(first)iPersonal information data) can determine the corresponding +.>(first)iFirst initially encrypted access information data) by ∈>(first)iFirst initial encrypted access information data) and +.>(ith information name number) the corresponding +.>(first)iSecond initially encrypted access information data) by ∈>(first)iSecond initially encrypted access information data) can determine the corresponding +.>(first)iPersonal interaction avoidance value).
On the basis of the foregoing embodiment, the present application provides another preferred embodiment 3, in which in embodiment 3, the decrypting of the interaction avoidance value and the information name table based on the preset decryption rule and the random masking index may be implemented specifically in the following manner.
And acquiring the encrypted access information data, and determining an information name table and an interaction avoidance value according to the encrypted access information data.
As can be seen from the foregoing embodiment 2, the encrypted access information data is composed of the information name table and the interaction avoidance value, and therefore, the information name table and the interaction avoidance value can be determined by the encrypted access information data.
Performing decimal conversion on the interaction avoidance value to obtain second initial encrypted access information data;
;
wherein ,represent the firstiA personal interaction avoidance value; />Represent the firstiSecond initial encrypted access information data;irepresent the firstiAccess information data;nrepresenting the total number of access information data;
splitting the second initial encrypted access information data to obtain first initial encrypted access information data and an information name number;
;
wherein ,represent the firstiSecond initial encrypted access information data; />Represent the firstiFirst initial encrypted access information data; />Represent the firstiA personal information name number;irepresent the firstiAccess information data;nrepresenting the total number of access information data.
The specific manner of performing decimal conversion on the interaction avoidance value and performing data splitting on the second initial encrypted access information data may be performed by adopting the prior art, which is not repeated herein, and it should be noted that the data splitting in embodiment 3 and the data splicing in embodiment 2 are reverse operations, and the first initial encrypted access information data and the information name number obtained after the data splitting are identical to the first initial encrypted access information data and the information name number in embodiment 2.
Since the information name table contains the information name number and the information name corresponding to the information name number, the information name corresponding to the information name number can be determined from the information name number obtained by splitting the data and the information name table obtained by the above steps.
Further, decrypting the first initially encrypted access information data based on a preset decryption rule, a random masking index and an information name number, so as to obtain information data;
;
wherein ,represent the firstiInformation data; />Represent the firstiFirst initial encrypted access information data; />Represent the firstiA personal information name number; />Representing a random masking index;irepresent the firstiAccess information data;nrepresenting the total number of access information data.
It should be noted that the random masking index at the time of decryption is identical to the random masking index at the time of encryption for the same access information data, and the decryption/encryption random masking index is different between access information data for different access information data. In a specific example, the random access index may correspond to an information name number, and the corresponding random access index may be determined by the information name number obtained by performing data splitting on the second initially encrypted access information data.
And finally, splicing the information data and the information name to obtain the decrypted access information data.
In the embodiment 2 and the embodiment 3, the access information data of the WAPI terminal access network is obtained, the access information data is split into the access data and the access name during encryption, the whole encryption of the data by adopting a constant encryption protocol is avoided, the access data and the access name are combined and encrypted based on a preset encryption rule and a random shielding index, the encrypted access information data is obtained, the encrypted access information data is decrypted based on a preset decryption rule and the random shielding index during decryption, the decrypted access information data is obtained, and the security of the access information data is improved.
On the basis of the foregoing embodiment 1, embodiment 2, or embodiment 3, the present application provides another preferred embodiment 4, where in embodiment 4, the data security management method further includes:
and acquiring an access record of the encrypted access information data, and storing the encrypted access information data and the access record.
Wherein the access records of the access information data include, but are not limited to, access time and access address.
Judging whether the memory occupancy rate of the preset storage space exceeds a preset memory threshold value, if so, deleting the access information data and the access records based on a preset management rule.
It can be understood that, in order to ensure timeliness and security of data storage, the stored encrypted access information data needs to be managed regularly, so that a large amount of invalid data is avoided from occupying the memory, therefore, in this embodiment, by judging whether the memory occupancy rate of the preset storage space exceeds the preset memory threshold, when the memory occupancy rate of the preset storage space exceeds the preset memory threshold, the access information data and the access record are pruned based on the preset management rule, so that sufficient storage space is reserved for subsequent real-time access information data.
In a preferred embodiment, the foregoing pruning of the access information data and the access records based on preset management rules may be implemented in the following manner.
Acquiring an access memory of encrypted access information data; the storage space occupied by the different encrypted access information data is different, and the storage space occupied by the encrypted access information data is recorded as an access memory.
Determining the storage time length of the encrypted access information data according to the access record; wherein the access record includes an access time, the access time representing a time when the encrypted access information data was last accessed.
It should be noted that the storage duration indicates the time for which the access information data is accessed last time, but not the time for which the access information data is accessed first time, and it can be understood that some encrypted access information data is accessed first time for which the preset storage space is accessed first time, but the time for which the access information data is accessed last time is shorter, which means that the activity of the encrypted access information data is higher, the possibility of being invalid data is smaller, and similarly, some encrypted access information data is not accessed first time for which the preset storage space is accessed first time, but is not accessed after being accessed into the storage space, which means that the activity of the encrypted access information data is worse and the possibility of being invalid data is larger.
According to the access memory and the access time, calculating an elimination value of the encrypted access information data based on a preset management rule, and deleting the encrypted access information data with the elimination value larger than a preset elimination threshold value and the access record of the encrypted access information data;
;
wherein ,a cull value representing the ith encrypted access information data; />Representing a preset elimination coefficient; />Representing the storage time length of the ith encrypted access information data; />An access memory representing the ith encrypted access information data;irepresent the firstiAccess information data;nrepresenting the total number of access information data.
The implementation modes of deleting the encrypted access information data with the elimination value larger than the preset elimination threshold value and the access record of the encrypted access information data are two;
first kind:
the encrypted access information data with the elimination value larger than a preset elimination threshold value is recorded as the elimination target encrypted access information data; sorting the obsolete target encrypted access information data according to the obsolete value from big to small; and deleting the obsolete target encryption access information data and the corresponding access records of the first preset proportion with larger obsolete values.
Second kind:
the encrypted access information data with the elimination value larger than a preset elimination threshold value is recorded as the elimination target encrypted access information data; acquiring the storage time length of the obsolete target encrypted access information data, and sequencing the obsolete target encrypted access information data according to the storage time length from long to short; and deleting the obsolete target encryption access information data and the corresponding access records of the second preset proportion with longer storage duration.
Wherein the first preset ratio may be the same or different.
Embodiment 4 provides a secure storage management method for encrypted access data on the basis of the foregoing embodiment, by acquiring an access record of encrypted access information data and an access memory of encrypted access information data, when it is determined that a memory occupancy rate of a preset storage space exceeds a preset memory threshold, deleting the encrypted access information data and the access record based on a preset management rule. The memory occupied by a large amount of invalid data is avoided, the timeliness and the safety of data storage are ensured, and sufficient storage space is reserved for subsequent real-time encryption access information data.
An embodiment 5 of the present application provides a data security management system for a WAPI terminal access network, referring to fig. 2, in embodiment 5, the data security management system includes:
the data acquisition module is used for acquiring access information data of the WAPI terminal accessed to the network;
the data encryption module is used for splitting the access information data into access data and access names, and carrying out combined encryption on the access data and the access names based on preset encryption rules and random shielding indexes to obtain encrypted access information data;
and the data decryption module is used for decrypting the encrypted access information data based on a preset decryption rule and the random shading index to obtain decrypted access information data.
In a preferred embodiment, the data security management system further comprises a processor module, a storage management module, a conversion module, and a display module.
The conversion module is used for converting serial communication into network communication, acquiring encrypted access information data from the data encryption module and transmitting the acquired encrypted access information data to the processor module.
The processor module is used for receiving the encrypted access information data, attaching a time stamp to the encrypted access information data and then sending the encrypted access information data to the storage management module; the processor module is also used for generating a random shading index and sending the random shading index to the data encryption module and the data decryption module; the processor module is also used for receiving the decrypted access information data and sending the decrypted access information data to the display module for display.
When the processor module sends the random shielding index to the data encryption module, the information name number of the encrypted access information data is obtained from the data encryption module, the information name number and the random shielding index are related and sent to the data decryption module, and when the data decryption module decrypts the received encrypted access information data, the corresponding random shielding index is determined through the information name number obtained through initial decryption to achieve final decryption.
The storage management module is used for acquiring access records (including time stamps) of the encrypted access information data; storing the encrypted access information data and the access record of the encrypted access information data to a storage unit; and the access records of the encrypted access information data and the encrypted access information data are deleted based on a preset management rule when the memory occupancy rate of the storage unit exceeds a preset memory threshold.
In the data security management system provided in embodiment 5, access information data of a WAPI terminal access network is obtained through a data obtaining module, the access information data is split into access data and an access name by utilizing a data encrypting module, the whole data is prevented from being encrypted by adopting a constant encryption protocol, the access data and the access name are combined and encrypted based on a preset encryption rule and a random shielding index to obtain encrypted access information data, the encrypted access information data is decrypted by utilizing a data decrypting module based on a preset decryption rule and a random shielding index to obtain decrypted access information data, the security of the access information data is improved, meanwhile, access records of the encrypted access information data and access memories of the encrypted access information data are obtained by utilizing a storage management module, and when the memory occupancy rate of a preset storage space is judged to exceed a preset memory threshold value, the encrypted access information data and the access records are deleted based on a preset management rule. The memory occupied by a large amount of invalid data is avoided, the timeliness and the safety of data storage are ensured, and sufficient storage space is reserved for subsequent real-time encryption access information data.
An embodiment 6 of the present application provides a data security management apparatus for a WAPI terminal to access a network, where in embodiment 6, the data security management apparatus includes a memory and a processor.
And a memory for storing a computer program.
A processor, configured to implement the data security management method for the WAPI terminal access network according to the foregoing embodiments 1-4 when executing the computer program.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.
Claims (8)
1. A method for data security management of a WAPI terminal access network, comprising:
acquiring access information data of the WAPI terminal accessed to a network;
when encrypting, splitting the access information data into access data and an access name, and carrying out combined encryption on the access data and the access name based on a preset encryption rule and a random shielding index to obtain encrypted access information data; specific:
acquiring an access name and access data of the access information data, marking the access name as an information name, and marking the access data as information data;
numbering the information names to obtain information name numbers;
acquiring a random shielding index;
based on a preset encryption rule and a random shielding index, carrying out combined encryption on the access data and the access name according to the information name number and the information data to obtain first initial encrypted access information data;
;
wherein ,represent the firstiFirst initial encrypted access information data; />Representing a random masking index; />Represent the firstiA personal information name number; />Represent the firstiInformation data;irepresent the firstiAccess information data;nrepresenting the total number of access information data;
splicing the first initial encrypted access information data and the information name number to obtain second initial encrypted access information data, and performing binary conversion on the second initial encrypted access information data to obtain an interaction avoidance value;
;
wherein ,represent the firstiSecond initial encrypted access information data; />Represent the firstiA personal interaction avoidance value;
the information names are in one-to-one correspondence with the information name numbers to obtain an information name table;
marking the information name table and the interaction avoidance value as encrypted access information data;
and in decryption, decrypting the encrypted access information data based on a preset decryption rule and the random shading index to obtain decrypted access information data.
2. The method for data security management of WAPI terminal access network according to claim 1, wherein decrypting the encrypted access information data based on a preset decryption rule and the random masking index to obtain decrypted access information data comprises:
acquiring the encrypted access information data;
determining the information name table and the interaction avoidance value according to the encrypted access information data;
performing decimal conversion on the interaction avoidance value to obtain second initial encrypted access information data;
;
carrying out data splitting on the second initial encrypted access information data to obtain first initial encrypted access information data and the information name number;
;
determining an information name corresponding to the information name number according to the information name number and the information name table;
decrypting the first initial encrypted access information data based on a preset decryption rule, the random shading index and the information name number to obtain the information data;
;
and splicing the information data and the information name to obtain decrypted access information data.
3. The method for data security management of a WAPI terminal access network according to claim 1, further comprising:
acquiring an access record of the encrypted access information data;
storing the encrypted access information data and the access record;
judging whether the memory occupancy rate of the preset storage space exceeds a preset memory threshold value, if so, deleting the encrypted access information data and the access record based on a preset management rule.
4. The method for securely managing data of a WAPI terminal access network according to claim 3, wherein said pruning the encrypted access information data and the access record based on a preset management rule comprises:
acquiring an access memory of the encrypted access information data;
determining the storage time length of the encrypted access information data according to the access record; wherein the access record includes access time;
calculating an elimination value of the encrypted access information data based on a preset management rule according to the access memory and the access time, and deleting the encrypted access information data with the elimination value larger than a preset elimination threshold value and the access record of the encrypted access information data;
;
wherein ,a cull value representing the ith encrypted access information data; />Representing a preset elimination coefficient; />Representing the storage time length of the ith encrypted access information data; />Representing the access memory of the ith encrypted access information data.
5. The method for data security management of WAPI terminal access network according to claim 4, wherein deleting the encrypted access information data having the elimination value greater than a preset elimination threshold value and the access record of the encrypted access information data comprises:
the encrypted access information data with the elimination value larger than a preset elimination threshold value is recorded as elimination target encrypted access information data;
sorting the obsolete target encrypted access information data according to the obsolete value from large to small;
and deleting the access records of the deselected target encrypted access information data and the deselected target encrypted access information data with the larger deselected value and the first preset proportion.
6. The method for securely managing data of a WAPI terminal access network according to claim 5, wherein the deleting the access record of the obsolete target encrypted access information data and the obsolete target encrypted access information data of the first preset ratio having the larger obsolete value comprises:
the encrypted access information data with the elimination value larger than a preset elimination threshold value is recorded as the elimination target encrypted access information data;
acquiring the storage time length of the obsolete target encrypted access information data, and sequencing the obsolete target encrypted access information data according to the storage time length from long to short;
and deleting the access records of the obsolete target encrypted access information data and the obsolete target encrypted access information data with the second preset proportion and longer storage duration.
7. A data security management system for a WAPI terminal access network, comprising:
the data acquisition module is used for acquiring access information data of the WAPI terminal accessed to the network;
the data encryption module is used for splitting the access information data into access data and access names, and carrying out combined encryption on the access data and the access names based on preset encryption rules and random shielding indexes to obtain encrypted access information data; specific:
acquiring an access name and access data of the access information data, marking the access name as an information name, and marking the access data as information data;
numbering the information names to obtain information name numbers;
acquiring a random shielding index;
based on a preset encryption rule and a random shielding index, carrying out combined encryption on the access data and the access name according to the information name number and the information data to obtain first initial encrypted access information data;
;
wherein ,represent the firstiFirst initial encrypted access information data; />Representing a random masking index; />Represent the firstiA personal information name number; />Represent the firstiInformation data;irepresent the firstiAccess information data;nrepresenting the total number of access information data;
splicing the first initial encrypted access information data and the information name number to obtain second initial encrypted access information data, and performing binary conversion on the second initial encrypted access information data to obtain an interaction avoidance value;
;
wherein ,represent the firstiSecond initial encrypted access information data; />Represent the firstiA personal interaction avoidance value;
the information names are in one-to-one correspondence with the information name numbers to obtain an information name table;
marking the information name table and the interaction avoidance value as encrypted access information data;
and the data decryption module is used for decrypting the encrypted access information data based on a preset decryption rule and the random shading index to obtain decrypted access information data.
8. The data security management device of the WAPI terminal access network is characterized by comprising a memory and a processor;
the memory is used for storing a computer program;
the processor is configured to implement the method for data security management of WAPI terminal access network according to any one of claims 1 to 6 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310799395.5A CN116528225B (en) | 2023-07-03 | 2023-07-03 | Data security management method, system and device for WAPI terminal access network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310799395.5A CN116528225B (en) | 2023-07-03 | 2023-07-03 | Data security management method, system and device for WAPI terminal access network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116528225A CN116528225A (en) | 2023-08-01 |
| CN116528225B true CN116528225B (en) | 2023-09-08 |
Family
ID=87406742
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310799395.5A Active CN116528225B (en) | 2023-07-03 | 2023-07-03 | Data security management method, system and device for WAPI terminal access network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116528225B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1708018A (en) * | 2004-06-04 | 2005-12-14 | 华为技术有限公司 | Method for switching in radio local-area network mobile terminal |
| CN101562814A (en) * | 2009-05-15 | 2009-10-21 | 中兴通讯股份有限公司 | Access method and system for a third-generation network |
| WO2010130129A1 (en) * | 2009-05-14 | 2010-11-18 | 西安西电捷通无线网络通信有限公司 | Method and system for switching station in centralized wlan when wpi is performed by access controller |
| CN104410970A (en) * | 2014-12-23 | 2015-03-11 | 北京极科极客科技有限公司 | Wireless intelligent accessing method |
| CN107046531A (en) * | 2017-03-06 | 2017-08-15 | 国网湖南省电力公司 | The data processing method and system of the data access Power Information Network of monitoring terminal |
| CN112839331A (en) * | 2019-11-22 | 2021-05-25 | 武汉神州数码云科网络技术有限公司 | User information authentication method for wireless local area network Portal authentication escape |
| CN113316149A (en) * | 2021-06-04 | 2021-08-27 | 广东电网有限责任公司 | Identity security authentication method, device, system, wireless access point and medium |
-
2023
- 2023-07-03 CN CN202310799395.5A patent/CN116528225B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1708018A (en) * | 2004-06-04 | 2005-12-14 | 华为技术有限公司 | Method for switching in radio local-area network mobile terminal |
| WO2010130129A1 (en) * | 2009-05-14 | 2010-11-18 | 西安西电捷通无线网络通信有限公司 | Method and system for switching station in centralized wlan when wpi is performed by access controller |
| CN101562814A (en) * | 2009-05-15 | 2009-10-21 | 中兴通讯股份有限公司 | Access method and system for a third-generation network |
| CN104410970A (en) * | 2014-12-23 | 2015-03-11 | 北京极科极客科技有限公司 | Wireless intelligent accessing method |
| CN107046531A (en) * | 2017-03-06 | 2017-08-15 | 国网湖南省电力公司 | The data processing method and system of the data access Power Information Network of monitoring terminal |
| CN112839331A (en) * | 2019-11-22 | 2021-05-25 | 武汉神州数码云科网络技术有限公司 | User information authentication method for wireless local area network Portal authentication escape |
| CN113316149A (en) * | 2021-06-04 | 2021-08-27 | 广东电网有限责任公司 | Identity security authentication method, device, system, wireless access point and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116528225A (en) | 2023-08-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR20200006375A (en) | Medical data service method and system based on block chain technology | |
| CN110990407A (en) | Block chain based data storage method and device, server and storage medium | |
| US8995655B2 (en) | Method for creating asymmetrical cryptographic key pairs | |
| CN110138754B (en) | Multi-cloud-end information processing system and resource sharing method thereof | |
| CN106685640B (en) | Electronic evidence fixed information generation method and electronic evidence fixed server | |
| CN115225409B (en) | Cloud data safety duplicate removal method based on multi-backup joint verification | |
| CN110266653B (en) | Authentication method, system and terminal equipment | |
| CN107181591A (en) | The method and apparatus generated for system password | |
| CN116488814A (en) | FPGA-based data encryption secure computing method | |
| CN116528225B (en) | Data security management method, system and device for WAPI terminal access network | |
| CN114900832A (en) | Server and intelligent terminal based on electronic card information safety transmission verification method | |
| CN113918977A (en) | User information transmission device based on Internet of things and big data analysis | |
| JP4822842B2 (en) | Anonymized identification information generation system and program. | |
| JP2009122731A (en) | System for safely transmitting and/or managing file | |
| CN116070281A (en) | Data storage method and system of cloud management platform | |
| CN114201478B (en) | Data processing method, program product, readable medium, and electronic device | |
| CN111490880B (en) | File receiving method and device | |
| JP4130272B2 (en) | Transmitting apparatus and method, receiving apparatus and method, and communication system | |
| CN113824713B (en) | Key generation method, system and storage medium | |
| CN115514523A (en) | Data security access system, method, device and medium based on zero trust system | |
| CN112685706A (en) | Request authentication method and related equipment | |
| CN113472835A (en) | Data reading and uploading method and device | |
| CN111259449A (en) | Processing method of private data, cleaner and cloud storage system | |
| US20240106642A1 (en) | Data processing method of trust execution environment using smart contract | |
| CN111783154B (en) | Old people electronic license generation method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |