CN116702188A - Management and control platform data management method and system - Google Patents
Management and control platform data management method and system Download PDFInfo
- Publication number
- CN116702188A CN116702188A CN202310474501.2A CN202310474501A CN116702188A CN 116702188 A CN116702188 A CN 116702188A CN 202310474501 A CN202310474501 A CN 202310474501A CN 116702188 A CN116702188 A CN 116702188A
- Authority
- CN
- China
- Prior art keywords
- data
- management
- control platform
- data acquisition
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 78
- 238000013523 data management Methods 0.000 title claims abstract description 19
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000005516 engineering process Methods 0.000 claims description 33
- 230000005540 biological transmission Effects 0.000 claims description 14
- 238000012795 verification Methods 0.000 claims description 11
- 238000001514 detection method Methods 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 230000002265 prevention Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 230000009545 invasion Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a management and control platform data management method and a system in the technical field of computers, wherein the method comprises the following steps: step S10, a management and control platform running on a server receives a data acquisition request sent by a mobile terminal through a firewall; s20, analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code; step S30, the management and control platform creates a pair of public key and private key, and encrypts the matched service data by using the private key to obtain encrypted data; step S40, after the management and control platform performs security self-checking, the encrypted data and the public key are sent to the mobile terminal through a preset security protocol, and a data acquisition log is recorded in real time; and S50, the mobile terminal receives the encrypted data and the public key, and decrypts the encrypted data by using the public key to obtain service data. The application has the advantages that: the safety of the control platform is greatly improved.
Description
Technical Field
The application relates to the technical field of computers, in particular to a management and control platform data management method and system.
Background
In order to facilitate the operation and management of enterprises, a management and control platform (cloud platform) is built in a server by a plurality of enterprises, and the working efficiency of the enterprises can be greatly improved through the management and control platform. In order to improve the security of the management and control platform, the network layer and the data security need to be comprehensively managed and controlled, the management and control of the network layer needs to take security measures in terms of network structure, topology, protocol and the like, such as access control, identity authentication, firewall, intrusion detection, prevention and the like, and certain technical difficulties exist, such as the technologies of access control, identity authentication and the like need to efficiently and accurately identify nodes and users in the network, so that the data is only encrypted conventionally, the security of the management and control platform is low, and the risks of data leakage and network attack exist.
Therefore, how to provide a management and control platform data management method and system to achieve the security of the management and control platform is a technical problem to be solved.
Disclosure of Invention
The application aims to solve the technical problem of providing a management and control platform data management method and system for improving the safety of a management and control platform.
In a first aspect, the present application provides a management and control platform data management method, including the following steps:
step S10, a management and control platform running on a server receives a data acquisition request sent by a mobile terminal through a firewall;
s20, analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
step S30, the management and control platform randomly generates a pair of public keys and private keys, and the matched service data are encrypted by using the private keys to obtain encrypted data;
step S40, after the management and control platform performs security self-checking, the encrypted data and the public key are sent to the mobile terminal through a preset security protocol, and a data acquisition log is recorded in real time;
and S50, the mobile terminal receives the encrypted data and the public key, and decrypts the encrypted data by using the public key to obtain service data.
Further, the step S20 specifically includes:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology.
Further, three backup copies exist in the business data stored in the database, and consistency verification is performed on each business data before data matching is performed.
Further, the step S40 specifically includes:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
Further, in the step S40, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record, and a data acquisition time.
In a second aspect, the present application provides a management and control platform data management system, including the following modules:
the data acquisition request receiving module is used for receiving a data acquisition request sent by the mobile terminal through a firewall by a management and control platform running on the server;
the service data matching module is used for analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
the service data encryption module is used for randomly generating a pair of public keys and private keys by the management and control platform, and encrypting matched service data by using the private keys to obtain encrypted data;
the data sending module is used for sending the encrypted data and the public key to the mobile terminal through a preset security protocol after the security self-check is carried out on the management and control platform, and recording a data acquisition log in real time;
and the decryption module is used for receiving the encrypted data and the public key by the mobile terminal, and decrypting the encrypted data by using the public key to obtain service data.
Further, the service data matching module is specifically configured to:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology.
Further, three backup copies exist in the business data stored in the database, and consistency verification is performed on each business data before data matching is performed.
Further, the data sending module is specifically configured to:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
Further, in the data sending module, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record and a data acquisition time.
The application has the advantages that:
receiving a data acquisition request sent by a mobile terminal through a firewall, analyzing and acquiring a data code after authenticating the received data acquisition request, and matching corresponding service data from a database based on the data code after consistency verification of each copy of the service data stored in the database; the management and control platform randomly generates a pair of public key and private key, and encrypts the matched service data by using the private key to obtain encrypted data; after the management and control platform carries out safety self-checking based on an IDS technology and an IPS technology, the management and control platform sends encrypted data and a public key to the mobile terminal through a preset safety protocol, records a data acquisition log in real time, and finally the mobile terminal decrypts the encrypted data by utilizing the received public key to obtain service data; the security measures of seven times of security self-checking, security protocol and recording of data acquisition logs are performed based on IDS technology and IPS technology, namely, firewall, data acquisition request authentication, data consistency check, public key and private key are adopted before and after, and compared with the conventional encryption of service data, the security of a management and control platform is greatly improved.
Drawings
The application will be further described with reference to examples of embodiments with reference to the accompanying drawings.
FIG. 1 is a flow chart of a management and control platform data management method according to the present application.
Fig. 2 is a schematic structural diagram of a management and control platform data management system according to the present application.
Detailed Description
The technical scheme in the embodiment of the application has the following overall thought: security measures of security self-checking, security protocol and recording data acquisition logs are carried out by combining a firewall, data acquisition request authentication, data consistency verification, public keys and private keys and based on an IDS technology and an IPS technology so as to improve the security of a management and control platform.
Referring to fig. 1 to 2, a preferred embodiment of a management and control platform data management method of the present application includes the following steps:
step S10, a management and control platform running on a server receives a data acquisition request sent by a mobile terminal through a firewall; the network access can be controlled through the firewall, and illegal invasion and attack can be prevented and controlled;
s20, analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
step S30, the management and control platform randomly generates a pair of public keys and private keys, and the matched service data are encrypted by using the private keys to obtain encrypted data;
step S40, after the management and control platform performs security self-checking, the encrypted data and the public key are sent to the mobile terminal through a preset security protocol, and a data acquisition log is recorded in real time;
and S50, the mobile terminal receives the encrypted data and the public key, and decrypts the encrypted data by using the public key to obtain service data.
The step S20 specifically includes:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology. And authenticating the data acquisition request, and adopting technical means such as signature verification or hash value comparison. And the service data is matched through the B+ tree index technology, so that the service data matching efficiency is greatly improved.
And carrying out consistency verification on each business data before carrying out data matching.
The step S40 specifically includes:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
An IDS (intrusion detection system) recognizes potential threats existing in the system, such as network scanning, vulnerability exploitation, malicious code attack and the like, by monitoring network traffic and log information in real time, and gives an alarm to an administrator; the IPS (intrusion prevention system) can timely and automatically defend according to the alarm sent by the IDS, for example, forbid the attacker from accessing the system by the IP address, closing the vulnerability, etc., so as to prevent the attacker from further threatening the system.
The encrypted data and the public key are transmitted through SSL protocol or TLS protocol, so that the data is prevented from being eavesdropped and tampered in the transmission process; the SSL/TLS protocol may use symmetric key encryption and asymmetric key encryption to encrypt and decrypt data, while authenticating and authorizing both parties of the communication via digital certificates.
By analyzing the data acquisition log, abnormal conditions can be found in time and measures can be taken, such as blocking abnormal access behaviors, adjusting access control strategies and the like, so that safety is improved; in order to facilitate monitoring and early warning, log analysis tools Elasticsearch, logstash, kibana and the like are adopted, preset keywords are matched from data acquisition logs by using regular expressions, corresponding early warning rules are triggered if corresponding keywords exist, and log information is collected, processed and visually displayed.
In the step S40, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record, and a data acquisition time.
The application integrates identity authentication and access control technology, and performs isolation, detection and the like on network security so as to improve the security of the management and control platform.
The preferred embodiment of the data management system of the management and control platform comprises the following steps: the following modules:
the data acquisition request receiving module is used for receiving a data acquisition request sent by the mobile terminal through a firewall by a management and control platform running on the server; the network access can be controlled through the firewall, and illegal invasion and attack can be prevented and controlled;
the service data matching module is used for analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
the service data encryption module is used for randomly generating a pair of public keys and private keys by the management and control platform, and encrypting matched service data by using the private keys to obtain encrypted data;
the data sending module is used for sending the encrypted data and the public key to the mobile terminal through a preset security protocol after the security self-check is carried out on the management and control platform, and recording a data acquisition log in real time;
and the decryption module is used for receiving the encrypted data and the public key by the mobile terminal, and decrypting the encrypted data by using the public key to obtain service data.
The service data matching module is specifically configured to:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology. And authenticating the data acquisition request, and adopting technical means such as signature verification or hash value comparison. And the service data is matched through the B+ tree index technology, so that the service data matching efficiency is greatly improved.
And carrying out consistency verification on each business data before carrying out data matching.
The data sending module is specifically configured to:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
An IDS (intrusion detection system) recognizes potential threats existing in the system, such as network scanning, vulnerability exploitation, malicious code attack and the like, by monitoring network traffic and log information in real time, and gives an alarm to an administrator; the IPS (intrusion prevention system) can timely and automatically defend according to the alarm sent by the IDS, for example, forbid the attacker from accessing the system by the IP address, closing the vulnerability, etc., so as to prevent the attacker from further threatening the system.
The encrypted data and the public key are transmitted through SSL protocol or TLS protocol, so that the data is prevented from being eavesdropped and tampered in the transmission process; the SSL/TLS protocol may use symmetric key encryption and asymmetric key encryption to encrypt and decrypt data, while authenticating and authorizing both parties of the communication via digital certificates.
By analyzing the data acquisition log, abnormal conditions can be found in time and measures can be taken, such as blocking abnormal access behaviors, adjusting access control strategies and the like, so that safety is improved; in order to facilitate monitoring and early warning, log analysis tools Elasticsearch, logstash, kibana and the like are adopted, preset keywords are matched from data acquisition logs by using regular expressions, corresponding early warning rules are triggered if corresponding keywords exist, and log information is collected, processed and visually displayed.
In the data sending module, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record and data acquisition time.
The application integrates identity authentication and access control technology, and performs isolation, detection and the like on network security so as to improve the security of the management and control platform.
In summary, the application has the advantages that:
receiving a data acquisition request sent by a mobile terminal through a firewall, analyzing and acquiring a data code after authenticating the received data acquisition request, and matching corresponding service data from a database based on the data code after consistency verification of each copy of the service data stored in the database; the management and control platform randomly generates a pair of public key and private key, and encrypts the matched service data by using the private key to obtain encrypted data; after the management and control platform carries out safety self-checking based on an IDS technology and an IPS technology, the management and control platform sends encrypted data and a public key to the mobile terminal through a preset safety protocol, records a data acquisition log in real time, and finally the mobile terminal decrypts the encrypted data by utilizing the received public key to obtain service data; the security measures of seven times of security self-checking, security protocol and recording of data acquisition logs are performed based on IDS technology and IPS technology, namely, firewall, data acquisition request authentication, data consistency check, public key and private key are adopted before and after, and compared with the conventional encryption of service data, the security of a management and control platform is greatly improved.
While specific embodiments of the application have been described above, it will be appreciated by those skilled in the art that the specific embodiments described are illustrative only and not intended to limit the scope of the application, and that equivalent modifications and variations of the application in light of the spirit of the application will be covered by the claims of the present application.
Claims (10)
1. A management and control platform data management method is characterized in that: the method comprises the following steps:
step S10, a management and control platform running on a server receives a data acquisition request sent by a mobile terminal through a firewall;
s20, analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
step S30, the management and control platform randomly generates a pair of public keys and private keys, and the matched service data are encrypted by using the private keys to obtain encrypted data;
step S40, after the management and control platform performs security self-checking, the encrypted data and the public key are sent to the mobile terminal through a preset security protocol, and a data acquisition log is recorded in real time;
and S50, the mobile terminal receives the encrypted data and the public key, and decrypts the encrypted data by using the public key to obtain service data.
2. The method for managing and controlling platform data according to claim 1, wherein: the step S20 specifically includes:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology.
3. The management platform data management method as claimed in claim 2, wherein: and carrying out consistency verification on each business data before carrying out data matching.
4. The method for managing and controlling platform data according to claim 1, wherein: the step S40 specifically includes:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
5. The method for managing and controlling platform data according to claim 1, wherein: in the step S40, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record, and a data acquisition time.
6. A management and control platform data management system is characterized in that: the device comprises the following modules:
the data acquisition request receiving module is used for receiving a data acquisition request sent by the mobile terminal through a firewall by a management and control platform running on the server;
the service data matching module is used for analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
the service data encryption module is used for randomly generating a pair of public keys and private keys by the management and control platform, and encrypting matched service data by using the private keys to obtain encrypted data;
the data sending module is used for sending the encrypted data and the public key to the mobile terminal through a preset security protocol after the security self-check is carried out on the management and control platform, and recording a data acquisition log in real time;
and the decryption module is used for receiving the encrypted data and the public key by the mobile terminal, and decrypting the encrypted data by using the public key to obtain service data.
7. The management platform data management system of claim 6, wherein: the service data matching module is specifically configured to:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology.
8. The management platform data management system of claim 7, wherein: and carrying out consistency verification on each business data before carrying out data matching.
9. The management platform data management system of claim 6, wherein: the data sending module is specifically configured to:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
10. The management platform data management system of claim 6, wherein: in the data sending module, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record and data acquisition time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310474501.2A CN116702188A (en) | 2023-04-28 | 2023-04-28 | Management and control platform data management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310474501.2A CN116702188A (en) | 2023-04-28 | 2023-04-28 | Management and control platform data management method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116702188A true CN116702188A (en) | 2023-09-05 |
Family
ID=87836391
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310474501.2A Pending CN116702188A (en) | 2023-04-28 | 2023-04-28 | Management and control platform data management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116702188A (en) |
-
2023
- 2023-04-28 CN CN202310474501.2A patent/CN116702188A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jakimoski | Security techniques for data protection in cloud computing | |
| CN108600236B (en) | Intelligent information safety comprehensive management system of video monitoring network | |
| KR102055116B1 (en) | Data security service | |
| Kesh et al. | A framework for analyzing e‐commerce security | |
| AU2012318937A1 (en) | Secure integrated cyberspace security and situational awareness system | |
| CN103413088A (en) | Computer document operational safety audit system | |
| CN116132989A (en) | Industrial Internet security situation awareness system and method | |
| CN116170143A (en) | Intelligent community data safe transmission, storage and fusion use system based on national encryption algorithm | |
| CN117040741A (en) | Method and device for safely transmitting data based on FTTR networking mode | |
| CN117313122A (en) | Data sharing and exchanging management system based on block chain | |
| CN117081815A (en) | Method, device, computer equipment and storage medium for data security transmission | |
| US20220038478A1 (en) | Confidential method for processing logs of a computer system | |
| Yeh et al. | A collaborative DDoS defense platform based on blockchain technology | |
| KR102013415B1 (en) | System and method for verifying integrity of personal information | |
| Feng et al. | Autonomous vehicles' forensics in smart cities | |
| CN117201131A (en) | Safety management platform for informationized data transmission | |
| CN116684875A (en) | Communication security authentication method for electric power 5G network slice | |
| Guo et al. | Research on the application risk of computer network security technology | |
| CN116702188A (en) | Management and control platform data management method and system | |
| Sekhar et al. | Access control for cloud forensics through secure logging services | |
| CN113037611A (en) | Mobile safety instant communication method based on multiple public IM channels | |
| Zhao | Development of Electric Power Information Communication in the Era of Big Data | |
| CN117592041B (en) | Data safety protection system | |
| Stathopoulos et al. | Secure log management for privacy assurance in electronic communications | |
| CN112305986B (en) | PLC protection system, method and medium based on verification separation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |