CN116702188A - Management and control platform data management method and system - Google Patents

Management and control platform data management method and system Download PDF

Info

Publication number
CN116702188A
CN116702188A CN202310474501.2A CN202310474501A CN116702188A CN 116702188 A CN116702188 A CN 116702188A CN 202310474501 A CN202310474501 A CN 202310474501A CN 116702188 A CN116702188 A CN 116702188A
Authority
CN
China
Prior art keywords
data
management
control platform
data acquisition
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310474501.2A
Other languages
Chinese (zh)
Inventor
钱隆昇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Century Yijia Software Technology Co ltd
Original Assignee
Century Yijia Software Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Century Yijia Software Technology Co ltd filed Critical Century Yijia Software Technology Co ltd
Priority to CN202310474501.2A priority Critical patent/CN116702188A/en
Publication of CN116702188A publication Critical patent/CN116702188A/en
Pending legal-status Critical Current

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a management and control platform data management method and a system in the technical field of computers, wherein the method comprises the following steps: step S10, a management and control platform running on a server receives a data acquisition request sent by a mobile terminal through a firewall; s20, analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code; step S30, the management and control platform creates a pair of public key and private key, and encrypts the matched service data by using the private key to obtain encrypted data; step S40, after the management and control platform performs security self-checking, the encrypted data and the public key are sent to the mobile terminal through a preset security protocol, and a data acquisition log is recorded in real time; and S50, the mobile terminal receives the encrypted data and the public key, and decrypts the encrypted data by using the public key to obtain service data. The application has the advantages that: the safety of the control platform is greatly improved.

Description

Management and control platform data management method and system
Technical Field
The application relates to the technical field of computers, in particular to a management and control platform data management method and system.
Background
In order to facilitate the operation and management of enterprises, a management and control platform (cloud platform) is built in a server by a plurality of enterprises, and the working efficiency of the enterprises can be greatly improved through the management and control platform. In order to improve the security of the management and control platform, the network layer and the data security need to be comprehensively managed and controlled, the management and control of the network layer needs to take security measures in terms of network structure, topology, protocol and the like, such as access control, identity authentication, firewall, intrusion detection, prevention and the like, and certain technical difficulties exist, such as the technologies of access control, identity authentication and the like need to efficiently and accurately identify nodes and users in the network, so that the data is only encrypted conventionally, the security of the management and control platform is low, and the risks of data leakage and network attack exist.
Therefore, how to provide a management and control platform data management method and system to achieve the security of the management and control platform is a technical problem to be solved.
Disclosure of Invention
The application aims to solve the technical problem of providing a management and control platform data management method and system for improving the safety of a management and control platform.
In a first aspect, the present application provides a management and control platform data management method, including the following steps:
step S10, a management and control platform running on a server receives a data acquisition request sent by a mobile terminal through a firewall;
s20, analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
step S30, the management and control platform randomly generates a pair of public keys and private keys, and the matched service data are encrypted by using the private keys to obtain encrypted data;
step S40, after the management and control platform performs security self-checking, the encrypted data and the public key are sent to the mobile terminal through a preset security protocol, and a data acquisition log is recorded in real time;
and S50, the mobile terminal receives the encrypted data and the public key, and decrypts the encrypted data by using the public key to obtain service data.
Further, the step S20 specifically includes:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology.
Further, three backup copies exist in the business data stored in the database, and consistency verification is performed on each business data before data matching is performed.
Further, the step S40 specifically includes:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
Further, in the step S40, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record, and a data acquisition time.
In a second aspect, the present application provides a management and control platform data management system, including the following modules:
the data acquisition request receiving module is used for receiving a data acquisition request sent by the mobile terminal through a firewall by a management and control platform running on the server;
the service data matching module is used for analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
the service data encryption module is used for randomly generating a pair of public keys and private keys by the management and control platform, and encrypting matched service data by using the private keys to obtain encrypted data;
the data sending module is used for sending the encrypted data and the public key to the mobile terminal through a preset security protocol after the security self-check is carried out on the management and control platform, and recording a data acquisition log in real time;
and the decryption module is used for receiving the encrypted data and the public key by the mobile terminal, and decrypting the encrypted data by using the public key to obtain service data.
Further, the service data matching module is specifically configured to:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology.
Further, three backup copies exist in the business data stored in the database, and consistency verification is performed on each business data before data matching is performed.
Further, the data sending module is specifically configured to:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
Further, in the data sending module, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record and a data acquisition time.
The application has the advantages that:
receiving a data acquisition request sent by a mobile terminal through a firewall, analyzing and acquiring a data code after authenticating the received data acquisition request, and matching corresponding service data from a database based on the data code after consistency verification of each copy of the service data stored in the database; the management and control platform randomly generates a pair of public key and private key, and encrypts the matched service data by using the private key to obtain encrypted data; after the management and control platform carries out safety self-checking based on an IDS technology and an IPS technology, the management and control platform sends encrypted data and a public key to the mobile terminal through a preset safety protocol, records a data acquisition log in real time, and finally the mobile terminal decrypts the encrypted data by utilizing the received public key to obtain service data; the security measures of seven times of security self-checking, security protocol and recording of data acquisition logs are performed based on IDS technology and IPS technology, namely, firewall, data acquisition request authentication, data consistency check, public key and private key are adopted before and after, and compared with the conventional encryption of service data, the security of a management and control platform is greatly improved.
Drawings
The application will be further described with reference to examples of embodiments with reference to the accompanying drawings.
FIG. 1 is a flow chart of a management and control platform data management method according to the present application.
Fig. 2 is a schematic structural diagram of a management and control platform data management system according to the present application.
Detailed Description
The technical scheme in the embodiment of the application has the following overall thought: security measures of security self-checking, security protocol and recording data acquisition logs are carried out by combining a firewall, data acquisition request authentication, data consistency verification, public keys and private keys and based on an IDS technology and an IPS technology so as to improve the security of a management and control platform.
Referring to fig. 1 to 2, a preferred embodiment of a management and control platform data management method of the present application includes the following steps:
step S10, a management and control platform running on a server receives a data acquisition request sent by a mobile terminal through a firewall; the network access can be controlled through the firewall, and illegal invasion and attack can be prevented and controlled;
s20, analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
step S30, the management and control platform randomly generates a pair of public keys and private keys, and the matched service data are encrypted by using the private keys to obtain encrypted data;
step S40, after the management and control platform performs security self-checking, the encrypted data and the public key are sent to the mobile terminal through a preset security protocol, and a data acquisition log is recorded in real time;
and S50, the mobile terminal receives the encrypted data and the public key, and decrypts the encrypted data by using the public key to obtain service data.
The step S20 specifically includes:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology. And authenticating the data acquisition request, and adopting technical means such as signature verification or hash value comparison. And the service data is matched through the B+ tree index technology, so that the service data matching efficiency is greatly improved.
And carrying out consistency verification on each business data before carrying out data matching.
The step S40 specifically includes:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
An IDS (intrusion detection system) recognizes potential threats existing in the system, such as network scanning, vulnerability exploitation, malicious code attack and the like, by monitoring network traffic and log information in real time, and gives an alarm to an administrator; the IPS (intrusion prevention system) can timely and automatically defend according to the alarm sent by the IDS, for example, forbid the attacker from accessing the system by the IP address, closing the vulnerability, etc., so as to prevent the attacker from further threatening the system.
The encrypted data and the public key are transmitted through SSL protocol or TLS protocol, so that the data is prevented from being eavesdropped and tampered in the transmission process; the SSL/TLS protocol may use symmetric key encryption and asymmetric key encryption to encrypt and decrypt data, while authenticating and authorizing both parties of the communication via digital certificates.
By analyzing the data acquisition log, abnormal conditions can be found in time and measures can be taken, such as blocking abnormal access behaviors, adjusting access control strategies and the like, so that safety is improved; in order to facilitate monitoring and early warning, log analysis tools Elasticsearch, logstash, kibana and the like are adopted, preset keywords are matched from data acquisition logs by using regular expressions, corresponding early warning rules are triggered if corresponding keywords exist, and log information is collected, processed and visually displayed.
In the step S40, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record, and a data acquisition time.
The application integrates identity authentication and access control technology, and performs isolation, detection and the like on network security so as to improve the security of the management and control platform.
The preferred embodiment of the data management system of the management and control platform comprises the following steps: the following modules:
the data acquisition request receiving module is used for receiving a data acquisition request sent by the mobile terminal through a firewall by a management and control platform running on the server; the network access can be controlled through the firewall, and illegal invasion and attack can be prevented and controlled;
the service data matching module is used for analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
the service data encryption module is used for randomly generating a pair of public keys and private keys by the management and control platform, and encrypting matched service data by using the private keys to obtain encrypted data;
the data sending module is used for sending the encrypted data and the public key to the mobile terminal through a preset security protocol after the security self-check is carried out on the management and control platform, and recording a data acquisition log in real time;
and the decryption module is used for receiving the encrypted data and the public key by the mobile terminal, and decrypting the encrypted data by using the public key to obtain service data.
The service data matching module is specifically configured to:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology. And authenticating the data acquisition request, and adopting technical means such as signature verification or hash value comparison. And the service data is matched through the B+ tree index technology, so that the service data matching efficiency is greatly improved.
And carrying out consistency verification on each business data before carrying out data matching.
The data sending module is specifically configured to:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
An IDS (intrusion detection system) recognizes potential threats existing in the system, such as network scanning, vulnerability exploitation, malicious code attack and the like, by monitoring network traffic and log information in real time, and gives an alarm to an administrator; the IPS (intrusion prevention system) can timely and automatically defend according to the alarm sent by the IDS, for example, forbid the attacker from accessing the system by the IP address, closing the vulnerability, etc., so as to prevent the attacker from further threatening the system.
The encrypted data and the public key are transmitted through SSL protocol or TLS protocol, so that the data is prevented from being eavesdropped and tampered in the transmission process; the SSL/TLS protocol may use symmetric key encryption and asymmetric key encryption to encrypt and decrypt data, while authenticating and authorizing both parties of the communication via digital certificates.
By analyzing the data acquisition log, abnormal conditions can be found in time and measures can be taken, such as blocking abnormal access behaviors, adjusting access control strategies and the like, so that safety is improved; in order to facilitate monitoring and early warning, log analysis tools Elasticsearch, logstash, kibana and the like are adopted, preset keywords are matched from data acquisition logs by using regular expressions, corresponding early warning rules are triggered if corresponding keywords exist, and log information is collected, processed and visually displayed.
In the data sending module, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record and data acquisition time.
The application integrates identity authentication and access control technology, and performs isolation, detection and the like on network security so as to improve the security of the management and control platform.
In summary, the application has the advantages that:
receiving a data acquisition request sent by a mobile terminal through a firewall, analyzing and acquiring a data code after authenticating the received data acquisition request, and matching corresponding service data from a database based on the data code after consistency verification of each copy of the service data stored in the database; the management and control platform randomly generates a pair of public key and private key, and encrypts the matched service data by using the private key to obtain encrypted data; after the management and control platform carries out safety self-checking based on an IDS technology and an IPS technology, the management and control platform sends encrypted data and a public key to the mobile terminal through a preset safety protocol, records a data acquisition log in real time, and finally the mobile terminal decrypts the encrypted data by utilizing the received public key to obtain service data; the security measures of seven times of security self-checking, security protocol and recording of data acquisition logs are performed based on IDS technology and IPS technology, namely, firewall, data acquisition request authentication, data consistency check, public key and private key are adopted before and after, and compared with the conventional encryption of service data, the security of a management and control platform is greatly improved.
While specific embodiments of the application have been described above, it will be appreciated by those skilled in the art that the specific embodiments described are illustrative only and not intended to limit the scope of the application, and that equivalent modifications and variations of the application in light of the spirit of the application will be covered by the claims of the present application.

Claims (10)

1. A management and control platform data management method is characterized in that: the method comprises the following steps:
step S10, a management and control platform running on a server receives a data acquisition request sent by a mobile terminal through a firewall;
s20, analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
step S30, the management and control platform randomly generates a pair of public keys and private keys, and the matched service data are encrypted by using the private keys to obtain encrypted data;
step S40, after the management and control platform performs security self-checking, the encrypted data and the public key are sent to the mobile terminal through a preset security protocol, and a data acquisition log is recorded in real time;
and S50, the mobile terminal receives the encrypted data and the public key, and decrypts the encrypted data by using the public key to obtain service data.
2. The method for managing and controlling platform data according to claim 1, wherein: the step S20 specifically includes:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology.
3. The management platform data management method as claimed in claim 2, wherein: and carrying out consistency verification on each business data before carrying out data matching.
4. The method for managing and controlling platform data according to claim 1, wherein: the step S40 specifically includes:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
5. The method for managing and controlling platform data according to claim 1, wherein: in the step S40, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record, and a data acquisition time.
6. A management and control platform data management system is characterized in that: the device comprises the following modules:
the data acquisition request receiving module is used for receiving a data acquisition request sent by the mobile terminal through a firewall by a management and control platform running on the server;
the service data matching module is used for analyzing the received data acquisition request by the management and control platform to acquire a data code, and matching corresponding service data from a database based on the data code;
the service data encryption module is used for randomly generating a pair of public keys and private keys by the management and control platform, and encrypting matched service data by using the private keys to obtain encrypted data;
the data sending module is used for sending the encrypted data and the public key to the mobile terminal through a preset security protocol after the security self-check is carried out on the management and control platform, and recording a data acquisition log in real time;
and the decryption module is used for receiving the encrypted data and the public key by the mobile terminal, and decrypting the encrypted data by using the public key to obtain service data.
7. The management platform data management system of claim 6, wherein: the service data matching module is specifically configured to:
after the management and control platform authenticates the received data acquisition request, analyzing the data acquisition request to acquire a data code, and based on the data code, matching corresponding service data from a database by utilizing a B+ tree index technology.
8. The management platform data management system of claim 7, wherein: and carrying out consistency verification on each business data before carrying out data matching.
9. The management platform data management system of claim 6, wherein: the data sending module is specifically configured to:
after the security self-checking is carried out on the basis of the IDS technology and the IPS technology, the management and control platform sends the encrypted data and the public key to the mobile terminal through a preset SSL protocol or TLS protocol, and records the data acquisition log in real time.
10. The management platform data management system of claim 6, wherein: in the data sending module, the data acquisition log at least carries a data acquisition request, a data matching result, an encrypted data transmission record, a public key transmission record and data acquisition time.
CN202310474501.2A 2023-04-28 2023-04-28 Management and control platform data management method and system Pending CN116702188A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310474501.2A CN116702188A (en) 2023-04-28 2023-04-28 Management and control platform data management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310474501.2A CN116702188A (en) 2023-04-28 2023-04-28 Management and control platform data management method and system

Publications (1)

Publication Number Publication Date
CN116702188A true CN116702188A (en) 2023-09-05

Family

ID=87836391

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310474501.2A Pending CN116702188A (en) 2023-04-28 2023-04-28 Management and control platform data management method and system

Country Status (1)

Country Link
CN (1) CN116702188A (en)

Similar Documents

Publication Publication Date Title
Jakimoski Security techniques for data protection in cloud computing
CN108600236B (en) Intelligent information safety comprehensive management system of video monitoring network
KR102055116B1 (en) Data security service
Kesh et al. A framework for analyzing e‐commerce security
AU2012318937A1 (en) Secure integrated cyberspace security and situational awareness system
CN103413088A (en) Computer document operational safety audit system
CN116132989A (en) Industrial Internet security situation awareness system and method
CN116170143A (en) Intelligent community data safe transmission, storage and fusion use system based on national encryption algorithm
CN117040741A (en) Method and device for safely transmitting data based on FTTR networking mode
CN117313122A (en) Data sharing and exchanging management system based on block chain
CN117081815A (en) Method, device, computer equipment and storage medium for data security transmission
US20220038478A1 (en) Confidential method for processing logs of a computer system
Yeh et al. A collaborative DDoS defense platform based on blockchain technology
KR102013415B1 (en) System and method for verifying integrity of personal information
Feng et al. Autonomous vehicles' forensics in smart cities
CN117201131A (en) Safety management platform for informationized data transmission
CN116684875A (en) Communication security authentication method for electric power 5G network slice
Guo et al. Research on the application risk of computer network security technology
CN116702188A (en) Management and control platform data management method and system
Sekhar et al. Access control for cloud forensics through secure logging services
CN113037611A (en) Mobile safety instant communication method based on multiple public IM channels
Zhao Development of Electric Power Information Communication in the Era of Big Data
CN117592041B (en) Data safety protection system
Stathopoulos et al. Secure log management for privacy assurance in electronic communications
CN112305986B (en) PLC protection system, method and medium based on verification separation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination