CN116980138A - Online transaction security system - Google Patents

Online transaction security system Download PDF

Info

Publication number
CN116980138A
CN116980138A CN202311001893.7A CN202311001893A CN116980138A CN 116980138 A CN116980138 A CN 116980138A CN 202311001893 A CN202311001893 A CN 202311001893A CN 116980138 A CN116980138 A CN 116980138A
Authority
CN
China
Prior art keywords
unit
encrypted data
data block
data blocks
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311001893.7A
Other languages
Chinese (zh)
Inventor
张朋朋
张勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Union One Information Technology Beijing Co ltd
Original Assignee
Union One Information Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Union One Information Technology Beijing Co ltd filed Critical Union One Information Technology Beijing Co ltd
Priority to CN202311001893.7A priority Critical patent/CN116980138A/en
Publication of CN116980138A publication Critical patent/CN116980138A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the field of data processing, in particular to an online transaction security system, which comprises: the verification module judges whether the user login information is verified successfully or not; the processing module calculates a data block transmission interval of the user to be processed data which is successfully logged in by the receiving module, encrypts a plurality of data blocks and transmits the data blocks; the monitoring module records the actual transmission interval between the encrypted data blocks and the sequence number of the encrypted data packets to judge whether the transmission of each encrypted data block is abnormal, and calculates the actual hash value of each encrypted data block to judge whether the encrypted data block is abnormal; the adjusting module selects a corresponding encryption mode from the abnormal quantity range of the encrypted data blocks in the preset period to encrypt the data blocks in the next preset period. By verifying the user account, monitoring the abnormal condition of the encrypted data block in the transmission process and timely adjusting the encryption mode of the data block, the data information is prevented from being tampered, and the safety of the data information is improved.

Description

Online transaction security system
Technical Field
The invention relates to the field of data processing, in particular to an online transaction security system.
Background
With the advent of the network age, great convenience is brought to the work and life of people, but meanwhile, the problems of personal privacy leakage, phishing and the like are also solved, so that huge losses are caused.
Patent document CN111274583 a discloses a control method of a big data computer network safety protection device, which comprises the following steps: step one, detecting network vulnerability information through a vulnerability detection program; detecting network intrusion information through an intrusion detection program; detecting network virus information through a virus detection program; step two, safety protection is carried out on a computer network through a network safety protection program; step three, encrypting the network data through an encryption program: configuring parameters of a data acquisition unit, acquiring network information data through the data acquisition unit, storing the network information data into a local memory, and extracting characteristics of the acquired network information data; the background terminal sends a key acquisition request to the front-end database server, wherein the key acquisition request comprises feature data to be encrypted; the background terminal generates key data according to the characteristic data to be encrypted, and stores the key data in the data monitoring and early warning system; controlling the network access rights through a rights control program; fifthly, processing network data by concentrating big data resources through a cloud server; alarm notification is carried out through an alarm according to the detected abnormal data; and displaying real-time data of the detected network vulnerability, intrusion information and virus information through a display.
In the prior art, the network data is subjected to characteristic extraction and the characteristic data is subjected to monitoring and early warning to generate the key data, but the key is easy to crack, and the security of the data is low because the key is cracked in the online transaction process.
Disclosure of Invention
Therefore, the invention provides an online transaction security system which can solve the problem of low data security.
To achieve the above object, the present invention provides an online transaction security system, comprising:
the acquisition module is used for acquiring login information of a user;
the verification module is connected with the acquisition module and used for matching a target salt value and a target hash value according to a user identifier in the login information, carrying out hash calculation on a password in the login information and the target salt value to obtain a hash value to be verified, comparing the hash value to be verified with the target hash value to judge whether verification is successful, if verification is successful, the user login is successful, and if verification is failed, the user login is forbidden;
the receiving module is connected with the verification module and used for receiving the data to be processed sent by the user with successful login;
the processing module is connected with the receiving module and used for analyzing the data type of the data to be processed according to a preset keyword library, calculating the number of data blocks of the data to be processed according to the data type and the data size, calculating the data block transmission interval of the data to be processed according to the data type, dividing the data to be processed into a plurality of data blocks according to the number of the data blocks, carrying out hash calculation on the plurality of data blocks to obtain a standard hash value, encrypting the plurality of data blocks and transmitting a plurality of encrypted data blocks according to the data block transmission interval;
The monitoring module is connected with the processing module and is used for receiving the plurality of encrypted data blocks, recording the actual transmission intervals among the encrypted data blocks and the sequence numbers of the encrypted data packets so as to judge whether the transmission of each encrypted data block is abnormal, calculating the actual hash value of each encrypted data block, comparing the actual hash value with the standard hash value of the encrypted data block with abnormal transmission so as to judge whether the encrypted data block is abnormal, after all the encrypted data blocks are received, judging that the transmission of all the encrypted data blocks is normal and judging that all the encrypted data blocks are normal, storing the encrypted data blocks, and stopping receiving the rest encrypted data blocks when the transmission of any encrypted data block is abnormal or any encrypted data block is abnormal;
the adjusting module is connected with the monitoring module and is used for selecting a corresponding encryption mode from the number range of the abnormal encrypted data blocks, in which the number of the abnormal encrypted data blocks is determined by the monitoring module in a preset period, and encrypting the data blocks in the next preset period.
Further, the processing module comprises a statistics unit, a first comparison unit, a selection unit and an adjustment unit, when the processing module calculates the number of data blocks of the data to be processed, the statistics unit counts the number M of matches of preset keywords of the data to be processed of the data type in the preset keyword library, and the first comparison unit compares the number M of matches with a first preset number M1 of matches and a second preset number M2 of matches;
If M is more than M2, the selection unit selects an adjustment coefficient a1, and the adjustment unit adjusts the standard data block quantity W according to the first adjustment coefficient a 1;
if M1 is not less than M2, the selection unit selects an adjustment coefficient a2, and the adjustment unit adjusts the number W of the standard data blocks according to the second non-adjustment coefficient a 2;
if M is smaller than M1, the selection unit selects an adjustment coefficient a3, and the adjustment unit adjusts the standard data block quantity W according to the third adjustment coefficient a 3;
wherein M1 < M2, 1=a3 < a2 < a1 < 1.5.
Further, after the processing module adjusts the standard data block number W, the processing module adjusts the standard data block number W twice according to the data size Q of the data to be processed, and the first comparing unit compares the data size Q with a first preset data size Q1 and a second preset data size Q2;
if Q is more than Q2, the selection unit selects an adjustment coefficient b1, and the adjustment unit performs secondary adjustment on the standard data block number W according to the first coefficient b 1;
if Q1 is less than or equal to Q2, the selection unit selects an adjustment coefficient b2, and the adjustment unit secondarily adjusts the standard data block quantity W according to a second coefficient b 1;
If Q is smaller than Q1, the selection unit selects an adjustment coefficient b3, and the adjustment unit performs secondary adjustment on the standard data block number W according to a third coefficient b 1;
wherein Q1 < Q2, 1=b3 < b2 < b1 < 1.5;
the adjusting unit performs secondary adjustment on the standard data block number W to obtain a data block number W ', and sets W ' =w×ai×bj, where i=1, 2,3, j=1, 2,3, W ' is rounded to an integer.
Further, the processing module further includes a first calculating unit, where when calculating a data block transmission interval of the data to be processed, the adjusting unit adjusts the standard transmission interval t according to a comparison result of the matching number M with the first preset matching number M1 and the second preset matching number M2;
if M > M2, the selecting unit selects an adjustment coefficient c1, and the adjusting unit adjusts the standard transmission interval t according to the adjustment coefficient c1 to obtain a data block transmission interval t ', and sets t' =txc1;
if M1 is not less than M2, the selecting unit selects an adjustment coefficient c2, the adjusting unit adjusts the standard transmission interval t according to the adjustment coefficient c1 to obtain a data block transmission interval t ', and t' =txc2 is set;
if M is less than M1, the adjusting unit does not adjust the standard transmission interval t, and t' =t is set;
Wherein, c1 is more than 0 and c2 is more than 1.
Further, the processing module further comprises a dividing unit, an associating unit, a first storage unit, an encrypting unit, a marking unit and a transmitting unit, wherein when the processing module divides the data to be processed into a plurality of data blocks according to the number of the data blocks, the associating unit and the first storage unit associate and store the user identification of the data to be processed with the number W 'of the data blocks and the transmission interval t' of the data blocks respectively, the dividing unit and the first calculating unit divide the data to be processed into a plurality of data blocks and perform hash calculation on the plurality of data blocks to obtain a standard hash value, the encrypting unit encrypts the plurality of data blocks, the marking unit marks the user identification of each encrypted data block and the sequence number according to the dividing sequence, the associating unit and the first storage unit associate and store the user identification mark, the sequence number and the standard hash value of each encrypted data block, and the transmitting module sequentially transmits the plurality of encrypted data blocks according to the sequence number of the encrypted data blocks at the transmission interval of the data blocks.
Further, the monitoring module comprises a receiving unit, an obtaining unit, a recording unit, a second comparing unit and a judging unit, wherein when the monitoring module records the actual transmission interval of the encrypted data block, the obtaining unit obtains the stored corresponding transmission interval T 'of the data block according to the user identification of the first encrypted data block received by the receiving unit, the recording unit records the actual transmission interval T of every two received encrypted data blocks, and the second comparing unit compares the actual transmission interval T with the transmission interval T' of the data block;
If the actual transmission interval T between the encrypted data blocks is different from the data block transmission interval T', the judging unit judges that the encrypted data block is abnormal in transmission;
and if the actual transmission interval T between the encrypted data blocks is the same as the data block transmission interval T', the judging unit judges that the encrypted data blocks are normally transmitted.
Further, when the judging unit judges whether the transmission of the encrypted data block is normal according to the actual transmission interval, and judges whether the transmission of the encrypted data block is normal according to the sequence number of the encrypted data packet, if the sequence number of the encrypted data block received by the receiving unit is different from the sequence number of the encrypted data packet expected to be received, the judging unit judges that the transmission of the encrypted data block is abnormal, and if the sequence number of the encrypted data block received by the receiving unit is the same as the sequence number of the encrypted data packet expected to be received, the judging unit judges that the transmission of the encrypted data block is normal.
Further, the monitoring module further comprises a second calculating unit, the second calculating unit decrypts each received encrypted data block and performs hash calculation to obtain an actual hash value, the obtaining unit obtains the stored standard hash value according to the user identifier and the sequence number of the encrypted data block, and the second comparing unit compares the actual hash value with the standard hash value;
If the actual hash value is the same as the standard hash value, the judging unit judges that the encrypted data block is normal;
and if the actual hash value is different from the standard hash value, the judging unit judges that the encrypted data block is abnormal.
Further, the monitoring module further includes a second storage unit and a sending unit, when the judging unit judges that the encrypted data blocks are normal, the receiving unit continues to receive the remaining encrypted data blocks transmitted by the processing module, and when the judging unit judges that the transmission of all the encrypted data blocks is normal and judges that all the encrypted data blocks are normal after receiving all the encrypted data blocks, the second storage unit stores all the encrypted data blocks;
when the judging unit judges that the transmission of any encrypted data block is abnormal or any encrypted data block is abnormal, the receiving unit stops receiving the residual encrypted data block transmitted by the transmission unit, and the transmitting unit transmits corresponding preset warning information to a user represented by a corresponding user;
if the receiving unit does not receive the encrypted data block within the preset time Ta when receiving the encrypted data block, stopping receiving the encrypted data block, wherein the preset time Ta is more than 3t'.
Further, when the adjusting module adjusts the encryption mode, the number of the abnormal encrypted data blocks determined by the monitoring module in the preset period is counted, the adjusting module is provided with a number range of a plurality of abnormal encrypted data blocks and a corresponding encryption mode, and the data blocks in the next preset period are adjusted to be encrypted according to the number range of the abnormal encrypted data blocks where the abnormal encrypted data blocks are located.
Compared with the prior art, the method has the advantages that the verification module calculates the hash value to be verified after adding the salt according to the login password of the registered user and compares the hash value with the stored target hash value during registration to judge whether the user is safe or not, and the security of the user account is improved because the salt adding and the hash calculation are difficult to crack; the processing module calculates the number of data blocks and the transmission interval of the data blocks according to the data information to be processed so as to divide the data blocks to be processed, carries out standard hash value calculation on each data block, then carries out segmented transmission on the encrypted data blocks, the monitoring module judges whether each encrypted data block is abnormal according to the actual transmission interval of the data blocks of each encrypted data block, judges whether the encrypted data block is abnormal according to the calculated actual hash value, stops receiving the encrypted data blocks after transmitting the abnormal encrypted data blocks or the encrypted data blocks, stops transmitting the encrypted data blocks in time when the encrypted data blocks are tampered with the data blocks during transmission, and finally the adjusting module selects a corresponding encryption mode according to the number of the abnormal encrypted data blocks in a preset period to adjust the encryption mode of the next period so as to realize encryption of the data blocks in multiple encryption modes.
In particular, the first comparison unit in the processing module compares the matching number M with the first preset matching number M1 and the second preset matching number M2, so that the selection unit selects a corresponding adjustment coefficient according to the comparison result to enable the adjustment unit to adjust the standard data block number W, and the data block number divided by the data to be processed is adjusted according to specific conditions, so that the data block number is more accurate.
In particular, the first comparison unit in the processing module compares the data size Q with the first preset data size Q1 and the second preset data size Q2, so that the selection unit selects the corresponding adjustment coefficient according to the comparison result to enable the adjustment unit to perform secondary adjustment on the standard data block number W, and the data block number divided by the data to be processed is more accurate.
In particular, the selection unit selects the adjustment coefficient according to the comparison result of the matching number M, the first preset matching number M1 and the second preset matching number M2 so as to enable the adjustment unit to adjust the standard transmission interval t, and the transmission interval of the encrypted data block is more accurate.
In particular, the association unit and the first storage unit are used for respectively associating and storing the user identification of the data to be processed with the number W 'of the data blocks and the transmission interval t' of the data blocks so as to be convenient for comparing the calculated number W 'of the data blocks and the transmission interval t' of the data blocks with the actual monitoring result according to the user identification of the data blocks during monitoring, the division unit and the first calculation unit are used for dividing the data to be processed into a plurality of data blocks and carrying out hash calculation to obtain a standard hash value so as to be convenient for comparing and judging whether the data blocks are abnormal or not according to the standard hash value and the monitoring result, and meanwhile encrypting each data block so that the data blocks are safer.
In particular, whether the transmission of the encrypted data block is normal is judged through the sequence number of the encrypted data packet, so that the transmission of the encrypted data block is stopped in time when the encrypted data block is attacked during transmission to cause the transmission of the data block to be disordered, and the safety of data information is improved.
And in particular, the second calculation unit decrypts the received encrypted data block and performs hash calculation to obtain an actual hash value, so that the second comparison unit can conveniently compare the actual hash value with the stored corresponding standard hash value and judge whether the encrypted data block is abnormal, namely, judge whether the encrypted data block is tampered or not and stop transmission of the encrypted data block in time, thereby improving the safety of data information.
In particular, the adjusting module selects a corresponding encryption mode according to the number of the abnormal encrypted data blocks in the preset period to adjust the encryption mode of the next period, so that the data are encrypted in multiple encryption modes, the data information is prevented from being tampered, and the safety of the data information is improved.
Drawings
FIG. 1 is a schematic diagram of a processing module of an online transaction security system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an online transaction security system according to an embodiment of the present invention;
Fig. 3 is a schematic structural diagram of a monitoring module of an online transaction security system according to an embodiment of the present invention.
Detailed Description
In order that the objects and advantages of the invention will become more apparent, the invention will be further described with reference to the following examples; it should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are merely for explaining the technical principles of the present invention, and are not intended to limit the scope of the present invention.
It should be noted that, in the description of the present invention, terms such as "upper," "lower," "left," "right," "inner," "outer," and the like indicate directions or positional relationships based on the directions or positional relationships shown in the drawings, which are merely for convenience of description, and do not indicate or imply that the apparatus or elements must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention.
Furthermore, it should be noted that, in the description of the present invention, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention can be understood by those skilled in the art according to the specific circumstances.
Referring to fig. 1, an online transaction security system provided in an embodiment of the present invention includes:
an acquisition module 10, configured to acquire login information of a user;
the verification module 20 is connected with the acquisition module, and is used for matching a target salt value and a target hash value according to a user identifier in the login information, carrying out hash calculation on a password in the login information and the target salt value to obtain a hash value to be verified, comparing the hash value to be verified with the target hash value to judge whether verification is successful, if verification is successful, the user login is successful, and if verification is failed, the user login is forbidden;
the receiving module 30 is connected with the verification module and is used for receiving the data to be processed sent by the user with successful login;
the processing module 40 is connected with the receiving module and is used for analyzing the data type of the data to be processed according to a preset keyword library, calculating the number of data blocks of the data to be processed according to the data type and the data size, calculating the data block transmission interval of the data to be processed according to the data type, dividing the data to be processed into a plurality of data blocks according to the number of the data blocks, carrying out hash calculation on the data blocks to obtain a standard hash value, encrypting the data blocks and transmitting the encrypted data blocks according to the data block transmission interval;
A monitoring module 50, connected to the processing module, for receiving the several encrypted data blocks and recording an actual transmission interval between the encrypted data blocks and a sequence number of the encrypted data packet to determine whether transmission of each encrypted data block is abnormal, and calculating an actual hash value of each encrypted data block, comparing the actual hash value with a standard hash value of the encrypted data block transmitting the abnormality to determine whether the encrypted data block is abnormal, after all the encrypted data blocks are received, determining that transmission of all the encrypted data blocks is normal and determining that all the encrypted data blocks are normal, storing the encrypted data blocks, and stopping receiving the remaining encrypted data blocks when transmission abnormality of any encrypted data block or abnormality of any encrypted data block is determined;
and the adjusting module 60 is connected with the monitoring module and is used for selecting a corresponding encryption mode from the number range of the abnormal encrypted data blocks, in which the number of the abnormal encrypted data blocks is judged to be in the preset period by the monitoring module, and encrypting the data blocks in the next preset period.
Specifically, the application verifies and monitors registered users during login and data storage, the users perform salification and hash calculation on passwords of the registered users during login, the calculated target hash value and target salification value are stored, when the users log in again, the target salification value is only needed to be added into the passwords input during user login according to the stored target salification value matched with the user identification, hash calculation is performed again to obtain a hash value to be verified, the hash value to be verified is compared with the stored corresponding target hash value, if the two hash values are consistent, verification is successful, namely the users log in successfully, if the two hash values are inconsistent, verification is failed, the users are unsafe, and login of the users is forbidden; the target salt adding value is a character string which is randomly generated according to the user representation, the position for adding the random character string into the password can be set by itself, and the adding position can be set by itself according to the digit of the password.
Specifically, according to the embodiment of the invention, the verification module calculates the hash value to be verified after adding the salt according to the registered password of the registered user and compares the hash value with the stored target hash value during registration to judge whether the user is safe or not, and the security of the user account is improved because the salt and hash calculation are difficult to crack; the processing module calculates the number of data blocks and the transmission interval of the data blocks according to the data information to be processed so as to divide the data blocks to be processed, carries out standard hash value calculation on each data block, then carries out segmented transmission on the encrypted data blocks, the monitoring module judges whether each encrypted data block is abnormal according to the actual transmission interval of the data blocks of each encrypted data block, judges whether the encrypted data block is abnormal according to the calculated actual hash value, stops receiving the encrypted data blocks after transmitting the abnormal encrypted data blocks or the encrypted data blocks, stops transmitting the encrypted data blocks in time when the encrypted data blocks are tampered with the data blocks during transmission, and finally the adjusting module selects a corresponding encryption mode according to the number of the abnormal encrypted data blocks in a preset period to adjust the encryption mode of the next period so as to realize encryption of the data blocks in multiple encryption modes.
Referring to fig. 2, the processing module 40 includes a statistics unit 401, a first comparison unit 402, a selection unit 403, and an adjustment unit 404, where the statistics unit counts a matching number M of preset keywords in the preset keyword library for the data to be processed of the data type when the processing module calculates the number of data blocks of the data to be processed, and the first comparison unit compares the matching number M with a first preset matching number M1 and a second preset matching number M2;
if M is more than M2, the selection unit selects an adjustment coefficient a1, and the adjustment unit adjusts the standard data block quantity W according to the first adjustment coefficient a 1;
if M1 is not less than M2, the selection unit selects an adjustment coefficient a2, and the adjustment unit adjusts the number W of the standard data blocks according to the second non-adjustment coefficient a 2;
if M is smaller than M1, the selection unit selects an adjustment coefficient a3, and the adjustment unit adjusts the standard data block quantity W according to the third adjustment coefficient a 3;
wherein M1 < M2, 1=a3 < a2 < a1 < 1.5.
Specifically, the first preset number of matches is 1/3×max (Mi), and the second preset number of matches is 1/2×max (Mi).
Where Mi represents the set of numbers that occur during each keyword match in the history data.
Specifically, in the embodiment of the invention, the first comparison unit in the processing module compares the matching number M with the first preset matching number M1 and the second preset matching number M2, so that the selection unit selects the corresponding adjustment coefficient according to the comparison result to adjust the standard data block number W by the adjustment unit, and the data block number divided by the data to be processed is adjusted according to specific conditions, so that the data block number is more accurate.
Specifically, after the processing module adjusts the standard data block number W, the processing module adjusts the standard data block number W twice according to the data size Q of the data to be processed, and the first comparing unit compares the data size Q with a first preset data size Q1 and a second preset data size Q2;
if Q is more than Q2, the selection unit selects an adjustment coefficient b1, and the adjustment unit performs secondary adjustment on the standard data block number W according to the first coefficient b 1;
if Q1 is less than or equal to Q2, the selection unit selects an adjustment coefficient b2, and the adjustment unit secondarily adjusts the standard data block quantity W according to a second coefficient b 1;
if Q is smaller than Q1, the selection unit selects an adjustment coefficient b3, and the adjustment unit performs secondary adjustment on the standard data block number W according to a third coefficient b 1;
Wherein Q1 < Q2, 1=b3 < b2 < b1 < 1.5;
the adjusting unit performs secondary adjustment on the standard data block number W to obtain a data block number W ', and sets W ' =w×ai×bj, where i=1, 2,3, j=1, 2,3, W ' is rounded to an integer.
Specifically, the first preset data size Q1 is 1/5×1/n×Σqi, the second preset data size Q2 is 4/5×1/n×Σqi, where qi represents the data size of a data block arbitrarily generated in the history data, and n is the number of data blocks generated in the history data.
Specifically, in the embodiment of the invention, the first comparison unit in the processing module compares the data size Q with the first preset data size Q1 and the second preset data size Q2, so that the selection unit selects the corresponding adjustment coefficient according to the comparison result to enable the adjustment unit to perform secondary adjustment on the standard data block number W, and the number of data blocks divided by the data to be processed is more accurate.
Specifically, the processing module further includes a first calculating unit 405, where when calculating a data block transmission interval of the data to be processed, the adjusting unit adjusts the standard transmission interval t according to a comparison result of the matching number M with the first preset matching number M1 and the second preset matching number M2;
If M > M2, the selecting unit selects an adjustment coefficient c1, and the adjusting unit adjusts the standard transmission interval t according to the adjustment coefficient c1 to obtain a data block transmission interval t ', and sets t' =txc1;
if M1 is not less than M2, the selecting unit selects an adjustment coefficient c2, the adjusting unit adjusts the standard transmission interval t according to the adjustment coefficient c1 to obtain a data block transmission interval t ', and t' =txc2 is set;
if M is less than M1, the adjusting unit does not adjust the standard transmission interval t, and t' =t is set;
wherein, c1 is more than 0 and c2 is more than 1.
Specifically, according to the embodiment of the invention, the selection unit selects the adjustment coefficient according to the comparison result of the matching number M, the first preset matching number M1 and the second preset matching number M2 so that the adjustment unit adjusts the standard transmission interval t, and the transmission interval of the encrypted data block is more accurate.
Specifically, the processing module further includes a dividing unit 406, an associating unit 407, a first storage unit 408, an encrypting unit 409, a marking unit 410 and a transmitting unit 411, where when the processing module divides the data to be processed into a plurality of data blocks according to the number of data blocks, the associating unit and the first storage unit associate and store the user identifier of the data to be processed with the number W 'of data blocks and the transmission interval t' of the data blocks, respectively, the dividing unit and the first calculating unit divide the data to be processed into a plurality of data blocks and hash the plurality of data blocks to obtain a standard hash value, the encrypting unit encrypts the plurality of data blocks, the marking unit marks the user identifier and the sequence number of each encrypted data block in the dividing order, the associating unit and the first storage unit associate and store the user identifier, the sequence number and the standard hash value of each encrypted data block, and the transmitting module sequentially transmits the plurality of encrypted data blocks in the transmission interval of the data blocks according to the sequence number of encrypted data blocks.
Specifically, the embodiment of the invention respectively correlates and stores the user identification of the data to be processed with the number W 'of the data blocks and the transmission interval t' of the data blocks through the correlation unit and the first storage unit, so that the calculated number W 'of the data blocks and the transmission interval t' of the data blocks are conveniently obtained and compared with the actual monitoring result according to the user identification of the data blocks during the monitoring, the division unit and the first calculation unit divide the data to be processed into a plurality of data blocks and carry out hash calculation to obtain a standard hash value, so that whether the data blocks are abnormal or not is conveniently compared and judged according to the standard hash value and the monitoring result, and meanwhile, each data block is encrypted, so that the data blocks are safer.
Referring to fig. 3, the monitoring module includes a receiving unit 151, an obtaining unit 152, a recording unit 153, a second comparing unit 154 and a judging unit 155, where when the monitoring module records an actual transmission interval of an encrypted data block, the obtaining unit obtains a stored corresponding and data block transmission interval T 'according to a user identifier of a first encrypted data block received by the receiving unit, the recording unit records an actual transmission interval T of each two received encrypted data blocks, and the second comparing unit compares the actual transmission interval T with the data block transmission interval T';
If the actual transmission interval T between the encrypted data blocks is different from the data block transmission interval T', the judging unit judges that the encrypted data block is abnormal in transmission;
and if the actual transmission interval T between the encrypted data blocks is the same as the data block transmission interval T', the judging unit judges that the encrypted data blocks are normally transmitted.
Specifically, the embodiment of the invention compares the actual transmission interval T of every two received encrypted data blocks with the data block transmission interval T' through the second comparison unit to judge whether the transmission of the encrypted data blocks is abnormal, so that the transmission of the encrypted data blocks can be stopped in time when the encrypted data blocks are tampered during transmission, and the safety of data information is improved.
Specifically, when the judging unit judges whether the transmission of the encrypted data block is normal according to the actual transmission interval, and judges whether the transmission of the encrypted data block is normal according to the sequence number of the encrypted data packet, if the sequence number of the encrypted data block received by the receiving unit is different from the sequence number of the encrypted data packet expected to be received, the judging unit judges that the transmission of the encrypted data block is abnormal, and if the sequence number of the encrypted data block received by the receiving unit is the same as the sequence number of the encrypted data packet expected to be received, the judging unit judges that the transmission of the encrypted data block is normal.
Specifically, the embodiment of the invention judges whether the transmission of the encrypted data block is normal or not through the sequence number of the encrypted data packet, so that the transmission of the encrypted data block is stopped in time when the encrypted data block is disturbed by attack during transmission, and the safety of data information is improved.
Specifically, the monitoring module further includes a second calculating unit 156, where the second calculating unit decrypts each received encrypted data block and performs hash calculation to obtain an actual hash value, the obtaining unit obtains the stored standard hash value according to the user identifier and the sequence number of the encrypted data block, and the second comparing unit compares the actual hash value with the standard hash value;
if the actual hash value is the same as the standard hash value, the judging unit judges that the encrypted data block is normal;
and if the actual hash value is different from the standard hash value, the judging unit judges that the encrypted data block is abnormal.
Specifically, in the embodiment of the invention, the received encrypted data block is decrypted by the second computing unit and the hash calculation is performed to obtain the actual hash value, so that the second comparing unit can conveniently compare the actual hash value with the stored corresponding standard hash value and judge whether the encrypted data block is abnormal, namely judge whether the encrypted data block is tampered or not and stop transmission of the encrypted data block in time, thereby improving the safety of data information.
Specifically, the monitoring module further includes a second storage unit 157 and a sending unit 158, where when the judging unit judges that the encrypted data blocks are normal, the receiving unit continues to receive the remaining encrypted data blocks transmitted by the processing module, and when the judging unit judges that the transmission of all the encrypted data blocks is normal and judges that all the encrypted data blocks are normal after receiving all the encrypted data blocks, the second storage unit stores all the encrypted data blocks;
when the judging unit judges that the transmission of any encrypted data block is abnormal or any encrypted data block is abnormal, the receiving unit stops receiving the residual encrypted data block transmitted by the transmission unit, and the transmitting unit transmits corresponding preset warning information to a user represented by a corresponding user;
if the receiving unit does not receive the encrypted data block within the preset time Ta when receiving the encrypted data block, stopping receiving the encrypted data block, wherein the preset time Ta is more than 3t'.
Specifically, when the adjusting module adjusts the encryption mode, the number of the abnormal encrypted data blocks determined by the monitoring module in a preset period is counted, the adjusting module is provided with a number range of a plurality of abnormal encrypted data blocks and a corresponding encryption mode, and the data blocks in the next preset period are adjusted to be encrypted according to the number range of the abnormal encrypted data blocks where the abnormal encrypted data blocks are located.
Specifically, the encryption mode can be a combination of multiple encryption modes, and specific encryption modes and combination rules can be set according to the needs.
Specifically, according to the embodiment of the invention, the adjusting module selects the corresponding encryption mode according to the number of the abnormal encrypted data blocks in the preset period to adjust the encryption mode of the next period, so that the data are encrypted in a plurality of encryption modes, the data information is prevented from being tampered, and the safety of the data information is improved.
Thus far, the technical solution of the present invention has been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of protection of the present invention is not limited to these specific embodiments. Equivalent modifications and substitutions for related technical features may be made by those skilled in the art without departing from the principles of the present invention, and such modifications and substitutions will be within the scope of the present invention.
The foregoing description is only of the preferred embodiments of the invention and is not intended to limit the invention; various modifications and variations of the present invention will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. An online transaction security system, comprising:
the acquisition module is used for acquiring login information of a user;
the verification module is connected with the acquisition module and used for matching a target salt value and a target hash value according to a user identifier in the login information, carrying out hash calculation on a password in the login information and the target salt value to obtain a hash value to be verified, comparing the hash value to be verified with the target hash value to judge whether verification is successful, if verification is successful, the user login is successful, and if verification is failed, the user login is forbidden;
the receiving module is connected with the verification module and used for receiving the data to be processed sent by the user with successful login;
the processing module is connected with the receiving module and used for analyzing the data type of the data to be processed according to a preset keyword library, calculating the number of data blocks of the data to be processed according to the data type and the data size, calculating the data block transmission interval of the data to be processed according to the data type, dividing the data to be processed into a plurality of data blocks according to the number of the data blocks, carrying out hash calculation on the plurality of data blocks to obtain a standard hash value, encrypting the plurality of data blocks and transmitting a plurality of encrypted data blocks according to the data block transmission interval;
The monitoring module is connected with the processing module and is used for receiving the plurality of encrypted data blocks, recording the actual transmission intervals among the encrypted data blocks and the sequence numbers of the encrypted data packets so as to judge whether the transmission of each encrypted data block is abnormal, calculating the actual hash value of each encrypted data block, comparing the actual hash value with the standard hash value of the encrypted data block with abnormal transmission so as to judge whether the encrypted data block is abnormal, after all the encrypted data blocks are received, judging that the transmission of all the encrypted data blocks is normal and judging that all the encrypted data blocks are normal, storing the encrypted data blocks, and stopping receiving the rest encrypted data blocks when the transmission of any encrypted data block is abnormal or any encrypted data block is abnormal;
the adjusting module is connected with the monitoring module and is used for selecting a corresponding encryption mode from the number range of the abnormal encrypted data blocks, in which the number of the abnormal encrypted data blocks is determined by the monitoring module in a preset period, and encrypting the data blocks in the next preset period.
2. The online transaction security system according to claim 1, wherein the processing module includes a statistics unit, a first comparison unit, a selection unit and an adjustment unit, the statistics unit counts a matching number M of preset keywords in the preset keyword library for the data to be processed of the data type when the processing module calculates the number of data blocks of the data to be processed, and the first comparison unit compares the matching number M with a first preset matching number M1 and a second preset matching number M2;
If M is more than M2, the selection unit selects an adjustment coefficient a1, and the adjustment unit adjusts the standard data block quantity W according to the first adjustment coefficient a 1;
if M1 is not less than M2, the selection unit selects an adjustment coefficient a2, and the adjustment unit adjusts the number W of the standard data blocks according to the second non-adjustment coefficient a 2;
if M is smaller than M1, the selection unit selects an adjustment coefficient a3, and the adjustment unit adjusts the standard data block quantity W according to the third adjustment coefficient a 3;
wherein M1 < M2, 1=a3 < a2 < a1 < 1.5.
3. The online transaction security system according to claim 2, wherein the processing module, after adjusting the standard data block number W, adjusts the standard data block number W twice according to the data size Q of the data to be processed, and the first comparing unit compares the data size Q with a first preset data size Q1 and a second preset data size Q2;
if Q is more than Q2, the selection unit selects an adjustment coefficient b1, and the adjustment unit performs secondary adjustment on the standard data block number W according to the first coefficient b 1;
if Q1 is less than or equal to Q2, the selection unit selects an adjustment coefficient b2, and the adjustment unit secondarily adjusts the standard data block quantity W according to a second coefficient b 1;
If Q is smaller than Q1, the selection unit selects an adjustment coefficient b3, and the adjustment unit performs secondary adjustment on the standard data block number W according to a third coefficient b 1;
wherein Q1 < Q2, 1=b3 < b2 < b1 < 1.5;
the adjusting unit performs secondary adjustment on the standard data block number W to obtain a data block number W ', and sets W ' =w×ai×bj, where i=1, 2,3, j=1, 2,3, W ' is rounded to an integer.
4. The online transaction security system according to claim 3, wherein the processing module further comprises a first calculation unit, and the adjustment unit adjusts the standard transmission interval t according to a comparison result of the matching number M with the first preset matching number M1 and the second preset matching number M2 when calculating the data block transmission interval of the data to be processed;
if M > M2, the selecting unit selects an adjustment coefficient c1, and the adjusting unit adjusts the standard transmission interval t according to the adjustment coefficient c1 to obtain a data block transmission interval t ', and sets t' =txc1;
if M1 is not less than M2, the selecting unit selects an adjustment coefficient c2, the adjusting unit adjusts the standard transmission interval t according to the adjustment coefficient c1 to obtain a data block transmission interval t ', and t' =txc2 is set;
If M is less than M1, the adjusting unit does not adjust the standard transmission interval t, and t' =t is set;
wherein, c1 is more than 0 and c2 is more than 1.
5. The online transaction security system according to claim 4, wherein the processing module further comprises a dividing unit, an associating unit, a first storing unit, an encrypting unit, a marking unit and a transmitting unit, wherein the associating unit and the first storing unit associate and store the user identification of the data to be processed with the number W 'of data blocks and the transmission interval t' of the data blocks, respectively, when the data to be processed is divided into a plurality of data blocks according to the number of data blocks, the dividing unit and the first calculating unit divide the data to be processed into a plurality of data blocks and hash the plurality of data blocks to obtain a standard hash value, the encrypting unit encrypts the plurality of data blocks, the marking unit marks the user identification of each encrypted data block and the sequence number in the dividing order, the associating unit and the first storing unit associate and store the user identification mark, the sequence number and the standard hash value of each encrypted data block, and the transmitting module sequentially transmits the plurality of encrypted data blocks at the transmission interval of the data blocks according to the sequence number of encrypted data blocks.
6. The online transaction security system of claim 5, wherein the monitoring module includes a receiving unit, an acquiring unit, a recording unit, a second comparing unit and a judging unit, the acquiring unit acquires the stored corresponding and data block transmission intervals T 'according to the user identification of the first encrypted data block received by the receiving unit when the monitoring module records the actual transmission interval of the encrypted data block, the recording unit records the actual transmission interval T of each two received encrypted data blocks, and the second comparing unit compares the actual transmission interval T with the data block transmission interval T';
if the actual transmission interval T between the encrypted data blocks is different from the data block transmission interval T', the judging unit judges that the encrypted data block is abnormal in transmission;
and if the actual transmission interval T between the encrypted data blocks is the same as the data block transmission interval T', the judging unit judges that the encrypted data blocks are normally transmitted.
7. The online transaction security system according to claim 6, wherein the judging unit judges whether the transmission of the encrypted data block is normal or not based on an actual transmission interval, and judges whether the transmission of the encrypted data block is normal or not based on a sequence number of an encrypted data packet, if the sequence number of the encrypted data block received by the receiving unit is different from the sequence number of the encrypted data packet expected to be received, the judging unit judges that the transmission of the encrypted data block is abnormal, and if the sequence number of the encrypted data block received by the receiving unit is the same as the sequence number of the encrypted data packet expected to be received, the judging unit judges that the transmission of the encrypted data block is normal.
8. The online transaction security system of claim 7, wherein the monitoring module further comprises a second computing unit that decrypts each received encrypted data block and performs a hash calculation to obtain an actual hash value, the obtaining unit obtains the stored standard hash value according to the user identification and the sequence number of the encrypted data block, and the second comparing unit compares the actual hash value with the standard hash value;
if the actual hash value is the same as the standard hash value, the judging unit judges that the encrypted data block is normal;
and if the actual hash value is different from the standard hash value, the judging unit judges that the encrypted data block is abnormal.
9. The online transaction security system of claim 8, wherein the monitoring module further comprises a second storage unit and a transmitting unit, the judging unit continues to receive the remaining encrypted data blocks transmitted by the processing module when the judging unit judges that the encrypted data blocks are normal, and the second storage unit stores all the encrypted data blocks when the judging unit judges that the transmission of all the encrypted data blocks is normal and judges that all the encrypted data blocks are normal after receiving all the encrypted data blocks;
When the judging unit judges that the transmission of any encrypted data block is abnormal or any encrypted data block is abnormal, the receiving unit stops receiving the residual encrypted data block transmitted by the transmission unit, and the transmitting unit transmits corresponding preset warning information to a user represented by a corresponding user;
if the receiving unit does not receive the encrypted data block within the preset time Ta when receiving the encrypted data block, stopping receiving the encrypted data block, wherein the preset time Ta is more than 3t'.
10. The online transaction security system according to claim 9, wherein the adjustment module counts the number of encrypted data block anomalies determined by the monitoring module in a preset period when adjusting the encryption mode, the adjustment module is provided with a number of encrypted data block anomalies and a corresponding encryption mode, and adjusts the data blocks in the next preset period to be encrypted according to the number of encrypted data block anomalies in the number of encrypted data block anomalies.
CN202311001893.7A 2023-08-09 2023-08-09 Online transaction security system Pending CN116980138A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311001893.7A CN116980138A (en) 2023-08-09 2023-08-09 Online transaction security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311001893.7A CN116980138A (en) 2023-08-09 2023-08-09 Online transaction security system

Publications (1)

Publication Number Publication Date
CN116980138A true CN116980138A (en) 2023-10-31

Family

ID=88484851

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311001893.7A Pending CN116980138A (en) 2023-08-09 2023-08-09 Online transaction security system

Country Status (1)

Country Link
CN (1) CN116980138A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117828649A (en) * 2024-03-06 2024-04-05 天津帕克耐科技有限公司 Micro data center system
CN118157866A (en) * 2024-01-31 2024-06-07 新汽有限公司 Data security verification method based on cloud computing

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118157866A (en) * 2024-01-31 2024-06-07 新汽有限公司 Data security verification method based on cloud computing
CN117828649A (en) * 2024-03-06 2024-04-05 天津帕克耐科技有限公司 Micro data center system
CN117828649B (en) * 2024-03-06 2024-05-28 天津帕克耐科技有限公司 Micro data center system

Similar Documents

Publication Publication Date Title
CN116980138A (en) Online transaction security system
DK2454699T3 (en) A method for detecting the use of a cloned server communicating with a user unit
CN108737110B (en) Data encryption transmission method and device for preventing replay attack
US11323883B2 (en) Pattern driven selective sensor authentication for internet of things
CN112688972B (en) Method and system for protecting account security
CN118018333B (en) Network port lock unlocking control method, system, equipment and storage medium
CN112581233A (en) Method, device, equipment and computer-readable storage medium for order offline operation
CN116132989A (en) Industrial Internet security situation awareness system and method
CN110247911B (en) Flow abnormity detection method and system
CN105577706A (en) Network safety defense system and method thereof
CN113225180A (en) Method and system for protecting communication key
CN110830507B (en) Resource access method, device, electronic equipment and system
CN112422527A (en) Safety protection system, method and device of transformer substation electric power monitoring system
CN113949591B (en) Data encryption protection method and system based on block chain
CN115865491A (en) Data security alarm supervision method for intelligent self-adaptive routing inspection of cloud computing
CN116112234A (en) Electronic signing security verification method, system, medium and equipment
CN117240510B (en) SDP client secure authentication system
CN118200058B (en) Multi-factor authentication method and system based on physical isolation channel
CN117336025B (en) Internet identity authentication service continuity guarantee system
CN118264485B (en) Data safety protection method and system for intelligent network-connected automobile
CN110996321B (en) eSIM card authentication method
CN115829186B (en) ERP management method based on artificial intelligence and data processing AI system
KR101112169B1 (en) Scada apparatus, control command authenticating apparatus capable of authenticating control command and method for authenticating control command in scada system
CN118381648A (en) Cross-browser fusion encryption system based on data security
CN117240510A (en) SDP client secure authentication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination