CN117614607B - Information security transmission system and method based on block chain - Google Patents

Information security transmission system and method based on block chain Download PDF

Info

Publication number
CN117614607B
CN117614607B CN202410075586.1A CN202410075586A CN117614607B CN 117614607 B CN117614607 B CN 117614607B CN 202410075586 A CN202410075586 A CN 202410075586A CN 117614607 B CN117614607 B CN 117614607B
Authority
CN
China
Prior art keywords
block
data
data information
information
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410075586.1A
Other languages
Chinese (zh)
Other versions
CN117614607A (en
Inventor
张云仲
李春桃
邱雪峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Haihai Dahe Technology Co ltd
Original Assignee
Shenzhen Haihai Dahe Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Haihai Dahe Technology Co ltd filed Critical Shenzhen Haihai Dahe Technology Co ltd
Priority to CN202410075586.1A priority Critical patent/CN117614607B/en
Publication of CN117614607A publication Critical patent/CN117614607A/en
Application granted granted Critical
Publication of CN117614607B publication Critical patent/CN117614607B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a block chain-based information security transmission system and a block chain-based information security transmission method, which relate to the technical field of information security transmission and comprise an encryption center, wherein the encryption center is in communication connection with a data acquisition module, a data processing module, a block verification module and a digital signature module; the data acquisition module is used for acquiring data information conforming to the size of the block communication capacity, distributing different port numbers to the data information through the data processing module, carrying out security verification on the data information carrying the port numbers, generating block nodes through the data information of the security verification, summarizing the block nodes into block chains and uploading the block chains to a common block chain, carrying out block integrity verification, node integrity verification and block security verification on the block chains of the uplink by the block verification module, generating legal block chains and illegal block chains according to verification results, dynamically encrypting the legal block chains by the digital signature module to generate a digital signature sequence, and establishing corresponding transmission channels to transmit the data information.

Description

Information security transmission system and method based on block chain
Technical Field
The invention relates to the technical field of information security transmission, in particular to an information security transmission system and method based on a block chain.
Background
With the rapid development of the internet, information transmission has become an indispensable part in daily life and business activities, however, the conventional information transmission mode has the problem of insufficient security, is easily threatened by hacking and data tampering, brings potential risks to personal privacy and business confidentiality, and can acquire a large amount of data which does not meet the requirements in the information acquisition stage, while the blockchain technology has the characteristics of decentralization, transparency, safety and credibility, and the business mode and the transaction mode of each industry are changed.
For the traditional information transmission system, the data acquisition is not targeted, and various information security problems are faced in the data storage and data transmission processes, such as cracking of data information by the outside, interference of illegal data on the existing data information and problems caused by data collision in the data transmission, which are all considered.
Disclosure of Invention
In order to solve the above problems, an object of the present invention is to provide a system and method for securely transmitting information based on a blockchain.
The aim of the invention can be achieved by the following technical scheme: the information security transmission system based on the block chain comprises an encryption center, wherein the encryption center is in communication connection with a data acquisition module, a data processing module, a block verification module and a digital signature module;
the data acquisition module is used for acquiring data information conforming to the size of the block communication capacity, acquiring the data information after cutting off the data information capacity not conforming to the size of the block communication capacity, sampling the acquired data information, and performing secondary acquisition when the sampling acquisition does not conform to the preset sampling passing rate;
the data processing module is provided with a registration port unit, an audit information unit and a block chain processing unit;
the registration port unit is used for distributing different port numbers for the acquired data information;
the audit information unit is used for carrying out security verification on the data information carrying the port number;
the block chain processing unit is used for performing block packing on the data information passing through the security verification to generate block nodes, summarizing the block nodes to generate block chains, and uploading the block chains to a common block chain arranged in a cloud;
the block verification module is used for carrying out block integrity verification, node integrity verification and block security verification on the block chain of the uplink and generating legal block chains and illegal block chains according to verification results;
the digital signature module is used for dynamically encrypting data information corresponding to the legal block chain, taking a ciphertext sequence string generated by dynamic encryption as a digital signature sequence of the legal block chain, and establishing a transmission channel for the digital signature sequence to transmit the data information.
Further, the process of collecting the data information which accords with the block communication capacity and collecting the data information which does not accord with the block communication capacity after cutting off the data information capacity which accords with the block communication capacity comprises the following steps:
the data acquisition module is provided with a plurality of data acquisition nodes and numbering, and the data acquisition nodes are provided with a fixed acquisition capacity C Fixing device The data information comprises different data capacities C- j If C Fixing device >C- j Then generate data replenishment capacity C 1 ,C 1 =C Fixing device -C- j
If C Fixing device =C- j Directly apply C- j The corresponding data information is stored in the data acquisition node;
if C Fixing device <C- j Then generate data overflow capacity C 3 ,C 3 =C- j -C Fixing device And acquiring data information corresponding to the data acquisition nodes with the data overflow capacity, performing capacity interception on the data information, and transferring the data information with the capacity intercepted into the data acquisition nodes with the corresponding data supplementing capacity.
Further, the process of sampling the collected data information and performing secondary collection when the sampling does not meet the preset sampling passing rate includes:
setting a fixed sampling interval, acquiring an initial sampling point, acquiring a plurality of other sampling points and data information stored in data acquisition nodes corresponding to the sampling points according to the initial sampling point and the fixed sampling interval, generating k sampling numbers according to the data information, summarizing the k sampling numbers, taking an average value to generate a sampling rate R, and comparing the sampling rate R with a preset sampling passing rate R';
if R is more than or equal to R', the sampling is passed, and secondary collection is not needed;
if R is less than R', acquiring the data information stored in all the acquisition nodes for secondary acquisition; setting an initial sampling frequency, acquiring a value of the increase of the frequency and the increase times to generate a final sampling frequency, and continuing to perform operation of collecting data information by a data collection node under the final sampling frequency, wherein when the sampling rate generated by taking the average value of the collected data information is greater than or equal to a preset sampling passing rate R', stopping secondary collection.
In practice, the "other sampling points" may refer to sampling points other than the initial sampling point.
Further, the process of allocating the port number to the data information includes:
different port numbers are allocated to the data information, the port numbers have corresponding port states, the port states comprise a communication state, a pause state and a limit state, and the different port states have corresponding communication authority functions;
when the port state is a communication state, the corresponding communication authority function is as follows: the data information is transmitted according to a preset transmission speed, and the transmission destination is an audit information unit;
when the port state is in a pause state, the corresponding communication authority function is as follows: establishing a temporary storage space to store data information, analyzing content, removing after detecting that the content comprises illegal data information, and converting a port state into a communication state;
the port state is a limit state, and the corresponding communication authority function is as follows: synchronously acquiring the network speed of transmitting data information, acquiring the bandwidth corresponding to the network speed when the network speed is smaller than or equal to the set stable transmission speed, increasing the bandwidth and transmitting the data information, and reducing the bandwidth when the network speed is larger than the set stable transmission speed.
Further, the process of performing the security verification includes:
traversing to obtain data information carrying port numbers, wherein the security verification comprises IP verification, user name password verification and log file vulnerability scanning verification, the port numbers are associated with access IP addresses, the access IP addresses are compared with the IP in a preset IP list through the IP verification, and corresponding operation is carried out according to the comparison result; the access IP addresses in the IP list are all associated with corresponding user names and passwords thereof, the user names and the passwords of each access IP address are matched with the user names and the passwords stored in the database, and corresponding operation is carried out according to the matching result; obtaining the reading authority of the log file, carrying out vulnerability scanning verification of the log file, dividing the log file into a plurality of log catalogs, traversing the plurality of log catalogs in sequence, scanning to generate different scanning results, and carrying out corresponding operation according to the scanning results.
Further, the process of performing block packing on the data information passing the security verification to generate block nodes, summarizing the block nodes to generate block chains, and uplink the block chains to a common block chain set by a cloud comprises the following steps:
and when the block head searches illegal information, the block body searches irrelevant information and the block tail searches redundancy information, the redundancy amount of the redundancy information is larger than or equal to a set redundancy amount threshold, a document is generated and uploaded to an encryption center, a checking program set by the encryption center removes the illegal information and the irrelevant information, and the redundancy information is removed in a repeated part, and after the redundancy amount is smaller than the redundancy amount threshold, the block chain is uploaded to a common block chain set by a cloud.
Further, the process of performing block integrity verification, node integrity verification and block security verification on the uplink block chain comprises the following steps:
obtaining a block chain at the current time and marking the block chain as a latest block chain, marking the block chains at other times before the current time as historical block chains, wherein the latest block chain is associated with a block head, the block head corresponds to block metadata, and the block metadata comprises a preposed block hash value, a time stamp and block related information; generating a plurality of equal volume data blocks through a hash function according to the time stamp and the block related information, performing shift operation and encryption operation on the equal volume data blocks to generate data block hash values, summarizing the data block hash values of the equal volume data blocks to generate a current block hash value, setting a block integrity ratio, judging the block integrity according to the ratio of the current block hash value to a front block hash value and the block integrity ratio, judging the node integrity according to the node integrity threshold and the data block hash value, setting a block security permission value, comparing the current block hash value with the block security permission value to generate different verification results, and generating legal block chains and illegal block chains according to the verification results.
Further, the process of dynamically encrypting the data information corresponding to the legal blockchain and taking the ciphertext sequence string generated by dynamic encryption as the digital signature sequence of the legal blockchain comprises the following steps:
acquiring data information corresponding to the legal blockchain, setting a data cut-off ratio, cutting off the data information into a first string to be encrypted, a second string to be encrypted and a third string to be encrypted according to the data cut-off ratio in sequence, respectively converting the first string to be encrypted, the second string to be encrypted and the third string to be encrypted into different binary systems, summarizing the different binary systems to generate ciphertext sequence strings, and setting a sequence string reconstruction time T Dynamic movement And carrying out dynamic change on the data cut-off proportion, regenerating a ciphertext sequence string according to the data cut-off proportion after dynamic change, and taking the ciphertext sequence string as a digital signature sequence.
Further, a method for safely transmitting information based on a blockchain is provided, which comprises the following steps:
step S1: collecting data information which accords with the size of the block communication capacity, cutting off the data information capacity which does not accord with the size of the block communication capacity, then collecting, sampling and collecting the collected data information, and carrying out secondary collection when the sampling and collecting do not accord with the preset sampling passing rate;
step S2: distributing different port numbers to the collected data information, carrying out security verification on the data information carrying the port numbers, carrying out block packing on the data information passing the security verification to generate block nodes, summarizing the block nodes to generate block chains, and uploading the block chains to a common block chain arranged in a cloud;
step S3: performing block integrity verification, node integrity verification and block security verification on the block chain of the uplink, and generating legal block chains and illegal block chains according to verification results;
step S4: and dynamically encrypting the data information corresponding to the legal block chain, taking a ciphertext sequence string generated by dynamic encryption as a digital signature sequence of the legal block chain, and establishing a transmission channel for the digital signature sequence to transmit the data information.
Compared with the prior art, the invention has the beneficial effects that: the block chain technology is adopted as the basis of information transmission, the data information meeting the set block communication capacity is directly acquired in the stage of acquiring the data information, the data information exceeding the block communication capacity is acquired after being cut off, the unified data information specification improves the efficiency of subsequent data processing, and the preset sampling passing rate further controls the acquisition of the data information; the data processing module distributes unique and non-repeated digital sequences to the data information through different port numbers, so that the occurrence frequency of data conflict is reduced to a certain extent, the corresponding communication authority function of different port states is endowed, the data transmission is more efficient, the network speed is acquired in real time under the limited port state, and the bandwidth is adjusted according to the relation between the network speed and the stable transmission speed, so that the data transmission is always kept in a stable state; the block verification module sequentially performs block integrity verification, node integrity verification and block security verification on the generated block chain, and divides legal block chain and illegal block chain, so that interference of illegal information on existing data information is effectively reduced, the digital signature module sets an encryption mode that the data interception proportion is dynamically changed according to the sequence string reconstruction time, the possibility of cracking and tampering of the data information by the outside is effectively reduced to a certain extent, confidentiality and authenticity of transmitted information are ensured, and safe transmission of the information is realized.
Drawings
Fig. 1 is a schematic diagram of the present invention.
Detailed Description
As shown in fig. 1, the embodiment provides a blockchain-based information security transmission system, which comprises an encryption center, wherein the encryption center is in communication connection with a data acquisition module, a data processing module, a block verification module and a digital signature module;
the data acquisition module is used for acquiring data information conforming to the size of the block communication capacity, acquiring the data information after cutting off the data information capacity not conforming to the size of the block communication capacity, sampling the acquired data information, and performing secondary acquisition when the sampling acquisition does not conform to the preset sampling passing rate;
the data processing module is provided with a registration port unit, an audit information unit and a block chain processing unit;
the registration port unit is used for distributing different port numbers for the acquired data information;
the audit information unit is used for carrying out security verification on the data information carrying the port number;
the block chain processing unit is used for performing block packing on the data information passing through the security verification to generate block nodes, summarizing the block nodes to generate block chains, and uploading the block chains to a common block chain arranged in a cloud;
the block verification module is used for carrying out block integrity verification, node integrity verification and block security verification on the block chain of the uplink and generating legal block chains and illegal block chains according to verification results;
the digital signature module is used for dynamically encrypting data information corresponding to the legal block chain, taking a ciphertext sequence string generated by dynamic encryption as a digital signature sequence of the legal block chain, and establishing a transmission channel for the digital signature sequence to transmit the data information.
Specifically, the process of collecting data information by the data collecting module comprises the following steps:
the data acquisition module is provided with a plurality of data acquisition nodes, the data acquisition nodes are numbered, i is marked as i, i=1, 2,3, … …, n is greater than or equal to 0, n is a natural number, and the number is used as a unique identity of the data acquisition node;
the data acquisition node is provided with a fixed acquisition capacity and is marked as C Fixing device The data information includes different data capacities, denoted as C- j J=1, 2,3, … …, m, m is not less than 0, and m is a natural number;
the data capacity of the data information to be acquired through the data acquisition node is compared with the fixed acquisition capacity of the data acquisition node for acquisition, and the comparison result is as follows:
if C Fixing device >C- j Acquiring a difference value between the fixed acquisition capacity of the data acquisition node and the data capacity corresponding to the data information, and marking the difference value as a data supplementing capacity as C 1 C is then 1 =C Fixing device -C- j
If C Fixing device =C- j Directly apply C- j The corresponding data information is stored in the data acquisition node;
if C Fixing device <C- j Acquiring a difference value between the fixed acquisition capacity of the data acquisition node and the data capacity corresponding to the data information, marking the difference value as data overflow capacity, and marking the difference value as C 3 C is then 3 =C- j -C Fixing device
It should be noted that, the data supplementing capacity corresponds to that the data collecting node is not fully collected, and the value of the data supplementing capacity is: subtracting the value of the data capacity of the acquired data information from the value of the fixed acquisition capacity of the data acquisition node; the data overflow capacity corresponds to the fact that the data acquisition node cannot meet the current data information acquisition, namely, the data acquisition node cannot acquire the current data information at one time, and the data overflow capacity has the following numerical value: the data capacity value of the data information acquired by the data acquisition node is subtracted by the fixed acquisition capacity value of the data acquisition node.
The fixed acquisition capacity of the data acquisition node is the same as the set block communication capacity in value, the number corresponding to the data acquisition node under the condition of data overflow capacity is acquired, and the data information corresponding to the data overflow capacity is subjected to capacity cutoff;
the data acquisition nodes acquire the data information after the capacity interception, and the fixed acquisition capacity in the data acquisition nodes is equal to the data capacity of the data information after the capacity interception;
when all the data acquisition nodes acquire the data information, marking the acquisition progress as 100%, and continuing sampling and acquiring when the data information is acquired.
In practical application, the data information after capacity interception, namely the data information overflowed from the data acquisition node, can be restored to C after the corresponding number of the data acquisition node is recorded Fixing device >C- j And the data supplementing capacity is larger than or equal to the data overflow capacity of the data acquisition node. In practical application, if there is no data collection node with data supplementing capacity greater than or equal to the data overflow capacity, the data information corresponding to the data overflow capacity can be truncated for multiple times and then transferred to multiple data collection nodes meeting the conditions. Specifically, the sampling and secondary acquisition process comprises the following steps:
setting a fixed sampling interval, marking as X, wherein X is an integer greater than 0, taking a data acquisition node with the number of 1 as an initial sampling point, marking as P, and the other sampling points are respectively P 1 =P+X,P 2 =P 1 +X,……,P Q =P Q-1 The +X and Q are natural numbers, and Q is more than or equal to 1, data information stored in a data acquisition node corresponding to a plurality of sampling points of sampling acquisition is acquired, the data information is converted into a binary character string, the binary character string is converted into a decimal character string, each numerical bit of the decimal character string is accumulated and calculated to generate a sampling number, and the sampling number of the plurality of data information is N 1 、N 2 、N 3 ,……,N k K is a natural number and is greater than 0;
it should be noted that, each numerical value bit after being converted into decimal character string is an integer between 0 and 9;
summarizing k sampling numbers, taking the average value to generate a sampling rate, and recording the sampling rate as R, wherein R= (N) 1 +N 2 +N 3 +,……,+N k )/k;
The data acquisition module is internally provided with a database, a data form is stored in the database, a preset sampling passing rate is stored in the data form and is marked as R', and the sampling rate generated by taking the average value is compared with the sampling passing rate in the data form;
if R is more than or equal to R', the sampling is passed, and secondary collection is not needed;
if R is less than R', acquiring the data information stored in all the acquisition nodes for secondary acquisition;
the secondary acquisition leads the sampling rate to reach the sampling passing rate by increasing the sampling frequency, and the initial sampling frequency is recorded as F Starting from the beginning The value of each increase in the initial sampling frequency is denoted as F, the number of increases is denoted as S, and the final sampling frequency is denoted as F Terminal (A) Then there is F Terminal (A) =S×F+F Starting from the beginning The final sampling frequency is the optimal frequency;
and under the final sampling frequency, continuing to perform the operation of collecting data information by the data collection node, stopping secondary collection when the sampling rate generated by taking the average value of the collected data information is greater than or equal to the preset sampling passing rate, establishing a temporary data transmission space, inputting the data information in the data collection node into the temporary data transmission space, establishing communication connection between the temporary data transmission space and the data processing module, and transmitting the data information to the data processing module.
The data processing module is provided with a registration port unit, an audit information unit and a block chain processing unit;
the registration port unit is used for allocating different port numbers to the data information;
the audit information unit is used for carrying out security verification on the data information carrying the port number;
the block chain processing unit is used for performing block packing on the data information passing through the security verification to generate block nodes, summarizing the block nodes to generate block chains, and uplink the block chains to the set common block chains.
Specifically, the process of allocating the port number to the data information includes:
different port numbers are allocated to the data information, the port numbers are randomly generated by a random function and are unique and non-repeated digital sequences, the port numbers have corresponding port states, and the port states comprise a communication state, a pause state and a limit state;
different port states have corresponding communication authority functions, and the corresponding relation between the port states and the communication authority functions is as follows:
the port state is a communication state, and the corresponding communication authority function is as follows: the data information is transmitted according to a preset transmission speed, and the transmission destination is an audit information unit;
the port state is a pause state, and the corresponding communication authority function is as follows: establishing a temporary storage space for storing data information, analyzing the content of the data information, removing illegal data information after detecting that the content comprises the illegal data information, and converting the port state into a communication state;
the port state is a limit state, and the corresponding communication authority function is as follows: synchronously acquiring the network speed of the transmission data information, acquiring the bandwidth corresponding to the network speed when the network speed is smaller than or equal to the set stable transmission speed, increasing the bandwidth and transmitting the data information, and reducing the bandwidth to reduce the transmission load corresponding to the bandwidth when the network speed is larger than the set stable transmission speed;
it should be noted that, by assigning unique and non-repeated digital sequences to the data information, the frequency of occurrence of data collision is reduced to a certain extent, and corresponding communication authority functions of different port states are given to enable data transmission to be performed more efficiently.
Specifically, the process of performing the security verification includes:
traversing the data information and acquiring the data information carrying the port number, packaging the data information not carrying the port number into a folder, and marking the name of the folder as a folder to be processed;
the security verification comprises IP verification, user name password verification and log file vulnerability scanning verification, and the execution sequence of the IP verification, the user name password verification and the log file vulnerability scanning verification is executed sequentially;
the port number of the data information is associated with an access IP address, the access IP address is compared with the IP in a preset IP list through IP verification, and if the access IP address is in the IP list, user name password verification is directly carried out; if the IP address is not in the IP list, auditing the access IP address, if the access IP address accords with the IP bit number and the IP format set by the IP list, inputting the access IP address into the IP list as a new adding method IP, otherwise, marking the access IP address as an illegal intrusion IP, and prohibiting the access IP address from carrying out user name password verification;
the access IP addresses in the IP list are associated with corresponding user names and passwords thereof, the user names and the passwords of each access IP address are matched with the user names and the passwords stored in the database, if the matching is successful, log files are generated to record data information, and if the matching is failed, the access IP addresses, the corresponding user names and the passwords are included in the set blacklist;
obtaining the reading authority of a log file, carrying out log file vulnerability scanning verification on the log file, dividing the log file into a plurality of log catalogues, sequentially traversing a part of data information stored under each log catalog, scanning the log catalogues to generate two scanning results, namely scanning success and scanning failure;
when scanning is successful, the risk factor coefficient corresponding to the number of the generated log catalogs is marked as G-y, wherein G is a coefficient value of the risk factor coefficient, y is a serial number of the log catalogs, y is [1, + ], y is an integer, and the log catalogs of each serial number are provided with different risk thresholds;
when the risk factor coefficient of the log catalog of the serial number is more than or equal to a corresponding risk threshold value, generating an alarm signal, marking as 'Sign 1', summarizing a plurality of risk factor coefficients to generate a total risk coefficient, and when the total risk coefficient is more than or equal to a set early warning coefficient, generating an early warning signal, marking as 'Sign 2';
and when the scanning fails, continuing to scan for the second time after reaching the preset rescanning time.
Specifically, the process of generating block nodes by block packing, generating block chains by summarizing the block nodes, and uplink the block chains to a common block chain includes:
the block chain processing unit acquires data information passing through security verification, performs block packing on the data information to generate a plurality of block nodes, wherein the block nodes are provided with corresponding block numbers, the block numbers are not repeated and are unique, and the block nodes are sequentially connected according to the sequence from the small block numbers to the large block numbers to generate a block chain;
the cloud end is provided with the common blockchain, the generated blockchain comprises a blockhead, a blockbody and a blocktail, the blockhead, the blockbody and the blocktail are checked in sequence, when the blockhead retrieves illegal information, the blockbody retrieves irrelevant information, the blocktail retrieves redundancy information, the redundancy amount of the redundancy information is greater than or equal to a set redundancy amount threshold, a document is generated from contents contained in the corresponding blockhead, blockbody and blocktail and is uploaded to an encryption center, the illegal information and the irrelevant information are removed by a checking program set by the encryption center, the redundant information is removed in a repeated part, and after the redundancy amount is smaller than the redundancy amount threshold, the checked blockchain is uploaded to the common blockchain;
if the block head does not search illegal information, the block body does not search irrelevant information, and when the block tail searches that the redundancy quantity of the redundancy information is smaller than the redundancy quantity threshold value, no operation is performed.
Specifically, the block integrity verification, node integrity verification and block security verification process includes:
the blockchains from the uplink to the shared blockchain are divided into a historical blockchain and a latest blockchain, the current time is acquired, the blockchain at the current time is marked as the latest blockchain, and the blockchains at other times before the current time are marked as the historical blockchains;
the latest block chain is associated with a unique block Head, the block Head is marked as a Head, the block Head comprises block metadata, and the block metadata comprises a preposed block hash value, a timestamp and block related information;
generating a hash value through a hash function according to the time stamp and the block related information, adopting an MD5 hash function, taking the block related information as an input parameter, dividing a plurality of equal volume data blocks after the input parameter is input into the MD5 hash function, traversing the equal volume data blocks in sequence, wherein the number of the equal volume data blocks is B [ v ], the value range of v is [1, 100], and v is an integer;
the isovolumetric data block comprises a plurality of binary strings, the binary strings are subjected to shift operation and encryption operation, the shift operation comprises shift direction, shift quantity and highest bit complement digit, the binary strings are converted into shift strings through the shift operation, the encryption operation comprises encryption bit number, encryption interval and encryption key type, the shift strings are converted into data block hash values through the encryption operation, and the data block hash values are recorded as Dv]— hash Summarizing the data block hash values of a plurality of isovolumetric data blocks, accumulating to generate a current block hash value, marking the current block hash value as D, and acquiring a timestamp as a hash index;
marking a pre-chunk hash value as D 1 Setting the block integrity ratio delta, delta value range as [0.65,1.2 ]]If D/D 1 E delta, then the current block is complete, if D/D 1 Delta, the block is damaged, a node integrity threshold is set for each isovolumetric data block association, noted as Th, if Dv]— hash If not less than Th, the current node is incomplete, if dv]— hash < Th, the current node is complete;
setting a block security permission value, denoted as D 2 Comparing the current block hash value of each block with the block security permission value, if D is greater than or equal to D 2 The verification result is: the current block passes the security verification, if D is less than D 2 The verification result is: the current block is illegal;
and summarizing the blocks with the verification results passing the security verification to generate legal blockchains, and marking the block chains with the verification results not legal for the current block to generate illegal blockchains.
Specifically, the process of dynamically encrypting the data information corresponding to the legal blockchain to generate the digital signature sequence includes:
acquiring data information corresponding to the legal blockchain, and setting a data truncation ratio P1 for data information association: p2: p3, cutting the data information into a first string to be encrypted, a second string to be encrypted and a third string to be encrypted in sequence according to the data cutting proportion;
converting the first string to be encrypted into an octal string, encrypting the second string to be encrypted into a binary string, converting the third string to be encrypted into a hexadecimal string, summarizing the octal string, the binary string and the hexadecimal string to generate a ciphertext sequence string, and taking the ciphertext sequence string as a digital signature sequence of the legal block chain;
setting the reconstruction time of the sequence string, and recording as T Dynamic movement Every time T passes Dynamic movement And (3) carrying out dynamic change of the data cut-off proportion at the represented time, wherein the sequence of the dynamic change is as follows:<P1:P3:P2>,<P2:P1:P3>,<P3:P1:P2>and<P3:P2:P1>;
Regenerating a ciphertext sequence string according to the data cut-off proportion after dynamic change, taking the ciphertext sequence string as a digital signature sequence, and establishing a corresponding transmission channel after the digital signature sequence is acquired, wherein the transmission channel is provided with a transmission start verification program, and the transmission start verification program is associated with a communication blacklist, a communication whitelist and a built-in database;
after the transmission start verification program obtains the digital signature sequence, matching the digital signature sequence with a sequence dictionary stored in a built-in database, wherein the sequence dictionary comprises a plurality of digital signature sequences, if matching is successful, starting a data information transmission function of a transmission channel, synchronously storing the digital signature sequence into a communication white list, and if matching is failed, prohibiting transmission of data information in the transmission channel, and bringing the digital signature sequence into the communication black list;
it should be further noted that, the data interception ratio is generally set to p1=1, p2=2, p3=3, and may be set to any other ratio, where the range of the sequence string reconstruction time is set to 1 to 4 hours, and through the setting of the data interception ratio, the data information is converted into different binary formats and encrypted in the range corresponding to different ratios, so that the possibility of external cracking of the data information is reduced, and the data security is enhanced to a certain extent.
The invention also discloses a safe information transmission method based on the block chain, which comprises the following steps:
step S1: collecting data information which accords with the size of the block communication capacity, cutting off the data information capacity which does not accord with the size of the block communication capacity, then collecting, sampling and collecting the collected data information, and carrying out secondary collection when the sampling and collecting do not accord with the preset sampling passing rate;
step S2: distributing different port numbers to the collected data information, carrying out security verification on the data information carrying the port numbers, carrying out block packing on the data information passing the security verification to generate block nodes, summarizing the block nodes to generate block chains, and uploading the block chains to a common block chain arranged in a cloud;
step S3: performing block integrity verification, node integrity verification and block security verification on the block chain of the uplink, and generating legal block chains and illegal block chains according to verification results;
step S4: and dynamically encrypting the data information corresponding to the legal block chain, taking a ciphertext sequence string generated by dynamic encryption as a digital signature sequence of the legal block chain, and establishing a transmission channel for the digital signature sequence to transmit the data information.
The above embodiments are only for illustrating the technical method of the present invention and not for limiting the same, and it should be understood by those skilled in the art that the technical method of the present invention may be modified or substituted without departing from the spirit and scope of the technical method of the present invention.

Claims (8)

1. The information security transmission system based on the block chain is characterized by comprising a data acquisition module, a data processing module, a block verification module and a digital signature module;
the data acquisition module is used for acquiring data information which accords with the size of the block communication capacity, acquiring the data information after cutting off the data information capacity which does not accord with the size of the block communication capacity, sampling the acquired data information, and performing secondary acquisition when the sampling acquisition does not accord with the preset sampling passing rate;
the data processing module is provided with a registration port unit, an audit information unit and a block chain processing unit;
the registration port unit is used for distributing different port numbers for the acquired data information, the port numbers are randomly generated by a random function, and the port numbers are unique and non-repeated digital sequences;
the audit information unit is used for carrying out security verification on the data information carrying the port number;
the block chain processing unit is used for performing block packing on the data information passing through the security verification to generate block nodes, summarizing the block nodes to generate block chains, and uploading the block chains to a common block chain arranged in a cloud;
the block verification module is used for carrying out block integrity verification, node integrity verification and block security verification on the block chain of the uplink and generating legal block chains and illegal block chains according to verification results;
the digital signature module is used for dynamically encrypting data information corresponding to a legal block chain, taking a ciphertext sequence string generated by dynamic encryption as a digital signature sequence of the legal block chain, and establishing a transmission channel for the digital signature sequence to transmit the data information;
the process of collecting the data information which accords with the block communication capacity and collecting the data information which does not accord with the block communication capacity after cutting off the data information capacity comprises the following steps:
the data acquisition module is provided with a plurality of data acquisition nodes and numbering, and the data acquisition nodes are provided with a fixed acquisition capacity C Fixing device The data information comprises different data capacities C- j If C Fixing device >C- j Then generate data replenishment capacity C 1 ,C 1 =C Fixing device -C- j
If C Fixing device =C- j Directly apply C- j The corresponding data information is stored in the data acquisition node;
if C Fixing device <C- j Then generate data overflow capacity C 3 ,C 3 =C- j -C Fixing device And acquiring data information corresponding to the data acquisition nodes with the data overflow capacity, performing capacity interception on the data information, and transferring the data information with the capacity intercepted into the data acquisition nodes with the corresponding data supplementing capacity.
2. The blockchain-based information secure transmission system of claim 1, wherein the process of sampling the collected data information and performing a secondary collection when the sampled collection does not meet a preset sampling rate comprises:
setting a fixed sampling interval, acquiring an initial sampling point, acquiring a plurality of other sampling points and data information stored in data acquisition nodes corresponding to the sampling points according to the initial sampling point and the fixed sampling interval, generating k sampling numbers according to the data information, summarizing the k sampling numbers, taking an average value to generate a sampling rate R, and comparing the sampling rate R with a preset sampling passing rate R';
if R is more than or equal to R', the sampling is passed, and secondary collection is not needed;
if R is less than R', acquiring the data information stored in all the acquisition nodes for secondary acquisition; setting an initial sampling frequency, acquiring a value of the increase of the frequency and the increase times to generate a final sampling frequency, and continuing to perform operation of collecting data information by a data collection node under the final sampling frequency, wherein when the sampling rate generated by taking the average value of the collected data information is greater than or equal to a preset sampling passing rate R', stopping secondary collection.
3. The blockchain-based secure transmission system of claim 2, wherein assigning different port numbers to the collected data information comprises:
different port numbers are allocated to the data information, the port numbers have corresponding port states, the port states comprise a communication state, a pause state and a limit state, and the different port states have corresponding communication authority functions;
when the port state is a communication state, the corresponding communication authority function is as follows: the data information is transmitted according to a preset transmission speed, and the transmission destination is an audit information unit;
when the port state is in a pause state, the corresponding communication authority function is as follows: establishing a temporary storage space to store data information, analyzing content, removing after detecting that the content comprises illegal data information, and converting a port state into a communication state;
the port state is a limit state, and the corresponding communication authority function is as follows: synchronously acquiring the network speed of transmitting data information, acquiring the bandwidth corresponding to the network speed when the network speed is smaller than or equal to the set stable transmission speed, increasing the bandwidth and transmitting the data information, and reducing the bandwidth when the network speed is larger than the set stable transmission speed.
4. A blockchain-based secure information transfer system as in claim 3, wherein the process of performing the security verification comprises:
traversing to obtain data information carrying port numbers, wherein the security verification comprises IP verification, user name password verification and log file vulnerability scanning verification, the port numbers are associated with access IP addresses, the access IP addresses are compared with the IP in a preset IP list through the IP verification, and corresponding operation is carried out according to the comparison result; the access IP addresses in the IP list are all associated with corresponding user names and passwords thereof, the user names and the passwords of each access IP address are matched with the user names and the passwords stored in the database, and corresponding operation is carried out according to the matching result; obtaining the reading authority of the log file, carrying out vulnerability scanning verification of the log file, dividing the log file into a plurality of log catalogs, traversing the plurality of log catalogs in sequence, scanning to generate different scanning results, and carrying out corresponding operation according to the scanning results.
5. The blockchain-based information security transmission system of claim 4, further comprising an encryption center in communication with the data collection module, the data processing module, the block verification module, and the digital signature module, wherein the process of block packing the security verified data information to generate block nodes, summarizing the block nodes to generate blockchains, and uplink the blockchains to a common blockchain set in the cloud comprises:
and when the block head searches illegal information, the block body searches irrelevant information and the block tail searches redundancy information, the redundancy amount of the redundancy information is larger than or equal to a set redundancy amount threshold, a document is generated and uploaded to an encryption center, a checking program set by the encryption center removes the illegal information and the irrelevant information, and the redundancy information is removed in a repeated part, and after the redundancy amount is smaller than the redundancy amount threshold, the block chain is uploaded to a common block chain set by a cloud.
6. The blockchain-based information security transmission system of claim 5, wherein the block integrity verification, node integrity verification and block security verification of the blockchain of the uplink includes:
obtaining a block chain at the current time and marking the block chain as a latest block chain, marking the block chains at other times before the current time as historical block chains, wherein the latest block chain is associated with a block head, the block head corresponds to block metadata, and the block metadata comprises a preposed block hash value, a time stamp and block related information; generating a plurality of equal volume data blocks through a hash function according to the time stamp and the block related information, performing shift operation and encryption operation on the equal volume data blocks to generate data block hash values, summarizing the data block hash values of the equal volume data blocks to generate a current block hash value, setting a block integrity ratio, judging the block integrity according to the ratio of the current block hash value to a front block hash value and the block integrity ratio, judging the node integrity according to the node integrity threshold and the data block hash value, setting a block security permission value, comparing the current block hash value with the block security permission value to generate different verification results, and generating legal block chains and illegal block chains according to the verification results.
7. The blockchain-based information secure transmission system of claim 6, wherein the process of dynamically encrypting the data information corresponding to the legitimate blockchain and using the ciphertext sequence string generated by the dynamic encryption as the digital signature sequence of the legitimate blockchain comprises:
acquiring data information corresponding to the legal blockchain, setting a data cut-off ratio, cutting off the data information into a first string to be encrypted, a second string to be encrypted and a third string to be encrypted according to the data cut-off ratio in sequence, respectively converting the first string to be encrypted, the second string to be encrypted and the third string to be encrypted into different binary systems, summarizing the different binary systems to generate ciphertext sequence strings, and setting a sequence string reconstruction time T Dynamic movement And carrying out dynamic change on the data cut-off proportion, regenerating a ciphertext sequence string according to the data cut-off proportion after dynamic change, and taking the ciphertext sequence string as a digital signature sequence.
8. A blockchain-based information security transmission method, which is applicable to the information security transmission system as claimed in any one of claims 1 to 7, and is characterized by comprising the following steps:
step S1: collecting data information which accords with the size of the block communication capacity, cutting off the data information capacity which does not accord with the size of the block communication capacity, then collecting, sampling and collecting the collected data information, and carrying out secondary collection when the sampling and collecting do not accord with the preset sampling passing rate;
step S2: distributing different port numbers to the acquired data information, carrying out security verification on the data information carrying the port numbers, carrying out block packing on the data information passing the security verification to generate block nodes, summarizing the block nodes to generate block chains, and uploading the block chains to a common block chain arranged at a cloud, wherein the port numbers are randomly generated by a random function, and the port numbers are unique non-repeated digital sequences;
step S3: performing block integrity verification, node integrity verification and block security verification on the block chain of the uplink, and generating legal block chains and illegal block chains according to verification results;
step S4: dynamically encrypting data information corresponding to a legal block chain, taking a ciphertext sequence string generated by dynamic encryption as a digital signature sequence of the legal block chain, and establishing a transmission channel for the digital signature sequence to transmit the data information;
the process of collecting the data information which accords with the block communication capacity and collecting the data information which does not accord with the block communication capacity after cutting off the data information capacity comprises the following steps:
the data acquisition module is provided with a plurality of data acquisition nodes and numbering, and the data acquisition nodes are provided with a fixed acquisition capacity C Fixing device The data information comprises different data capacities C- j If C Fixing device >C- j Then generate data replenishment capacity C 1 ,C 1 =C Fixing device -C- j
If C Fixing device =C- j Directly apply C- j The corresponding data information is stored in the data acquisition node;
if C Fixing device <C- j Then generate data overflow capacity C 3 ,C 3 =C- j -C Fixing device And acquiring data information corresponding to the data acquisition nodes with the data overflow capacity, performing capacity interception on the data information, and transferring the data information with the capacity intercepted into the data acquisition nodes with the corresponding data supplementing capacity.
CN202410075586.1A 2024-01-18 2024-01-18 Information security transmission system and method based on block chain Active CN117614607B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410075586.1A CN117614607B (en) 2024-01-18 2024-01-18 Information security transmission system and method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410075586.1A CN117614607B (en) 2024-01-18 2024-01-18 Information security transmission system and method based on block chain

Publications (2)

Publication Number Publication Date
CN117614607A CN117614607A (en) 2024-02-27
CN117614607B true CN117614607B (en) 2024-04-12

Family

ID=89950212

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410075586.1A Active CN117614607B (en) 2024-01-18 2024-01-18 Information security transmission system and method based on block chain

Country Status (1)

Country Link
CN (1) CN117614607B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019099014A1 (en) * 2017-11-16 2019-05-23 Intuit Inc. Cryptographic key generation for logically sharded data stores
CN109800588A (en) * 2019-01-24 2019-05-24 工业和信息化部装备工业发展中心 Bar code dynamic encrypting method and device, bar code dynamic decryption method and device
CN113839989A (en) * 2021-08-28 2021-12-24 西安交通大学 Multi-node data processing method
CN115097751A (en) * 2022-02-17 2022-09-23 中汽创智科技有限公司 Data acquisition method, device, equipment and storage medium
CN115204202A (en) * 2022-07-28 2022-10-18 北京芯联心科技发展有限公司 Data processing method and device, electronic equipment and storage medium
CN117010932A (en) * 2023-08-01 2023-11-07 达州领投信息技术有限公司 Information intelligent processing system and method based on big data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019099014A1 (en) * 2017-11-16 2019-05-23 Intuit Inc. Cryptographic key generation for logically sharded data stores
CN109800588A (en) * 2019-01-24 2019-05-24 工业和信息化部装备工业发展中心 Bar code dynamic encrypting method and device, bar code dynamic decryption method and device
CN113839989A (en) * 2021-08-28 2021-12-24 西安交通大学 Multi-node data processing method
CN115097751A (en) * 2022-02-17 2022-09-23 中汽创智科技有限公司 Data acquisition method, device, equipment and storage medium
CN115204202A (en) * 2022-07-28 2022-10-18 北京芯联心科技发展有限公司 Data processing method and device, electronic equipment and storage medium
CN117010932A (en) * 2023-08-01 2023-11-07 达州领投信息技术有限公司 Information intelligent processing system and method based on big data

Also Published As

Publication number Publication date
CN117614607A (en) 2024-02-27

Similar Documents

Publication Publication Date Title
CN110324143B (en) Data transmission method, electronic device and storage medium
CN109840425B (en) File encryption method and device
WO2014003497A1 (en) Generation and verification of alternate data having specific format
CN111797431B (en) Encrypted data anomaly detection method and system based on symmetric key system
CN112035895A (en) Electronic contract evidence obtaining method and system based on transaction mode
US10505715B2 (en) Method and system of synchronous encryption to render computer files and messages impervious to pattern recognition and brute force attacks
CN116488814A (en) FPGA-based data encryption secure computing method
CN114710558A (en) Asynchronous secure transmission channel construction method based on cloud storage
CN111209579A (en) Electronic analysis equipment and method for encrypting confidential files by utilizing two-dimensional code in multiple ways
CN117614607B (en) Information security transmission system and method based on block chain
CN112035863B (en) Electronic contract evidence obtaining method and system based on intelligent contract mode
CN113918977A (en) User information transmission device based on Internet of things and big data analysis
CN106022158A (en) A takeout management system for file datas
CN117439799A (en) Anti-tampering method for http request data
WO2011078535A2 (en) Method and apparatus for separating personal information into sequential information and content information and then encrypting and compositing the information, a server and a recording medium
KR101045222B1 (en) Method of encrypting and synthesizing personal information into order information and contents information, apparatus, server and recording media
CN110351289B (en) Data encryption method and device
CN116208420A (en) Monitoring information safety transmission method, system, equipment and storage medium
CN1558580B (en) A network data safety protection method based on cryptography
CN111818003A (en) User account identification method and device for Internet surfing records
CN115119200A (en) Information transfer method for 5G communication environment
CN117540434B (en) Database management and security analysis method
CN1252663C (en) Calculation device and calculation method
CN115102713B (en) Industrial network encryption system and encryption method thereof
CN117955737B (en) Internet of vehicles data privacy protection and encryption transmission method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant