CN117792795A - Data encryption method and real-time network security monitoring system - Google Patents
Data encryption method and real-time network security monitoring system Download PDFInfo
- Publication number
- CN117792795A CN117792795A CN202410203753.6A CN202410203753A CN117792795A CN 117792795 A CN117792795 A CN 117792795A CN 202410203753 A CN202410203753 A CN 202410203753A CN 117792795 A CN117792795 A CN 117792795A
- Authority
- CN
- China
- Prior art keywords
- key
- response data
- identity information
- data
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000012544 monitoring process Methods 0.000 title claims abstract description 30
- 230000004044 response Effects 0.000 claims abstract description 97
- 238000004064 recycling Methods 0.000 claims 1
- 230000003993 interaction Effects 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 16
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 238000011084 recovery Methods 0.000 description 3
- 239000013589 supplement Substances 0.000 description 3
- 239000011800 void material Substances 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 102100032392 Circadian-associated transcriptional repressor Human genes 0.000 description 1
- 101710130150 Circadian-associated transcriptional repressor Proteins 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000000586 desensitisation Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a data encryption method and a real-time network security monitoring system, and relates to the technical field of network security. The method comprises the steps of establishing and maintaining a key store; receiving a data request forwarded by a server; analyzing the identity information and the request content of the user by the data request; judging whether the identity information and the request content of the user terminal accord with preset safety rules or not; if not, terminating the response; if yes, distributing a key for the user side in a key bank according to the identity information of the user side; establishing an asymmetric encryption channel with the server to encrypt and transmit the secret key to the server; receiving encrypted response data symmetrically encrypted by a key; decrypting the encrypted response data by using the key to obtain response data; performing security examination on the response data to judge whether the response data accords with a preset security rule; if yes, an asymmetric encryption channel is established with the user terminal to encrypt and transmit the secret key to the user terminal; if not, stopping responding. The invention improves the real-time performance and efficiency of network information interaction.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a data encryption method and a real-time network security monitoring system.
Background
Network security monitoring refers to real-time monitoring of a network to facilitate discovery and response of security threats, including malware, intrusion attempts, abnormal traffic, and the like. With the increasing complexity and concealment of network attack approaches, it has been difficult for conventional Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to meet the increasing security requirements.
In the process of monitoring the interactive data of the user side and the server side, the data needs to be encrypted and decrypted, the traditional network encryption mode uses an asymmetric encryption mode to encrypt the interactive data, so that a great deal of calculation power and time are consumed in the process of decrypting and auditing the interactive data by the security monitoring side, and the real-time performance and efficiency of network information interaction are reduced.
Disclosure of Invention
The invention aims to provide a data encryption method and a real-time network security monitoring system, which can improve the real-time performance and efficiency of network information interaction by symmetrically encrypting influence data between a user terminal and a server terminal and managing and distributing symmetrically encrypted keys.
In order to solve the technical problems, the invention is realized by the following technical scheme:
the invention provides a data encryption method, which comprises the following steps,
establishing and maintaining a key library;
receiving a data request forwarded by a server;
analyzing the identity information and the request content of the user by the data request;
judging whether the identity information and the request content of the user terminal accord with preset safety rules or not;
if not, terminating the response;
if yes, distributing a key for the user side in the key bank according to the identity information of the user side;
establishing an asymmetric encryption channel with the server to encrypt and transmit the secret key to the server;
receiving encrypted response data symmetrically encrypted by a key;
decrypting the encrypted response data by using the key to obtain response data;
performing security examination on the response data to judge whether the response data accords with a preset security rule;
if yes, an asymmetric encryption channel is established with the user terminal to encrypt and transmit the secret key to the user terminal;
if not, stopping responding.
The invention also discloses a data encryption method, which comprises,
sending a data request to a server;
receiving a key and encrypted response data;
and decrypting the encrypted response data by using the key to obtain response data.
The invention also discloses a data encryption method, which comprises,
receiving a data request sent by a user side;
forwarding the data request of the user side to a safety monitoring side;
receiving a key;
analyzing the data request to obtain response data;
symmetrically encrypting the response data by using the secret key to obtain encrypted response data;
and sending the encrypted response data to the user terminal and the safety monitoring terminal respectively.
The invention also discloses a real-time network security monitoring system, which comprises,
the user end sends a data request to the server end;
the server receives a data request sent by the user side;
forwarding the data request of the user side to a safety monitoring side;
the safety monitoring end is used for establishing and maintaining a key bank;
receiving a data request forwarded by a server;
analyzing the identity information and the request content of the user by the data request;
judging whether the identity information and the request content of the user terminal accord with preset safety rules or not;
if not, terminating the response;
if yes, distributing a key for the user side in the key bank according to the identity information of the user side;
establishing an asymmetric encryption channel with the server to encrypt and transmit the secret key to the server;
receiving encrypted response data symmetrically encrypted by a key;
decrypting the encrypted response data by using the key to obtain response data;
performing security examination on the response data to judge whether the response data accords with a preset security rule;
if yes, an asymmetric encryption channel is established with the user terminal to encrypt and transmit the secret key to the user terminal;
if not, stopping responding;
the server is also used for receiving the secret key;
analyzing the data request to obtain response data;
symmetrically encrypting the response data by using the secret key to obtain encrypted response data;
the encryption response data are respectively sent to a user end and a safety monitoring end;
the user end is also used for receiving the secret key and the encryption response data;
and decrypting the encrypted response data by using the key to obtain response data.
According to the invention, the effect data between the user side and the server side are symmetrically encrypted, and the symmetrically encrypted secret keys are managed and distributed, so that the efficiency in the process of decryption and auditing can be effectively improved, and the instantaneity and the efficiency of information interaction between the user side and the server side are improved.
Of course, it is not necessary for any one product to practice the invention to achieve all of the advantages set forth above at the same time.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram illustrating information interaction of a real-time network security monitoring system according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a security monitor according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating steps performed by a client according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating steps performed by the server according to an embodiment of the present invention;
FIG. 5 is a flow chart showing the steps of step S1 according to an embodiment of the present invention;
FIG. 6 is a second step flow chart of the step S1 according to an embodiment of the present invention;
FIG. 7 is a third step flow chart of the step S1 according to an embodiment of the present invention;
FIG. 8 is a flowchart illustrating the step S133 according to an embodiment of the present invention;
FIG. 9 is a flowchart illustrating the step S1334 according to an embodiment of the present invention;
FIG. 10 is a flowchart illustrating the step S6 according to an embodiment of the present invention;
in the drawings, the list of components represented by the various numbers is as follows:
1-user end, 2-service end, 3-safety monitoring end.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like herein are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
A real-time network security monitoring system is a system for monitoring and protecting a computer network from security threats. The method can monitor network traffic in real time, identify potential attack behaviors and take corresponding measures to prevent attacks or mitigate the influence of the attacks. Generally, the communication data needs to be identified after being decrypted, and the current asymmetric encryption application range on which the internet communication encryption depends is wide, but the encryption and decryption speed is low, so that the method is not suitable for real-time network security monitoring. In order to improve the efficiency of network security monitoring on the premise of not reducing the communication security, the invention provides the following scheme.
Referring to fig. 1 to 4, the present invention provides a real-time network security monitoring system, which may include a client 1, a server 2 and a security monitor 3. The user terminal 1 may be a customized network terminal device or an application program. The server 2 is a server storing data to be kept secret. The security monitor 3 may be an operation storage device independent of the server 2 and connected to the network.
In the running process of the system, the user side 1 firstly executes step S011 to send a data request to the server side. Then, the server 2 executes step S021 to receive the data request sent by the user. Step S022 may be performed next to forward the data request of the user side to the security monitor side.
And then the security monitoring end 3 executes the step S1 to establish and maintain a key store. Step S2 may be performed next to receive the data request forwarded by the server. Step S3 may be performed to parse the identity information and the requested content of the user terminal from the data request. Step S4 may be executed to determine whether the identity information and the requested content of the user terminal conform to the preset security rule. If not, the step S5 can be executed next to terminate the response, if yes, the step S6 can be executed next to distribute the secret key for the user terminal in the secret key library according to the identity information of the user terminal. Step S7 may be performed to establish an asymmetric encryption channel with the server to transmit the key encryption to the server. Step S8 may then be performed to receive encrypted response data symmetrically encrypted by the key. Step S9 may then be performed to decrypt the encrypted response data using the key to obtain response data. Step S10 may be performed to perform security inspection on the response data to determine whether the predetermined security rule is satisfied. If yes, step S101 may be performed next to establish an asymmetric encryption channel with the ue to transmit the key encryption to the ue, and if not, step S102 may be performed next to stop the response.
In the process of encrypting the data file by the server 2, step S023 may be executed first to receive the key. Step S024 may then be performed to parse the data request to obtain response data. Step S025 may then be performed to symmetrically encrypt the response data using the key to obtain encrypted response data. Step S026 may then be performed to send the encrypted response data to the user side and the security monitor side, respectively.
Step S012 may be performed in the process of decrypting the user terminal 1 to receive the key and the encrypted response data. Finally, step S013 may be executed to decrypt the encrypted response data using the key, resulting in response data.
Whether the server side 2 encrypts the response file or the security monitoring side 3 and the user side decrypt the encrypted response file is a symmetric encryption algorithm based on a secret key. The same key is used in encryption and decryption, or two keys which can be simply deduced from each other are used in encryption mode, namely Symmetric key encryption (Symmetric-key algorithm), which is called Symmetric encryption for short. Common symmetric encryption algorithms are: AES, DES, 3DES. This encryption method is simple, but since the public key and the private key are different, the asymmetric encryption algorithm needs to perform a more complex calculation process, including a large number of mathematical operations, modular exponentiations, and the like. These operations require more computation time and computation resources, and therefore the encryption and decryption speeds of asymmetric encryption algorithms are slower. But the disadvantage is also very obvious, namely that the secret key is easy to be compromised in the transfer process. The scheme is therefore based on an asymmetric cryptographic transfer key itself.
In order to perform orderly management and distribution of keys in the above process, referring to fig. 5, step S111 may be performed first to generate and record a plurality of keys in the process of managing the key store. Step S112 may then be performed to mark the generated key as unassigned. Step S113 may be performed next to flag the key as an allocated state after the key is allocated to the user side. Step S114 may be performed next to acquire and record the identity information of each key assigned to the user side. Step S115 may be performed next to determine whether there is a key in an unassigned state. If not, step S116 may be performed next to continue generating and recording keys, and if yes, step S117 may be performed next to not operate. This is done to keep the number of keys sufficiently usable with a limited number of bits to keep the keys as possible.
Referring to fig. 6, in order to recover the key that is not actually used, step S121 may be executed first in the process of maintaining the key store, after the security inspection is performed on the response data to determine whether the response data meets the preset security rule, it is determined whether to send the key allocated to the client to the corresponding client. If so, step S122 may be performed next to maintain the state of key assignment to the corresponding client, and if not, step S123 may be performed next to reclaim the key and mark as unassigned.
Referring to fig. 7, in order to recycle the key that is not used for a long time, step S131 may be executed first to symmetrically encrypt the response file by using the same key for the user end with the same identity information in the process of maintaining the key store. Step S132 may be executed to acquire and record, for the key marked as the allocated state, the identity information and the time of invocation, which are sent to the user terminal after each time of invocation is used to encrypt the response data to obtain the encrypted response file. Step S133 may be executed to determine whether the key is in an idle state according to the user identity information and the calling time corresponding to the encryption of each key. If so, step S134 may be performed to retrieve the key and mark the key as unassigned, and if not, step S135 may be performed to maintain the key assigned to the corresponding ue.
To supplement the above-described implementation procedures of step S131 to step S135, source codes of part of the functional modules are provided, and a comparison explanation is made in the annotation section. In order to avoid data leakage involving trade secrets, a desensitization process is performed on portions of the data that do not affect implementation of the scheme, as follows.
#include <iostream>
#include <string>
#include <unordered_map>
#include <ctime>
Structure of/(key, store key information)
struct KeyInfo {
std: string key;// key value
bootisallocated;// whether the key has been assigned
std: string userId;// assigned user ID
time_t lastUsedTime;// key last time used
};
A key store storing all keys
std::unordered_map<std::string, KeyInfo> keyStore;
The creation of a new key, here abbreviated to string operation
std::string generateNewKey() {
static int keyID = 0;
++keyID;
return "Key_" + std::to_string(keyID);
}
Assigning keys to specified user IDs
bool allocateKeyToUser(const std::string& userId, std::string& outKey) {
for (auto& [key, keyInfo] : keyStore) {
if (!keyInfo.isAllocated) {
keyInfo.isAllocated = true;
keyInfo.userId = userId;
keyinfo, lastusedtime = std:: time (null);// set the current time to the last used time
outKey = keyInfo.key;
return true;
}
}
return false;// no key is available
}
The/(encryption response, here only example
std::string encryptResponse(const std::string& response, const std::string& key) {
return "Encrypted_" + response + "_with_" + key;
}
Encryption of response data and recording of usage information
std::string encryptDataForUser(const std::string& userId, const std::string& response) {
for (auto& [key, keyInfo] : keyStore) {
if (keyInfo.isAllocated && keyInfo.userId == userId) {
keyinfo, lastusedtime = std:: time (null);// update last used time
return encryptResponse(response, keyInfo.key);
}
}
If the user is not assigned a key, then an attempt is made to assign a new key
std::string newKey;
if (allocateKeyToUser(userId, newKey)) {
return encryptResponse(response, newKey);
} else {
throw std::runtime_error("No keys available for encryption.");
}
}
Idle key recovery/recovery
void reclaimIdleKeys() {
time_t currentTime = std::time(nullptr);
for (auto& [key, keyInfo] : keyStore) {
For example, if the key is not used for 30 minutes, it is considered idle
if (keyInfo.isAllocated && (currentTime - keyInfo.lastUsedTime) > 1800) {
keyInfo.isAllocated = false;
keyInfo.userId = "";
}
}
}
The// initialization keystore, here 5 initial keys are created
void initializeKeyStore() {
for (int i = 0; i < 5; ++i) {
std::string newKey = generateNewKey();
keyStore[newKey] = {newKey, false, "", std::time(nullptr)};
}
}
Main function of//
int main() {
initialization keystore ();// initialization keystore
User request encryption data is/is simulated
std::string userId = "User1";
std::string response = "This is some response data";
try {
std::string encryptedData = encryptDataForUser(userId, response);
std::cout << "Encrypted Data: " << encryptedData << std::endl;
} catch (const std::runtime_error& e) {
std::cerr << "Error: " << e.what() << std::endl;
}
At some point in time, recovery of the key that was idle
reclaimIdleKeys();
return 0;
}
The code establishes and maintains a keystore, assigns the same key to users with the same identity information, and uses the key to "encrypt" the response file. Each time a key is used to encrypt data, user identity information and the time of invocation using the key are recorded. The code also includes a function to recover the key to check if the key is in an idle state and if so, to recover the key and mark it as unassigned.
Referring to fig. 8, in order to determine which keys are in idle state, demarcation determination needs to be performed in combination with the use states of other keys and the own use state of each key. In the process of computing reasoning in combination with the actual situation, step S1331 may be executed first to obtain, as the current identity information, the identity information of the user terminal corresponding to the last called encryption according to the identity information of the user terminal corresponding to the encryption called by each key and the calling time. Step S1332 may then be performed to obtain the call time corresponding to each call of the current identity information. Step S1333 may be performed next to obtain the interval duration of the last call time of the current identity information corresponding to the last call. Step S1334 may be performed to obtain a regular call interval duration according to the call time corresponding to each call of the current identity information. Step S1335 may then be performed to determine whether the interval duration of the last call time of the current identity information corresponding to the last call exceeds the regular call interval duration. If yes, step S1336 can be performed next to determine that the device is in an idle state, and if not, step S1337 can be performed next to determine that the device is not in an idle state.
To supplement the above-described implementation procedures of step S1331 to step S1337, source codes of part of the functional modules are provided, and a comparison explanation is made in the annotation section.
#include <iostream>
#include <string>
#include <unordered_map>
#include <vector>
#include <ctime>
User information structure for storing call time of user
struct UserInfo {
std is vector < time_t > callTimes;// user invokes the timestamp array of the key
};
A key structure storing key information and user information associated therewith
struct KeyInfo {
std: string key;// key value
std: unorded_map < std: string, userInfo > userMap;// all user information associated with the key
};
A key store storing all keys
std::unordered_map<std::string, KeyInfo> keyStore;
The duration of the regular call interval is set to 1 hour (3600 seconds) in the example
const time_t REGULAR_INTERVAL = 3600;
Method and apparatus for invoking encryption services by a client
void simulateUserCall(const std::string& key, const std::string& userId) {
time_t currentTime = std::time(nullptr);
keyStore[key].userMap[userId].callTimes.push_back(currentTime);
}
Determining whether the key is in an idle state
bool isKeyIdle(const std::string& key, const std::string& userId) {
auto& callTimes = keyStore[key].userMap[userId].callTimes;
If the user does not have enough call records, the key is not in an idle state
if (callTimes.size() < 2) {
return false;
}
Time of last two calls is obtained/obtained
time_t lastCall = callTimes[callTimes.size() - 1];
time_t secondLastCall = callTimes[callTimes.size() - 2];
Calculating interval duration
time_t interval = lastCall - secondLastCall;
Determining whether the interval duration exceeds the regular call interval duration
return interval > REGULAR_INTERVAL;
}
Main function of//
int main() {
Analyzer initialization keystore
keyStore["Key1"] = KeyInfo{"Key1", {}};
User call/simulation key encryption service
simulateUserCall("Key1", "User1");
simulateUserCall("Key1", "User2");
simultaeuxcall ("Key 1", "User 1"); second invocation by User1
// wait for a period of time such that there is a time interval between user invocations
std::this_thread::sleep_for(std::chrono::hours(2));
The/simulated user invokes the key encryption service again
simultaneuracall ("Key 1", "User 1"); third invocation by User 1;// User1
Determining whether the key is in an idle state
bool idleStatus = isKeyIdle("Key1", "User1");
std::cout << "Is Key1 idle for User1? " << (idleStatus ? "Yes" : "No") << std::endl;
return 0;
}
This code is mainly used to determine whether a key is in an idle state. Multiple calls of the user to the encryption service are simulated first, and the moments of the calls are recorded. The interval duration between the last two calls of the user is then calculated and this interval is compared with a predefined regular call interval duration (set to 1 hour in the example). If this interval is exceeded, the code considers the key to be in an idle state.
Referring to fig. 9, in detail, in the process of determining the regular call interval duration in combination with the condition that the key itself is called, step S13341 may be executed first to obtain the interval duration between each call of the current identity information and the last call according to the call time corresponding to each call of the current identity information as the call interval duration. Step S13342 may then be performed to rank each call interval duration by a number of values to obtain an interval duration number column. Step S13343 may then be performed to calculate a difference between each call interval duration and an adjacent call interval duration in the acquisition interval duration number column as a difference duration. Step S13344 may then be performed to obtain the average of all the difference durations as the mean difference duration. Step S13345 may be performed to remove call interval durations within the interval duration sequence that have differences from adjacent call interval durations that are greater than the mean difference duration. Finally, step S13346 may be performed to obtain the maximum value of the remaining call interval durations within the interval duration number sequence as the regular call interval duration.
To supplement the above-described implementation procedures of steps S13341 to S13346, source codes of part of the functional modules are provided, and a comparison explanation is made in the annotation section.
#include <iostream>
#include <string>
#include <vector>
#include <algorithm>
#include <numeric>
Call time stamp for storing user
typedef std::vector<time_t> CallTimes;
Calculating interval duration according to the calling time, and removing abnormal values to obtain conventional calling interval duration
time_t getRegularCallInterval(const CallTimes& callTimes) {
if (callTimes.size() <= 1) {
If there is not enough call record, the interval cannot be calculated
return 0;
}
std::vector<time_t> intervals;
Calculating the duration of the interval between each call and the last call
for (size_t i = 1; i < callTimes.size(); ++i) {
intervals.push_back(callTimes[i] - callTimes[i - 1]);
}
Sequencing interval duration
std::sort(intervals.begin(), intervals.end());
std::vector<time_t> diffIntervals;
Calculating the difference between adjacent interval durations
for (size_t i = 1; i < intervals.size(); ++i) {
diffIntervals.push_back(intervals[i] - intervals[i - 1]);
}
Mean value of time duration of difference value
time_t meanDiff = std::accumulate(diffIntervals.begin(), diffIntervals.end(), 0LL) / diffIntervals.size();
Interval with difference between adjacent interval time length and/or eliminating time length greater than average difference time length
intervals.erase(std::remove_if(intervals.begin(), intervals.end(),
[meanDiff, &intervals](const time_t& val) {
auto it = std::find(intervals.begin(), intervals.end(), val);
if (it= =interval. End () -1) return false,// last element, no next element next to it
return (*(it + 1) - *it) > meanDiff;
}), intervals.end());
Maximum value of the remaining interval duration is returned as the regular call interval duration
return intervals.empty() ? 0 : *std::max_element(intervals.begin(), intervals.end());
}
Main function of//
int main() {
Call timestamp data for a user
CallTimes callTimes = {/fills in timestamp data of user invocation;
obtaining routine call interval duration
time_t regularInterval = getRegularCallInterval(callTimes);
std: cout < "regular call interval duration is" < < regular interval < "seconds" < < std: endl;
return 0;
}
the function of this piece of code is to calculate the regular call interval duration for the user to call the encryption service. Firstly, calculating time intervals between each call and the last call, sequencing the intervals, and calculating the difference value of adjacent intervals to obtain a difference value duration array. And then calculating the average value of the difference time length, and eliminating abnormal calling intervals according to the average value. And finally, finding out the maximum value from the rest intervals, and determining the maximum value as the regular calling interval duration. Thus, abnormal calling intervals caused by irregular activities of the user can be eliminated, and a more accurate regular calling interval duration can be obtained.
Referring to fig. 10, in the process of distributing the key to each ue, step S61 may be executed first to query the key store according to the identity information of the ue to determine whether the ue is assigned the key. If not, step S62 may be performed next to select one of the keys marked as unassigned to be assigned to the ue, and if so, step S63 may be performed next to determine whether the key once assigned is in the assigned state. If not, step S64 may be performed next to distribute the key that has been distributed to the client, and if so, step S65 may be performed next to determine whether the object to which the key that has been distributed is currently distributed is the client. If yes, step S66 may be performed to distribute the keys that were distributed to the client, and if not, step S67 may be performed to select one of the keys marked as unassigned to be distributed to the client. Therefore, the ordered distribution of the keys is realized, meanwhile, the same keys are prevented from being repeatedly distributed to different user ends in a short time, and the leakage of response data is effectively avoided.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by hardware, such as circuits or ASICs (application specific integrated circuits, application Specific Integrated Circuit), which perform the corresponding functions or acts, or combinations of hardware and software, such as firmware, etc.
Although the invention is described herein in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
The embodiments of the present application have been described above, the foregoing description is exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the improvement of technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (10)
1. A data encryption method is characterized by comprising the steps of,
establishing and maintaining a key library;
receiving a data request forwarded by a server;
analyzing the identity information and the request content of the user by the data request;
judging whether the identity information and the request content of the user terminal accord with preset safety rules or not;
if not, terminating the response;
if yes, distributing a key for the user side in the key bank according to the identity information of the user side;
establishing an asymmetric encryption channel with the server to encrypt and transmit the secret key to the server;
receiving encrypted response data symmetrically encrypted by a key;
decrypting the encrypted response data by using the key to obtain response data;
performing security examination on the response data to judge whether the response data accords with a preset security rule;
if yes, an asymmetric encryption channel is established with the user terminal to encrypt and transmit the secret key to the user terminal;
if not, stopping responding.
2. The method of claim 1, wherein the step of creating and maintaining a keystore comprises,
generating and recording a plurality of keys;
marking the generated key as unassigned;
marking the key as an allocated state after the key is allocated to the user;
acquiring and recording identity information of each key distributed to a user side;
judging whether a secret key in an unassigned state exists or not;
if not, continuing to generate and record the secret key;
if yes, no operation is performed.
3. The method of claim 2, wherein the step of creating and maintaining a keystore further comprises,
after the response data is subjected to security examination and judging whether the response data accords with a preset security rule, judging whether a secret key distributed to a user terminal is sent to a corresponding user terminal;
if yes, the state of distributing the secret key to the corresponding user terminal is kept;
if not, the key is recovered and marked as unassigned.
4. The method of claim 2, wherein the step of creating and maintaining a keystore further comprises,
symmetrically encrypting the response file by using the same key for the users with the same identity information;
for the secret key marked as the distributed state, acquiring and recording identity information and calling time which are called each time and used for encrypting response data to obtain an encrypted response file and then sending the encrypted response file to the user side;
judging whether the secret key is in an idle state or not according to the user side identity information corresponding to the encryption carried out by calling each secret key and the calling time;
if yes, recycling the secret key and marking the secret key as an unassigned state;
if not, the state of distributing the key to the corresponding user terminal is kept.
5. The method of claim 4, wherein the step of determining whether the key is in an idle state based on the user side identity information corresponding to each key being called for encryption and the time of the call, comprises,
obtaining the identity information of the user terminal corresponding to the latest called encryption as the current identity information according to the identity information of the user terminal corresponding to the called encryption of each key and the calling time;
acquiring the calling time corresponding to each calling of the current identity information;
acquiring the interval duration of the last calling time and the last calling time of the current identity information;
obtaining a routine calling interval duration according to the calling time corresponding to each calling of the current identity information;
judging whether the interval duration of the last calling time of the current identity information and the last calling time exceeds the conventional calling interval duration;
if yes, judging that the device is in an idle state;
if not, judging that the device is not in an idle state.
6. The method of claim 5, wherein the step of obtaining a regular call interval duration according to the call time corresponding to each call of the current identity information comprises,
obtaining the interval duration between each call of the current identity information and the last call as the call interval duration according to the call time corresponding to each call of the current identity information;
arranging each calling interval duration according to the numerical value to obtain an interval duration number sequence;
calculating and obtaining a difference value between each calling interval duration and the adjacent calling interval duration in the interval duration number sequence as a difference value duration;
acquiring the average value of all the difference time lengths as average difference time length;
rejecting the calling interval duration with the difference value between the calling interval duration and the adjacent calling interval duration in the interval duration number sequence being larger than the average difference value duration;
and obtaining the maximum value of the rest calling interval duration in the interval duration number sequence as a conventional calling interval duration.
7. The method of claim 1, wherein the step of distributing keys to the clients in the keystore based on the identity information of the clients comprises,
inquiring the key library according to the identity information of the user terminal to judge whether the user terminal is assigned with the key or not;
if not, selecting one key to be distributed to the user side from the keys marked as the unassigned state;
if yes, judging whether the key which is allocated once is in an allocated state or not;
if not, distributing the keys distributed to the user side;
if yes, judging whether the object currently allocated by the key which is allocated once is the user side;
if yes, distributing the keys distributed to the user side;
if not, selecting one of the keys marked as unassigned to be assigned to the user terminal.
8. A data encryption method is characterized by comprising the steps of,
sending a data request to a server;
receiving a key and encrypted response data in a data encryption method according to any one of claims 1 to 7;
and decrypting the encrypted response data by using the key to obtain response data.
9. A data encryption method is characterized by comprising the steps of,
receiving a data request sent by a user side;
forwarding the data request of the user side to a safety monitoring side;
receiving a key in a data encryption method according to any one of claims 1 to 7;
analyzing the data request to obtain response data;
symmetrically encrypting the response data by using the secret key to obtain encrypted response data;
and sending the encrypted response data to the user terminal and the safety monitoring terminal respectively.
10. A real-time network security monitoring system is characterized by comprising,
the user end sends a data request to the server end;
the server receives a data request sent by the user side;
forwarding the data request of the user side to a safety monitoring side;
the safety monitoring end is used for establishing and maintaining a key bank;
receiving a data request forwarded by a server;
analyzing the identity information and the request content of the user by the data request;
judging whether the identity information and the request content of the user terminal accord with preset safety rules or not;
if not, terminating the response;
if yes, distributing a key for the user side in the key bank according to the identity information of the user side;
establishing an asymmetric encryption channel with the server to encrypt and transmit the secret key to the server;
receiving encrypted response data symmetrically encrypted by a key;
decrypting the encrypted response data by using the key to obtain response data;
performing security examination on the response data to judge whether the response data accords with a preset security rule;
if yes, an asymmetric encryption channel is established with the user terminal to encrypt and transmit the secret key to the user terminal;
if not, stopping responding;
the server is also used for receiving the secret key;
analyzing the data request to obtain response data;
symmetrically encrypting the response data by using the secret key to obtain encrypted response data;
the encryption response data are respectively sent to a user end and a safety monitoring end;
the user end is also used for receiving the secret key and the encryption response data;
and decrypting the encrypted response data by using the key to obtain response data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410203753.6A CN117792795B (en) | 2024-02-23 | 2024-02-23 | Data encryption method and real-time network security monitoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410203753.6A CN117792795B (en) | 2024-02-23 | 2024-02-23 | Data encryption method and real-time network security monitoring system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117792795A true CN117792795A (en) | 2024-03-29 |
| CN117792795B CN117792795B (en) | 2024-06-21 |
Family
ID=90394875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410203753.6A Active CN117792795B (en) | 2024-02-23 | 2024-02-23 | Data encryption method and real-time network security monitoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117792795B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001976A (en) * | 2012-12-28 | 2013-03-27 | 中国科学院计算机网络信息中心 | Safe network information transmission method |
| WO2018046103A1 (en) * | 2016-09-10 | 2018-03-15 | Swiss Reinsurance Company Ltd. | Secure key management and peer-to-peer transmission system with a controlled, double-tier cryptographic key structure and corresponding method thereof |
| CN109302283A (en) * | 2018-09-20 | 2019-02-01 | 如般量子科技有限公司 | Cloud storage method and system is acted on behalf of in anti-quantum calculation based on public asymmetric key pond |
| CN112468287A (en) * | 2019-09-09 | 2021-03-09 | 科大国盾量子技术股份有限公司 | Key distribution method, system, mobile terminal and wearable device |
| CN114389809A (en) * | 2022-02-18 | 2022-04-22 | 山西清网信息技术有限公司 | Information network security protection method for encrypted https protocol |
| CN114900338A (en) * | 2022-04-20 | 2022-08-12 | 岚图汽车科技有限公司 | Encryption and decryption method, device, equipment and medium |
| CN116709325A (en) * | 2023-08-07 | 2023-09-05 | 北京数盾信息科技有限公司 | Mobile equipment security authentication method based on high-speed encryption algorithm |
-
2024
- 2024-02-23 CN CN202410203753.6A patent/CN117792795B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001976A (en) * | 2012-12-28 | 2013-03-27 | 中国科学院计算机网络信息中心 | Safe network information transmission method |
| WO2018046103A1 (en) * | 2016-09-10 | 2018-03-15 | Swiss Reinsurance Company Ltd. | Secure key management and peer-to-peer transmission system with a controlled, double-tier cryptographic key structure and corresponding method thereof |
| CN109302283A (en) * | 2018-09-20 | 2019-02-01 | 如般量子科技有限公司 | Cloud storage method and system is acted on behalf of in anti-quantum calculation based on public asymmetric key pond |
| CN112468287A (en) * | 2019-09-09 | 2021-03-09 | 科大国盾量子技术股份有限公司 | Key distribution method, system, mobile terminal and wearable device |
| CN114389809A (en) * | 2022-02-18 | 2022-04-22 | 山西清网信息技术有限公司 | Information network security protection method for encrypted https protocol |
| CN114900338A (en) * | 2022-04-20 | 2022-08-12 | 岚图汽车科技有限公司 | Encryption and decryption method, device, equipment and medium |
| CN116709325A (en) * | 2023-08-07 | 2023-09-05 | 北京数盾信息科技有限公司 | Mobile equipment security authentication method based on high-speed encryption algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117792795B (en) | 2024-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107257381B (en) | Task allocation system model for privacy protection space crowdsourcing and implementation method | |
| US6775657B1 (en) | Multilayered intrusion detection system and method | |
| CN107360146B (en) | Privacy protection space crowdsourcing task allocation system and method for receiving guarantee | |
| Jolfaei et al. | Secure data streaming to untrusted road side units in intelligent transportation system | |
| CN110688666B (en) | Data encryption and preservation method in distributed storage | |
| US20200067890A1 (en) | Communication Network With Rolling Encryption Keys and Data Exfiltration Control | |
| Jolfaei et al. | Data security in multiparty edge computing environments | |
| Hahn et al. | Efficient IoT management with resilience to unauthorized access to cloud storage | |
| Tawalbeh et al. | Efficient and secure software-defined mobile cloud computing infrastructure | |
| CN117439799A (en) | Anti-tampering method for http request data | |
| CN111585813B (en) | Management method and system of network nodes in Internet of things environment | |
| Hamza et al. | Investigation on privacy-preserving techniques for personal data | |
| CN117792795B (en) | Data encryption method and real-time network security monitoring system | |
| Rajarajeswari et al. | Data confidentiality and privacy in cloud computing | |
| Liang et al. | Collaborative intrusion detection as a service in cloud computing environment | |
| CN116506174A (en) | Multi-server data transmission method suitable for Internet of vehicles and supporting user hidden identity | |
| Akter et al. | A Noble Security Analysis of Various Distributed Systems | |
| CN102355375B (en) | Distributed abnormal flow detection method with privacy protection function and system | |
| Park et al. | PPIDS: privacy preserving intrusion detection system | |
| CN112733188A (en) | Sensitive file management method | |
| Singh et al. | Privacy preserving in TPA for secure cloud by using encryption technique | |
| Thiyagarajan et al. | Cryptographically imposed model for Efficient Multiple Keyword-based Search over Encrypted Data in Cloud by Secure Index using Bloom Filter and False Random Bit Generator. | |
| Mishra | A novel mechanism for cloud data management in distributed environment | |
| CN112100682B (en) | Identity information protection system and method | |
| CN111586044B (en) | Network data protection method aiming at privacy leakage and corresponding firewall |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |