CN108600185A - A kind of data security transmission network system and its method - Google Patents
A kind of data security transmission network system and its method Download PDFInfo
- Publication number
- CN108600185A CN108600185A CN201810271285.0A CN201810271285A CN108600185A CN 108600185 A CN108600185 A CN 108600185A CN 201810271285 A CN201810271285 A CN 201810271285A CN 108600185 A CN108600185 A CN 108600185A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- transmission
- file
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of data security transmission network system and its methods, are related to Technology On Data Encryption.This system includes data acquisition module(100), data transmission module(200), data preprocessing module(300), data isolation module(400)And data analysis module(500);Its interactive relation is:Data acquisition module(100), data transmission module(200), data preprocessing module(300), data isolation module(400)And data analysis module(500)It interacts successively.1. the present invention can preferably realize the transmission of data;2. in conjunction with port mapping techniques, unauthorized access is shielded;3. using data isolation technology, ensure the one-way of data transmission, it is ensured that the safety of clear text file.The present invention has reached safe transmission of the data in network system by a series of data processing safe practice, and strong support is provided in data security transmission field.
Description
Technical field
The present invention relates to Technology On Data Encryption more particularly to a kind of data security transmission network systems and its method.
Background technology
With the continuous development of network technology, all trades and professions, which are substantially all, has used electronic office, special at some
In security fields, need to acquire some specific informations of locality, specific region, in real-time report to background server into
Row analyzing processing.In whole system processing procedure, the safety for ensureing data transmission and data storage as much as possible is needed.
Currently, the most methods of transmission security are that data are encrypted in order to protect data.Encryption method includes
Symmetrical and two class of asymmetric.Symmetry encryption is exactly encryption and decryption uses the same key, normally referred to as
" Session Key " this encryption technology is widely adopted at present;Unsymmetrical tridiagonal matrix be exactly encryption and decryption used in not
It is the same key, usually there are two key, referred to as " public key " and " private key ", both must match use, otherwise cannot
Open encryption file.Here " public key " refers to externally announcing, " private key " then cannot, can only be known by one people of holder
Road.Following disadvantage is individually present for this two classes Encryption Algorithm:
1, symmetry encryption method, before data transmission, sender and recipient must agree upon secret key, then make both sides can
Keep secret key.If secondly as soon as the secret key of side is leaked, then encryption information is also dangerous.In addition, each pair of user is each
When using symmetric encipherment algorithm, it is required for using other people ignorant unique secret keys, this can so that sending and receiving both sides are possessed
Key enormous amount, key management become the burden of both sides;
2, unsymmetrical tridiagonal matrix method largely ensures the safety of data, but processing speed is slower;
3, symmetrical and unsymmetrical tridiagonal matrix algorithm is all the safety for ensureing data from software view, is not protected from physical layer
Data transmission security is demonstrate,proved, all there is the danger broken through by hacker.
Invention content
The purpose of the present invention, which is that, overcomes current data transmission in network existing unsafe problems in the process, provides one
Kind data security transmission network system and its method, reach data security transmission to realize using common web-transporting device
Effect.
Realizing the technical solution of the object of the invention is:
Using port mapping technology, data encryption technology and data isolation technology, not only may be implemented to use to a certain extent
The functional requirement at family, meanwhile, in turn ensure the safety of data transmission and storage.
One, data security transmission network system(Abbreviation system)
This system includes data acquisition module, data transmission module, data preprocessing module, data isolation module and data analysis
Module;
Its interactive relation is:
Data acquisition module, data transmission module, data preprocessing module, data isolation module and data analysis module are handed over successively
Mutually.
Two, data safe transmission method(Abbreviation method)
This method includes the following steps:
1. data acquisition module is obtained the target data of needs by front-end collection equipment, and collected data are utilized
TCP/IP data packets are transferred to data preprocessing module by data transmission module and carry out a series of safe handlings;
2. data transmission module includes wired and wireless two kinds of transmission modes, it is responsible for providing data acquisition module and data prediction
Communication link between module;
It is pushed away 3. data preprocessing module includes port mapping module, collecting device control module, data encryption module and data
Send module four parts, by port come ensure access safety, then to data acquisition module upload data be encrypted with
And push, while controlling to headend equipment;
4. data preprocessing module is handled later data file and is transported in data analysis module by data isolation module, and
Ensure the one-way of data transmission, only data is allowed to be transmitted from data preprocessing module to data analysis module;
5. data analysis module includes data receiver and deciphering module and data loading and analysis module two parts, complete to receive number
The data transmitted according to isolation module, and to the data deciphering, in storage to database, it is used for data analysis.
The present invention has following advantages and good effect:
1. the transmission of data can be realized preferably;
2. in conjunction with port mapping techniques, unauthorized access is shielded;
3. using data isolation technology, ensure the one-way of data transmission, it is ensured that the safety of clear text file.
In short, the present invention has reached safety of the data in network system by a series of data processing safe practice
Transmission, strong support is provided in data security transmission field.
Description of the drawings
Fig. 1 is the block diagram of this system;
Wherein:
100-data acquisition modules;
200-data transmission modules,
201-wire transmission modules, 202-wireless transport modules;
300-data preprocessing modules,
301-port mapping modules, 302-collecting device control modules,
303-data encryption modules, 304-file push modules;
400-data isolation modules,
500-data analysis modules,
501-data receivers and deciphering module,
502-data loadings and analysis module.
English to Chinese
TCP/IP:Transmission control protocol/internet protocol;
AES:A kind of Encryption Algorithm standard.
Specific implementation mode
It is described in detail below in conjunction with drawings and examples:
One, system
1, overall
Such as Fig. 1, this system include data acquisition module 100, data transmission module 200, data preprocessing module 300, data every
From module 400 and data analysis module 500;
Its interactive relation is:
Data acquisition module 100, data transmission module 200, data preprocessing module 300, data isolation module 400 and data point
Analysis module 500 interacts successively.
2, function module
1)Data acquisition module 100
Data acquisition module 100 refers to any general name that can acquire target data and the equipment with certain data format.
2)Data transmission module 200
Data transmission module 200 includes wired transmission module 201 and wireless transport module 202, is responsible for providing network communication link;
(1)Wire transmission module 201 refers to providing communication link by cable interconnection;
(2)Wireless transport module 202 refers to by wireless backhaul real-time performance communication link.
3)Data preprocessing module 300
Data preprocessing module 300 includes port mapping module 301, collecting device control module 302, data encryption module 303
With data pushing module 304;
Port mapping module 301 is interacted with collecting device control module 302 and data encryption module 303 respectively, collecting device control
Molding block 302 and data encryption module 303 are interacted with data-pushing module 304 respectively;
Data preprocessing module 300 ensures the safety accessed by port, the data then uploaded to data acquisition module 100
It is encrypted and push function, meanwhile, the control function to headend equipment is provided.
(1)Port mapping module 301
The submodule carries out port numbers general in public network to be mapped to the port numbers that are of little use, and in certain degree, prevents one
A little simple network attacks;
(2)Collecting device control module 302
Submodule realization carries out relevant control function in background system to data acquisition module 100, for example, data acquire
Parameter configuration, startup and the closing of module 100;
(3)Data encryption module 303
The data acquisition information that submodule parsing data acquisition module 100 uploads in real time, meanwhile, the data of acquisition are passed through
AES encryption algorithm is encrypted, to which TCP/IP data packets are produced ciphertext, after preventing data preprocessing module 300 from being attacked,
Data file loses the loss brought;
(4)File push module 304
The submodule realizes that the file that real time monitoring encrypting module generates passes through data in time once there is new ciphertext to generate
The ciphertext is transported in data analysis module by isolation module, meanwhile, the file completed will be carried and deleted, dropped most possibly
Low data leak probability.
4)Data isolation module 400
Data isolation module 400 is accomplished that file filter and ensures the one-way of data transmission, passes through specified special text
Part type only allows certain types of file that can be handled upside down to limit;Meanwhile being ensured by limiting the one-way of data transmission
The data being moved in data analysis module will not be obtained by third party.
5)Data analysis module 500
Data analysis module 500 includes the data receiver and deciphering module 501 and data loading and analysis module of front and back interaction
502;
Data are received, and to the data deciphering, are then stored into database, data analysis is used for.
3, working mechanism
Data acquisition module 100 passes through after specific data acquisition according to certain data format in data transmission module 200
Wire transmission module 201 or wireless transport module 202, by the data transmission of acquisition to data preprocessing module 300;Locating in advance
It manages in module 300, first, a part of unauthorized access is filtered out by port mapping module 301, in collecting device control module
Relevant control is carried out to collecting device in 302, is then ciphertext to the data encryption of reception by data encryption module 303,
Finally, by data-pushing module 304 by ciphertext data-pushing to data isolation module 400;Data isolation module 400 passes through text
Part carries technology to ensure the one-way of data transmission, only allows file from data preprocessing module 300 to data analysis module
500 transmission;In data analysis module 500, data receiver is decrypted the ciphertext of reception with deciphering module 501, obtains to solve
Clear data is parsed deposit database by the clear data of analysis, finally, data loading with analysis module 502, is convenient for background system
Analyzing processing.
Two, method
1, step is 1.
A, the target data refers to data that are any with certain data structure and being parsed by background system;
B, the data preprocessing module that transfers data to refers to the data that will be acquired in real time by TCP/IP data
The form of packet is transmitted to data preprocessing module, convenient for real time parsing and encrypts;
2, step is 2.
A, wire transmission is referred to realizing by cable connection between data acquisition module and data preprocessing module and be communicated;
B, wireless transmission refers to mutually communicating to realize by wireless protocols between data acquisition module and data preprocessing module
Letter, such as wireless 3g return module;
3, step is 3.
A, port mapping module carries out port numbers general in public network to be mapped to the port numbers that are of little use, and prevents to a certain extent
Some simple network attacks;
B, collecting device control module carries out relevant control function in background system to data acquisition module, including data are adopted
Collect parameter configuration, startup and the closing of module;
C, the data acquisition information that data encryption module parsing data acquisition module uploads in real time, meanwhile, the data of acquisition are led to
AES encryption algorithm is crossed to be encrypted, to which TCP/IP data packets are produced ciphertext, after preventing data preprocessing module from being attacked,
Data file loses the loss brought;
D, the file that file push module real time monitoring encrypting module generates passes through number in time once there is new ciphertext to generate
The ciphertext is transported in data analysis module according to isolation module, meanwhile, the file completed will be carried and deleted, data are reduced and let out
Leak probability;
4, step is 4.
Data isolation module makes file filter and ensures the one-way of data transmission, is limited by specified special file type
System only allows certain types of file to be handled upside down;Meanwhile ensureing to be moved to data by limiting the one-way of data transmission
Data in analysis module will not be obtained by third party;
5, step is 5.
A, data receiver and deciphering module go down to receive the ciphertext that the carrying of data isolation module comes in the catalogue of default, so
Ciphertext is subjected to data deciphering according to the key decided through consultation afterwards, obtains clear text file, for the processing of other module analysis;
B, data loading and analysis module parse the clear data after decryption according to set data format, then, will parse
In data storage to database afterwards, to which just called data carries out analyzing processing to background analysis module directly from database.
Claims (8)
1. a kind of data security transmission network system, it is characterised in that:
Including data acquisition module(100), data transmission module(200), data preprocessing module(300), data isolation module
(400)And data analysis module(500);
Its interactive relation is:
Data acquisition module(100), data transmission module(200), data preprocessing module(300), data isolation module(400)
And data analysis module(500)It interacts successively.
2. a kind of data security transmission network system as described in claim 1, it is characterised in that:
The data preprocessing module(300)Including port mapping module(301), collecting device control module(302), data
Encrypting module(303)With data pushing module(304);
Port mapping module(301)Respectively with collecting device control module(302)And data encryption module(303)Interaction, acquisition
Device control module(302)And data encryption module(303)Respectively with data-pushing module(304)Interaction;
The port mapping module(301)Port numbers general in public network are carried out to be mapped to the port numbers that are of little use;
The data encryption module(303)Parse data acquisition module(100)The data acquisition information uploaded in real time, meanwhile,
The data of acquisition are encrypted by AES encryption algorithm, to which TCP/IP data packets are produced ciphertext;
The file push module(304)Monitor the file that encrypting module generates in real time, once there is new ciphertext to generate, in time
The ciphertext is transported in data analysis module by ground by data isolation module, meanwhile, the file completed will be carried and deleted, most
Data leak probability is possibly reduced greatly.
3. a kind of data security transmission network system as described in claim 1, it is characterised in that:
The data isolation module(400)It is by specifying special file type only to allow certain types of file to limit
It can be handled upside down;Meanwhile ensureing that the data being moved in data analysis module will not by limiting the one-way of data transmission
It is obtained by third party.
4. a kind of data security transmission network system as described in claim 1, it is characterised in that:
The data analysis module(500)Data receiver including front and back interaction and deciphering module(501)With data loading with
Analysis module(502).
5. the data safe transmission method based on data security transmission network system described in claim 1-4, it is characterised in that:
1. data acquisition module is obtained the target data of needs by front-end collection equipment, and collected data are utilized
TCP/IP data packets are transferred to data preprocessing module by data transmission module and carry out a series of safe handlings;
2. data transmission module includes wired and wireless two kinds of transmission modes, it is responsible for providing data acquisition module and data prediction
Communication link between module;
It is pushed away 3. data preprocessing module includes port mapping module, collecting device control module, data encryption module and data
Send module four parts, by port come ensure access safety, then to data acquisition module upload data be encrypted with
And push, while controlling to headend equipment;
4. data preprocessing module is handled later data file and is transported in data analysis module by data isolation module, and
Ensure the one-way of data transmission, only data is allowed to be transmitted from data preprocessing module to data analysis module;
5. data analysis module includes data receiver and deciphering module and data loading and analysis module two parts, complete to receive number
The data transmitted according to isolation module, and to the data deciphering, in storage to database, it is used for data analysis.
6. data safe transmission method as described in claim 4, it is characterised in that:
The step is 3.:
A, port mapping module carries out port numbers general in public network to be mapped to the port numbers that are of little use, and prevents to a certain extent
Some simple network attacks;
B, collecting device control module carries out relevant control function in background system to data acquisition module, including data are adopted
Collect parameter configuration, startup and the closing of module;
C, the data acquisition information that data encryption module parsing data acquisition module uploads in real time, meanwhile, the data of acquisition are led to
AES encryption algorithm is crossed to be encrypted, to which TCP/IP data packets are produced ciphertext, after preventing data preprocessing module from being attacked,
Data file loses the loss brought;
D, the file that file push module real time monitoring encrypting module generates passes through number in time once there is new ciphertext to generate
The ciphertext is transported in data analysis module according to isolation module, meanwhile, the file completed will be carried and deleted, data are reduced and let out
Leak probability.
7. data safe transmission method as described in claim 4, it is characterised in that:
The step is 4.:
Data isolation module makes file filter and ensures the one-way of data transmission, is limited by specified special file type
System only allows certain types of file to be handled upside down;Meanwhile ensureing to be moved to data by limiting the one-way of data transmission
Data in analysis module will not be obtained by third party.
8. data safe transmission method as described in claim 4, it is characterised in that:
The step is 5.:
A, data receiver and deciphering module go down to receive the ciphertext that the carrying of data isolation module comes in the catalogue of default, so
Ciphertext is subjected to data deciphering according to the key decided through consultation afterwards, obtains clear text file, for the processing of other module analysis;
B, data loading and analysis module parse the clear data after decryption according to set data format, then, will parse
In data storage to database afterwards, to which just called data carries out analyzing processing to background analysis module directly from database.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810271285.0A CN108600185A (en) | 2018-03-29 | 2018-03-29 | A kind of data security transmission network system and its method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810271285.0A CN108600185A (en) | 2018-03-29 | 2018-03-29 | A kind of data security transmission network system and its method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108600185A true CN108600185A (en) | 2018-09-28 |
Family
ID=63623889
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810271285.0A Withdrawn CN108600185A (en) | 2018-03-29 | 2018-03-29 | A kind of data security transmission network system and its method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108600185A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115664841A (en) * | 2022-11-14 | 2023-01-31 | 济南大学 | Data acquisition system and method with network isolation and one-way encryption transmission functions |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101316381A (en) * | 2007-05-30 | 2008-12-03 | 华源润通(北京)科技有限公司 | Terminal and total system data security protection method for mobile inquiry system |
CN102665055A (en) * | 2012-03-28 | 2012-09-12 | 姜宁 | Equipment and method for IO remote mapping |
CN103997495A (en) * | 2014-05-23 | 2014-08-20 | 中国人民解放军理工大学 | Security isolation file transmission control method |
CN106027463A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Data transmission method |
WO2017083514A1 (en) * | 2015-11-10 | 2017-05-18 | Idac Holdings, Inc. | Downlink control channel design and signaling for beamformed systems |
US20170302696A1 (en) * | 2016-04-14 | 2017-10-19 | Sophos Limited | Intermediate encryption for exposed content |
-
2018
- 2018-03-29 CN CN201810271285.0A patent/CN108600185A/en not_active Withdrawn
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101316381A (en) * | 2007-05-30 | 2008-12-03 | 华源润通(北京)科技有限公司 | Terminal and total system data security protection method for mobile inquiry system |
CN102665055A (en) * | 2012-03-28 | 2012-09-12 | 姜宁 | Equipment and method for IO remote mapping |
CN103997495A (en) * | 2014-05-23 | 2014-08-20 | 中国人民解放军理工大学 | Security isolation file transmission control method |
WO2017083514A1 (en) * | 2015-11-10 | 2017-05-18 | Idac Holdings, Inc. | Downlink control channel design and signaling for beamformed systems |
CN106027463A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Data transmission method |
US20170302696A1 (en) * | 2016-04-14 | 2017-10-19 | Sophos Limited | Intermediate encryption for exposed content |
Non-Patent Citations (2)
Title |
---|
罗金满: "《智能电网信息安全交互模型及关键技术研究》", 《电力信息》 * |
陈飞: "《智能电网信息安全交互模型及关键技术研究》", 《中国优秀博士学位论文全文数据库(电子期刊)信息科技辑》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115664841A (en) * | 2022-11-14 | 2023-01-31 | 济南大学 | Data acquisition system and method with network isolation and one-way encryption transmission functions |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
FI113119B (en) | A method for securing communications over telecommunications networks | |
CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
CN102300210B (en) | LTE Non-Access Stratum ciphertext decryption methods and its monitoring signaling device | |
CN102546562A (en) | Encrypting and decrypting method and system during transmission of data in web | |
Lucena et al. | Syntax and semantics-preserving application-layer protocol steganography | |
CN105049877A (en) | Encryption method and device for live and recorded broadcast interaction system | |
CN101931947A (en) | WSN (Wireless Sensor Network) data safety processing method based on searchable cryptograph | |
CN104243439A (en) | File transfer processing method and system and terminals | |
CN102970228B (en) | A kind of message transmitting method based on IPsec and equipment | |
CN101521667A (en) | Method and device for safety data communication | |
CN111372056A (en) | Video data encryption and decryption processing method and device | |
CN107124385B (en) | Mirror flow-based SSL/TLS protocol plaintext data acquisition method | |
CN107579903A (en) | A kind of image information safe transmission method and system based on mobile device | |
CN109660568B (en) | Method, equipment and system for realizing network talkback security mechanism based on SRTP | |
CN106685896B (en) | Clear data acquisition method and system in a kind of SSH agreement multilevel access | |
CN108600185A (en) | A kind of data security transmission network system and its method | |
CN113872956A (en) | Method and system for inspecting IPSEC VPN transmission content | |
CN116015943B (en) | Privacy protection method based on multi-level tunnel confusion | |
CN108174344B (en) | GIS position information transmission encryption method and device in trunking communication | |
CN105162789A (en) | Data encryption and decryption method and device | |
Baboolal et al. | Preserving privacy of drone videos using proxy re-encryption technique: poster | |
CN210839642U (en) | Device for safely receiving and sending terminal data of Internet of things | |
CN109194650A (en) | Encrypted transmission method based on the remote encryption transmission system of file | |
CN114880704A (en) | Data matching method and system, identification device and image acquisition device | |
CN115150076A (en) | Encryption system and method based on quantum random number |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180928 |
|
WW01 | Invention patent application withdrawn after publication |