CN113746791A - Data transmission encryption and desensitization system - Google Patents
Data transmission encryption and desensitization system Download PDFInfo
- Publication number
- CN113746791A CN113746791A CN202010934514.XA CN202010934514A CN113746791A CN 113746791 A CN113746791 A CN 113746791A CN 202010934514 A CN202010934514 A CN 202010934514A CN 113746791 A CN113746791 A CN 113746791A
- Authority
- CN
- China
- Prior art keywords
- module
- desensitization
- data
- encryption
- lead
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
 
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
 
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
 
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
 
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of data transmission encryption, and particularly relates to a data transmission encryption and desensitization system. This data transmission encrypts and desensitization system, adopt neotype processing algorithm, filter the processing through data screening module to data, the authorization is carried out the module and is examined the authority of data authorization, further detailed analysis processes through data reception analysis module to the data on the authorization module, desensitization encryption module carries out desensitization encryption processing to the data on the desensitization building module, self-checking module is to the data of handling the completion on the desensitization module check, avoid the mistake to leak, secondary encryption module carries out further encryption processing to the information on the self-checking module, realize the further promotion of the security of user side server received data.
    Description
Technical Field
      The invention relates to the technical field of data transmission encryption, in particular to a data transmission encryption and desensitization system.
    Background
      In the data transmission process, data in a source database is often required to be encrypted, sensitive information of a user is prevented from being leaked by encrypting the data, and desensitization algorithm processing is performed on the data by adopting a desensitization technology in order to give consideration to data security and data use.
      The traditional data transmission encryption decryption processing system and method have the advantages that the processing steps are single, after data needing desensitization processing are encrypted, malicious operators can crack and recognize the data according to decryption encryption modules in the system, sensitive information of users is leaked, desensitization encryption safety of the system is low, the system does not have a recording self-checking function, and when the data needing desensitization processing are mistakenly and leaked, wrong information cannot be shielded in time.
      In order to solve the above problems, innovative design based on the original data transmission encryption system is urgently needed.
    Disclosure of Invention
      The present invention is directed to a data transmission encryption and desensitization system, which solves the above problems in the prior art.
      In order to achieve the purpose, the invention provides the following technical scheme: the data transmission encryption and desensitization system comprises a database server and a user side server, wherein the database server is electrically output and connected with an authorization module through a wire, the authorization module is electrically output and connected with a desensitization module through a wire, the desensitization module is linearly output and connected with an execution module through a wire, and the user side server is electrically input and connected with the execution module through a wire.
      Preferably, the database server, the authorization module, the desensitization module, the execution module and the client server are electrically connected in series through wires.
      Preferably, the authorization module is composed of a data reading module, a data screening module, an authorization implementation module and an access control module, the data reading module and the data screening module are electrically output and connected through a wire, the data screening module and the authorization implementation module are electrically output and connected through a wire, and the authorization implementation module and the access control module are electrically output and connected through a wire.
      Preferably, the data reading module, the data screening module, the authorization implementation module and the access control module are electrically connected in series through a wire.
      Preferably, the desensitization module comprises a data receiving and analyzing module, a desensitization establishing module, a desensitization encryption module, a desensitization data generating module, a desensitization decryption module and a data transmission module, the data receiving and analyzing module is electrically output and connected with the desensitization establishing module through a wire, the desensitization establishing module is electrically output and connected with the desensitization encryption module through a wire, the desensitization encryption module is electrically output and connected with the desensitization data generating module through a wire, the desensitization establishing module is electrically output and connected with the desensitization decryption module through a wire, and the desensitization decryption module is electrically output and connected with the data transmission module through a wire.
      Preferably, the desensitization encryption module and the desensitization data generation module are electrically connected in series through a wire, the desensitization encryption module and the desensitization decryption module are electrically connected in parallel through a wire, and the desensitization decryption module and the data transmission module are electrically connected in series through a wire.
      Preferably, the execution module comprises a self-checking module, a secondary encryption module, a target data storage module, an instruction receiving and sending module and a secondary decryption module, the self-checking module and the secondary encryption module are electrically output and connected through a wire, the secondary encryption module and the target data storage module are electrically output and connected through a wire, meanwhile, the target data storage module and the instruction receiving and sending module are electrically output and connected through a wire, and the instruction receiving and sending module and the secondary decryption module are electrically output and connected through a wire.
      Preferably, the self-checking module, the secondary encryption module, the target data storage module, the instruction receiving and sending module and the secondary decryption module are all electrically connected in series through wires.
      Compared with the prior art, the invention has the beneficial effects that: this data transmission encrypts and desensitization system, adopt neotype processing algorithm, filter the processing through data screening module to data, the authorization is carried out the module and is examined the authority of data authorization, further detailed analysis processes through data reception analysis module to the data on the authorization module, desensitization encryption module carries out desensitization encryption processing to the data on the desensitization building module, self-checking module is to the data of handling the completion on the desensitization module check, avoid the mistake to leak, secondary encryption module carries out further encryption processing to the information on the self-checking module, realize the further promotion of the security of user side server received data.
    Drawings
      FIG. 1 is a schematic view of the overall flow structure of the present invention;
      FIG. 2 is a schematic diagram of the internal flow structure of the authorization module according to the present invention;
      FIG. 3 is a schematic view of the internal flow structure of the desensitization module of the present invention;
      FIG. 4 is a schematic diagram of an internal flow structure of an execution module according to the present invention.
      In the figure: 1. a database server; 2. an authorization module; 201. a data reading module; 202. a data screening module; 203. an authorization enforcement module; 204. an access control module; 3. a desensitization module; 301. a data receiving and analyzing module; 302. a desensitization establishing module; 303. a desensitization encryption module; 304. a desensitization data generation module; 305. a desensitization decryption module; 306. a data transmission module; 4. an execution module; 401. a self-checking module; 402. a secondary encryption module; 403. a target data storage module; 404. an instruction receiving and sending module; 405. a secondary decryption module; 5. and a client server.
    Detailed Description
      The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
      Referring to fig. 1-4, the present invention provides a technical solution: a data transmission encryption and desensitization system comprises a database server  1, an authorization module  2, a data reading module  201, a data screening module  202, an authorization implementation module  203, an access control module  204, a desensitization module  3, a data receiving and analyzing module  301, a desensitization establishing module  302, a desensitization encryption module  303, a desensitization data generating module  304, a desensitization decryption module  305, a data transmission module  306, an execution module  4, a self-checking module  401, a secondary encryption module  402, a target data storage module  403, an instruction receiving and sending module  404, a secondary decryption module  405 and a client server  5, wherein the database server  1 is electrically output and connected with the authorization module  2 through a lead, and the authorization module  2 is electrically output and connected with the desensitization module  3 through a lead, the desensitization module  3 and the execution module  4 are connected through linear output of a lead, and the client server  5 and the execution module  4 are electrically connected through input of a lead.
      In the embodiment, the database server  1, the authorization module  2, the desensitization module  3, the execution module  4 and the client server  5 are electrically connected in series through wires, and the design ensures that data in the database server  1 can be transmitted to the client server  5 through the authorization module  2, the desensitization module  3 and the execution module  4, so that desensitization encryption transmission of the data on the database server  1 is further realized;
      the authorization module  2 is composed of a data reading module  201, a data screening module  202, an authorization implementation module  203 and an access control module  204, the data reading module  201 is electrically output and connected with the data screening module  202 through a wire, the data screening module  202 is electrically output and connected with the authorization implementation module  203 through a wire, and meanwhile, the authorization implementation module  203 is electrically output and connected with the access control module  204 through a wire, so that the data reading module  201, the data screening module  202, the authorization implementation module  203 and the access control module  204 can sequentially process data on the database server  1, and the data transmission security on the database server  1 is further improved;
      the data reading module  201, the data screening module  202, the authorization implementation module  203 and the access control module  204 are electrically connected in series through wires, and the design ensures that the data reading module  201, the data screening module  202, the authorization implementation module  203 and the access control module  204 can effectively realize reading, screening, authorization and access control on data in the database server  1, further improve the security of the data in the database server  1, and avoid accidental leakage of the data in the database server  1 and influence on personal privacy of users;
      the desensitization module  3 comprises a data receiving and analyzing module  301, a desensitization establishing module  302, a desensitization encryption module  303, a desensitization data generating module  304, a desensitization decryption module  305 and a data transmission module  306, the data receiving and analyzing module  301 and the desensitization establishing module  302 are electrically output and connected through a lead, the desensitization establishing module  302 and the desensitization encryption module  303 are electrically output and connected through a lead, the desensitization encryption module  303 and the desensitization data generating module  304 are electrically output and connected through a lead, the desensitization establishing module  302 and the desensitization decryption module  305 are electrically output and connected through a lead, and the desensitization decryption module  305 and the data transmission module  306 are electrically output and connected through a lead Then, desensitization encryption processing on the information on the database server  1 is further realized, and protection on the data inside the database server  1 is realized;
      the desensitization encryption module  303 and the desensitization data generation module  304 are electrically connected in series through a lead, the desensitization encryption module  303 and the desensitization decryption module  305 are electrically connected in parallel through a lead, and the desensitization decryption module  305 and the data transmission module  306 are electrically connected in series through a lead, so that the data receiving and analyzing module  301 and the desensitization establishing module  302 can sequentially analyze and process information on the authorization module  2, separation of information needing desensitization on the authorization module  2 is further realized, and the desensitization encryption module  303, the desensitization data generation module  304, the desensitization decryption module  305 and the data transmission module  306 can effectively encrypt and decrypt data needing desensitization;
      the execution module  4 is composed of a self-checking module  401, a secondary encryption module  402, a target data storage module  403, an instruction receiving and sending module  404 and a secondary decryption module  405, the self-checking module  401 and the secondary encryption module  402 are electrically output and connected through a lead, the secondary encryption module  402 and the target data storage module  403 are electrically output and connected through a lead, the target data storage module  403 and the instruction receiving and sending module  404 are electrically output and connected through a lead, and the instruction receiving and sending module  404 and the secondary decryption module  405 are electrically output and connected through a lead, so that the design ensures that the self-checking module  401, the secondary encryption module  402, the target data storage module  403, the instruction receiving and sending module  404 and the secondary decryption module  405 can effectively check and further encrypt and decrypt the data processed on the desensitization module  3, and the security of the decrypted data on the desensitization module  3 is improved, meanwhile, the recording and storage of the encrypted data can be realized;
      the self-checking module  401, the secondary encryption module  402, the target data storage module  403, the instruction receiving and sending module  404 and the secondary decryption module  405 are all electrically connected in series through wires, and the design ensures that the self-checking module  401, the secondary encryption module  402, the target data storage module  403, the instruction receiving and sending module  404 and the secondary decryption module  405 can sequentially check, encrypt, store, send and decrypt the data decrypted on the desensitization module  3, so that further encryption transmission of the data is realized, and the high-efficiency receiving of the data by the user side server  5 is facilitated.
      The working principle is as follows: when the data transmission encryption and desensitization system is used, firstly, the authorization module  2 receives data on the database server  1, wherein the data reading module  201 performs primary processing on the data on the database server  1, the data preliminarily selected by the data reading module  201 is sent to the data screening module  202, the data screening module  202 performs screening processing on the data reading module  201, the authorization authority of the data on the data screening module  202 is checked through the authorization implementation module  203, when the data authorization on the data screening module  202 passes, the authorization implementation module  203 transmits the data on the data screening module  202 to the access control module  204, the access control module  204 performs access control and arrangement on the data screening module  202, the processed data on the data reading module  201, the data screening module  202, the authorization implementation module  203 and the access control module  204 further enter the desensitization module  3, the data receiving and analyzing module  301 receives data on the authorization module  2, wherein the data receiving and analyzing module  301 further analyzes and processes the data on the authorization module  2 in detail, desensitization data information is established through the desensitization establishing module  302, an operator can decrypt the desensitization information on the desensitization establishing module  302 through the desensitization decrypting module  305, further receives and sends the desensitization information through the data transmitting module  306, further desensitization encrypting module  303 performs desensitization encrypting processing on the desensitization establishing module  302, the data on the desensitization encrypting module  303 is transmitted to the desensitization data generating module  304, the desensitization data generating module  304 arranges and generates the data after the desensitization processing of the desensitization encrypting module  303, further transmits the generated data to the executing module  4, and the self-checking module  401 checks the data after the processing on the desensitization module  3, the method includes the steps that mistakes and omissions of decryption information after processing on the desensitization module  3 are avoided, the secondary encryption module  402 further encrypts the information on the self-checking module  401, data processed on the secondary encryption module  402 are recorded through the target data storage module  403, the data in the target data storage module  403 are further sent through the instruction receiving and sending module  404, the secondary decryption module  405 decrypts the data, and the user side server  5 receives the encrypted data.
      Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
    Claims (8)
1. A data transmission encryption and desensitization system comprises a database server (1) and a client server (5), and is characterized in that: the database server (1) is electrically connected with the authorization module (2) through a lead in an output mode, the authorization module (2) is electrically connected with the desensitization module (3) through a lead in an output mode, the desensitization module (3) is linearly connected with the execution module (4) through a lead in an output mode, and the client server (5) is electrically connected with the execution module (4) through a lead in an input mode.
    2. A data transmission encryption and desensitization system according to claim 1, wherein: the database server (1), the authorization module (2), the desensitization module (3), the execution module (4) and the user side server (5) are electrically connected in series through wires.
    3. A data transmission encryption and desensitization system according to claim 1, wherein: the authorization module (2) is composed of a data reading module (201), a data screening module (202), an authorization implementation module (203) and an access control module (204), the data reading module (201) is electrically output and connected with the data screening module (202) through a lead, the data screening module (202) is electrically output and connected with the authorization implementation module (203) through a lead, and the authorization implementation module (203) is electrically output and connected with the access control module (204) through a lead.
    4. A data transmission encryption and desensitization system according to claim 3, wherein: the data reading module (201), the data screening module (202), the authorization implementation module (203) and the access control module (204) are electrically connected in series through conducting wires.
    5. A data transmission encryption and desensitization system according to claim 1, wherein: the desensitization module (3) comprises a data receiving and analyzing module (301), a desensitization establishing module (302), a desensitization encryption module (303), a desensitization data generating module (304), a desensitization decryption module (305) and a data transmission module (306), the data receiving and analyzing module (301) and the desensitization establishing module (302) are electrically output and connected through a lead, the desensitization establishing module (302) and the desensitization encryption module (303) are electrically output and connected through a lead, the desensitization encryption module (303) and the desensitization data generating module (304) are electrically output and connected through a lead, the desensitization establishing module (302) and the desensitization decryption module (305) are electrically output and connected through a lead, and the desensitization decryption module (305) and the data transmission module (306) are electrically output and connected through a lead.
    6. A data transmission encryption and desensitization system according to claim 5, wherein: the desensitization encryption module (303) and the desensitization data generation module (304) are electrically connected in series through a lead, the desensitization encryption module (303) and the desensitization decryption module (305) are electrically connected in parallel through a lead, and the desensitization decryption module (305) and the data transmission module (306) are electrically connected in series through a lead.
    7. A data transmission encryption and desensitization system according to claim 1, wherein: the execution module (4) comprises a self-checking module (401), a secondary encryption module (402), a target data storage module (403), an instruction receiving and sending module (404) and a secondary decryption module (405), the self-checking module (401) is electrically connected with the secondary encryption module (402) through a lead, the secondary encryption module (402) is electrically connected with the target data storage module (403) through a lead, the target data storage module (403) is electrically connected with the instruction receiving and sending module (404) through a lead, and the instruction receiving and sending module (404) is electrically connected with the secondary decryption module (405) through a lead.
    8. A data transmission encryption and desensitization system according to claim 7, wherein: the self-checking module (401), the secondary encryption module (402), the target data storage module (403), the instruction receiving and sending module (404) and the secondary decryption module (405) are electrically connected in series through wires.
    Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN202010934514.XA CN113746791A (en) | 2020-09-08 | 2020-09-08 | Data transmission encryption and desensitization system | 
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN202010934514.XA CN113746791A (en) | 2020-09-08 | 2020-09-08 | Data transmission encryption and desensitization system | 
Publications (1)
| Publication Number | Publication Date | 
|---|---|
| CN113746791A true CN113746791A (en) | 2021-12-03 | 
Family
ID=78728013
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date | 
|---|---|---|---|
| CN202010934514.XA Pending CN113746791A (en) | 2020-09-08 | 2020-09-08 | Data transmission encryption and desensitization system | 
Country Status (1)
| Country | Link | 
|---|---|
| CN (1) | CN113746791A (en) | 
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| US20070294539A1 (en) * | 2006-01-27 | 2007-12-20 | Imperva, Inc. | Method and system for transparently encrypting sensitive information | 
| US20100228987A1 (en) * | 2009-03-06 | 2010-09-09 | Sony Corporation | System and method for securing information using remote access control and data encryption | 
| CN104270465A (en) * | 2014-10-23 | 2015-01-07 | 成都双奥阳科技有限公司 | Cloud storage protection system | 
| CN107766741A (en) * | 2017-10-23 | 2018-03-06 | 中恒华瑞(北京)信息技术有限公司 | Data desensitization system and method | 
| CN111274611A (en) * | 2020-02-04 | 2020-06-12 | 北京同邦卓益科技有限公司 | Data desensitization method, device and computer readable storage medium | 
- 
        2020
        - 2020-09-08 CN CN202010934514.XA patent/CN113746791A/en active Pending
 
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| US20070294539A1 (en) * | 2006-01-27 | 2007-12-20 | Imperva, Inc. | Method and system for transparently encrypting sensitive information | 
| US20100228987A1 (en) * | 2009-03-06 | 2010-09-09 | Sony Corporation | System and method for securing information using remote access control and data encryption | 
| CN104270465A (en) * | 2014-10-23 | 2015-01-07 | 成都双奥阳科技有限公司 | Cloud storage protection system | 
| CN107766741A (en) * | 2017-10-23 | 2018-03-06 | 中恒华瑞(北京)信息技术有限公司 | Data desensitization system and method | 
| CN111274611A (en) * | 2020-02-04 | 2020-06-12 | 北京同邦卓益科技有限公司 | Data desensitization method, device and computer readable storage medium | 
Similar Documents
| Publication | Publication Date | Title | 
|---|---|---|
| US10903982B2 (en) | Smart contract-based data transfer method and system | |
| EP3968597B1 (en) | Methods for encrypting and decrypting data | |
| CN112202754B (en) | Data encryption method and device, electronic equipment and storage medium | |
| CN105574445A (en) | Safety communication method and device for self-service terminal equipment hardware | |
| CN114928756B (en) | Video data protection, encryption and verification method, system and equipment | |
| CN106101150A (en) | The method and system of AES | |
| CN112865965A (en) | Train service data processing method and system based on quantum key | |
| CN115967485A (en) | Encryption and decryption system based on quantum key | |
| CN110191136A (en) | A kind of convenient and fast file secure transmission method and equipment | |
| CN111125788B (en) | Encryption calculation method, computer equipment and storage medium | |
| CN115051816B (en) | Privacy protection-based cloud computing method and device and financial data cloud computing method and device | |
| CN107743120B (en) | Detachable encrypted test question data transmission system and method | |
| Wang et al. | Blockchain-based proxy re-encryption access control method for biological risk privacy protection of agricultural products | |
| CN113746791A (en) | Data transmission encryption and desensitization system | |
| CN103457723B (en) | A kind of encryption method and the encryption device based on it | |
| CN116527228B (en) | A big data transmission method with verification function | |
| Khalifa et al. | Enhanced Mobile App Security for Healthcare Applications | |
| CN107360141B (en) | Big data cloud platform safety protection method for electric power secret data | |
| CN113472770A (en) | Safe outsourcing computing architecture suitable for big data of power grid | |
| CN203423701U (en) | Cipher machine | |
| CN215300666U (en) | Industrial Internet Security Transmission Device | |
| EP4576673A1 (en) | Lawful interception of an encrypted communication with a proof-of- work-protected key | |
| CN118353716B (en) | Civil aviation data encryption method, system, equipment and medium based on symmetric encryption | |
| Das et al. | Cryptolog: A new approach to provide log security for digital forensics | |
| CN116186695A (en) | A method, device and equipment for determining application security | 
Legal Events
| Date | Code | Title | Description | 
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | Application publication date: 20211203 | |
| WD01 | Invention patent application deemed withdrawn after publication |