[go: up one dir, main page]

CN113965396A - Data security communication system and method based on risk assessment - Google Patents

Data security communication system and method based on risk assessment Download PDF

Info

Publication number
CN113965396A
CN113965396A CN202111262570.4A CN202111262570A CN113965396A CN 113965396 A CN113965396 A CN 113965396A CN 202111262570 A CN202111262570 A CN 202111262570A CN 113965396 A CN113965396 A CN 113965396A
Authority
CN
China
Prior art keywords
module
information
data
user terminal
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111262570.4A
Other languages
Chinese (zh)
Other versions
CN113965396B (en
Inventor
陈勇
梁立京
覃施嘉
冯志新
陈恋
黄奕翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangxi Communication Planning And Design Consulting Co ltd
Original Assignee
Guangxi Communication Planning And Design Consulting Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangxi Communication Planning And Design Consulting Co ltd filed Critical Guangxi Communication Planning And Design Consulting Co ltd
Priority to CN202111262570.4A priority Critical patent/CN113965396B/en
Publication of CN113965396A publication Critical patent/CN113965396A/en
Application granted granted Critical
Publication of CN113965396B publication Critical patent/CN113965396B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of data security communication, in particular to a data security communication system and a data security communication method based on risk assessment, which comprises the following steps: the system comprises a user terminal I and a user terminal II, wherein an account registration module and an information input module are arranged in the user terminal I and the user terminal II; the communication equipment I comprises a data preprocessing module I, an information receiving module I, an information sending module I, a data information processing module I and a storage module I; the communication equipment II comprises a data preprocessing module II, an information receiving module II, an information sending module II, a data information processing module II and a storage module II; according to the invention, risk assessment is carried out on all data to be transmitted, high-risk data information is filtered, and influence on other data is avoided; the invention encrypts the stored data information, can effectively avoid data from being distorted and decrypted in transmission, and enhances the safety of data communication.

Description

Data security communication system and method based on risk assessment
Technical Field
The invention relates to the technical field of data security communication, in particular to a data security communication system and a data security communication method based on risk assessment.
Background
Nowadays, with the development of the information age, information interaction security is more and more concerned by people. The file is subjected to multiple transmission, and risks of being tampered, forged, damaged and the like exist in the service transmission process, so that subsequent services are difficult to continue; at present, some encryption measures are adopted in various data interactions, and digital encryption methods are mainly applied.
The digital certificate is an electronic identity certificate, generally the digital certificate is invariable encrypted data, a password and the digital certificate used by people are safe, and the encrypted data sets an encryption protocol by using a program, namely, the consistency of encryption and decryption is ensured by a certain algorithm so as to facilitate verification.
Patent application No. CN201811481900.7 discloses a data security communication system and method, wherein the data security communication system includes a user terminal and a security device, the user terminal performs data communication with the security device, and the security device includes a first security device and a second security device having the same hardware structure and function. The invention also provides a data security communication method, which comprises the following steps: encryption request, original data encryption, encrypted data packet generation, encrypted data packet decryption of a user, data extraction verification and validity judgment. The invention also provides another data security communication method, which comprises the following steps: encryption request, original data encryption, encrypted data packet generation, data compression, decompression and decryption, data extraction verification and validity judgment.
The data security communication system and the data security communication method only encrypt data, do not encrypt an account of a user terminal, do not evaluate risks of the data, cannot filter high-risk data information, and easily influence other data information, so that the security of the data security communication system is reduced.
Therefore, a data security communication system and method based on risk assessment are provided.
Disclosure of Invention
The present invention is directed to a system and method for data security communication based on risk assessment to solve the above problems.
In order to achieve the purpose, the invention provides the following technical scheme: a data security communication system based on risk assessment, comprising:
the system comprises a user terminal I, an account registration module and an information input module, wherein the user terminal I is internally provided with the account registration module and the information input module, the account registration module comprises an identity registration module, a scanning module and an account encryption module, the output end of the scanning module is connected with the input end of the identity registration module, and the identity registration module is bidirectionally connected with the account encryption module;
the user terminal II is internally provided with an account registration module and an information input module, the account registration module comprises an identity registration module, a scanning module and an account encryption module, the output end of the scanning module is connected with the input end of the identity registration module, and the identity registration module is bidirectionally connected with the account encryption module;
the communication equipment I comprises a data preprocessing module I, an information receiving module I, an information sending module I, a data information processing module I and a storage module I;
the communication equipment II comprises a data preprocessing module II, an information receiving module II, an information sending module II, a data information processing module II and a storage module II;
the output end of the user terminal I is connected with the data preprocessing module I and the data information processing module I through the information receiving module I, the data information processing module I is connected with the user terminal I through the information sending module I, and the data information processing module I is connected with the storage module I in a bidirectional mode;
the output end of the user terminal II is connected with the data preprocessing module II and the data information processing module II through the information receiving module II, the data information processing module II is connected with the user terminal II through the information sending module II, and the data information processing module II is bidirectionally connected with the storage module II;
the output end of the storage module I is connected to the input end of the information sending module I, the information sending module I is connected to the storage module II through the information receiving module II, the output end of the storage module II is connected to the input end of the information sending module II, and the information sending module II is connected to the storage module I through the information receiving module I.
The data information preprocessing module I and the data information preprocessing module II both comprise an information filtering module and an information display module;
the information filtering module comprises a data detection and identification module, a data comparison and evaluation module and a data processing coping module;
the output end of the data detection and identification module is connected to the input end of the data comparison and evaluation module, and the output end of the data comparison and evaluation module is connected to the input end of the data processing coping module.
The data information processing module I and the data information processing module II respectively comprise an analysis coping module, a control module, a data encryption module and a data conversion module.
The identity registration module is used for carrying out user identity registration and binding a corresponding user terminal I and a corresponding user terminal II;
the scanning module is used for scanning and identifying the two-dimensional codes corresponding to the user terminal I and the user terminal II;
the account encryption module is used for encrypting and decrypting the registered user identity information and storing encrypted keys and certificates.
The information input module is used for a user to input original data information; the information filtering module is used for calling out a reference strategy after detecting the risk information and configuring a corresponding security strategy, and the information display module is used for displaying the secure data information filtered by the information filtering module.
The storage module I and the storage module II are used for storing user identity registration information, safe data information filtered by the information filtering module and encrypted data information.
The analysis coping module is used for calling the risk information feature code, analyzing the collected terminal information, finding out the risk information, analyzing the feature code, and providing a corresponding reference strategy according to the feature code.
The control module is used for controlling the work of the data encryption module, the analysis coping module and the data conversion module.
The data conversion module is used for compressing and converting the data transmitted by the control module according to a data conversion method to obtain converted data; the data encryption module is used for encrypting and decrypting data and storing encrypted keys and certificates.
The data encryption module is used for encrypting and decrypting data and storing encrypted keys and certificates.
The secret key in the account encryption module comprises a public key and a private key, so that the secret key in the account encryption module can be encrypted and decrypted.
The secret key in the data encryption module comprises a public key and a private key, so that the secret key in the data encryption module can be encrypted and decrypted.
The information input module comprises a keyboard, a mouse, a camera and a microphone, and different types of data information can be input through the keyboard, the mouse, the camera and the microphone.
The information display module is a liquid crystal display, and the liquid crystal display can visually display the data information.
The account encryption module and the data encryption module are chips, encryption cards or encryptors, and both the account encryption module and the data encryption module can decrypt keys stored by the account encryption module or keys stored by the data encryption module.
The invention also provides a use method of the data security communication system based on risk assessment, which specifically comprises the following steps:
s1, user terminal I and user terminal II account registration:
s101, identity registration: the user terminal I and the user terminal II register identities through an identity registration module in the account registration module, and the user terminal I and the user terminal II transmit identity registration information to a storage module of the server for storage through a network;
s102, equipment binding: each user terminal II is provided with a unique identification two-dimensional code, identification information corresponding to the user terminal II is stored in the identification two-dimensional code, the user terminal I correspondingly scans the identification two-dimensional code of the user terminal II through a scanning module in an account registration module, the account registration module binds the corresponding user terminal II according to the identification information scanned by the scanning module in the identification two-dimensional code, and the account registration module binds the name, the serial number, the account registration information and the two-dimensional code identification information of the user terminal II in a one-to-one correspondence manner to form a binding database and transmits the binding database to a storage module of a server for storage;
each user terminal I is provided with a unique identification two-dimensional code, identification information corresponding to the user terminal I is stored in the identification two-dimensional code, the user terminal II correspondingly scans the identification two-dimensional code of the user terminal I related to the user terminal II through a scanning module in an account registration module, the account registration module binds the corresponding user terminal I according to the identification information scanned by the scanning module in the identification two-dimensional code, and the account registration module binds the name, the serial number, the account registration information and the two-dimensional code identification information of the user terminal I in a one-to-one correspondence manner to form a binding database and transmits the binding database to a storage module of a server for storage;
s103, account encryption: after the user registers the account, the account identity registration information is encrypted through an account encryption module, and the user terminal transmits the account identity registration encryption information to a storage module of the server through a network for storage;
s2, preprocessing data information: the information input is carried out through an information input module of a user terminal I, and the information is transmitted to a data information preprocessing module I, a data information processing module I and a storage module I through an information receiving module I;
the data detection and identification module detects, identifies and distinguishes input information, a risk information feature code stored in advance is called through the analysis and response module, then the classified data information and the risk information feature code called through the analysis and response module are compared, evaluated and analyzed through the data comparison and evaluation module, risk information is found out and the feature code of the risk information is analyzed, a corresponding reference strategy is provided through the data processing and response module, risk-bearing data is filtered and blocked, risk-free and safe data information is released, and the safe data information is transmitted to the data information processing module I through the information receiving module I through a network;
the information is input through an information input module of the user terminal II and is transmitted to a data information preprocessing module II, a data information processing module II and a storage module II through an information receiving module II;
the data detection and identification module detects, identifies and distinguishes input information, the analysis and response module calls a risk information feature code stored in advance, the data comparison and evaluation module compares, evaluates and analyzes the classified data information and the risk information feature code called by the analysis and response module, finds out risk information and analyzes the feature code, the data processing and response module provides a corresponding reference strategy, filters and blocks risk-containing data, releases risk-free and safe data information, and transmits the safe data information to the data information processing module II through an information receiving module II;
s3, data information encryption:
s301, data encryption request: the safe data information network is sent to a control module of a data information processing module I, and the control module sends the service requirement to an encryption module after processing the service requirement through a data conversion module;
the safe data information network is sent to a control module of a data information processing module II, and the control module sends the service requirement to an encryption module after processing the service requirement through a data conversion module;
s302, data encryption: the encryption module encrypts the safe data information, stores the encryption result, re-encrypts the encryption result by using a private key, encrypts the re-encrypted result by using a public key, and transmits the re-encrypted result to the storage module of the server;
s303, decompressing and decrypting: the data encryption module decrypts the received information by using a private key, and decrypts the decryption result again by using the public key to obtain a secondary decryption result; the data encryption module encrypts the secondary decryption result by using a private key and encrypts the encryption result again by using a public key;
s304, judging validity: the data encryption module decrypts the secondary ciphertext by using a private key, decrypts the decryption result by using a public key again to obtain decryption information, and judges whether the decryption information is consistent with the encryption result stored in the step S302, if so, the data is valid, at the moment, the valid data is transmitted to the information receiving module I and the information receiving module II respectively through the information sending module I and the information sending module II, and the user terminal I and the information receiving module I finally receive the security data from the information receiving module II and the information receiving module I.
Compared with the prior art, the invention has the beneficial effects that:
the invention adds high-strength identity authentication and identity authentication encryption, avoids irrelevant personnel from logging in the system, and enhances the safety and integrity of data communication;
according to the invention, risk assessment is carried out on all data to be transmitted, high-risk data information is filtered, and influence on other data is avoided;
the invention encrypts the stored data information, can effectively avoid data from being distorted and decrypted in transmission, and enhances the safety of data communication.
Drawings
FIG. 1 is a block diagram of a data security communication system based on risk assessment according to the present invention;
FIG. 2 is a block diagram of the structure of the information filtering module according to the present invention;
FIG. 3 is a flow chart of a method of using a data security communication system based on risk assessment in accordance with the present invention;
FIG. 4 is a flowchart of step S1 according to the present invention;
FIG. 5 is a flowchart of step S3 according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, the present invention provides a technical solution: a data security communication system based on risk assessment, comprising:
the system comprises a user terminal I, an account registration module and an information input module, wherein the user terminal I is internally provided with the account registration module and the information input module, the account registration module comprises an identity registration module, a scanning module and an account encryption module, the output end of the scanning module is connected with the input end of the identity registration module, and the identity registration module is bidirectionally connected with the account encryption module;
the user terminal II is internally provided with an account registration module and an information input module, the account registration module comprises an identity registration module, a scanning module and an account encryption module, the output end of the scanning module is connected with the input end of the identity registration module, and the identity registration module is bidirectionally connected with the account encryption module;
the communication equipment I comprises a data preprocessing module I, an information receiving module I, an information sending module I, a data information processing module I and a storage module I;
the communication equipment II comprises a data preprocessing module II, an information receiving module II, an information sending module II, a data information processing module II and a storage module II;
the output end of the user terminal I is connected with the data preprocessing module I and the data information processing module I through the information receiving module I, the data information processing module I is connected with the user terminal I through the information sending module I, and the data information processing module I is connected with the storage module I in a bidirectional mode;
the output end of the user terminal II is connected with the data preprocessing module II and the data information processing module II through the information receiving module II, the data information processing module II is connected with the user terminal II through the information sending module II, and the data information processing module II is bidirectionally connected with the storage module II;
the output end of the storage module I is connected to the input end of the information sending module I, the information sending module I is connected to the storage module II through the information receiving module II, the output end of the storage module II is connected to the input end of the information sending module II, and the information sending module II is connected to the storage module I through the information receiving module I.
The data information preprocessing module I and the data information preprocessing module II both comprise an information filtering module and an information display module;
the information filtering module comprises a data detection and identification module, a data comparison and evaluation module and a data processing coping module;
the output end of the data detection and identification module is connected to the input end of the data comparison and evaluation module, and the output end of the data comparison and evaluation module is connected to the input end of the data processing coping module.
The data information processing module I and the data information processing module II respectively comprise an analysis coping module, a control module, a data encryption module and a data conversion module.
The identity registration module is used for carrying out user identity registration and binding a corresponding user terminal I and a corresponding user terminal II;
the scanning module is used for scanning and identifying the two-dimensional codes corresponding to the user terminal I and the user terminal II;
the account encryption module is used for encrypting and decrypting the registered user identity information and storing encrypted keys and certificates.
The information input module is used for a user to input original data information; the information filtering module is used for calling out a reference strategy after detecting the risk information and configuring a corresponding security strategy, and the information display module is used for displaying the secure data information filtered by the information filtering module.
The storage module I and the storage module II are used for storing user identity registration information, safe data information filtered by the information filtering module and encrypted data information.
The analysis coping module is used for calling the risk information feature code, analyzing the collected terminal information, finding out the risk information, analyzing the feature code, and providing a corresponding reference strategy according to the feature code.
The control module is used for controlling the work of the data encryption module, the analysis coping module and the data conversion module.
The data conversion module is used for compressing and converting the data transmitted by the control module according to a data conversion method to obtain converted data; the data encryption module is used for encrypting and decrypting data and storing encrypted keys and certificates.
The data encryption module is used for encrypting and decrypting data and storing encrypted keys and certificates.
The secret key in the account encryption module comprises a public key and a private key, so that the secret key in the account encryption module can be encrypted and decrypted.
The secret key in the data encryption module comprises a public key and a private key, so that the secret key in the data encryption module can be encrypted and decrypted.
The information input module comprises a keyboard, a mouse, a camera and a microphone, and different types of data information can be input through the keyboard, the mouse, the camera and the microphone.
The information display module is a liquid crystal display, and the liquid crystal display can visually display the data information.
The account encryption module and the data encryption module are chips, encryption cards or encryptors, and both the account encryption module and the data encryption module can decrypt keys stored by the account encryption module or keys stored by the data encryption module.
The invention also provides a use method of the data security communication system based on risk assessment, which is shown in the figures 3-5 and specifically comprises the following steps:
s1, user terminal I and user terminal II account registration:
s101, identity registration: the user terminal I and the user terminal II register identities through an identity registration module in the account registration module, and the user terminal I and the user terminal II transmit identity registration information to a storage module of the server for storage through a network;
s102, equipment binding: each user terminal II is provided with a unique identification two-dimensional code, identification information corresponding to the user terminal II is stored in the identification two-dimensional code, the user terminal I correspondingly scans the identification two-dimensional code of the user terminal II through a scanning module in an account registration module, the account registration module binds the corresponding user terminal II according to the identification information scanned by the scanning module in the identification two-dimensional code, and the account registration module binds the name, the serial number, the account registration information and the two-dimensional code identification information of the user terminal II in a one-to-one correspondence manner to form a binding database and transmits the binding database to a storage module of a server for storage;
each user terminal I is provided with a unique identification two-dimensional code, identification information corresponding to the user terminal I is stored in the identification two-dimensional code, the user terminal II correspondingly scans the identification two-dimensional code of the user terminal I related to the user terminal II through a scanning module in an account registration module, the account registration module binds the corresponding user terminal I according to the identification information scanned by the scanning module in the identification two-dimensional code, and the account registration module binds the name, the serial number, the account registration information and the two-dimensional code identification information of the user terminal I in a one-to-one correspondence manner to form a binding database and transmits the binding database to a storage module of a server for storage;
s103, account encryption: after the user registers the account, the account identity registration information is encrypted through an account encryption module, and the user terminal transmits the account identity registration encryption information to a storage module of the server through a network for storage;
s2, preprocessing data information: the information input is carried out through an information input module of a user terminal I, and the information is transmitted to a data information preprocessing module I, a data information processing module I and a storage module I through an information receiving module I;
the data detection and identification module detects, identifies and distinguishes input information, a risk information feature code stored in advance is called through the analysis and response module, then the classified data information and the risk information feature code called through the analysis and response module are compared, evaluated and analyzed through the data comparison and evaluation module, risk information is found out and the feature code of the risk information is analyzed, a corresponding reference strategy is provided through the data processing and response module, risk-bearing data is filtered and blocked, risk-free and safe data information is released, and the safe data information is transmitted to the data information processing module I through the information receiving module I through a network;
the information is input through an information input module of the user terminal II and is transmitted to a data information preprocessing module II, a data information processing module II and a storage module II through an information receiving module II;
the data detection and identification module detects, identifies and distinguishes input information, the analysis and response module calls a risk information feature code stored in advance, the data comparison and evaluation module compares, evaluates and analyzes the classified data information and the risk information feature code called by the analysis and response module, finds out risk information and analyzes the feature code, the data processing and response module provides a corresponding reference strategy, filters and blocks risk-containing data, releases risk-free and safe data information, and transmits the safe data information to the data information processing module II through an information receiving module II;
s3, data information encryption:
s301, data encryption request: the safe data information network is sent to a control module of a data information processing module I, and the control module sends the service requirement to an encryption module after processing the service requirement through a data conversion module;
the safe data information network is sent to a control module of a data information processing module II, and the control module sends the service requirement to an encryption module after processing the service requirement through a data conversion module;
s302, data encryption: the encryption module encrypts the safe data information, stores the encryption result, re-encrypts the encryption result by using a private key, encrypts the re-encrypted result by using a public key, and transmits the re-encrypted result to the storage module of the server;
s303, decompressing and decrypting: the data encryption module decrypts the received information by using a private key, and decrypts the decryption result again by using the public key to obtain a secondary decryption result; the data encryption module encrypts the secondary decryption result by using a private key and encrypts the encryption result again by using a public key;
s304, judging validity: the data encryption module decrypts the secondary ciphertext by using a private key, decrypts the decryption result by using a public key again to obtain decryption information, and judges whether the decryption information is consistent with the encryption result stored in the step S302, if so, the data is valid, at the moment, the valid data is transmitted to the information receiving module I and the information receiving module II respectively through the information sending module I and the information sending module II, and the user terminal I and the information receiving module I finally receive the security data from the information receiving module II and the information receiving module I.
To sum up, compared with the prior art: the invention adds high-strength identity authentication and identity authentication encryption, avoids irrelevant personnel from logging in the system, and enhances the safety and integrity of data communication; according to the invention, risk assessment is carried out on all data to be transmitted, high-risk data information is filtered, and influence on other data is avoided; the invention encrypts the stored data information, can effectively avoid data from being distorted and decrypted in transmission, and enhances the safety of data communication.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. A data security communication system based on risk assessment, comprising:
the system comprises a user terminal I, an account registration module and an information input module, wherein the user terminal I is internally provided with the account registration module and the information input module, the account registration module comprises an identity registration module, a scanning module and an account encryption module, the output end of the scanning module is connected with the input end of the identity registration module, and the identity registration module is bidirectionally connected with the account encryption module;
the user terminal II is internally provided with an account registration module and an information input module, the account registration module comprises an identity registration module, a scanning module and an account encryption module, the output end of the scanning module is connected with the input end of the identity registration module, and the identity registration module is bidirectionally connected with the account encryption module;
the communication equipment I comprises a data preprocessing module I, an information receiving module I, an information sending module I, a data information processing module I and a storage module I;
the communication equipment II comprises a data preprocessing module II, an information receiving module II, an information sending module II, a data information processing module II and a storage module II;
the output end of the user terminal I is connected with the data preprocessing module I and the data information processing module I through the information receiving module I, the data information processing module I is connected with the user terminal I through the information sending module I, and the data information processing module I is connected with the storage module I in a bidirectional mode;
the output end of the user terminal II is connected with the data preprocessing module II and the data information processing module II through the information receiving module II, the data information processing module II is connected with the user terminal II through the information sending module II, and the data information processing module II is bidirectionally connected with the storage module II;
the output end of the storage module I is connected to the input end of the information sending module I, the information sending module I is connected to the storage module II through the information receiving module II, the output end of the storage module II is connected to the input end of the information sending module II, and the information sending module II is connected to the storage module I through the information receiving module I.
2. A data security communication system based on risk assessment according to claim 1, characterized in that: the data information preprocessing module I and the data information preprocessing module II both comprise an information filtering module and an information display module;
the information filtering module comprises a data detection and identification module, a data comparison and evaluation module and a data processing coping module;
the output end of the data detection and identification module is connected to the input end of the data comparison and evaluation module, and the output end of the data comparison and evaluation module is connected to the input end of the data processing coping module.
3. A data security communication system based on risk assessment according to claim 1, characterized in that: the data information processing module I and the data information processing module II respectively comprise an analysis coping module, a control module, a data encryption module and a data conversion module.
4. A data security communication system based on risk assessment according to claim 1, characterized in that: the identity registration module is used for carrying out user identity registration and binding a corresponding user terminal I and a corresponding user terminal II;
the scanning module is used for scanning and identifying the two-dimensional codes corresponding to the user terminal I and the user terminal II;
the account encryption module is used for encrypting and decrypting the registered user identity information and storing encrypted keys and certificates.
5. A data security communication system based on risk assessment according to claim 2, characterized in that: the information input module is used for a user to input original data information; the information filtering module is used for calling out a reference strategy after detecting the risk information and configuring a corresponding security strategy, and the information display module is used for displaying the secure data information filtered by the information filtering module.
6. A data security communication system based on risk assessment according to claim 2, characterized in that: the storage module I and the storage module II are used for storing user identity registration information, safe data information filtered by the information filtering module and encrypted data information.
7. A data security communication system based on risk assessment according to claim 3, characterized in that: the analysis coping module is used for calling the risk information feature code, analyzing the collected terminal information, finding out the risk information, analyzing the feature code, and providing a corresponding reference strategy according to the feature code.
8. A data security communication system based on risk assessment according to claim 3, characterized in that: the control module is used for controlling the work of the data encryption module, the analysis coping module and the data conversion module.
9. A data security communication system based on risk assessment according to claim 3, characterized in that: the data conversion module is used for compressing and converting the data transmitted by the control module according to a data conversion method to obtain converted data; the data encryption module is used for encrypting and decrypting data and storing encrypted keys and certificates.
10. A method for using a risk assessment based data security communication system according to any of claims 1-9, characterized by: the method specifically comprises the following steps:
s1, user terminal I and user terminal II account registration:
s101, identity registration: the user terminal I and the user terminal II register identities through an identity registration module in the account registration module, and the user terminal I and the user terminal II transmit identity registration information to a storage module of the server for storage through a network;
s102, equipment binding: each user terminal II is provided with a unique identification two-dimensional code, identification information corresponding to the user terminal II is stored in the identification two-dimensional code, the user terminal I correspondingly scans the identification two-dimensional code of the user terminal II through a scanning module in an account registration module, the account registration module binds the corresponding user terminal II according to the identification information scanned by the scanning module in the identification two-dimensional code, and the account registration module binds the name, the serial number, the account registration information and the two-dimensional code identification information of the user terminal II in a one-to-one correspondence manner to form a binding database and transmits the binding database to a storage module of a server for storage;
each user terminal I is provided with a unique identification two-dimensional code, identification information corresponding to the user terminal I is stored in the identification two-dimensional code, the user terminal II correspondingly scans the identification two-dimensional code of the user terminal I related to the user terminal II through a scanning module in an account registration module, the account registration module binds the corresponding user terminal I according to the identification information scanned by the scanning module in the identification two-dimensional code, and the account registration module binds the name, the serial number, the account registration information and the two-dimensional code identification information of the user terminal I in a one-to-one correspondence manner to form a binding database and transmits the binding database to a storage module of a server for storage;
s103, account encryption: after the user registers the account, the account identity registration information is encrypted through an account encryption module, and the user terminal transmits the account identity registration encryption information to a storage module of the server through a network for storage;
s2, preprocessing data information: the information input is carried out through an information input module of a user terminal I, and the information is transmitted to a data information preprocessing module I, a data information processing module I and a storage module I through an information receiving module I;
the data detection and identification module detects, identifies and distinguishes input information, a risk information feature code stored in advance is called through the analysis and response module, then the classified data information and the risk information feature code called through the analysis and response module are compared, evaluated and analyzed through the data comparison and evaluation module, risk information is found out and the feature code of the risk information is analyzed, a corresponding reference strategy is provided through the data processing and response module, risk-bearing data is filtered and blocked, risk-free and safe data information is released, and the safe data information is transmitted to the data information processing module I through the information receiving module I through a network;
the information is input through an information input module of the user terminal II and is transmitted to a data information preprocessing module II, a data information processing module II and a storage module II through an information receiving module II;
the data detection and identification module detects, identifies and distinguishes input information, the analysis and response module calls a risk information feature code stored in advance, the data comparison and evaluation module compares, evaluates and analyzes the classified data information and the risk information feature code called by the analysis and response module, finds out risk information and analyzes the feature code, the data processing and response module provides a corresponding reference strategy, filters and blocks risk-containing data, releases risk-free and safe data information, and transmits the safe data information to the data information processing module II through an information receiving module II;
s3, data information encryption:
s301, data encryption request: the safe data information network is sent to a control module of a data information processing module I, and the control module sends the service requirement to an encryption module after processing the service requirement through a data conversion module;
the safe data information network is sent to a control module of a data information processing module II, and the control module sends the service requirement to an encryption module after processing the service requirement through a data conversion module;
s302, data encryption: the encryption module encrypts the safe data information, stores the encryption result, re-encrypts the encryption result by using a private key, encrypts the re-encrypted result by using a public key, and transmits the re-encrypted result to the storage module of the server;
s303, decompressing and decrypting: the data encryption module decrypts the received information by using a private key, and decrypts the decryption result again by using the public key to obtain a secondary decryption result; the data encryption module encrypts the secondary decryption result by using a private key and encrypts the encryption result again by using a public key;
s304, judging validity: the data encryption module decrypts the secondary ciphertext by using a private key, decrypts the decryption result by using a public key again to obtain decryption information, and judges whether the decryption information is consistent with the encryption result stored in the step S302, if so, the data is valid, at the moment, the valid data is transmitted to the information receiving module I and the information receiving module II respectively through the information sending module I and the information sending module II, and the user terminal I and the information receiving module I finally receive the security data from the information receiving module II and the information receiving module I.
CN202111262570.4A 2021-10-28 2021-10-28 Data security communication system and method based on risk assessment Active CN113965396B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111262570.4A CN113965396B (en) 2021-10-28 2021-10-28 Data security communication system and method based on risk assessment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111262570.4A CN113965396B (en) 2021-10-28 2021-10-28 Data security communication system and method based on risk assessment

Publications (2)

Publication Number Publication Date
CN113965396A true CN113965396A (en) 2022-01-21
CN113965396B CN113965396B (en) 2024-06-25

Family

ID=79467966

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111262570.4A Active CN113965396B (en) 2021-10-28 2021-10-28 Data security communication system and method based on risk assessment

Country Status (1)

Country Link
CN (1) CN113965396B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116545768A (en) * 2023-06-29 2023-08-04 中国标准化研究院 Information security risk early warning method and system
CN117972730A (en) * 2024-03-29 2024-05-03 成都工业学院 Low-risk security control method and system for electronic information data interaction

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325026A (en) * 2011-07-14 2012-01-18 易讯天空计算机技术(深圳)有限公司 Account password secure encryption system
CN105682196A (en) * 2016-01-13 2016-06-15 北京小米移动软件有限公司 Communication control method and device and wearable device
US9491155B1 (en) * 2014-08-13 2016-11-08 Amazon Technologies, Inc. Account generation based on external credentials
CN112270966A (en) * 2020-11-17 2021-01-26 赵淑芳 Medical data intelligent sharing and trading system based on internet finance
CN113221128A (en) * 2020-01-21 2021-08-06 中国移动通信集团山东有限公司 Account and password storage method and registration management system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325026A (en) * 2011-07-14 2012-01-18 易讯天空计算机技术(深圳)有限公司 Account password secure encryption system
US9491155B1 (en) * 2014-08-13 2016-11-08 Amazon Technologies, Inc. Account generation based on external credentials
CN105682196A (en) * 2016-01-13 2016-06-15 北京小米移动软件有限公司 Communication control method and device and wearable device
CN113221128A (en) * 2020-01-21 2021-08-06 中国移动通信集团山东有限公司 Account and password storage method and registration management system
CN112270966A (en) * 2020-11-17 2021-01-26 赵淑芳 Medical data intelligent sharing and trading system based on internet finance

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116545768A (en) * 2023-06-29 2023-08-04 中国标准化研究院 Information security risk early warning method and system
CN116545768B (en) * 2023-06-29 2023-08-25 中国标准化研究院 An information security risk early warning method and system
CN117972730A (en) * 2024-03-29 2024-05-03 成都工业学院 Low-risk security control method and system for electronic information data interaction

Also Published As

Publication number Publication date
CN113965396B (en) 2024-06-25

Similar Documents

Publication Publication Date Title
CN111614637B (en) Secure communication method and system based on software cryptographic module
CN1134161C (en) Method for providing a secure communication between two devices and application of this method
CN101662469B (en) Method and system based on USBKey online banking trade information authentication
EP2548331B1 (en) System and method for communicating between different entities using different data portions for different channels
CN110415414B (en) Unlocking method and device of dynamic coded lock based on two-party authentication
CN102724563A (en) Monitoring front end and terminal, monitoring system as well as audio/video signal encryption and decryption methods
CN202854880U (en) SMS payment system based on fingerprint identification mobile phone
WO2018133674A1 (en) Method of verifying and feeding back bank payment permission authentication information
CN101819614A (en) System and method for enhancing network transaction safety by utilizing voice verification USBKey
CN111539032B (en) Electronic signature application system resistant to quantum computing disruption and implementation method thereof
CN108401494B (en) Method and system for transmitting data
CN101582896A (en) Third-party network authentication system and authentication method thereof
CN113965396B (en) Data security communication system and method based on risk assessment
CN103117851A (en) Encryption control method and device capable of achieving tamper-proofing and repudiation-proofing by means of public key infrastructure (PKI)
CN112307875A (en) Face verification method and face verification system
CN105323063A (en) Identity verification method of mobile terminal and fixed intelligent terminal based on two-dimensional code
CN104994107B (en) A kind of MMS message off-line analysis methods based on IEC62351
CN104639528A (en) DBA (database administrator) mobile client counterattack method and DBA mobile client counterattack device
CN112911588A (en) Lightweight narrowband Internet of things secure transmission method and system
CN106027560A (en) Intelligent terminal oriented security transmission method and system
CN111698253A (en) Computer network safety system
CN109802834A (en) The method and system that a kind of pair of business layer data is encrypted, decrypted
CN111415252A (en) Privacy transaction processing method and device based on block chain
CN111263360B (en) Wireless encryption device and method using public key to protect variable mechanical authentication password
CN101521571B (en) Method for authenticating safety unit and server side of mobile hardware

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant