阅读说明：本技术 一种数据隐私保护系统 (Data privacy protection system ) 是由 刘满堂 周筠 于 2021-08-02 设计创作，主要内容包括：本发明属于数据保护技术领域,公开了一种数据隐私保护系统,所述数据隐私保护系统包括数据采集读取模块、网络监测模块、本地存储模块、中央处理模块、云存储模块、人工交互模块、数据加密模块；所述数据加密模块包括数据加密服务器、数据解密服务器,数据加密服务器负责生成随机密钥对数据加密；本系统通过设置两个存储模块进行数据的实时存储和加密,同时保证了数据的完整性和安全性,也保证了在发现系统被侵入异常时能够及时切断电源来最大限度的保证数据安全,通过设置数据加密服务器和数据解密服务器来对数据进行双重保护,提升了数据安全性。(The invention belongs to the technical field of data protection, and discloses a data privacy protection system which comprises a data acquisition and reading module, a network monitoring module, a local storage module, a central processing module, a cloud storage module, a manual interaction module and a data encryption module; the data encryption module comprises a data encryption server and a data decryption server, and the data encryption server is responsible for generating a random key to encrypt data; this system carries out the real-time storage and the encryption of data through setting up two storage module, has guaranteed the integrality and the security of data simultaneously, has also guaranteed to come furthest's assurance data security in time cutting off the power when discovery system is invaded unusually, carries out duplicate protection to data through setting up data encryption server and data decryption server, has promoted data security.)

1. A data privacy protection system is characterized by comprising a data acquisition and reading module, a network monitoring module, a local storage module, a central processing module, a cloud storage module, a manual interaction module and a data encryption module;

the data acquisition and reading module is connected with the central processing module and comprises acquisition equipment and a display, the acquisition equipment acquires required data, the data acquired by the acquisition equipment is an electric signal and is converted into a digital signal through the A/D converter, the digital signal is transmitted to the central processing module through a transmission line, and the acquired data can be displayed on the display in real time for a worker to check;

the network monitoring module is connected with the central processing module and comprises a monitoring CPU, an alarm and a blocker, the monitoring CPU monitors the state of the whole system in real time, once the state of the system changes, the monitoring CPU is stimulated to generate an electric signal, if the electric signal is analyzed to be abnormal change by the CPU, the blocker is called immediately to block a system power supply, data can be automatically backed up during data acquisition, the backup data is prevented from delaying the optimal blocking time during state change, and meanwhile, the alarm is called to give an alarm to remind a worker;

the local storage module is connected with the central processing module and used for storing the acquired data, the SQL interface is used for connecting the data between the two modules, the SQL service database is used for storing the data, the data acquisition and reading module is used for packaging and sending the converted data to the central processing module, and the central processing module is used for performing label operation and transmitting the label operation to the SQL service database and the cloud storage module;

the central processing module is connected with the data acquisition and reading module, the network monitoring module, the local storage module, the cloud storage module, the manual interaction module and the data encryption module, and the main controller acquires external signals, analyzes and processes the external signals and outputs the external signals to the output channel; when analog quantity output is required from the outside, the system is converted into a standard electric signal through a D/A converter and is output to control each module to work normally;

the inside controller that is provided with of central processing module, the control model that each module of controller control ran does:

；

wherein P (t) is the controller output; e (t): a deviation signal of the controller; k_P: a proportionality coefficient; t is_i: an integration time; t is_d: a differential time;

the cloud storage module is connected with the central processing module, uses cloud storage service, firstly creates a cloud storage platform in a local server deployment data center, realizes a storage protocol through a third-party gateway, writes local data into the cloud storage gateway through a network cable by a user, transmits the data to a boundary route, transmits the data to the cloud platform through a private public network by the boundary route, initiates a request for object storage in the cloud platform, transmits the data to the cloud storage gateway in the cloud platform, and transmits the data to a cloud storage available area through a vSwitch by the cloud storage gateway to finish data cloud storage;

the man-machine interaction module is connected with the central processing module and used for analyzing and displaying the digital signals to a display screen; the method comprises the steps that a worker inputs instructions on a display interface, a submitted data instruction form is uploaded to a server through a Central Processing Unit (CPU) through the Internet and then transmitted to a central processing module through the server, the central processing module transmits the instructions to be executed to a data acquisition module, if a user needs to read data, a corresponding key needs to be input through a human-computer interaction interface, the server asks a local storage module and a cloud storage module for a license, and the data can be checked by a license party;

the data encryption module is connected with the central processing module and used for encrypting local data and cloud data, and when the data are stored in the local storage block module and the cloud storage module, the data encryption server can randomly generate two pairs of keys to encrypt the data and respectively act on the local storage module and the cloud storage module; when a user requests to check data, the data encryption server requests to perform identity authentication and key encryption, the user inputs corresponding information and then authenticates the information through the data encryption server, if the information passes the authentication, a license is fed back, and the data decryption server decrypts, packages and transmits the data to the central processing module.

2. The data privacy protection system of claim 1, wherein the collectors in the data collection and reading module at least include but are not limited to a camera, a fingerprint collector, a face recognition collector and a voiceprint collector.

3. The data privacy protection system of claim 1, wherein the cloud storage module cloud servers are connected in a manner that at least includes but is not limited to 3G, 4G, 5G, WIFI, network cable connection; the storage protocol implements the conversion from NFS to SMB.

4. The data privacy protection system of claim 1, wherein the SQL interface is used for verification between connected modules.

5. The data privacy protection system of claim 4, wherein the external signal is data and a request transmitted by each of the data acquisition and reading module, the network monitoring module, the local storage module, the cloud storage module, the manual interaction module and the data encryption module.

6. The data privacy protection system of claim 1, wherein the key is randomly generated and is an asymmetric key.

7. The data privacy protection system of claim 1, wherein the cloud storage module is provided with:

the storage layer is used for storing in a distributed mode through storage equipment, and the storage equipment is FC fiber channel storage equipment, IP storage equipment or DAS storage equipment; the FC fiber channel storage equipment, the IP storage equipment and the DAS storage equipment are connected through a wide area network, the Internet or an FC fiber channel network;

the basic management layer is used for cooperative work among a plurality of storage devices in cloud storage through cluster, distributed file system and grid computing, so that the plurality of storage devices can provide the same service to the outside and provide larger, stronger and better data access performance;

the application interface layer develops different application service interfaces according to the actual service types and provides different application services.

8. The data privacy protection system of claim 7, wherein the storage layer performs distributed storage through the storage device by:

connecting the storage devices with each other, and performing hash calculation on the key of the data by the storage devices to determine a number;

and comparing the hash values at corresponding points to determine the position of the data in the storage network, searching the storage device closest to the position by the server, and storing the data in the storage device.

9. The data privacy protection system of claim 1, wherein the specific process of the data encryption module encrypting the local data and the cloud data is as follows:

dividing local data and cloud data into a plurality of blocks with the length of a key character string;

replacing characters of the local data and the cloud data with numbers in a certain range, and simultaneously replacing each character of the key;

for each character in each block, the corresponding integer code is used with the integer code of the character at the corresponding position in the key, and the integer code is replaced with its equivalent character.

10. The data privacy protection system of claim 1, wherein the local storage module stores the local data by a specific process of:

dividing a local storage system into corresponding storage grids, and counting data in the storage grids;

and compressing the data by utilizing the statistical information, judging the high-density grid units based on the statistical information, and judging the high-density grid units into one type.

Technical Field

The invention belongs to the technical field of data protection, and particularly relates to a data privacy protection system.

Background

With the recent change of internet technology, the amount of data in life is increasingly huge, and it is increasingly difficult to manage data correspondingly, but improper data management may cause the information of a user and related information to be leaked, managed data becomes very sensitive because of containing personal information of the user, and personal privacy is leaked when the data is used carelessly or the data is managed carelessly.

Through the above analysis, the summary of the problems and defects existing in the prior art of building decorative panels is as follows:

(1) the prior art can not meet the trend of development of a big data era and has improper data management.

(2) The prior art can not provide privacy protection for data, and easily causes data information leakage to cause loss of users and companies.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides a data privacy protection system.

The invention is realized in such a way that a data privacy protection system comprises a data acquisition and reading module, a network monitoring module, a local storage module, a central processing module, a cloud storage module, a manual interaction module and a data encryption module;

the data acquisition and reading module is connected with the central processing module and comprises acquisition equipment and a display, the acquisition equipment acquires required data, the data acquired by the acquisition equipment is an electric signal and is converted into a digital signal through the A/D converter, the digital signal is transmitted to the central processing module through a transmission line, and the acquired data can be displayed on the display in real time for a worker to check;

the network monitoring module is connected with the central processing module and comprises a monitoring CPU, an alarm and a blocker, the monitoring CPU monitors the state of the whole system in real time, once the state of the system changes, the monitoring CPU is stimulated to generate an electric signal, if the electric signal is analyzed to be abnormal change by the CPU, the blocker is called immediately to block a system power supply, data can be automatically backed up during data acquisition, the backup data is prevented from delaying the optimal blocking time during state change, and meanwhile, the alarm is called to give an alarm to remind a worker;

the local storage module is connected with the central processing module and used for storing the acquired data, the SQL interface is used for connecting the data between the two modules, the SQL service database is used for storing the data, the data acquisition and reading module is used for packaging and sending the converted data to the central processing module, and the central processing module is used for performing label operation and transmitting the label operation to the SQL service database and the cloud storage module;

the central processing module is connected with the data acquisition and reading module, the network monitoring module, the local storage module, the cloud storage module, the manual interaction module and the data encryption module, and the main controller acquires external signals, analyzes and processes the external signals and outputs the external signals to the output channel; when analog quantity output is required from the outside, the system is converted into a standard electric signal through a D/A converter and is output to control each module to work normally;

the inside controller that is provided with of central processing module, the control model that each module of controller control ran does:

；

wherein P (t) is the controller output; e (t): a deviation signal of the controller; k_P: a proportionality coefficient; t is_i: an integration time; t is_d: a differential time;

the cloud storage module is connected with the central processing module, uses cloud storage service, firstly creates a cloud storage platform in a local server deployment data center, realizes a storage protocol through a third-party gateway, writes local data into the cloud storage gateway through a network cable by a user, transmits the data to a boundary route, transmits the data to the cloud platform through a private public network by the boundary route, initiates a request for object storage in the cloud platform, transmits the data to the cloud storage gateway in the cloud platform, and transmits the data to a cloud storage available area through a vSwitch by the cloud storage gateway to finish data cloud storage;

the man-machine interaction module is connected with the central processing module and used for analyzing and displaying the digital signals to a display screen; the method comprises the steps that a worker inputs instructions on a display interface, a submitted data instruction form is uploaded to a server through a Central Processing Unit (CPU) through the Internet and then transmitted to a central processing module through the server, the central processing module transmits the instructions to be executed to a data acquisition module, if a user needs to read data, a corresponding key needs to be input through a human-computer interaction interface, the server asks a local storage module and a cloud storage module for a license, and the data can be checked by a license party;

the data encryption module is connected with the central processing module and used for encrypting local data and cloud data, and when the data are stored in the local storage block module and the cloud storage module, the data encryption server can randomly generate two pairs of keys to encrypt the data and respectively act on the local storage module and the cloud storage module; when a user requests to check data, the data encryption server requests to perform identity authentication and key encryption, the user inputs corresponding information and then authenticates the information through the data encryption server, if the information passes the authentication, a license is fed back, and the data decryption server decrypts, packages and transmits the data to the central processing module.

Furthermore, the collector in the data acquisition and reading module at least comprises but is not limited to a camera, a fingerprint collector, a face recognition collector and a voiceprint collector.

Further, the connection mode of the cloud storage module cloud server at least comprises but is not limited to 3G, 4G, 5G, WIFI and network cable connection; the storage protocol implements the conversion from NFS to SMB.

Further, the SQL interface is used for verification between connection modules.

Further, the external signal is data and a request transmitted by each module of the data acquisition and reading module, the network monitoring module, the local storage module, the cloud storage module, the manual interaction module and the data encryption module.

Further, the key is generated randomly and is an asymmetric key.

Further, the cloud storage module is provided with:

the storage layer is used for storing in a distributed mode through storage equipment, and the storage equipment is FC fiber channel storage equipment, IP storage equipment or DAS storage equipment; the FC fiber channel storage equipment, the IP storage equipment and the DAS storage equipment are connected through a wide area network, the Internet or an FC fiber channel network;

the basic management layer is used for cooperative work among a plurality of storage devices in cloud storage through cluster, distributed file system and grid computing, so that the plurality of storage devices can provide the same service to the outside and provide larger, stronger and better data access performance;

the application interface layer develops different application service interfaces according to the actual service types and provides different application services.

Further, the specific process of the storage layer performing distributed storage through the storage device is as follows:

connecting the storage devices with each other, and performing hash calculation on the key of the data by the storage devices to determine a number;

and comparing the hash values at corresponding points to determine the position of the data in the storage network, searching the storage device closest to the position by the server, and storing the data in the storage device.

Further, the specific process of encrypting the local data and the cloud data by the data encryption module is as follows:

dividing local data and cloud data into a plurality of blocks with the length of a key character string;

replacing characters of the local data and the cloud data with numbers in a certain range, and simultaneously replacing each character of the key;

for each character in each block, the corresponding integer code is used with the integer code of the character at the corresponding position in the key, and the integer code is replaced with its equivalent character.

Further, the specific process of the local storage module for storing the local data is as follows:

dividing a local storage system into corresponding storage grids, and counting data in the storage grids;

and compressing the data by utilizing the statistical information, judging the high-density grid units based on the statistical information, and judging the high-density grid units into one type.

By combining all the technical schemes, the invention has the advantages and positive effects that: the data encryption system and the data decryption method have the advantages that the two storage modules are arranged for storing and encrypting data in real time, the integrity and the safety of the data are guaranteed, the power supply can be timely cut off when the system is found to be invaded abnormally, the safety of the data is guaranteed to the maximum extent, the data encryption server and the data decryption server are arranged for carrying out double protection on the data, and the safety of the data is improved. In the invention, if the user needs to read data in the man-machine interaction module, the corresponding key needs to be input by the man-machine interaction interface, the server asks for the license from the local storage module and the cloud storage module, and the data can be checked by the party obtaining the license, thereby improving the safety of the data. In the storage process of the cloud storage module, the corresponding storage protocol and the request for initiating object storage in the cloud platform need to be acquired through the third-party gateway, so that network information leakage is avoided, and the privacy of data is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic structural diagram of a data privacy protection system according to an embodiment of the present invention.

Fig. 2 is a schematic diagram of an encryption process provided in an embodiment of the present invention.

Fig. 3 is a schematic diagram of a cloud storage principle provided in an embodiment of the present invention.

Fig. 4 is a flowchart of a method for performing distributed storage on a storage tier by using a storage device according to an embodiment of the present invention.

Fig. 5 is a flowchart of a method for encrypting local data and cloud data by a data encryption module according to an embodiment of the present invention.

In the figure, 1, a data acquisition reading module; 2. a network monitoring module; 3. a local storage module; 4. a central processing module; 5. a cloud storage module; 6. a manual interaction module; 7. and a data encryption module.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

In view of the problems in the prior art, the present invention provides a data privacy protection system, which is described in detail below with reference to the accompanying drawings.

As shown in fig. 1, the data privacy protection system provided in the embodiment of the present invention includes a data acquisition and reading module 1, a network monitoring module 2, a local storage module 3, a central processing module 4, a cloud storage module 5, a manual interaction module 6, and a data encryption module 7;

data acquisition reads module 1, is connected with central processing module 4, including collection equipment and display, and the data that collection equipment gathered are the signal of telecommunication, convert digital signal into via the AD converter by the data that the collector was gathered, and digital signal passes through the transmission line and transmits to central processing module 4, and the data of gathering can real-time demonstration on the display, supplies the staff to look over.

The network monitoring module 2 is connected with the central processing module 4 and comprises a monitoring CPU, an alarm and a blocker, wherein the monitoring CPU monitors the state of the whole system in real time, once the state of the system changes (the state of the system changes due to hacker intrusion), the monitoring CPU can be stimulated to generate electric signals, if the electric signals are analyzed to be abnormal changes through the CPU, the blocker is called to block a system power supply immediately, data can be automatically backed up during data acquisition, the backup data is prevented from delaying the optimal blocking time during state change, and the alarm is called to give an alarm to remind a worker.

The local storage module 3 is connected with the central processing module 4 and used for storing the acquired data, the SQL interface is used for connecting the data between the two modules, the SQL service database is used for storing the data, the data acquisition and reading module 1 is used for packaging and sending the converted data to the central processing module 4, and the central processing module 4 is used for performing label operation and transmitting the label operation to the SQL service database and the cloud storage module 5.

The central processing module 4 is connected with the data acquisition and reading module 1, the network monitoring module 2, the local storage module 3, the cloud storage module 5, the manual interaction module 6 and the data encryption module 7, and the main controller acquires external signals (data and requests transmitted by the modules) and outputs the external signals to the output channel after analysis and processing. When analog quantity output is required from the outside, the system is converted into standard electric signals through the D/A converter and outputs the standard electric signals to control each module to work normally.

The inside controller that is provided with of central processing module, the control model that each module of controller control ran does:

；

wherein P (t) is the controller output; e (t): a deviation signal of the controller; k_P: a proportionality coefficient; t is_i: an integration time; t is_d: the differential time.

The cloud storage module 5 is connected with the central processing module 4, cloud storage service is used, a cloud storage platform is firstly created in a local server deployment data center, a storage protocol is realized through a third-party gateway, the storage protocol can realize conversion from NFS to SMB, a user writes local data into the cloud storage gateway through a network cable, the cloud storage gateway transmits the data to a boundary route, the boundary route transmits the data to the cloud platform through a private-line public network, a request for object storage is initiated in the cloud platform, the data are transmitted to the cloud storage gateway in the cloud platform, and the cloud storage gateway transmits the data to a cloud storage available area through vSwitch to finish data cloud storage; .

And the human-computer interaction module 6 is connected with the central processing module 4 and analyzes and displays the digital signals on a display screen. The staff inputs instructions on a display interface, submitted data instruction forms are uploaded to a server through a Central Processing Unit (CPU) through the Internet and then transmitted to a central processing module (4) by the server, the central processing module (4) transmits instructions to be executed to a data acquisition module (1), if a user needs to read data, a corresponding key needs to be input through a human-computer interaction interface, and the server asks a local storage module (3) and a cloud storage module (5) for a license to obtain the license so that the user can view the data.

The data encryption module 7 is connected with the central processing module 4 and used for encrypting local data and cloud data, and when the data are stored in the local storage block module 3 and the cloud storage module 5, the data encryption server can randomly generate two pairs of keys to encrypt the data and respectively act on the local storage module 3 and the cloud storage module 5; when a user requests to check data, the data encryption server requests to perform identity authentication and key encryption, the user inputs corresponding information and then authenticates the information through the data encryption server, if the information passes the authentication, a license is fed back, and the data decryption server decrypts and packages the data and transmits the data to the central processing module 4.

The data acquisition and reading module comprises a data acquisition and reading module, a data acquisition and reading module and a data processing module, wherein the data acquisition and reading module at least comprises a camera, a fingerprint acquisition device, a face recognition acquisition device and a voiceprint acquisition device; the connection mode of the cloud storage module cloud server at least comprises but is not limited to 3G, 4G, 5G, WIFI and network cable connection; the SQL interface is used for verifying the connection modules; the key is generated randomly and is an asymmetric key.

As shown in fig. 2, the data encryption module process is as follows:

the central processing module calls a data encryption server to generate a key, wherein the key is an asymmetric key; encrypting the local database and the cloud database by using the generated random key to ensure the security of the data; verifying the user identity, and asking for identity information and a secret key of the user by the data encryption server; the user inputs own identity information and a secret key and transmits the identity information and the secret key to the data encryption server for verification; after passing the verification, the data encryption server feeds back the license, and the user can check the information, otherwise, the user does not respond.

As shown in fig. 3, using a cloud storage service, firstly, a cloud storage platform 11 is created in a local server deployment data center, a storage protocol is implemented through a third-party gateway, a user writes local data into a cloud storage gateway 12 through a network cable, the cloud storage gateway 12 transmits the data to a boundary router 13, the boundary router 13 transmits the data to the cloud platform 11 through a private public network, a request for object storage is initiated in the cloud platform, the data is transmitted to a cloud storage gateway 14 in the cloud platform 11, and the cloud storage gateway transmits the data to a cloud storage available area 15 through vSwitch, thereby completing data cloud storage.

The VSwitch refers to a virtual switch or a virtual network switch, works in a two-layer data network, and realizes the two-layer (and partial three-layer) network function of a physical switch in a software mode. Compared with the traditional physical switch, the virtual switch has the advantages of flexible configuration and strong expansibility. Dozens of or even hundreds of virtual switches can be configured on a common server, and the number of ports can be flexibly selected.

The system overcomes the difficulty that the prior art can not meet the trend of development of a big data era and has improper data management. The method can provide privacy protection for data, and prevent data information from being leaked to cause loss of users and companies.

The cloud storage module provided by the embodiment of the invention is provided with: the storage layer is used for storing in a distributed mode through storage equipment, and the storage equipment is FC fiber channel storage equipment, IP storage equipment or DAS storage equipment; the FC fiber channel storage equipment, the IP storage equipment and the DAS storage equipment are connected through a wide area network, the Internet or an FC fiber channel network; the basic management layer is used for cooperative work among a plurality of storage devices in cloud storage through cluster, distributed file system and grid computing, so that the plurality of storage devices can provide the same service to the outside and provide larger, stronger and better data access performance; the application interface layer develops different application service interfaces according to the actual service types and provides different application services.

As shown in fig. 4, a specific process of performing distributed storage on a storage layer by using a storage device according to an embodiment of the present invention is as follows:

s101: connecting the storage devices with each other, and performing hash calculation on the key of the data by the storage devices to determine a number;

s102: comparing the hash values at corresponding points to determine the position of the data in the storage network;

s103: the server looks for the storage device closest to the location and stores the data on the storage device.

As shown in fig. 5, a specific process of the data encryption module provided in the embodiment of the present invention for encrypting the local data and the cloud data is as follows:

s201: dividing local data and cloud data into a plurality of blocks with the length of a key character string;

s202: replacing characters of the local data and the cloud data with numbers in a certain range, and simultaneously replacing each character of the key;

s203: for each character in each block, the corresponding integer code is used with the integer code of the character at the corresponding position in the key, and the integer code is replaced with its equivalent character.

The specific process of the local storage module for storing the local data provided by the embodiment of the invention is as follows:

dividing a local storage system into corresponding storage grids, and counting data in the storage grids;

and compressing the data by utilizing the statistical information, judging the high-density grid units based on the statistical information, and judging the high-density grid units into one type.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention, and the scope of the present invention is not limited thereto, and any modification, equivalent replacement, and improvement made by those skilled in the art within the technical scope of the present invention disclosed herein, which is within the spirit and principle of the present invention, should be covered by the present invention.