CN107239682A - A kind of computer internet information safety control system based on cloud computing - Google Patents
A kind of computer internet information safety control system based on cloud computing Download PDFInfo
- Publication number
- CN107239682A CN107239682A CN201710451699.7A CN201710451699A CN107239682A CN 107239682 A CN107239682 A CN 107239682A CN 201710451699 A CN201710451699 A CN 201710451699A CN 107239682 A CN107239682 A CN 107239682A
- Authority
- CN
- China
- Prior art keywords
- mrow
- data
- field
- dimension table
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012423 maintenance Methods 0.000 claims description 24
- 238000000034 method Methods 0.000 claims description 19
- 230000000739 chaotic effect Effects 0.000 claims description 14
- 230000008859 change Effects 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 8
- 230000006399 behavior Effects 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 6
- 238000007726 management method Methods 0.000 claims description 6
- 230000001360 synchronised effect Effects 0.000 claims description 6
- 238000013507 mapping Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 230000005611 electricity Effects 0.000 claims description 3
- 230000010354 integration Effects 0.000 claims description 3
- 238000002360 preparation method Methods 0.000 claims 1
- 230000000694 effects Effects 0.000 abstract description 5
- 238000013478 data encryption standard Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000000151 deposition Methods 0.000 description 2
- 230000007257 malfunction Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 239000000686 essence Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/001—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to computer internet technical field, a kind of computer internet information safety control system based on cloud computing is disclosed, the computer internet information safety control system based on cloud computing includes:Intelligent control device, warning device, occluding device, cut-off switch, power supply, the first wire, underframe, computer, the second wire, security control chip;The Intelligent control device of the present invention, the setting of warning device and occluding device is conducive to manipulation convenient, intelligence degree is improved, it is safe and reliable so that sensing is accurate, safety is indicated, secrecy effect is improved, further such that driving is flexible, is blocked thorough, reduce potential safety hazard, safe effect is improved, so that safe and reliable, consummating function diversity.
Description
Technical field
The invention belongs to computer internet technical field, more particularly to a kind of computer internet letter based on cloud computing
Cease safety control system.
Background technology
At present, developing rapidly with social economy, computer turns into the necessary article during people work and lived, and causes meter
Calculation machine network size is constantly expanding, therefore, highlights the problem of computer information safe.Asked in computer network security protection
In topic, the technology used at present is a lot.But, it is not complete enough that existing information security of computer network control device has function
Kind, with inconvenience, security is low, malfunction, obtains information inaccurate, it is impossible to which warning is with preventing, and confidentiality is poor, and
Complicated the problem of.
In summary, the problem of prior art is present be:Existing information security of computer network control device is existed
Function is not perfect enough, with inconvenience, and security is low, malfunction, obtains information inaccurate, it is impossible to which warning is protected with preventing
Close property is poor and complicated.
The content of the invention
The problem of existing for prior art, the invention provides a kind of computer internet information peace based on cloud computing
Full control system.
The present invention is achieved in that a kind of computer internet information safety control system based on cloud computing, described
Computer internet information safety control system based on cloud computing includes:Intelligent control device, warning device, occluding device,
Cut-off switch, power supply, the first wire, underframe, computer, the second wire, security control chip;
The Intelligent control device is arranged on the leftward position of occluding device;Described occluding device is arranged on Intelligent control
The right positions of device;Described warning device is arranged on the right end position of computer;Described cut-off switch is by electrically connecting
Connect the surface location for being arranged on power supply;Described power supply is arranged on the bottom position of cut-off switch by being electrically connected with;Described
First wire is arranged on the link position of power supply and computer;Described underframe is arranged on the bottom position of computer;Described
Upper end position of the computer installation in underframe;The second described wire is arranged on the link position of Intelligent control device and power supply,
Security control chip is carried on computers.
Further, the security control chip include microprocessor module, memory module, security module, encryption/decryption module,
Interface module, power detecting module, system bus, IP buses and bridger;
Microprocessor module, makes modules in concert with work, the data of its control interface module and external equipment
Communication transfer, and control interface module sends the data received to encryption/decryption module, or, control encryption/decryption module is carried out
Encryption and decryption computing, and control encryption/decryption module that operation result is transferred into interface module, or, control memory module is preserved from connecing
Data or encryption and decryption operation result that mouth mold block is received, and protect the information security control with security module mutual cooperation work
The information security of chip internal processed;
The model that the microprocessor module obtains discrete function is:
In formula (1):U (0) is initial signal, and μ is chaotic parameter, and ν is fractional order exponent number, and n is signal length, and j represents jth
Iteration is walked, α (μ, ν, j, n) is discrete integration core, and u (n) is the n-th step signal, and n and N are set to the integer that 800, m is 1, L, N;
According to formula (1), parameter u (0), μ, ν are selected;
Judge that can above-mentioned parameter produce chaotic signal:
Calculate first and cut mapping b (m):
Lyapunov exponents λ is calculated again:
It is identical with each parameter reference of same tag in formula (1) in formula (2), (3);
Basis for estimation is:λ is calculated by formula (1), formula (2) and formula (3), if λ>0, then illustrate that chaos letter can be produced
Number, it otherwise can not produce chaotic signal;
Calculate generation chaotic signal;
Memory module is used to preserve the data received from interface module, encryption and decryption key, encryption and decryption operation result;
Security module realizes the information security control chip internal data with microprocessor module mutual cooperation work
Protection;The data guard method of the security module includes:Receive and safeguard more new command;
Subscriber identity information is obtained according to the maintenance more new command and needs to safeguard the dimension table of the dimension table updated
Information;
The dimension table configuration information pre-set according to the dimension table acquisition of information;Wherein, the dimension table matches somebody with somebody confidence
In breath synchronous purpose database is needed with the source database for needing to safeguard where the dimension table of renewal, the dimension table
And dimension table operating right information;
According to the subscriber identity information and the dimension table operating right information, judge that the subscriber identity information is
It is no to meet the dimension table operating right information;
If the subscriber identity information meets the dimension table operating right information, need to safeguard the dimension updated to described
Table is updated operation;
The dimension table being updated after operation is synchronized to the purpose database;
The dimension table operating right information includes:User Identity with dimension table operating right;
It is described to judge whether the subscriber identity information meets the dimension table operating right information, including:
Judge the subscriber identity information whether in the User Identity with dimension table operating right;
The maintenance more new command is increase content instruction, changes content instruction or delete content instruction;
Before operation is updated to the dimension table for needing maintenance to update, including:
More new command is safeguarded according to described, it is determined that needs safeguard the field updated, and the needs maintenance renewal is got
Field field identification;
The field configuration information pre-set is got according to the field identification and the dimension table configuration information;Its
In, the field configuration information includes field contents ordering rule, field ordering information, the field restrictive condition of the field;
It is described to need to safeguard that the dimension table updated is carried out more to described if the maintenance more new command is increase content instruction
New operation, including:
Obtain the corresponding batch data content of the increase content instruction;
According to the batch data content, field contents are increased in one or more of dimension table field;
According to the field contents ordering rule, the field contents are ranked up;
According to the field ordering information, each field in dimension table is ranked up;
It is described to need to safeguard that the dimension table updated is carried out more to described if the maintenance more new command is change content instruction
New operation, including:
Obtain the corresponding batch data content of the change content instruction;
According to the batch data content, field contents are changed in one or more of dimension table field;
If the maintenance more new command is deletes content instruction, described to need to safeguard that the dimension table updated is carried out more to described
New operation, including:
Field contents are deleted in one or more of dimension table field;
If the maintenance more new command is deletes content instruction, described to need to safeguard that the dimension table updated is carried out more to described
New operation, in addition to:
Judge whether each field after the increase field contents, change field contents or deletion field contents meets
The field restrictive condition;
If there is field to be unsatisfactory for the field restrictive condition, prompt message is generated;The prompt message is used to point out to be discontented with
The Field Count of the foot field restrictive condition, and point out to be unsatisfactory for the field relevant information of the field restrictive condition;The word
Section relevant information includes the field identification or field name of the field;
Encryption/decryption module carries out encryption and decryption computing under the control of microprocessor module to data;Interface module be responsible for
The communication of external equipment, it receives the input data of external equipment, under the control of microprocessor module, by the data received
Send encryption/decryption module to, or, the data from encryption/decryption module are transferred to external equipment;Power detecting module is in Wei Chu
The detection management to the information security control chip power supply is realized under the control for managing device module;The above-mentioned modules of chip pass through
Internal bus is integrated, and internal bus is made up of system bus, IP buses and the part of bridger three.
The data caching management method of the memory module includes:
Record buffer memory is set up for the tables of data in the database of memory module in advance, the record buffer memory is with data behavior list
Position carries out reading and writing data;
When receiving the data inquiry request of client, asked data are searched in the record buffer memory;
If searching failure, search asked data in the caching of page of the database, the caching of page using page as
Base unit carries out reading and writing data;
The data found in the record buffer memory or the caching of page are back to client;
The interpolation data into the record buffer memory, specifically, the data found in caching of page are slow added to record
In depositing.
The detailed process of the interpolation data into the record buffer memory includes:Including:
Mode one:In record buffer memory, the record data that there is same order with data to be added is selected to be replaced.
The detailed process of the interpolation data into the record buffer memory also includes:
Mode two:In record buffer memory, selection has the record buffer memory page of varying number level with data to be added, and reclaiming should
Space shared by caching page, it is the new record buffer memory page of the data distribution to be added to utilize reclaimed space, will be described
Data to be added write the new record buffer memory page.
Further, in the detailed process of the interpolation data into the record buffer memory, according to following methods selection
Mode one or mode two:
Obtain the access frequency Frec for the record data that there is same order with the data to be added and with waiting to add
Addend evidence has the access frequency Fpage of the record buffer memory page of varying number level;
Judge whether Frec > replace_page_ratio*Fpage set up, if it is, the mode one is selected, it is no
Then select the mode two;
Wherein replace_page_ratio be default replacement control parameter, replace_page_ratio ∈ (0,1].
Further, the access frequency Fpage of the record buffer memory page with data to be added with varying number level is obtained
Obtaining method is:
Fpage=(Fmin+Fmax)/2*N;
Wherein, Fmin is the access frequency of the earliest data of timestamp in record buffer memory page, and Fmax is the record buffer memory
The access frequency of the data of timestamp the latest in page, N is the data record total amount of record buffer memory page.
Advantages of the present invention and good effect are:The Intelligent control device of the present invention, warning device and occluding device are set
Put, be conducive to manipulation convenient, improve intelligence degree, safe and reliable so that sensing is accurate, safety is indicated, improves secrecy effect,
Further such that driving is flexible, thorough, reduction potential safety hazard is blocked, safe effect is improved, so that safe and reliable, consummating function is more
Sample.
The present invention obtains fractional order mapping by carrying out fractional order sliding-model control to classical chaos equation, is reflected using this
Penetrate in generation chaotic signal, this method that systematic parameter is more, signal trajectory is increasingly complex, this causes the signal tool that the present invention is provided
Have the advantages that randomness is strong, complexity degree is high, available for the neck such as data encryption, secure communication, watermarking algorithm, information security
Domain.The present invention security module data protection, can real-time guard user data;And the data of replacing are entered by dimension table
Row updates and protected;Intelligence degree is high.
Brief description of the drawings
Fig. 1 is that the computer internet information safety control system structure provided in an embodiment of the present invention based on cloud computing is shown
It is intended to;
Fig. 2 is security control chip structural representation provided in an embodiment of the present invention;
In figure:1st, Intelligent control device;2nd, warning device;3rd, occluding device;4th, cut-off switch;5th, power supply;6th, first lead
Line;7th, underframe;8th, computer;9th, the second wire;10th, security control chip;10-1, microprocessor module;10-2, storage mould
Block;10-3, security module;10-4, encryption/decryption module;10-5, interface module;10-6, power detecting module;10-7, system are total
Line;10-8, IP bus;10-9 bridgers.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
The application principle of the present invention is explained in detail below in conjunction with the accompanying drawings.
As shown in figure 1, the computer internet information safety control system provided in an embodiment of the present invention based on cloud computing
Including:Intelligent control device 1, warning device 2, occluding device 3, cut-off switch 4, power supply 5, the first wire 6, underframe 7, computer
8th, the second wire 9, security control chip 10.
The Intelligent control device 1 is arranged on the leftward position of occluding device 3;Described occluding device 3 is arranged on intelligence
The right positions of actuation means 1;Described warning device 2 is arranged on the right end position of computer 8;Described cut-off switch 4 leads to
Cross the surface location for being electrically connected with and being arranged on power supply 5;Described power supply 5 is arranged on the bottom of cut-off switch 4 by being electrically connected with
Position;The first described wire 6 is arranged on the link position of power supply 5 and computer 8;Described underframe 7 is arranged on computer 8
Bottom position;Described computer 8 is arranged on the upper end position of underframe 7;The second described wire 9 is arranged on Intelligent control device
1 is mounted on computer 8 with the link position of power supply 5, security control chip 10.
Security control chip 10 includes microprocessor module 10-1, memory module 10-2, security module 10-3, encryption and decryption mould
Block 10-4, interface module 10-5, power detecting module 10-6, system bus 10-7, IP (Intellectual Property) are total
Line 10-8 and bridger 10-9.Wherein, microprocessor module 10-1, is computing and the control centre of whole chip, makes each
Module coordination as one man works, the data communication transmission of its control interface module 10-5 and external equipment, and control interface module
10-5 sends the data received to encryption/decryption module 10-4, or, control encryption/decryption module 10-4 carries out encryption and decryption computing,
And control encryption/decryption module 10-4 that operation result is transferred into interface module 10-5, or, control memory module 10-2 preserve from
Data or encryption and decryption operation result that interface module 10-5 is received, and protect this with security module 10-3 mutual cooperations work
Information security inside information security control chip;
The model that the microprocessor module obtains discrete function is:
In formula (1):U (0) is initial signal, and μ is chaotic parameter, and ν is fractional order exponent number, and n is signal length, and j represents jth
Iteration is walked, α (μ, ν, j, n) is discrete integration core, and u (n) is the n-th step signal, and n and N are set to the integer that 800, m is 1, L, N;
According to formula (1), parameter u (0), μ, ν are selected;
Judge that can above-mentioned parameter produce chaotic signal:
Calculate first and cut mapping b (m):
Lyapunov exponents λ is calculated again:
It is identical with each parameter reference of same tag in formula (1) in formula (2), (3);
Basis for estimation is:λ is calculated by formula (1), formula (2) and formula (3), if λ>0, then illustrate that chaos letter can be produced
Number, it otherwise can not produce chaotic signal;
Calculate generation chaotic signal;
Memory module is used to preserve the data received from interface module, encryption and decryption key, encryption and decryption operation result;
Security module realizes the information security control chip internal data with microprocessor module mutual cooperation work
Protection;The data guard method of the security module includes:Receive and safeguard more new command;
Subscriber identity information is obtained according to the maintenance more new command and needs to safeguard the dimension table of the dimension table updated
Information;
The dimension table configuration information pre-set according to the dimension table acquisition of information;Wherein, the dimension table matches somebody with somebody confidence
In breath synchronous purpose database is needed with the source database for needing to safeguard where the dimension table of renewal, the dimension table
And dimension table operating right information;
According to the subscriber identity information and the dimension table operating right information, judge that the subscriber identity information is
It is no to meet the dimension table operating right information;
If the subscriber identity information meets the dimension table operating right information, need to safeguard the dimension updated to described
Table is updated operation;
The dimension table being updated after operation is synchronized to the purpose database;
The dimension table operating right information includes:User Identity with dimension table operating right;
It is described to judge whether the subscriber identity information meets the dimension table operating right information, including:
Judge the subscriber identity information whether in the User Identity with dimension table operating right;
The maintenance more new command is increase content instruction, changes content instruction or delete content instruction;
Before operation is updated to the dimension table for needing maintenance to update, including:
More new command is safeguarded according to described, it is determined that needs safeguard the field updated, and the needs maintenance renewal is got
Field field identification;
The field configuration information pre-set is got according to the field identification and the dimension table configuration information;Its
In, the field configuration information includes field contents ordering rule, field ordering information, the field restrictive condition of the field;
It is described to need to safeguard that the dimension table updated is carried out more to described if the maintenance more new command is increase content instruction
New operation, including:
Obtain the corresponding batch data content of the increase content instruction;
According to the batch data content, field contents are increased in one or more of dimension table field;
According to the field contents ordering rule, the field contents are ranked up;
According to the field ordering information, each field in dimension table is ranked up;
It is described to need to safeguard that the dimension table updated is carried out more to described if the maintenance more new command is change content instruction
New operation, including:
Obtain the corresponding batch data content of the change content instruction;
According to the batch data content, field contents are changed in one or more of dimension table field;
If the maintenance more new command is deletes content instruction, described to need to safeguard that the dimension table updated is carried out more to described
New operation, including:
Field contents are deleted in one or more of dimension table field;
If the maintenance more new command is deletes content instruction, described to need to safeguard that the dimension table updated is carried out more to described
New operation, in addition to:
Judge whether each field after the increase field contents, change field contents or deletion field contents meets
The field restrictive condition;
If there is field to be unsatisfactory for the field restrictive condition, prompt message is generated;The prompt message is used to point out to be discontented with
The Field Count of the foot field restrictive condition, and point out to be unsatisfactory for the field relevant information of the field restrictive condition;The word
Section relevant information includes the field identification or field name of the field;
Memory module 10-2 is used to preserve the data received from interface module 10-5, encryption and decryption key, encryption and decryption computing
As a result etc.;Security module 10-3 is realized inside the information security control chip with microprocessor module 10-1 mutual cooperations work
The protection of data;Encryption/decryption module 10-4 carries out encryption and decryption computing under microprocessor module 10-1 control to data;Interface
Module 10-5 is responsible for the communication with external equipment, and it receives the input data of external equipment, in microprocessor module 10-1 control
Under system, the data received are sent to encryption/decryption module 10-4, or, the data from encryption/decryption module 10-4 are transferred to
External equipment;
Power detecting module 10-6 is realized under microprocessor module 10-1 control to information security control chip electricity
The detection management in source, supports low-power consumption;The above-mentioned modules of chip are integrated by internal bus, and internal bus is by being
System bus 10-7, IP bus 10-8 and the parts of bridger 10-9 tri- are constituted.
The data caching management method of the memory module includes:
Record buffer memory is set up for the tables of data in the database of memory module in advance, the record buffer memory is with data behavior list
Position carries out reading and writing data;
When receiving the data inquiry request of client, asked data are searched in the record buffer memory;
If searching failure, search asked data in the caching of page of the database, the caching of page using page as
Base unit carries out reading and writing data;
The data found in the record buffer memory or the caching of page are back to client;
The interpolation data into the record buffer memory, specifically, the data found in caching of page are slow added to record
In depositing.
The detailed process of the interpolation data into the record buffer memory includes:Including:
Mode one:In record buffer memory, the record data that there is same order with data to be added is selected to be replaced.
The detailed process of the interpolation data into the record buffer memory also includes:
Mode two:In record buffer memory, selection has the record buffer memory page of varying number level with data to be added, and reclaiming should
Space shared by caching page, it is the new record buffer memory page of the data distribution to be added to utilize reclaimed space, will be described
Data to be added write the new record buffer memory page.
Further, in the detailed process of the interpolation data into the record buffer memory, according to following methods selection
Mode one or mode two:
Obtain the access frequency Frec for the record data that there is same order with the data to be added and with waiting to add
Addend evidence has the access frequency Fpage of the record buffer memory page of varying number level;
Judge whether Frec > replace_page_ratio*Fpage set up, if it is, the mode one is selected, it is no
Then select the mode two;
Wherein replace_page_ratio be default replacement control parameter, replace_page_ratio ∈ (0,1].
Further, the access frequency Fpage of the record buffer memory page with data to be added with varying number level is obtained
Obtaining method is:
Fpage=(Fmin+Fmax)/2*N;
Wherein, Fmin is the access frequency of the earliest data of timestamp in record buffer memory page, and Fmax is the record buffer memory
The access frequency of the data of timestamp the latest in page, N is the data record total amount of record buffer memory page.
Memory module 10-2 provided in an embodiment of the present invention includes volatile memory and nonvolatile memory, volatibility
The temporary and ephemeral data that memory is mainly used in user program operation result is preserved;Nonvolatile memory is used to use on chip
Family program and data static storage and upgrading and preservation key, certificate etc..
In the present embodiment, security module 10-3 includes memory protection unit and safety detection and protection module, and storage is protected
Shield unit (MPU, Memory ProtectionUnit) protects the letter using hardware access control technology and storage encryption technology
The sensitive information on security control chip is ceased, it can be integrated in microprocessor module 10-1, for example with the integrated MPU of 32 bit CPUs;
Safety detection is prevented Attacks and is protected data safety with protection module using current balance type distribution designing technique.
In the present embodiment, encryption/decryption module 10-4 includes RSA modules, DES modules, real random number generator, RSA modules
Complete RSA encryption and decryption computings;DES modules mainly realize DES/3DES (DataEncryption Standard) enciphering and deciphering algorithm;
Real random number generator is used for quickly generating random number and as the key needed for RSA, DES computing;
In the present embodiment, interface module 10-5 includes four kinds of interfaces, USB interface, ISO7816 standard interfaces, LPC interfaces
And GPIO interface, the distinct interface of chip can have different applications.USB interface can be used for intelligent key product, to be used as end
Hold encrypting and authenticating equipment;LPC interfaces are to apply the interface configured for trust computing field, with the south bridge core on computer motherboard
Piece group is connected, and chip carries out data transmission with computer;GPIO interface is a kind of universal input/output interface, is used as many
Function is planted, its basic function is to provide an external interface to access resource outside piece, when they are not to be used to outside to connect
During mouth, general digital input/output (I/O) end is used as;7816 interfaces are used to provide intelligent card interface, and it allows the chip
Microprocessor module 10-1 and peripheral hardware between carry out asynchronous serial communication.
In the present embodiment, system bus 10-7 be responsible for electrical connection microprocessor module 10-1 and memory module 10-2,
Security module 10-3 and power detecting module 10-6, to realize high speed, the data transfer of wide bandwidth;And IP buses 10-8 is then to use
To be electrically connected the encryption/decryption module 10-4 and interface module 10-5 of chip, to meet low in energy consumption, portable, reusability requirement;
It is connected between system bus 10-7 and IP buses 10-8 by bridger 10-9.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
Any modifications, equivalent substitutions and improvements made within refreshing and principle etc., should be included in the scope of the protection.
Claims (6)
1. a kind of computer internet information safety control system based on cloud computing, it is characterised in that described to be based on cloud computing
Computer internet information safety control system include:Intelligent control device, warning device, occluding device, cut-off switch, electricity
Source, the first wire, underframe, computer, the second wire, security control chip;
The Intelligent control device is arranged on the leftward position of occluding device;Described occluding device is arranged on Intelligent control device
Right positions;Described warning device is arranged on the right end position of computer;Described cut-off switch is set by being electrically connected with
Put the surface location in power supply;Described power supply is arranged on the bottom position of cut-off switch by being electrically connected with;Described first
Wire is arranged on the link position of power supply and computer;Described underframe is arranged on the bottom position of computer;Described calculating
Machine is arranged on the upper end position of underframe;The second described wire is arranged on the link position of Intelligent control device and power supply, safety
Control chip is carried on computers;
The security control chip includes microprocessor module, memory module, security module, encryption/decryption module, interface module, electricity
Source detection module, system bus, IP buses and bridger;
Microprocessor module, makes modules in concert with work, the data communication of its control interface module and external equipment
Transmission, and control interface module sends the data received to encryption/decryption module, or, control encryption/decryption module is carried out plus solution
Close computing, and control encryption/decryption module that operation result is transferred into interface module, or, control memory module is preserved from interface mould
Data or encryption and decryption operation result that block is received, and protect the information security control core with security module mutual cooperation work
Information security inside piece;
The model that the microprocessor module obtains discrete function is:
<mrow>
<mi>u</mi>
<mrow>
<mo>(</mo>
<mi>n</mi>
<mo>)</mo>
</mrow>
<mo>=</mo>
<mi>u</mi>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
<mo>+</mo>
<munderover>
<mo>&Sigma;</mo>
<mrow>
<mi>j</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<mi>&alpha;</mi>
<mrow>
<mo>(</mo>
<mi>&mu;</mi>
<mo>,</mo>
<mi>v</mi>
<mo>,</mo>
<mi>j</mi>
<mo>,</mo>
<mi>n</mi>
<mo>)</mo>
</mrow>
<mi>u</mi>
<mrow>
<mo>(</mo>
<mi>j</mi>
<mo>-</mo>
<mn>1</mn>
<mo>)</mo>
</mrow>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>-</mo>
<mi>u</mi>
<mo>(</mo>
<mrow>
<mi>j</mi>
<mo>-</mo>
<mn>1</mn>
</mrow>
<mo>)</mo>
<mo>)</mo>
</mrow>
<mo>-</mo>
<mo>-</mo>
<mo>-</mo>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>)</mo>
</mrow>
<mo>;</mo>
</mrow>
In formula (1):U (0) is initial signal, and μ is chaotic parameter, and v is fractional order exponent number, and n is signal length, and j represents that jth step changes
Generation, α (μ, v, j, n) is discrete integration core, and u (n) is the n-th step signal, and n and N are set to the integer that 800, m is 1, L, N;
According to formula (1), parameter u (0), μ, v are selected;
Judge that can above-mentioned parameter produce chaotic signal:
Calculate first and cut mapping b (m):
<mrow>
<mi>b</mi>
<mrow>
<mo>(</mo>
<mi>m</mi>
<mo>)</mo>
</mrow>
<mo>=</mo>
<mi>b</mi>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
<mo>+</mo>
<munderover>
<mo>&Sigma;</mo>
<mrow>
<mi>j</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>m</mi>
</munderover>
<mi>&alpha;</mi>
<mrow>
<mo>(</mo>
<mi>&mu;</mi>
<mo>,</mo>
<mi>v</mi>
<mo>,</mo>
<mi>j</mi>
<mo>,</mo>
<mi>m</mi>
<mo>)</mo>
</mrow>
<mi>b</mi>
<mrow>
<mo>(</mo>
<mi>j</mi>
<mo>-</mo>
<mn>1</mn>
<mo>)</mo>
</mrow>
<mrow>
<mo>(</mo>
<mn>1</mn>
<mo>-</mo>
<mn>2</mn>
<mi>u</mi>
<mo>(</mo>
<mrow>
<mi>j</mi>
<mo>-</mo>
<mn>1</mn>
</mrow>
<mo>)</mo>
<mo>)</mo>
</mrow>
<mo>,</mo>
<mi>b</mi>
<mrow>
<mo>(</mo>
<mn>0</mn>
<mo>)</mo>
</mrow>
<mo>=</mo>
<mn>1</mn>
<mo>-</mo>
<mo>-</mo>
<mo>-</mo>
<mrow>
<mo>(</mo>
<mn>2</mn>
<mo>)</mo>
</mrow>
<mo>;</mo>
</mrow>
Lyapunov exponents λ is calculated again:
<mrow>
<mi>&lambda;</mi>
<mo>=</mo>
<mfrac>
<mn>1</mn>
<mi>N</mi>
</mfrac>
<mo>&times;</mo>
<mi>l</mi>
<mi>n</mi>
<mo>|</mo>
<mi>b</mi>
<mrow>
<mo>(</mo>
<mi>N</mi>
<mo>-</mo>
<mn>1</mn>
<mo>)</mo>
</mrow>
<mo>|</mo>
<mo>-</mo>
<mo>-</mo>
<mo>-</mo>
<mrow>
<mo>(</mo>
<mn>3</mn>
<mo>)</mo>
</mrow>
<mo>;</mo>
</mrow>
It is identical with each parameter reference of same tag in formula (1) in formula (2), (3);
Basis for estimation is:λ is calculated by formula (1), formula (2) and formula (3), if λ>0, then illustrate that chaotic signal can be produced,
Otherwise chaotic signal can not be produced;
Calculate generation chaotic signal;
Memory module is used to preserve the data received from interface module, encryption and decryption key, encryption and decryption operation result;
Security module realizes the protection of the information security control chip internal data with microprocessor module mutual cooperation work;
The data guard method of the security module includes:Receive and safeguard more new command;
Subscriber identity information is obtained according to the maintenance more new command and needs to safeguard the dimension table information of the dimension table updated;
The dimension table configuration information pre-set according to the dimension table acquisition of information;Wherein, in the dimension table configuration information
With the source database needed to safeguard where the dimension table updated, the dimension table need synchronous purpose database and
Dimension table operating right information;
According to the subscriber identity information and the dimension table operating right information, judge whether the subscriber identity information is full
The foot dimension table operating right information;
If the subscriber identity information meets the dimension table operating right information, need to safeguard that the dimension table updated enters to described
Row updates operation;
The dimension table being updated after operation is synchronized to the purpose database;
The dimension table operating right information includes:User Identity with dimension table operating right;
It is described to judge whether the subscriber identity information meets the dimension table operating right information, including:
Judge the subscriber identity information whether in the User Identity with dimension table operating right;
The maintenance more new command is increase content instruction, changes content instruction or delete content instruction;
Before operation is updated to the dimension table for needing maintenance to update, including:
According to the maintenance more new command, it is determined that needs safeguard the field updated, and the word for needing to safeguard renewal is got
The field identification of section;
The field configuration information pre-set is got according to the field identification and the dimension table configuration information;Wherein,
The field configuration information includes field contents ordering rule, field ordering information, the field restrictive condition of the field;
It is described to need to safeguard that the dimension table updated is updated behaviour to described if the maintenance more new command is increase content instruction
Make, including:
Obtain the corresponding batch data content of the increase content instruction;
According to the batch data content, field contents are increased in one or more of dimension table field;
According to the field contents ordering rule, the field contents are ranked up;
According to the field ordering information, each field in dimension table is ranked up;
It is described to need to safeguard that the dimension table updated is updated behaviour to described if the maintenance more new command is change content instruction
Make, including:
Obtain the corresponding batch data content of the change content instruction;
According to the batch data content, field contents are changed in one or more of dimension table field;
If the maintenance more new command is deletes content instruction, described to need to safeguard that the dimension table updated is updated behaviour to described
Make, including:
Field contents are deleted in one or more of dimension table field;
If the maintenance more new command is deletes content instruction, described to need to safeguard that the dimension table updated is updated behaviour to described
Make, in addition to:
Judge whether each field after the increase field contents, change field contents or deletion field contents meets described
Field restrictive condition;
If there is field to be unsatisfactory for the field restrictive condition, prompt message is generated;The prompt message is unsatisfactory for institute for prompting
The Field Count of field restrictive condition is stated, and points out to be unsatisfactory for the field relevant information of the field restrictive condition;The field phase
Closing information includes the field identification or field name of the field;
Encryption/decryption module carries out encryption and decryption computing under the control of microprocessor module to data;Interface module is responsible for and outside
The communication of equipment, it receives the input data of external equipment, under the control of microprocessor module, and the data received are transmitted
To encryption/decryption module, or, the data from encryption/decryption module are transferred to external equipment;
Power detecting module realizes the detection management to the information security control chip power supply under the control of microprocessor module;
The above-mentioned modules of chip are integrated by internal bus, and internal bus is by system bus, IP buses and bridger three
Part is constituted.
2. the computer internet information safety control system as claimed in claim 1 based on cloud computing, it is characterised in that institute
Stating the data caching management method of memory module includes:
Record buffer memory is set up for the tables of data in the database of memory module in advance, the record buffer memory is entered with data behavior unit
Row reading and writing data;
When receiving the data inquiry request of client, asked data are searched in the record buffer memory;
If searching failure, asked data are searched in the caching of page of the database, the caching of page is basic using page
Unit carries out reading and writing data;
The data found in the record buffer memory or the caching of page are back to client;
The interpolation data into the record buffer memory, specifically, the data found in caching of page are added in record buffer memory.
3. the computer internet information safety control system as claimed in claim 2 based on cloud computing, it is characterised in that institute
Stating the detailed process of the interpolation data into the record buffer memory includes:Including:
Mode one:In record buffer memory, the record data that there is same order with data to be added is selected to be replaced.
4. the computer internet information safety control system as claimed in claim 3 based on cloud computing, it is characterised in that institute
Stating the detailed process of the interpolation data into the record buffer memory also includes:
Mode two:In record buffer memory, selection has the record buffer memory page of varying number level with data to be added, reclaims the caching
Space shared by page, it is the new record buffer memory page of the data distribution to be added to utilize reclaimed space, waits to add by described
Addend new record buffer memory page according to write-in.
5. the computer internet information safety control system as claimed in claim 2 based on cloud computing, it is characterised in that institute
State into the record buffer memory in the detailed process of interpolation data, the mode one or mode two are selected according to following methods:
Obtain with the data to be added have same order record data access frequency Frec and with number to be added
According to the access frequency Fpage of the record buffer memory page with varying number level;
Judge whether Frec > replace_page_ratio*Fpage set up, if it is, selecting the mode one, otherwise select
Select the mode two;
Wherein replace_page_ratio be default replacement control parameter, replace_page_ratio ∈ (0,1].
6. the computer internet information safety control system as claimed in claim 5 based on cloud computing, it is characterised in that institute
The access frequency Fpage preparation method for stating the record buffer memory page for having varying number level with data to be added is:
Fpage=(Fmin+Fmax)/2*N;
Wherein, Fmin is the access frequency of the earliest data of timestamp in record buffer memory page, and Fmax is in record buffer memory page
The access frequency of the data of timestamp the latest, N is the data record total amount of record buffer memory page.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710451699.7A CN107239682A (en) | 2017-06-15 | 2017-06-15 | A kind of computer internet information safety control system based on cloud computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710451699.7A CN107239682A (en) | 2017-06-15 | 2017-06-15 | A kind of computer internet information safety control system based on cloud computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107239682A true CN107239682A (en) | 2017-10-10 |
Family
ID=59987487
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710451699.7A Pending CN107239682A (en) | 2017-06-15 | 2017-06-15 | A kind of computer internet information safety control system based on cloud computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107239682A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107833123A (en) * | 2017-10-27 | 2018-03-23 | 赵海霞 | A kind of processing system of accounting statement |
| CN108559348A (en) * | 2018-05-22 | 2018-09-21 | 海南大学 | The method and system of ocean waterproof and oilproof type ceramic coating are prepared in substrate surface |
| CN114859935A (en) * | 2022-05-27 | 2022-08-05 | 中国电信股份有限公司 | Path planning method, device, product and medium applied to multi-node networking |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201054140Y (en) * | 2007-04-27 | 2008-04-30 | 北京华大恒泰科技有限责任公司 | Information security control chip |
| CN102331986A (en) * | 2010-07-12 | 2012-01-25 | 阿里巴巴集团控股有限公司 | Database cache management method and database server |
| CN103780369A (en) * | 2014-01-24 | 2014-05-07 | 吴国成 | Method for generating chaos sequence based on fractional order discrete mapping |
| CN104252452A (en) * | 2013-06-25 | 2014-12-31 | 腾讯科技(深圳)有限公司 | Data management method and device |
| CN104994097A (en) * | 2015-07-03 | 2015-10-21 | 孙艳君 | Computer network information security control device |
-
2017
- 2017-06-15 CN CN201710451699.7A patent/CN107239682A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201054140Y (en) * | 2007-04-27 | 2008-04-30 | 北京华大恒泰科技有限责任公司 | Information security control chip |
| CN102331986A (en) * | 2010-07-12 | 2012-01-25 | 阿里巴巴集团控股有限公司 | Database cache management method and database server |
| CN104252452A (en) * | 2013-06-25 | 2014-12-31 | 腾讯科技(深圳)有限公司 | Data management method and device |
| CN103780369A (en) * | 2014-01-24 | 2014-05-07 | 吴国成 | Method for generating chaos sequence based on fractional order discrete mapping |
| CN104994097A (en) * | 2015-07-03 | 2015-10-21 | 孙艳君 | Computer network information security control device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107833123A (en) * | 2017-10-27 | 2018-03-23 | 赵海霞 | A kind of processing system of accounting statement |
| CN108559348A (en) * | 2018-05-22 | 2018-09-21 | 海南大学 | The method and system of ocean waterproof and oilproof type ceramic coating are prepared in substrate surface |
| CN114859935A (en) * | 2022-05-27 | 2022-08-05 | 中国电信股份有限公司 | Path planning method, device, product and medium applied to multi-node networking |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11088846B2 (en) | Key rotating trees with split counters for efficient hardware replay protection | |
| CN109033855B (en) | Data transmission method and device based on block chain and storage medium | |
| KR101813481B1 (en) | Apparatus, storage medium and method for anonymizing user data | |
| US8484480B2 (en) | Transmitting information using virtual input layout | |
| KR101608510B1 (en) | System and method for key management for issuer security domain using global platform specifications | |
| CN108900464A (en) | Electronic device, data processing method and computer storage medium based on block chain | |
| US8510846B1 (en) | Data encryption and isolation | |
| CN104104692A (en) | Virtual machine encryption method, decryption method and encryption-decryption control system | |
| CN111538479B (en) | Random parameter generation method and device in bidding process | |
| CN112394974A (en) | Code change comment generation method and device, electronic equipment and storage medium | |
| CN113704781A (en) | File secure transmission method and device, electronic equipment and computer storage medium | |
| CN108304733A (en) | Encryption data searching method and the data-storage system that search can be encrypted | |
| CN107239682A (en) | A kind of computer internet information safety control system based on cloud computing | |
| CN114417374A (en) | Blockchain-based smart contract business card method, device, device and storage medium | |
| CN113420049A (en) | Data circulation method and device, electronic equipment and storage medium | |
| CN116090024B (en) | Reliable data storage device, system and method | |
| JPH06259012A (en) | Enciphering method by hierarchic key control and information communication system | |
| CN117195326A (en) | Big data encryption storage method | |
| CN116932638A (en) | Block chain-based power grid data processing method, device, equipment and storage medium | |
| CN111860847A (en) | Data encryption method based on quantum computation | |
| CN112685706A (en) | Request authentication method and related equipment | |
| CN112068779A (en) | Data storage system | |
| JP2021081777A (en) | System for controlling information cooperation between organizations | |
| CN101119204B (en) | Security electronic county annals system | |
| TW202029691A (en) | System for providing signature entities to sign electronic document in order for generating signed document and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171010 |
|
| RJ01 | Rejection of invention patent application after publication |