CN-121984734-A - Data safety protection system applied to data display terminal

Abstract

The invention relates to the technical field of data safety protection, in particular to a data safety protection system applied to a data display terminal machine, which comprises a safety protection center, a data acquisition and processing module, a bidirectional trust verification module, a dynamic trust calculation module, a risk root location module and a rear end execution module; the invention solves the defect that the traditional unidirectional verification is easy to hijack and imitate through a bidirectional verification mechanism, constructs a dynamic trust degree scoring system based on three core dimensions of hardware health, network safety and operation behaviors, realizes quantitative evaluation and grading of the safety state of the terminal, matches different trust grades with different protection strategies, improves the safety of the terminal, and aims at the terminal with low trust grades, and accurately distinguishes single root sources and composite root sources by constructing a full-link data chain and combining a preset risk feature library and a root source identification model, solves the problems of only alarming and difficult positioning pain points in the traditional protection, and avoids blind rectification.

Inventors

• LIU LIYING
• LI ZHICONG
• Mai Hualong

Assignees

• 广州中厘品智能科技有限公司

Dates

Publication Date

20260505

Application Date

20260126

Claims (8)

1. 1. The data safety protection system applied to the data display terminal is characterized by comprising a safety protection center, a data acquisition and processing module, a bidirectional trust verification module, a dynamic trust calculation module, a risk source positioning module and a back-end execution module; The data acquisition and processing module is used for selecting a plurality of normal operation terminals under the same model and the same scene, carrying out full-period data acquisition and preprocessing for 15 days, constructing a normal operation behavior characteristic model and a terminal-data source bidirectional trust identity library based on the preprocessed full-period data, and sending the model and the terminal-data source bidirectional trust identity library to the safety protection center for storage; The bidirectional trust verification module is used for realizing bidirectional identity verification between the terminal and the data source, and comprises the steps that the terminal initiates identity verification to the data source, the data source initiates reverse identity verification to the trusted terminal, and corresponding validity verification, failure processing and alarm mechanisms are executed in the verification process; The dynamic trust degree calculation module is used for carrying out grading distribution on three types of reference data based on a preset distribution proportion, respectively calculating a hardware health grade, a network health grade and an operation behavior grade, further obtaining a final trust grade, and judging the trust grade of the terminal according to the final trust grade; When the current terminal is in a low trust level, the risk source positioning module is used for collecting multidimensional data of the terminal and preprocessing the multidimensional data, constructing a terminal trust risk full-link data chain, extracting a risk feature set by matching with a preset risk feature library, and inputting a source recognition model to obtain a source positioning list.
2. 2. The data security protection system applied to a data display terminal according to claim 1, wherein the analysis process of the data acquisition and processing module is as follows: selecting a plurality of normal operation terminals in the same model and the same scene to acquire full-period data for 15 days, and preprocessing the acquired full-period data; The full-period data acquisition comprises three types of reference data of a terminal side and trust identity data of a data source side, wherein the three types of reference data comprise hardware feature dimensions, network feature dimensions and operation behavior dimensions; And constructing a normal operation behavior feature model based on the preprocessed full-period data, and constructing a terminal-data source bidirectional trust identity library based on the trust identity data of the data source side.
3. 3. The data security protection system applied to a data display terminal according to claim 1, wherein the analysis process of the bidirectional trust verification module is as follows: when the terminal side initiates a data request, the terminal side extracts a unique hardware identifier of the terminal side and digitally signs the unique hardware identifier by using a terminal private key to generate a terminal identity verification package.
4. 4. A data security system applied to a data display terminal according to claim 3, wherein the data source side performs the following verification steps on the terminal authentication package: Firstly, checking whether the identity of the terminal is in a preset authorized white list, and after the random challenge code is transmitted, checking whether an encryption result returned by the terminal is effective or not, wherein the analysis process of whether the encryption result is effective or not is as follows: decrypting the digital signature in the encryption result by using the public key to obtain an original hash value H1, and re-calculating a hash value H2 for the data main body in the encryption result, wherein the integrity is passed, otherwise, judging that the data main body is invalid; when the integrity passes, the identity in the encryption result is extracted and compared with a preset authorized white name, if the identity is matched with the preset authorized white name, the validity is judged, and if the identity is not matched with the preset authorized white name, the invalidity is judged; If the encryption result is invalid or the identity is not matched, rejecting connection and recording an abnormal log; if the integrity passes and the identity identification is judged to be effective, judging that the terminal machine is a trusted terminal; And simultaneously setting a verification failure processing mechanism, namely continuously setting the terminal machine with the verification failure for 3 times, listing the terminal machine in a temporary blacklist, limiting the connection request within 1 hour, triggering an administrator alarm, and sending an abnormal log to the administrator.
5. 5. The data security protection system applied to a data display terminal according to claim 4, wherein when the terminal is a trusted terminal, the data source side generates a set of random challenge codes, signs the random challenge codes by using a data source private key, encapsulates a challenge code plaintext, a digital signature, a data source hardware identifier and a data source digital certificate public key into a data source challenge verification package, and sends the data source challenge verification package to the trusted terminal; The trusted terminal side performs reverse verification on the received challenge verification packet: and (3) invoking a terminal-data source bidirectional trust identity library, comparing whether the data source hardware identification and the communication protocol fingerprint are matched with the terminal-data source bidirectional trust identity library, if not, terminating connection by the trusted terminal, if so, decrypting the random challenge code signature by using a data source digital certificate public key to obtain a decrypted challenge code plaintext, comparing the decrypted challenge code plaintext with an original random challenge code plaintext attached to a data source challenge verification package, if so, judging that the data source identity is true and effective, if not, immediately terminating connection, and meanwhile, generating a data source risk package.
6. 6. The data security protection system applied to a data display terminal according to claim 5, wherein when the identity of the reverse verification data source is true and valid, the trusted terminal encrypts the random challenge code by using a data source public key, generates response information and transmits the response information back to the data source, the data source receives the response information of the terminal, decrypts the response information by using a data source private key, checks whether the decrypted challenge code is consistent with a random number sent by the data source, if so, the bidirectional identity verification is passed, if not, the data source response is tampered, the connection is immediately disconnected, and a security alarm instruction is triggered.
7. 7. The data security protection system applied to a data display terminal according to claim 1, wherein the analysis process of the dynamic trust calculation module is as follows: Grading and distributing three types of reference data based on a preset distribution proportion, and setting a full 100 points; Calculating to obtain a hardware health state basic full score based on a preset allocation proportion corresponding to the set full score and the hardware, inputting the hardware feature dimension of the current terminal machine to a preset health state scoring model on the premise of the hardware health state basic full score, and outputting the hardware health score of the current terminal machine; calculating to obtain a basic full score of the network health state based on the preset allocation proportion corresponding to the set full score and the network, setting a withholding condition, and obtaining a network health score of the current terminal machine based on the set withholding condition and the basic full score of the network health state; calculating to obtain basic full scores of the operation behavior state based on preset allocation proportion corresponding to the set full score and the operation behavior, inputting the operation behavior multidimensional features of the current terminal machine into a normal operation behavior feature model, outputting similarity values S of the real-time operation behavior multidimensional features and the normal model features, and calculating to obtain operation behavior scores based on the basic full scores of the operation behavior state and the similarity values S; And obtaining a final trust score based on hardware health score, network health score and operation behavior score calculation, calling a preset final trust score interval [ Pmin, pmax ] for comparison, and outputting a low trust level or a medium trust level or a high trust level.
8. 8. The data security protection system applied to a data display terminal according to claim 1, wherein the analysis process of the risk source location module is as follows: The method comprises the steps of collecting multidimensional data of a terminal machine, preprocessing the collected multidimensional data, and constructing a terminal trust risk full-link data chain based on time axis association, causal relationship association and grading association; Loading a preset risk feature library, matching the full-link data chain with the risk feature library, judging that the matching is successful if the matching similarity is more than or equal to the preset matching similarity, extracting a risk feature set, judging that the matching is unsuccessful if the matching similarity is less than the preset matching similarity, and displaying no obvious root; inputting the extracted risk feature set into a preset root cause identification model, outputting core root causes and confidence coefficients, and sorting from high to low based on the confidence coefficients to obtain a root cause confidence coefficient list; Dividing a single root or a composite root based on the root confidence list, and constructing a root positioning list based on the single root or the composite root and the root confidence list.

Description

Data safety protection system applied to data display terminal Technical Field The invention relates to the technical field of data safety protection, in particular to a data safety protection system applied to a data display terminal. Background With the deep advancement of digital transformation, the data display terminal is widely applied to a plurality of key fields such as office coordination, industrial control, public service, financial transaction and the like, and becomes a core carrier for data acquisition, transmission, display and interaction, and the safe and stable operation of the terminal directly relates to business continuity and data asset security; However, the prior art is difficult to meet the safety protection requirements under the new situation, on one hand, the terminal security threat is continuously upgraded, the identity authentication risk is prominent, namely, in the interaction process of the terminal and the data source, malicious attack behaviors such as identity falsification and data tampering are frequent, the traditional verification is mostly in a one-way verification mode, only the identity verification of the terminal to the data source is concerned, the reverse verification of the data source to the terminal is ignored, the complex threats such as man-in-the-middle attack cannot be resisted, on the other hand, the traditional terminal security protection scheme adopts a static protection strategy of 'one-tool', namely, unified security management rules are executed on all terminals, dynamic change factors such as the hardware state, the network environment and the operation behavior of the terminal are not considered, and the traditional scheme can only send alarm prompts after the security risk is detected, and is difficult to trace the core root cause of risk, for example, the abnormal data transmission of the terminal can be caused by network attack and hardware faults, the illegal operation of users can be caused by the lack of effective data association analysis and root cause the manager to be unable to quickly locate the intrinsic problem; In summary, the safety protection of the current data display terminal has significant shortcomings in the aspects of identity authentication, dynamic adaptation, risk tracing and the like, and a multi-dimensional, dynamic and full-flow safety protection system is needed to solve the pain point of the prior art, improve the safety protection capability of the terminal and ensure the safety, stability and continuity of data transmission and business operation. Disclosure of Invention The invention aims to provide a data safety protection system for a data display terminal machine, which solves the technical defects, solves the defects that the traditional unidirectional verification is easy to hijack and imitate by a bidirectional verification mechanism, constructs a dynamic trust degree scoring system based on three core dimensions of hardware health, network safety and operation behaviors, realizes quantitative evaluation and grading of the safety state of the terminal machine, matches different trust grades with different protection strategies, improves the safety of the terminal machine, accurately distinguishes single root sources from composite root sources aiming at the terminal with low trust grades, solves the problems of only alarming and difficult positioning pain points in the traditional protection, and avoids blind rectification. The data safety protection system applied to the data display terminal comprises a safety protection center, a data acquisition and processing module, a bidirectional trust verification module, a dynamic trust calculation module, a risk source positioning module and a rear end execution module; The data acquisition and processing module is used for selecting a plurality of normal operation terminals under the same model and the same scene, carrying out full-period data acquisition and preprocessing for 15 days, constructing a normal operation behavior characteristic model and a terminal-data source bidirectional trust identity library based on the preprocessed full-period data, and sending the model and the terminal-data source bidirectional trust identity library to the safety protection center for storage; The bidirectional trust verification module is used for realizing bidirectional identity verification between the terminal and the data source, and comprises the steps that the terminal initiates identity verification to the data source, the data source initiates reverse identity verification to the trusted terminal, and corresponding validity verification, failure processing and alarm mechanisms are executed in the verification process; The dynamic trust degree calculation module is used for carrying out grading distribution on three types of reference data based on a preset distribution proportion, respectively calculating a hardware health grade, a network health grade and an op