CN111079166A - Safe network storage device capable of effectively preventing data leakage - Google Patents

Abstract

The invention discloses a safe network storage device capable of effectively preventing data leakage, which comprises a user terminal, an identity authentication module, an IP (Internet protocol) acquisition module, an encryption processing unit, an information retrieval module, a storage unit, a splash screen library and an access frequency statistical module, wherein the user terminal is connected with the identity authentication module through a network; the user terminal is used for inputting an account name and a login password, transmitting the input account name and the login password to the identity authentication module, and checking the account name and the login password by the identity authentication module; the invention has the beneficial effects that: the account can be logged in only when the user name, the login password, the associated data screenshot and the unified checking are correct, a double-account verification mode is adopted, the use is safer and more reliable, the data leakage is effectively prevented, the annual screened infrequent data can be more visually displayed to the user, and the efficiency of the user in processing the old and useless files is improved.

Description

Safe network storage device capable of effectively preventing data leakage

Technical Field

The invention relates to a network storage device, in particular to a safe network storage device capable of effectively preventing data leakage, and belongs to the technical field of storage.

Background

Network storage is a way of data storage, and network storage structures are roughly divided into three types: direct attached storage, network attached storage, and storage area network, wherein NAS is familiar to general consumers, so general network storage refers to NAS, network storage is defined as a special dedicated data storage server, including storage devices (such as disk arrays, CD/DVD drives, tape drives, or removable storage media) and embedded system software, which can provide cross-platform file sharing function, network storage usually occupies its own node on a LAN, without application server intervention, allowing users to access data on the network, in this configuration, network storage centrally manages and processes all data on the network, offloads load from applications or enterprise servers, effectively reduces total cost of ownership, protects user investment, and provides advantages and disadvantages of each of the four network storage solutions, for small and more service-intensive business enterprises, the method can adopt a simple DAS scheme, has a small number of servers for small and medium-sized commercial enterprises, has certain data centralized management requirements, does not have a NAS scheme for large-sized databases, and is a better choice for large and medium-sized commercial enterprises and SAN.

The conventional network storage equipment only has a layer of authentication encryption of a user name and a password, the encryption mode is too traditional and simple, certain potential safety hazards exist, the safety and the reliability are not enough during use, the access quantity cannot be counted in real time, and the information which is not frequently used cannot be screened and displayed to a user regularly.

Disclosure of Invention

The invention aims to solve the problems that the existing network storage equipment only has a layer of authentication encryption of a user name and a password, the encryption mode is too traditional and simple, certain potential safety hazards exist, the network storage equipment is not safe and reliable enough in use, the access quantity can not be counted in real time, and information which is not frequently used can not be screened and displayed to a user regularly, so that the network storage equipment which is safe and can effectively prevent data leakage is provided.

The purpose of the invention can be realized by the following technical scheme: a safe network storage device capable of effectively preventing data leakage comprises a user terminal, an identity authentication module, an IP acquisition module, an encryption processing unit, an information calling module, a storage unit, a splash screen library and an access frequency statistical module;

the user terminal is used for inputting an account name and a login password, the user terminal transmits the input account name and the login password to the identity authentication module, the identity authentication module is used for checking the account name and the login password, and the specific checking and processing steps are as follows:

the method comprises the following steps: binding the entered account name and the login password to form uniform loading verification data;

step two: extracting account name information loaded in the verification data, and taking the extracted account name information as a retrieval key word to retrieve in a user library;

step three: when the same account name information is retrieved from the user base, comparing the login password associated with the account name in the user base with the login password loaded into the verification data, and executing verification processing after the account name and the login password are successfully verified at the same time;

the IP acquisition module is used for acquiring an IP address of a login user, the information calling module is used for calling and checking data, the screen flashing library is used for carrying out screenshot preservation on the data in the storage unit, and the specific screenshot processing steps are as follows:

u1: data information under different accounts is recorded in the storage unit, and files established under the accounts are associated with the corresponding accounts;

u2: when a new file is created under an account, a screenshot signal is triggered, and the created file screenshot is stored under a directory associated with the account;

the encryption processing unit is used for verification processing during account login, and the specific processing steps are as follows:

step A: the IP acquisition module acquires the IP address of the user who logs in and stores the IP address in the encryption processing unit;

and B: a user terminal inputs user name information, the user name information is transmitted to an encryption processing unit through an IP (Internet protocol) acquisition module, an information calling module takes an account name as a retrieval keyword, a screenshot associated with the account name is randomly called in a flash screen library, and five preset pictures are randomly called in the flash screen library;

and C: the information calling module mixes the association diagram and the preset diagram together and uniformly sends the mixed diagram to the encryption processing unit, the encryption processing unit transmits the mixed diagram to a user terminal for display, six diagrams are displayed through the user terminal, a user clicks and selects through a mouse, a screenshot associated with the user account is selected, and the selected diagram is judged;

s1: when the picture selected by the login user is related to the data picture of the corresponding account, the login user completes verification to realize account login;

s2: when the picture selected by the login user is not related to the data picture of the corresponding account, the encryption processing unit records the picture in error once, transmits a refreshing signal to the flash screen library, recombines the picture in the flash screen library, sends the picture to the user terminal for displaying, allows the login user to reselect the picture, completes the picture check, and realizes account login;

s3: when the login user selects the associated picture for the second time and has an error, repeating the operation of S2, and recording the error twice by the encryption processing unit;

s4: when the login user selects the associated picture error for three times, the encryption processing unit records the error for three times, triggers a locking signal, locks the IP address acquired before, and limits the user login under the IP address, wherein the limited time duration is one hour, and the login limitation under the IP address is released when the limited time duration exceeds one hour.

Further, the method comprises the following steps: the access frequency statistical module is used for collecting relevant access data information of the logged account and performing statistical processing on the data information, and the specific statistical processing steps are as follows:

q1: the data information under the user name is marked as natural numbers from 1 to N in sequence, the access records of the related data information are accumulated in real time for access statistics, the one-year access statistic of the data information marked as 1 is marked as 1(G), and the one-year access statistic of the data information marked as N is marked as N (G), wherein G is expressed as the real-time access accumulated value of the corresponding data;

q2: comparing the relative access amounts of all data in one year to obtain the last ten files which are accessed infrequently;

q3: and calling the last ten places of the infrequently accessed files according to the marks, displaying the later ten places of the infrequently accessed files to the client through the user terminal, and popping up a prompt window by the user terminal to display the related information of the infrequently accessed files.

Further, the method comprises the following steps: the optical modem is used for connecting the equipment with a network.

Compared with the prior art, the invention has the beneficial effects that:

1. before the login is completed, when a user inputs account information through a user terminal, an IP acquisition module acquires an IP address used when the user logs in, the IP address is delivered to an encryption processing unit for storage and recording, meanwhile, the encryption processing unit calls a user name to form a keyword, a data screenshot associated with the account is searched in a flash screen library, when a matched account is not searched, an associated screenshot is not generated, the account is prompted to be wrong, when the matched account is searched, the associated screenshot is called in the flash screen library, the associated screenshot and a preset screenshot are mixed together and displayed to the user through the user terminal, the user selects the screenshot associated with the account, when the selection is correct, the login password input by the user terminal can be further checked through an identity authentication module, when the selection fails, the encryption processing unit makes a mistake, and a refreshing signal is transmitted to the flash screen library, the method comprises the steps that a new verification screenshot is generated by a flash screen library and transmitted to a user terminal for secondary selection of a user, the upper limit of the selection times of verification of the whole screenshot is three times, when the third selection is wrong, an encryption processing unit activates a locking signal to lock an IP address obtained before, login of the user under the IP address is limited, the limitation duration is one hour, the limitation duration exceeds the one hour limitation duration, the login limitation under the IP address is removed, only when the user name, the login password, the associated data screenshot and the unified verification are correct, the login of an account can be completed, a double-account verification mode is adopted, the use is safer and more reliable, and data leakage is effectively prevented.

2. The access frequency counting module is used for collecting related access data information of the account after login, the data information under the user name is sequentially marked as natural numbers from 1 to N, access records of the related data information are accumulated in real time for access counting, the related access amounts of all data in one year are compared to obtain the last ten of infrequently accessed files, the last ten of the infrequently accessed files are called out according to the marks and displayed to a client through a user terminal, a prompt window pops up from the user terminal to display the related information of the infrequently accessed files and remind the user to delete the infrequently accessed files, the infrequently screened data can be displayed to the user more visually, and the efficiency of the user in processing the old and useless files is improved.

Drawings

In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.

FIG. 1 is a block diagram of the system of the present invention.

Detailed Description

The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, a network storage device capable of safely and effectively preventing data leakage includes a user terminal, an identity authentication module, an IP acquisition module, an encryption processing unit, an information retrieval module, a storage unit, a flash screen library, and an access frequency statistics module;

the user terminal is used for inputting an account name and a login password, the user terminal transmits the input account name and the login password to the identity authentication module, the identity authentication module is used for checking the account name and the login password, and the specific checking and processing steps are as follows:

the method comprises the following steps: binding the entered account name and the login password to form uniform loading verification data;

step two: extracting account name information loaded in the verification data, and taking the extracted account name information as a retrieval key word to retrieve in a user library;

step three: when the same account name information is retrieved from the user base, comparing the login password associated with the account name in the user base with the login password loaded into the verification data, and executing verification processing after the account name and the login password are successfully verified at the same time;

the IP acquisition module is used for acquiring an IP address of a login user, the information calling module is used for calling and checking data, the splash screen library is used for carrying out screenshot preservation on the data in the storage unit, and the specific screenshot processing steps are as follows:

u1: data information under different accounts is recorded in the storage unit, and files established under the accounts are associated with the corresponding accounts;

u2: when a new file is created under an account, a screenshot signal is triggered, and the created file screenshot is stored under a directory associated with the account;

the encryption processing unit is used for verification processing during account login, and the specific processing steps are as follows:

step A: the IP acquisition module acquires the IP address of the user who logs in and stores the IP address in the encryption processing unit;

and B: a user terminal inputs user name information, the user name information is transmitted to an encryption processing unit through an IP (Internet protocol) acquisition module, an information calling module takes an account name as a retrieval keyword, a screenshot associated with the account name is randomly called in a flash screen library, and five preset pictures are randomly called in the flash screen library;

and C: the information calling module mixes the association diagram and the preset diagram together and uniformly sends the mixed diagram to the encryption processing unit, the encryption processing unit transmits the mixed diagram to a user terminal for display, six diagrams are displayed through the user terminal, a user clicks and selects through a mouse, a screenshot associated with the user account is selected, and the selected diagram is judged;

s1: when the picture selected by the login user is related to the data picture of the corresponding account, the login user completes verification to realize account login;

s2: when the picture selected by the login user is not related to the data picture of the corresponding account, the encryption processing unit records the picture in error once, transmits a refreshing signal to the flash screen library, recombines the picture in the flash screen library, sends the picture to the user terminal for displaying, allows the login user to reselect the picture, completes the picture check, and realizes account login;

s3: when the login user selects the associated picture for the second time and has an error, repeating the operation of S2, and recording the error twice by the encryption processing unit;

s4: when the login user selects the associated picture error for three times, the encryption processing unit records the error for three times, triggers a locking signal, locks the IP address obtained before, and limits the user login under the IP address, wherein the limited time duration is one hour, and the login limit under the IP address is released when the limited time duration exceeds one hour;

the access frequency statistical module is used for collecting relevant access data information of the logged account and performing statistical processing on the data information, and the specific statistical processing steps are as follows:

q1: the data information under the user name is marked as natural numbers from 1 to N in sequence, the access records of the related data information are accumulated in real time for access statistics, the one-year access statistic of the data information marked as 1 is marked as 1(G), and the one-year access statistic of the data information marked as N is marked as N (G), wherein G is expressed as the real-time access accumulated value of the corresponding data;

q2: comparing the relative access amounts of all data in one year to obtain the last ten files which are accessed infrequently;

q3: calling the last ten places of the infrequently accessed files according to the marks, displaying the later ten places of the infrequently accessed files to a client through a user terminal, popping up a prompt window by the user terminal, and displaying related information of the infrequently accessed files;

the optical modem is composed of a transmitting part, a receiving part, a control part, an interface and a power supply part, the data terminal equipment provides transmitted data in the form of binary serial signals, the data are converted into internal logic levels through the interface and are transmitted to the transmitting part, the signals required by the line are modulated through a modulation circuit and are transmitted to the line, the receiving part receives the signals from the line, the signals are restored into digital signals after filtering, inverse modulation and level conversion and are transmitted to the digital terminal equipment, the optical modem can modulate and demodulate the optical signals, whether the signals are analog systems or digital systems, the electric signals with information input to an optical transmitter are converted into optical signals through modulation, the optical carriers are transmitted to a receiving end through an optical fiber line, and then the optical signals are converted into the electric signals through demodulation by a receiver and are used for connecting the equipment and a network, and finishing data sharing.

When the invention is used, a user name and a login password are input through a user terminal, an identity authentication module firstly calls the input user name, the input user name is used as a retrieval key word to search for matched information in a library, when no corresponding information exists, the user name is prompted to input an error, when the user name is matched, the login password under the input user name is further called, the login password and the password under the account related to the library are verified, when the password is verified to be error, the password is prompted to be error, the login is completed when the verification is successful, before the login is completed, when the user inputs the account information through the user terminal, an IP acquisition module acquires the IP address used when the user logs in, the IP address is handed to an encryption processing unit for storage and recording, and meanwhile, the encryption processing unit calls the user name to form a key word to search for a data screenshot related to the account in a flash screen, when a matched account is not searched, no associated screenshot is generated, meanwhile, the account is reminded of errors, when the matched account is searched, the associated screenshot is called from the flash screen library, the associated screenshot and a preset screenshot are mixed together and displayed to a user through a user terminal, the user selects the screenshot associated with the account, when the selection is correct, the login password input by the user terminal can be further checked through the identity authentication module, when the selection fails, the encryption processing unit records the error once, a refreshing signal is transmitted to the flash screen library, a new verification screenshot is generated by the flash screen library and transmitted to the user terminal for secondary selection, the upper limit of the selection times of the verification of the whole screenshot is three times, when the selection for the third time is wrong, the encryption processing unit activates a locking signal to lock the IP address acquired before, the user login under the IP address is limited, and the time is limited to be one hour, when the time length exceeds the one-hour limit time length, the login limit under the IP address is removed, the account login can be completed only when the user name, the login password, the associated data screenshot and the unified check are correct, the double account verification is realized, the use is safer and more reliable, the data leakage is effectively prevented, the information data of all users are recorded in the storage unit, when the data is used for establishing a file, the file is subjected to screenshot by a flash screen library so as to provide verification materials, an access frequency statistical module is used for collecting the relevant access data information of the account after login, the data information under the user name is sequentially marked as natural numbers from 1 to N, the access records of the relevant data information are accumulated in real time for access statistics, the annual access statistic of the data information marked as 1 is marked as 1(G), the annual access statistic of the data information marked as N is marked as N (G), wherein G is expressed as the real-time access accumulated value of the corresponding data, comparing the relative access amount of all data in one year to obtain the last ten infrequently accessed files, calling the last ten infrequently accessed files according to the marks, displaying the last ten infrequently accessed files to a client through a user terminal, popping up a prompt window by the user terminal, displaying the relative information of the infrequently accessed files, and reminding the user of deleting the files.

The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise embodiments disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims (3)

1. A safe network storage device capable of effectively preventing data leakage is characterized by comprising a user terminal, an identity authentication module, an IP acquisition module, an encryption processing unit, an information retrieval module, a storage unit, a splash screen library, an access frequency statistic module and an optical modem;

the user terminal is used for inputting an account name and a login password, the user terminal transmits the input account name and the login password to the identity authentication module, the identity authentication module is used for checking the account name and the login password, and the specific checking and processing steps are as follows:

the method comprises the following steps: binding the entered account name and the login password to form uniform loading verification data;

step two: extracting account name information loaded in the verification data, and taking the extracted account name information as a retrieval key word to retrieve in a user library;

step three: when the same account name information is retrieved from the user base, comparing the login password associated with the account name in the user base with the login password loaded into the verification data, and executing verification processing after the account name and the login password are successfully verified at the same time;

the IP acquisition module is used for acquiring an IP address of a login user, the information calling module is used for calling and checking data, the screen flashing library is used for carrying out screenshot preservation on the data in the storage unit, and the specific screenshot processing steps are as follows:

u1: data information under different accounts is recorded in the storage unit, and files established under the accounts are associated with the corresponding accounts;

u2: when a new file is created under an account, a screenshot signal is triggered, and the created file screenshot is stored under a directory associated with the account;

the encryption processing unit is used for verification processing during account login, and the specific processing steps are as follows:

step A: the IP acquisition module acquires the IP address of the user who logs in and stores the IP address in the encryption processing unit;

and B: a user terminal inputs user name information, the user name information is transmitted to an encryption processing unit through an IP (Internet protocol) acquisition module, an information calling module takes an account name as a retrieval keyword, a screenshot associated with the account name is randomly called in a flash screen library, and five preset pictures are randomly called in the flash screen library;

and C: the information calling module mixes the association diagram and the preset diagram together and uniformly sends the mixed diagram to the encryption processing unit, the encryption processing unit transmits the mixed diagram to a user terminal for display, six diagrams are displayed through the user terminal, a user clicks and selects through a mouse, a screenshot associated with the user account is selected, and the selected diagram is judged;

s1: when the picture selected by the login user is related to the data picture of the corresponding account, the login user completes verification to realize account login;

s2: when the picture selected by the login user is not related to the data picture of the corresponding account, the encryption processing unit records the picture in error once, transmits a refreshing signal to the flash screen library, recombines the picture in the flash screen library, sends the picture to the user terminal for displaying, allows the login user to reselect the picture, completes the picture check, and realizes account login;

s3: when the login user selects the associated picture for the second time and has an error, repeating the operation of S2, and recording the error twice by the encryption processing unit;

s4: when the login user selects the associated picture error for three times, the encryption processing unit records the error for three times, triggers a locking signal, locks the IP address acquired before, and limits the user login under the IP address, wherein the limited time duration is one hour, and the login limitation under the IP address is released when the limited time duration exceeds one hour.

2. The network storage device of claim 1, wherein the access frequency statistics module is configured to collect access data information related to the logged account, and perform statistics on the data information, and the specific processing statistics steps include:

q1: the data information under the user name is marked as natural numbers from 1 to N in sequence, the access records of the related data information are accumulated in real time for access statistics, the one-year access statistic of the data information marked as 1 is marked as 1(G), and the one-year access statistic of the data information marked as N is marked as N (G), wherein G is expressed as the real-time access accumulated value of the corresponding data;

q2: comparing the relative access amounts of all data in one year to obtain the last ten files which are accessed infrequently;

q3: and calling the last ten places of the infrequently accessed files according to the marks, displaying the later ten places of the infrequently accessed files to the client through the user terminal, and popping up a prompt window by the user terminal to display the related information of the infrequently accessed files.

3. A secure and effective data leakage prevention network storage device according to claim 1, wherein: the optical modem is used for connecting the equipment with a network.

Images