[go: up one dir, main page]

CN119766508A - Data security transmission method with multi-level high-speed structure - Google Patents

Data security transmission method with multi-level high-speed structure Download PDF

Info

Publication number
CN119766508A
CN119766508A CN202411832324.1A CN202411832324A CN119766508A CN 119766508 A CN119766508 A CN 119766508A CN 202411832324 A CN202411832324 A CN 202411832324A CN 119766508 A CN119766508 A CN 119766508A
Authority
CN
China
Prior art keywords
data
client computer
client
computer
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411832324.1A
Other languages
Chinese (zh)
Inventor
黄辉
吴玮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Minimally Invasive Software Co ltd
Original Assignee
Shandong Minimally Invasive Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Minimally Invasive Software Co ltd filed Critical Shandong Minimally Invasive Software Co ltd
Priority to CN202411832324.1A priority Critical patent/CN119766508A/en
Publication of CN119766508A publication Critical patent/CN119766508A/en
Pending legal-status Critical Current

Links

Landscapes

  • Computer And Data Communications (AREA)

Abstract

一种具有多级高速结构的数据安全传输方法,包括服务器、多台客户端计算机及认证微系统模块,多台客户端计算机设置为至少一个计算机组;服务器设有传输调度模块,传输调度模块指定一台计算机为第一客户端计算机,认证微系统模块对客户端计算机进行安全认证;服务器获取客户端计算机的数据传输信息,当数据传输状态为100%时,服务器的传输调度模块指定客户端计算机向下至少有两台计算机的一组计算机发送数据,下一组计算机的数据传输状态信息为100%时,指定下一组计算机向再下一组计算机发送数据,采用一传二的多级扩散型数据传输方式使全部客户端计算机的数据传输状态信息均为100%为止。有效提高大批量的计算机快速完成大容量的系统文件的重制维护效率。

A data security transmission method with a multi-level high-speed structure includes a server, multiple client computers and an authentication microsystem module, wherein the multiple client computers are set as at least one computer group; the server is provided with a transmission scheduling module, the transmission scheduling module designates a computer as the first client computer, and the authentication microsystem module performs security authentication on the client computer; the server obtains the data transmission information of the client computer, and when the data transmission status is 100%, the transmission scheduling module of the server designates the client computer to send data to a group of computers with at least two computers below, and when the data transmission status information of the next group of computers is 100%, the next group of computers is designated to send data to the next group of computers, and a multi-level diffusion data transmission method of one-to-two is adopted until the data transmission status information of all client computers is 100%. The method effectively improves the efficiency of remaking and maintaining large-capacity system files that can be quickly completed by a large number of computers.

Description

Data security transmission method with multi-level high-speed structure
Technical Field
The invention relates to a secure communication technology, in particular to a data secure transmission method with a multi-stage high-speed structure.
Background
In a centralized application scenario of computer devices, a study or office place composed of several, even tens or hundreds of computers, for example, an enterprise office, a campus room, etc., may need a larger number of computer devices to compose a computer user group for centralized use by a corresponding user. The maintenance involved with these devices is relatively intensive and therefore it is generally possible to ensure that each computer maintains the same system configuration and security policy settings before use in a different manner. When a computer system fails or has a safety problem, the system needs to be reconfigured, and the existing mode mainly comprises the steps of directly downloading corresponding system file data from a server through a network and respectively reconfiguring the system for each computer. In a computer group consisting of a plurality of computers, each computer needs to download data from a server respectively, and a local system is formed in a local hard disk to complete system configuration. The data downloading method mainly comprises a traditional broadcast transmission method and a BT transmission method, but the transmission methods have more defects, and for a computer group with more computers, the configuration maintenance time is too long, the difficulty is higher, and the normal work and study are affected. Meanwhile, in the aspect of authentication and synchronization of security policies, more hidden dangers exist.
The conventional broadcast transmission method has obvious defects. Transmission range-technically, broadcast packets cannot pass through a VLAN and can only be transmitted in one network segment, and the case of multiple network segments requires special configuration of a switch or proxy. The transmission speed is that broadcast transmission has various abnormal conditions and has great influence on network environment, when one of a plurality of machines has transmission abnormality, all transmission queue examples can be slowed down to the abnormal state such as the slowest one, the packet falling, the disconnection, the retransmission and the like in the transmission process. Reliability, namely low success rate of system issuing under various abnormal conditions. Flexibility-the same standard environment must be operated simultaneously in the simultaneous transmission process to transmit and receive simultaneously, and no other operation is allowed in the process.
Broadcast transmissions are broadcast from head to tail, with clients joining the transmissions according to queues, and exceptions are broadcast from head to head once again.
The BT transmission mode has the defects that 1, the mirror image file exceeds 200G, the seed file generation time is long, and the method is very unfriendly to a mechanical hard disk. 2. The seed needs to be regenerated every time the image is updated, and the generation of the seed in large image volume takes time and CPU calculation power. 3. The transmission threads are too many, and huge transmission pressure is generated on the switch. 4. The flexibility is not high, and the transmission file can be used after the centralized transmission is completed in a certain system state. 5. All machines need to transmit in a BT down state in a shared manner, when 60 machines have only one machine abnormal, the other 59 machines do not enter the transmission state, which is equivalent to point-to-point transmission. BT is only applied in the first deployment, and the daily use process does not work. 6. The abnormal situation is a process of issuing again from the head, the process is required to be completed once, and the incomplete situation is that the head is restarted to restart the full transmission.
The traditional data transmission mode has higher requirements on the configuration of a server and a computer, higher pressure on the server and a network, larger influence on the network environment and lower friendliness on client computers of computer units in a local area network with the same IP section, so that the computers of the computer units have lower efficiency in the configuration and security authentication of a system, the normal working requirements of the computer units are influenced, and a better use effect cannot be obtained. Especially for computer groups with tens or hundreds of client computers, the system maintenance of the client computers is likely to be a very time-consuming task, which is inefficient and delays the use of other relevant client computers.
Disclosure of Invention
The technical problem solved by the invention is to provide a data security transmission method with a multistage high-speed structure, which realizes the copying of system data from a server to a client and between the client and the client in a sector data mapping mode, and adopts a continuous data transmission mode with one more transmission in a local area network to achieve the purposes of reducing the configuration requirements of the server and the network, reducing the pressure of network use and realizing the rapid completion of the maintenance work of sharing and copying of large-capacity data of a computer group consisting of a plurality of computers.
The technical scheme of the invention is as follows:
The data security transmission method with the multi-level high-speed structure comprises a server, a plurality of client computers and an authentication microsystem module, wherein the client computers are arranged as at least one computer group;
The server is connected with the client computer through a network, a trusted root system module and a data pointer storage module are installed in the server, the trusted root system module stores template files of a trusted root system, and the data pointer storage module is used for storing data pointer files from a hard disk of the client computer;
The server is provided with a transmission scheduling module, the transmission scheduling module collects network configuration state information and data transmission state information of the client computers, one client computer is designated as a first client computer, the authentication microsystem module stores trusted authentication microsystems used for comparing data information of the server and the client computers, the server is simultaneously started when the client computers are started, after the client computers pass hardware trusted authentication, data pointer files of the client computers stored on the server are mapped to designated storage sectors of hard disks of the client computers, and the authentication microsystem module compares data of a trusted root system marked by the data pointer files with data of a trusted root system of a corresponding storage sector of the hard disk and carries out security authentication on the client computers;
The method comprises the steps that a server obtains data transmission state information of a first client computer, when the data transmission state of a template file of the first client computer is 100%, a transmission scheduling module of the server appoints the first client computer to send data to a next group of client computers in a computer group, the next group of client computers comprises at least two client computers needing to receive the data, when the data transmission state information of the template file of the client computers in the next group of client computers is 100%, appoints the client computers to send data to a next group of client computers, and appoints a group of client computers needing to receive the data as a new client computer receiving the data for the client computers which have completed sending the data, and starts to transmit the template file data to the client computers until the data transmission state information of the template file of all the client computers needing to transmit the data in the computer group is 100%.
The data security transmission method with the multi-level high-speed structure comprises the steps that the transmission scheduling module collects network configuration state information of the client computers and comprises hardware equipment information of CPU, hard disk, memory and network card of all the client computers in the computer group and network connection state information, the network connection state information comprises the on-line state of the client computers, the computer group state, the operating system state and waiting time length, the data transmission state information comprises whether transmitted data is 100 percent, and the transmission scheduling module designates one client computer to receive the data according to the performance of the hardware equipment information of the computers and the network connection state information.
The data security transmission method with the multi-level high-speed structure comprises the steps that the transmission scheduling module selects the client computers which send data according to the following priority order, wherein the client computers are online, the network card speed is high, the network type is the same, the operating system is the same, the received data is 100%, the received data are in the same computer group, and the waiting time is long or short, and the transmission scheduling module selects the client computers which receive data according to the following priority order, wherein the client computers are online, the network card speed is high, the network type is the same, the operating system is the same, the received data are in the same computer group, and the waiting time is long or short.
The data security transmission method with the multi-level high-speed structure, as described above, wherein the transmission scheduling module obtains computer group information of a first client computer that designates received data, and further includes confirming that the number of switch stages existing between the server and the first client computer is less than or equal to the number of switch stages between the server and other client computers in the computer group;
The transmission scheduling module obtains 100% data transmission state information of other client computers except the first client computer, designates the client computer as a client computer for transmitting data, designates another client computer for receiving data as a next-stage client computer of the switch if a first-stage switch exists between the other client computer and the client computer for transmitting data, and when the number of the previous-stage client computers for completing data transmission is more than or equal to one, the next-stage client computer is not used as the client computer for transmitting data of the previous-stage client computer.
The data security transmission method with the multi-level high-speed structure comprises the steps of local security authentication, wherein the client computer receives 100% of template file data, a local security authentication module is started after an operating system is started, security policy configuration in the client computer is automatically detected, if the security policy configuration is inconsistent with a preset security policy of a trusted root system stored in a server, the client computer is forbidden to start, the server records system security abnormality information of the computer, and other authenticated client computers are redistributed to serve as client computers sending data according to instructions, the system data is retransmitted to the client computer with the security authentication abnormality, the client computer is received, and after restarting, the local security authentication module is restarted to perform local security authentication.
The data security transmission method with the multi-stage high-speed structure comprises the steps of stopping transmitting data when 100% of data is not received by a client computer receiving the data and the client computer transmitting the data is abnormal, waiting and designating another new client computer which has completed 100% of data to be used as the client computer transmitting the data by the transmission scheduling module according to the priority order principle of the selection condition, and transmitting system data for the client computer receiving the data.
The data security transmission method with the multi-level high-speed structure comprises the steps that a hard disk of the client computer is provided with a local trusted root system storage area and a local dynamic data storage area, the local trusted root system storage area is a read-only storage area for loading template files of a trusted root system from the server, the local dynamic data storage area is an active storage area allowing the client computer to be newly added or modified, data pointer files of the local trusted root system storage area and the local dynamic data storage area are stored in a data pointer storage module of the server, and only data of a storage sector with the same data pointer mark is transmitted during data transmission.
The data security transmission method with the multi-level high-speed structure comprises the steps that the authentication micro-system module is connected with an I/O control driver, the I/O control driver is used for identifying and dispatching input and output signals, judging whether the trusted root system file data requested by the client computer exists in a designated sector of a local trusted root system storage area of a hard disk of the client computer according to the data pointer file mapped by the authentication micro-system, if not, the server loads the requested trusted root system file data from a template file of the trusted root system to the designated sector, and stores the data pointer file after loading in a data pointer storage module of the server, and if so, judging the next designated sector according to the data pointer file mapped by the authentication micro-system.
The data security transmission method with the multi-level high-speed structure comprises the steps that the I/O control driver judges the new or modified operation of the data of the local dynamic data storage area of the hard disk of the client computer, and sends and stores the data pointer of the storage sector with the new or modified operation into the data pointer storage module of the server.
The data security transmission method with the multi-level high-speed structure comprises the steps that after 100% of data transmission of a first client computer is completed, the server appoints the first client computer to transmit data to a next group of client computers to form a first one-transmission-multiple transmission diffusion structure, the service appoints another first client computer to transmit data, and after 100% of data transmission of the other first client computer is completed, appoints the other first client computer to transmit data to another next group of client computers needing to receive the data to form a second one-transmission-multiple transmission diffusion structure, and the client computers in the first one-transmission-multiple transmission diffusion structure and the second one-transmission-multiple transmission-diffusion structure are not repeated.
From the above description, it is clear that the present invention has the following advantages:
The data security transmission method with the multi-level high-speed structure aims at system installation and abnormal maintenance of a computer set in a local area network and a server, and realizes security authentication of received data. The method has the advantages that the mapping of sector data and pointer files is adopted to complete the copying and filling of the data, the one-transmission-multiple continuous diffusion type data transmission control of the server and the client computers in the computer group is completed through the data transmission control method of the computer group in the local area network, a continuous multi-stage continuous diffusion type telling transmission structure is formed, the client computers in the computer group can operate simultaneously when the server is not occupied, the server and the client computers completing the transmission can transmit data in other client computers, the network communication pressure for transmitting network data is reduced, the influence on learning and work is reduced, the hardware requirements of the data transmission on the server, the client computers and network configuration are reduced, the use cost is reduced, the network influence of the large-batch client computers on data transmission and system security authentication is reduced, and the maintenance efficiency of the computers in the computer group is ensured.
Drawings
FIG. 1 is a schematic diagram of one-to-many diffusion data transmission in a preferred embodiment of the present invention;
FIG. 2 is a schematic diagram of a single client computer to perform data transmission and transmission scheduling for the client computer according to the preferred embodiment of the present invention;
FIG. 3A is a schematic diagram of a real-time trusted authentication policy according to the present invention;
fig. 3B is a schematic diagram of a real-time trusted authentication policy according to the present invention.
Detailed Description
For a clearer understanding of technical features, objects, and effects of the present invention, a specific embodiment of the present invention will be described with reference to the accompanying drawings.
The data security transmission method with the multi-stage high-speed structure, provided by the invention, has the advantages that the data security transmission method with the multi-stage high-speed structure is particularly used in the scene of large-scale deployment of a machine room and a computer, one server carries more than the scale of tens to hundreds of machines, meanwhile, the data files to be transmitted are larger, the total quantity of mirror files made by a system and software reaches 200G or more, and when the operation requirement of being deployed in each machine hard disk is required, the data security transmission method with the multi-stage high-speed structure is used for carrying out data diffusion transmission through the multi-stage diffusion high-speed transmission structure of one transmission in a computer unit in a local area network, so that the security authentication of each client computer can be realized, a huge number of client computers can quickly complete the copying and authentication of data, the large-scale data transmission does not occupy a large amount of network resources, the hardware requirements on the server and the client computers are reduced, the influence on the network environment is reduced to the minimum, and the maintenance work efficiency of the computer unit is improved.
The invention relates to a data security transmission method with a multistage high-speed structure, which in a preferred embodiment comprises a server, a plurality of client computers and an authentication microsystem module, wherein the client computers are arranged as at least one computer group;
The server is connected with the client computer through a network, a trusted root system module and a data pointer storage module are installed in the server, the trusted root system module stores template files of a trusted root system, and the data pointer storage module is used for storing data pointer files from a hard disk of the client computer;
The server is provided with a transmission scheduling module, the transmission scheduling module collects network configuration state information and data transmission state information of the client computers, one client computer is designated as a first client computer, the authentication micro-system module stores a trusted authentication micro-system used for comparing data information of the server and the client computers, the server is started simultaneously when the client computers are started, after the client computers pass hardware trusted authentication, data pointer files of the client computers stored on the server are mapped to designated storage sectors of hard disks of the client computers, the authentication micro-system module compares data of a trusted root system marked by the data pointer files with data of a trusted root system of a corresponding storage sector of the hard disk, the client computers are subjected to security authentication, after the trusted authentication, system data are filled in the corresponding sectors of the hard disks of the client computers according to the mapping of the data pointer files, and then the client computers are started to conduct security authentication on the corresponding sectors of the hard disks of the client computers. The technology of copying the template file to the storage sector of the target hard disk is completed by utilizing the data mapping mode of separating the data pointer from the hard disk storage sector, so that the transmission method of the invention completes one-to-one corresponding security verification while completing transmission to form the complete template file. Therefore, a first safety authentication protection layer is constructed for the transmission method.
In addition to preliminary authentication, the invention also adopts a multi-stage diffusion data transmission mode, the data transmission state information of the first client computer is acquired through a server, when the data transmission state of the template file of the first client computer is 100%, a transmission scheduling module of the server designates the first client computer to send data to the next group of client computers in the computer group, the next group of client computers comprises at least two client computers needing to receive data, the transmission scheduling module acquires the data transmission state information of the template file of the client computers in the next group and designates the client computers to send data to the next group of client computers, when the data transmission state information of the template file of the client computers in the next group is 100%, the transmission scheduling module designates the client computers needing to receive data as new client computers which receive data for the client computers which have finished sending data, and starts to transmit the template file data to the client computers, and the transmission scheduling module acquires the data file information of all the client computers needing to transmit the data in the computer group as 100%. With reference to fig. 1, the data transmission operation can be completed rapidly by a large number of client computers in a computer group in the same lan, and the server and the client computers can realize the data transmission operation depending on the network transmission rate of the network card, such as a hundred mega network card, a gigabit network card and the like, in the same address segment by using a multi-transmission multi-level high-speed diffusion transmission mode, so that a very high transmission rate can be achieved. Preferably, in a general precursor network environment, a one-transmission two-way mode can be adopted, after the first stage finishes transmission, two client computers of which the first client computer finishes transmission at one stage continue to form new client computers for sending data, two client computers for receiving data are respectively designated for the 3 client computers through selection designation of a server transmission scheduling module, so that the total number of the client computers for receiving data at the second stage can reach 6, and the like, the diffusion sequences are gradually diffused to form 6, 18 and 54. For example, a computer set under a server has 60 client computers, each computer needs to copy and reproduce about 200G of system template files, and taking a gigabit network card as an example, from the first stage, each stage only needs about 15-20 minutes to complete transmission and authentication, so that the 60 computers also only need 3-4 stages of time to complete maintenance of system reset of the 60 client computers, namely about 60-90 minutes. According to the diffusion type transmission method, the number of computer groups is larger, the subsequent time is shorter, because after the third stage, the number of computers is increased from 18 to 54, 36, only one more stage is needed, then the number of computers is increased to 162, 108, and only 2 stages are needed, and therefore, the operation time is basically not increased by adding thousands of client computers. of course, the configuration of the machine and other objective factors affecting the transmission rate are also considered here. In practice, the data reset maintenance of several tens to several hundreds of client computers in a computer group takes a short time, for example, one to two hours, to complete.
Referring to fig. 2, the server 1 is connected to the client computers 3 via a network, a root system module and a data pointer storage module are installed in the server 1, the root system module stores a template file of a root system, and the data pointer storage module is used for storing a data pointer file from the client computers 3, wherein the data pointer file is a necessary data pointer file for starting and identifying data on the hard disk 31 of the client computers, and the data pointer file on the hard disk of each client computer 3 is stripped and stored on the server 1, and the client computers 3 are installed with the hard disk 31 capable of loading the root system from the server 1. Thereby, the client computer 3 can only recognize, read or write the data of the hard disk 31 under the environment of obtaining the trust of the server 1 and communicating with the server 1, that is, as shown in fig. 3A, when the client computer 3 is out of monitoring of the server 1, the data of the storage sector of the hard disk 31 on the client computer 3 will lose the corresponding data pointer, the data cannot be recognized and read, and the hard disk 31 is an empty hard disk. The data splicing technology is characterized in that read-write separation is carried out on a hard disk, shareable parts are marked, only data sharing the same template file are transmitted among clients, and each client computer has an independent writing area on the hard disk. After the data are spliced with the read-only area, the complete storage partition structure can be presented, then the synchronous operation management strategy of the server is overlapped, and the client computer can operate the system or store the data locally. Meanwhile, 100% of data transmission synchronization is completed, which means that the same template data is completed completely, and the data of other free read-write areas of the client are not included.
The authentication microsystem module 2 of the present invention stores a trusted authentication microsystem for comparing data information of the server 1 and the client computer 3, referring to fig. 3A, which is configured between the server 1 and the client computer 3, wherein the authentication microsystem is an authentication system started before a system layer of the client computer 3, is started simultaneously when the client computer 3 is started, and monitors data change of the authentication microsystem in the whole process during the starting and using processes of the client computer 3, and immediately determines that the data change is unreliable once the data change is abnormal. After the client computer 3 passes the hardware trusted authentication, the data pointer file of the client computer 3 stored on the server 1 is mapped to the hard disk 31 of the client computer 3, the authentication microsystem module 2 compares the data of the trusted root system marked by the data pointer file with the data of the trusted root system of the corresponding storage sector of the hard disk 31 to perform real-time trusted authentication on the client computer 3, and if the data of the trusted root system marked by the data pointer is inconsistent with the data of the trusted root system of the storage sector, the client computer 3 is judged to be not trusted. That is, if the client computer 3 already has data, the server 1 will determine that the hard disk 31 of the client computer 3 is not trusted, there is an illegal modification, immediately peel the data pointer file, make the hard disk 31 of the client computer 3 appear empty, and terminate the operation of the client computer 3 by mapping the data pointer file corresponding to the hard disk 31 of the client computer 3 onto the hard disk 31 and activating the data on the hard disk 31, if the data content marked by the data pointer is inconsistent with the data on the hard disk 31, the data on the hard disk 31 cannot be recognized, and the data content indicated by the data pointer is missing.
In a preferred embodiment, the authentication micro system may be installed on the server side, or may be installed on a main boot area on the hard disk 31 of the client computer 3, or may be installed on a main boot area of a mobile memory, so that after the client computer 3 is powered on and started, the authentication micro system is first connected or started to perform trusted authentication of identity authentication, preferably, authentication of hardware devices such as a CPU, a memory, a hard disk, a network card, and the like, and then the authentication micro system controls and manages trusted activation and loading of data of the hard disk 31 of the client computer 3.
Preferably, when the client computer 3 writes new data onto the hard disk 31, the data pointer file of the hard disk 31 is stored in the data pointer storage module of the server 1. After the client computer 3 passes the trust, whether the data of the template file of the trusted root system is loaded from the server 1 or the local data input by the client computer 3, the data pointer of the data newly added on the storage sector of the hard disk 31 is stored in the data pointer storage module of the server 1, and is not directly stored on the hard disk 31, so that the data pointer on the hard disk is effectively ensured not to be tampered.
In the data security transmission method with a multi-level high-speed structure of the present invention, in a preferred embodiment, the transmission scheduling module collects the hardware device information including the CPU, the hard disk, the memory and the network card of all the client computers in the computer group and the network connection state information, where the network connection state information includes the on-line state of the client computers, the computer group state, the operating system state and the waiting time, the data transmission state information includes whether the transmitted data is 100%, and the transmission scheduling module designates one client computer to receive the data according to the performance of the hardware device information of the computer and the network connection state information. Therefore, the server can realize the transmission scheduling of the client computers through the transmission scheduling module, and decides which client computer has better data transmission environment conditions with the server or other client computers according to the hardware equipment information and the network connection state information, so that the selected client computer is a computer with better communication effect with the server or the appointed client computer.
In the data security transmission method with the multi-level high-speed structure, in the preferred embodiment of the invention, the transmission scheduling module selects the client computers for sending the specified data according to the following priority orders, wherein the client computers are online, have high network card speed and same network type, have the same operating system, have 100% of received data, are in the same computer group and have long waiting time, and the transmission scheduling module selects the client computers for receiving the specified data according to the following selection condition priority orders, wherein the client computers are online, have high network card speed and same network type, have the same operating system, are in the same computer group and have long waiting time. By selecting the optimal next client computer for receiving data, the data transmission rate can be ensured to be always kept in an optimal state, and the overall data transmission rate of the whole computer set is integrally improved.
In the data security transmission method with a multi-level high-speed structure according to the present invention, in a preferred embodiment, the transmission scheduling module obtains computer group information of a first client computer designated to receive data, and further includes confirming that the number of switch stages existing between the server and the first client computer is less than or equal to the number of switch stages between the server and other client computers in the computer group. For example, in the same computer group, it is possible that all client computers are connected to the server through only one switch, so that no switch exists between the computers in the computer group, and data transmission between the computers is not affected by the switch.
The transmission scheduling module obtains 100% data transmission state information of other client computers than the first client computer, designates the client computer as a client computer for transmitting data, designates another client computer for receiving data as a next-stage client computer of the switch if a first-stage switch exists between the other client computer and the client computer for transmitting data, and when the number of the previous-stage client computers for completing data transmission is more than or equal to 1, the next-stage client computer is not used as the client computer for transmitting data of the previous-stage client computer. Therefore, in the computer group, because the number of computers is large, a plurality of levels of switches are required to expand the client computers, the scheduling control of the invention can lead the client computer which completes 100% data reception to be the client computer which stores the data transmission data for transmitting data to other client computers, after the transmission of one level is 100%, the client computers receiving the data are continuously appointed to the next level, and the scheduling control of the transmission mode of the multi-level high-speed diffusion of the first transmission and the second transmission is used for completing the scheduling of the file data of all the client computers needing the data transmission. If the next-stage switch is also arranged in the computer group, the network information is identified, and when the client computer which completes transmission exists in the state that the previous-stage switch is directly connected, the client computer under the next-stage switch is forbidden to transmit the transmission data to the previous-stage client computer. The problem of reduction in transmission efficiency due to the existence of blocking of the switch can be reduced, and the network application pressure of the client computer under the lower-level switch is also reduced.
The data security transmission method with the multi-level high-speed structure comprises the steps of receiving 100% of data by a client computer, starting a local security authentication module after an operating system is started, automatically detecting security policy configuration in the client computer, prohibiting the client computer from starting if the security policy configuration is inconsistent with a preset security policy of a trusted root system stored in a server, recording system security abnormality information of the computer by the server, redistributing other authenticated client computers as client computers for sending data according to instructions, sending the system data to the client computer with abnormal security authentication, and restarting the local security authentication module after the client computer is restarted after the client computer is received.
In the data security transmission method with a multi-level high-speed structure according to the present invention, in a preferred embodiment, when a client computer receiving data has not completed 100% of data reception and an abnormality occurs in a client computer transmitting data, and stops transmitting data, the transmission scheduling module designates another idle client computer having completed 100% of data reception as a client computer transmitting data according to the selection condition priority order principle, and transmits system data to the client computer receiving data. Preferably, in the case of the abnormal client computer sending data, the method adopts comparison, judgment and selection of a plurality of elements according to the transmission scheduling principle to designate the client computer with better transmission effect to transmit preferentially, so that the overall data transmission speed is faster, and the network pressure in a computer group is reduced.
In the data security transmission method with a multi-level high-speed structure according to the present invention, in a preferred embodiment, in order to better manage the data security of the client computer 3, the hard disk 31 of the client computer 3 is provided with a local root system storage area 311 and a local dynamic data storage area 312, and as shown in fig. 3B, the local root system storage area 311 is a read-only storage area for loading the template file of the root system from the server 1, that is, the storage area can only be modified by the data downloaded from the server side, and is a read-only storage area for the user of the client computer 3, and the local dynamic data storage area 312 is an active storage area for allowing the client computer 3 to add or modify operations, and the local dynamic data storage area 312 is an active storage area for storing user dynamic data except the root system, allowing the user to modify. The data pointer files of the local trusted root system memory area 311 and the local dynamic data memory area 312 are stored in the data pointer memory module of the server 1, and only the data of the memory sector with the same data pointer mark is transmitted during data transmission. In a preferred embodiment, after the client computer 3 is turned off, the client computer 3 stores the data pointer of the local root system storage area 311 of the data pointer file on the server 1, and the data pointer of the local dynamic data storage area 312 can be stored or deleted, thereby enabling the remotely controlled client computer 3 to read the data in the local dynamic data storage area 312 last time after the next start-up, or forming a remote control desktop for restoring the local dynamic data storage area 312.
In the preferred embodiment of the data security transmission method with a multi-level high-speed structure of the present invention, as shown in fig. 3A and 3B, in the preferred embodiment, the authentication microsystem module 2 is connected with an I/O control driver 4, where the I/O control driver 4 is configured to identify and schedule input/output signals, determine, according to a data pointer file mapped by the authentication microsystem, whether the data of the trusted root system file requested by the client computer 3 exists in a designated sector of the local trusted root system storage area 311 of the hard disk 31, and if not, the server 1 loads the requested data of the trusted root system file from a template file of the trusted root system into the designated sector, and stores the data pointer file after the loading is stored in a data pointer storage module of the server 1, and if so, determine, according to the data pointer file mapped by the authentication microsystem, whether the data pointer file exists in the designated sector next. The I/O control driver 4 can identify and schedule file data to be installed from the server at the request of the client computer 3, in a specific embodiment of the I/O control driver, the client computer 3 can select to run different operating systems according to the request, and the data of the different operating systems are stored in different storage sectors on the hard disk 31 and have specific data pointers, so that the identification and scheduling of the I/O control driver 4 can select to read the data of the operating systems in the designated sectors according to the request of the client computer 3, and start the corresponding operating systems. For example, in Windows and Linux systems, when the client computer 3 requests to start up the Windows system, the I/O control driver 4 will select to read the data pointer with the Windows trusted root system flag in the data pointer file, and start up the Windows system and the corresponding application program, but the file data of the non-Windows system cannot be identified, i.e. does not exist, under the operating system, so as to realize absolute isolation of the data of different operating systems.
As described above, the invention adopts the more secure monitoring of the authentication microsystem when the template file of the trusted root system on the server 1 is dispatched to the hard disk 31 of the client computer 3 through the network. In order to ensure that a plurality of different operating systems can be simultaneously and parallelly operated on the same user hard disk 31 for safe calculation, a sliced data reading and checking mode is adopted. The slice type is a type of classifying different data by indexing a data pointer on the hard disk 31 in units of storage sectors. For example, when a user invokes a windows system, the data pointers are recombined, the operation track of the data blocks of the windows system on the hard disk is notified to a hardware CPU, a memory, a main board and the like, when the Linux system is invoked, the original data pointers are released to a server 1 for storage, a new data pointer is restarted for scheduling work, and the data blocks of the Linux system on the hard disk are invoked. All data blocks are stored on the hard disk in a sliced architecture, while the data pointers are stored on the server 1, which is much more secure than conventional discrete data storage mechanisms.
In the data security transmission method with a multi-level high-speed structure according to the present invention as described above, in a preferred embodiment, the I/O control driver 4 determines a new or modified operation of the data in the local dynamic data storage area 312 of the hard disk 31 of the client computer 3, and sends and stores the data pointer of the storage sector in which the new or modified operation occurs to the data pointer storage module of the server 1.
An authentication microsystem mechanism is introduced into the I/O control driving layer to control the operations of a terminal master boot record, a partition Table, an ID Table, an ID index and the like. The ID Table can present static data of sector data of terminal distributed data by means of data pointer of server end while checking and reinforcing kernel system safety by utilizing autonomous encryption algorithm, and the ID index fuses I/O controller driver and autonomous algorithm to meet the functions of checking, authentication, safety audit and the like of client computer 3. The invention essentially solves the problems of the operation calculation speed of the trusted terminal, the bandwidth occupation of the network, the high requirement on the server and the like. The personalized data (user data) of the client computer 3 is divided into the client computer 3 and the server part, that is, the data of the local dynamic data storage area 312 and the local trusted root system storage area 311, and presented under the control of the security processes and the authentication microsystems of both parties. Once the client computer 3 shuts down the security process, it will be immediately discovered by the server, and the server 1 will prohibit the server portion of the personalized data from being accessed, so that the client computer 3 cannot obtain the correct data. The same is true if the client computer 3 is in an offline state. Of course, if the client computer 3 is authorized to perform offline operation, it can obtain the complete personalized data content locally, so as to effectively ensure that the client computer 3 is always operated in a trusted environment and ensure the data security on the client computer 3.
In the preferred embodiment, as shown in fig. 3A and 3B, since the server 1 mounts necessary data in the template file of the trusted root system onto the hard disk 31 of the client computer 3 according to the request of the client computer 3, so that it can run the operating system and the application program, and meanwhile, the file data of the trusted root system already mounted on the client computer 3 is saved by the data pointer file stored on the server 1, so that it is unnecessary to reload the data of the template file of the trusted root system already loaded in the next starting and running process, and only needs to load new data according to the request of the running of the client computer 3, thereby reducing the burden of network communication of the system.
In the data security transmission method with a multi-level high-speed structure of the present invention, in the preferred embodiment, the server designates the first client computer to transmit data to the next group of client computers after completing 100% data transmission to the first client computer to form a first one-to-many transmission diffusion structure, the service designates the other first client computer to transmit data, and designates the other first client computer to transmit data to the other next group of client computers needing to receive data after completing 100% data transmission to the other first client computer to form a second one-to-many transmission diffusion structure, wherein the client computers in the first one-to-many and second one-to-many transmission diffusion structures are not duplicated. In this embodiment, a two-transmission high-speed diffusion transmission mode is provided, in which the transmission efficiency is further improved, the data are actively transmitted to two first client computers respectively through the server, and after the data are transmitted to 100%, the data transmission operation is sequentially performed for subsequent client computers with the two first client computers as starting points, until the transmission of all the client computers is completed, so that the transmission efficiency can be further improved. The two-way one-transmission two-transmission high-speed diffusion data transmission structure is formed, and the double one-way structure effect can be almost achieved in terms of speed and efficiency.
The data security transmission method with the multi-level high-speed structure aims at system installation and abnormal maintenance of a computer set in a local area network and a server, and realizes security authentication of received data. The method has the advantages that the copying and filling of the data are completed by adopting the mapping of sector data and pointer files, the one-transmission-multiple continuous diffusion type data transmission control of the server and the client computers in the computer group is completed through the data transmission control method of the computer group in the local area network, a continuous multi-stage continuous diffusion type telling transmission structure is formed, the client computers in the computer group can operate simultaneously when the server is not occupied and the server and the client computers completing the transmission can transmit data in other client computers, the network communication pressure for transmitting network data is reduced, the influence on learning and work is reduced, the hardware requirements of the data transmission on the server, the client computers and network configuration are reduced, the use cost is reduced, the network influence of the large-batch client computers on data transmission and system security authentication is reduced, and the maintenance efficiency of the computers in the computer group is ensured.
The foregoing is illustrative of the present invention and is not to be construed as limiting the scope of the invention. Any equivalent changes and modifications can be made by those skilled in the art without departing from the spirit and principles of this invention, and are intended to be within the scope of this invention.

Claims (10)

1. The data security transmission method with the multi-level high-speed structure is characterized by comprising a server, a plurality of client computers and an authentication microsystem module, wherein the client computers are arranged as at least one computer group;
The server is connected with the client computer through a network, a trusted root system module and a data pointer storage module are installed in the server, the trusted root system module stores template files of a trusted root system, and the data pointer storage module is used for storing data pointer files from a hard disk of the client computer;
The server is provided with a transmission scheduling module, the transmission scheduling module collects network configuration state information and data transmission state information of the client computers, one client computer is designated as a first client computer, the authentication microsystem module stores trusted authentication microsystems used for comparing data information of the server and the client computers, the server is simultaneously started when the client computers are started, after the client computers pass hardware trusted authentication, data pointer files of the client computers stored on the server are mapped to designated storage sectors of hard disks of the client computers, and the authentication microsystem module compares data of a trusted root system marked by the data pointer files with data of a trusted root system of a corresponding storage sector of the hard disk and carries out security authentication on the client computers;
The method comprises the steps that a server obtains data transmission state information of a first client computer, when the data transmission state of a template file of the first client computer is 100%, a transmission scheduling module of the server appoints the first client computer to send data to a next group of client computers in a computer group, the next group of client computers comprises at least two client computers needing to receive the data, when the data transmission state information of the template file of the client computers in the next group of client computers is 100%, appoints the client computers to send data to a next group of client computers, and appoints a group of client computers needing to receive the data as a new client computer receiving the data for the client computers which have completed sending the data, and starts to transmit the template file data to the client computers until the data transmission state information of the template file of all the client computers needing to transmit the data in the computer group is 100%.
2. The method of claim 1, wherein the network configuration state information of the client computer includes hardware device information of a CPU, a hard disk, a memory, and a network card of all the client computers in the computer group, and network connection state information including a computer client on-line state, a computer group state, an operating system state, and a waiting time period, the data transmission state information includes whether the transmitted data is 100%, and the transmission scheduling module designates one client computer to receive the data according to the performance of the computer hardware device information and the network connection state information.
3. The method of claim 2, wherein the transmission scheduling module selects the client computers for sending the specified data according to the priority order of the client computers on line, the network card speed high, the network type same, the operating system same, the received data 100%, in the same computer group, waiting time length, and the transmission scheduling module selects the client computers for receiving the specified data according to the priority order of the selection condition of the client computers on line, the network card speed high, the network type same, the operating system same, in the same computer group, waiting time length.
4. The method for securely transmitting data having a multi-stage high-speed structure according to claim 3, wherein said transmission scheduling module obtains computer group information of a first client computer that designates received data, further comprising confirming that the number of switch stages existing between said server and the first client computer is less than or equal to the number of switches between it and other client computers in the computer group;
The transmission scheduling module obtains 100% data transmission state information of other client computers except the first client computer, designates the client computer as a client computer for transmitting data, designates another client computer for receiving data as a next-stage client computer of the switch if a first-stage switch exists between the other client computer and the client computer for transmitting data, and when the number of the previous-stage client computers for completing data transmission is more than or equal to one, the next-stage client computer is not used as the client computer for transmitting data of the previous-stage client computer.
5. The method for securely transmitting data with multi-level high-speed structure of claim 4, comprising a local security authentication step, wherein said client computer receives 100% of template file data, starts up a local security authentication module after starting up an operating system, automatically detects security policy configuration in the client computer, if the security policy configuration is inconsistent with a preset security policy of a trusted root system stored in a server, the client computer is prohibited from starting up, said server records system security exception information of the computer, and redistributes other authenticated client computers as client computers transmitting data according to instructions, and transmits the system data to the client computer with security authentication exception, and after the client computer is restarted, the local security authentication module is restarted to perform local security authentication.
6. The method according to claim 5, wherein when the client computer receiving the data has not completed 100% of the data reception and the client computer transmitting the data has an abnormality, the transmission scheduling module waits for and designates another new client computer having completed 100% of the data reception as the client computer transmitting the data according to the selection condition priority order principle, and transmits the system data to the client computer receiving the data.
7. The method for securely transferring data with multi-level high-speed architecture as in claim 6, wherein said client computer's hard disk is provided with a local root system memory area and a local dynamic data memory area, said local root system memory area is a read-only memory area for loading template files of a root system from said server, said local dynamic data memory area is an active memory area for allowing said client computer to add or modify operations, said local root system memory area and said local dynamic data memory area data pointer files are stored in said server's data pointer memory module, and only data pointers marking the same memory sector data is transferred during data transfer.
8. The method of claim 7, wherein the authentication microsystem module is connected with an I/O control driver, the I/O control driver is configured to identify and schedule input/output signals, determine whether the trusted root system file data requested by the client computer exists in a designated sector of a local trusted root system storage area of the hard disk according to the data pointer file mapped by the authentication microsystem, if not, the server loads the requested trusted root system file data from the template file of the trusted root system into the designated sector, and stores the data pointer file after the loading in the data pointer storage module of the server, and if so, determine the next designated sector according to the data pointer file mapped by the authentication microsystem.
9. The data security transmission method with multi-stage high-speed structure according to claim 8, wherein the I/O control driver judges a new or modified operation of data of a local dynamic data storage area of a hard disk of the client computer, and transmits and stores a data pointer of a storage sector where the new or modified operation occurs to a data pointer storage module of the server.
10. The method of claim 9, wherein the server designates the first client computer to transmit data to the next group of client computers after completing 100% data transmission to the first client computer to form a first one-to-many transmission diffusion structure, wherein the service designates another first client computer to transmit data, and designates the other first client computer to transmit data to the other next group of client computers to receive data after completing 100% data transmission to the other first client computer to form a second one-to-many transmission diffusion structure, and wherein the client computers in the first one-to-many and second one-to-many transmission diffusion structures are not duplicated.
CN202411832324.1A 2024-12-12 2024-12-12 Data security transmission method with multi-level high-speed structure Pending CN119766508A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411832324.1A CN119766508A (en) 2024-12-12 2024-12-12 Data security transmission method with multi-level high-speed structure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411832324.1A CN119766508A (en) 2024-12-12 2024-12-12 Data security transmission method with multi-level high-speed structure

Publications (1)

Publication Number Publication Date
CN119766508A true CN119766508A (en) 2025-04-04

Family

ID=95190001

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411832324.1A Pending CN119766508A (en) 2024-12-12 2024-12-12 Data security transmission method with multi-level high-speed structure

Country Status (1)

Country Link
CN (1) CN119766508A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020022933A (en) * 2000-09-21 2002-03-28 박봉규 method of transmitting data in a pyramid propagation way by establishing a plurality of clients into a hierarchical connection and apparatus for the same
KR20040088438A (en) * 2004-09-17 2004-10-16 심영보 Method for multiple release of a software on client computers
US20040236863A1 (en) * 2003-05-23 2004-11-25 Microsoft Corporation Systems and methods for peer-to-peer collaboration to enhance multimedia streaming
CN106502927A (en) * 2016-10-26 2017-03-15 北京德普信科技有限公司 Trusted end-user is calculated and data inactivity security system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020022933A (en) * 2000-09-21 2002-03-28 박봉규 method of transmitting data in a pyramid propagation way by establishing a plurality of clients into a hierarchical connection and apparatus for the same
US20040236863A1 (en) * 2003-05-23 2004-11-25 Microsoft Corporation Systems and methods for peer-to-peer collaboration to enhance multimedia streaming
KR20040088438A (en) * 2004-09-17 2004-10-16 심영보 Method for multiple release of a software on client computers
CN106502927A (en) * 2016-10-26 2017-03-15 北京德普信科技有限公司 Trusted end-user is calculated and data inactivity security system and method

Similar Documents

Publication Publication Date Title
CN111522628B (en) Kubernetes cluster building deployment method, framework and storage medium based on OpenStack
US7209972B1 (en) High speed data transfer mechanism
US7216148B2 (en) Storage system having a plurality of controllers
US6654902B1 (en) Persistent reservation IO barriers
CN102622298B (en) Software testing system and method
US9917884B2 (en) File transmission method, apparatus, and distributed cluster file system
US20130282795A1 (en) Method And Apparatus for Web Based Storage On Demand
US8103754B1 (en) Reserving a shared volume in a multiple node data storage system
US8433772B2 (en) Automated tape drive sharing in a heterogeneous server and application environment
EP1117042A2 (en) Emulation of persistent group reservations
CN1983217A (en) Storage apparatus and control method for the same, and program
CA2177020A1 (en) Customer information control system and method in a loosely coupled parallel processing environment
US12346568B2 (en) Published file system and method
EP3311272A1 (en) A method of live migration
US7587506B2 (en) Computer system and data backup method in computer system
US5550973A (en) System and method for failure recovery in a shared resource system having a moving write lock
US20250181463A1 (en) Cost-effective, failure-aware resource allocation and reservation in the cloud
US7487269B2 (en) Apparatus, system, and method of connection grouping for multipath lock facility connection paths
US7359959B2 (en) Method and apparatus for using a USB cable as a cluster quorum device
CN119766508A (en) Data security transmission method with multi-level high-speed structure
US20060112303A1 (en) Local backup device with remote management capability and method for remote backup management
CN119766802A (en) High-speed transmission method between large-scale data clients
KR102128832B1 (en) Network interface apparatus and data processing method for network interface apparauts thereof
CN119766509A (en) Client data transmission method for security authentication
US20120246277A1 (en) Methods for transferring reserves when moving virtual machines across systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination