Secure Data Transmission System for Sensitive Data in Networked Environments

Abstract

ABSTRACT Secure Data Transmission System for Sensitive Data in Networked Environments A secure data transmission system is disclosed, designed to safeguard sensitive information during transmission in networked environments. The system employs a hybrid encryption model combining symmetric and asymmetric encryption, ensuring rapid encryption and secure key exchange. Integrated artificial intelligence (AI) models, including a combination of Long Short-Term Memory (LSTM) and Graph Neural Network (GNN), provide proactive threat detection by analyzing encrypted data flow, dynamically adjusting to network anomalies, and re-routing data to avoid compromised nodes. This system further supports real-time monitoring and adaptability to network conditions, ensuring secure, efficient, and compliant data transmission. The system facilitates confidentiality, integrity, and compliance with established privacy standards, thereby enhancing security for sectors requiring sensitive data transmission. Figure 2

Specification

Description:FIELD OF THE INVENTION
The present invention relates to secure data transmission techniques applicable across sectors handling sensitive information, such as healthcare, defense, finance, and government sectors, where data confidentiality, integrity, and security are paramount.

BACKGROUND OF THE INVENTION
In recent years, the secure transmission of sensitive data has become increasingly critical across various industries, particularly in sectors like healthcare, defense, finance, and government. As data exchange becomes more frequent and integral to these industries, sensitive information is at heightened risk of unauthorized access, data breaches, and interception during transmission. For instance, in the healthcare sector, patient data, which includes personal health records, diagnostic reports, and treatment plans, requires robust protection from unauthorized parties. Regulatory frameworks such as HIPAA in the United States and GDPR in the European Union enforce stringent data protection measures, emphasizing the importance of safeguarding sensitive information. Despite these regulations, the industry lacks uniform practices to adequately address threats to data security, leading to a growing demand for secure transmission methods that ensure confidentiality and integrity of data during transfer.

Prior art solutions in data transmission security primarily rely on encryption techniques that encode data to prevent unauthorized access. Commonly, these approaches use symmetric encryption, where a single key is shared for both encryption and decryption, or asymmetric encryption, where a public-private key pair is used. However, these conventional techniques face challenges, particularly in securely sharing encryption keys between sender and receiver over potentially insecure networks. This creates vulnerabilities that can be exploited by attackers intercepting the keys, resulting in unauthorized access to sensitive information. Additionally, conventional encryption methods are often applied in isolation, with minimal integration of advanced threat detection mechanisms, leaving networks vulnerable to sophisticated and emerging security threats.

Another limitation of existing methods is their lack of adaptability to real-time network conditions, which can impact the security and efficiency of data transmission. For example, network congestion, latency, and fluctuating bandwidth can introduce points of vulnerability in data transmission. Furthermore, traditional security solutions tend to adopt reactive measures, identifying and responding to threats only after they have compromised the network. This reactive approach to network security fails to adequately protect against persistent and evolving threats, such as man-in-the-middle attacks and network-based anomalies, which can occur dynamically and require immediate response to mitigate potential risks.

While some advancements have integrated intrusion detection systems (IDS) and firewalls, these components often work independently of the encryption process and lack a comprehensive threat response. IDS and firewalls alone are insufficient to handle the wide range of sophisticated cyber-attacks targeting sensitive data during transmission. These technologies primarily focus on known threats, leaving systems vulnerable to newly emerging attack vectors. The need for a more robust, proactive approach to data security has become increasingly evident as industries handle greater volumes of data, further underscoring the limitations of conventional methods.

Given the complex and dynamic nature of data transmission security, there is a clear need for an advanced solution that not only protects data integrity through encryption but also actively detects and responds to potential threats in real time. A system that can adapt to varying network conditions and implement proactive measures is essential for ensuring the safety of sensitive information, meeting regulatory compliance, and preventing costly data breaches and security incidents.

OBJECTS OF THE INVENTION
It is the primary object of the invention to provide a system for securely transmitting sensitive data using a hybrid encryption model.

It is another object of the invention to provide a system to detect and respond to threats in real-time, minimizing data interception risks.

It is yet another object of the invention to provide a system to ensure seamless data access control and transmission compliance with established privacy standards.

SUMMARY OF THE INVENTION
To meet the objects of the invention, it is disclosed here A secure data transmission system for sensitive information in networked environments, comprises: an encryption module; a threat detection module; a pre-processing unit; an authorization verification module; a path selection module; a dynamic response mechanism; and a decryption module, wherein the encryption module is configured to encrypt data using a hybrid encryption model combining symmetric encryption for high-speed data encryption and asymmetric encryption for secure key exchange, the threat detection module employs artificial intelligence (AI) models, wherein the AI models consist of a Long Short-Term Memory (LSTM) model for identifying anomalies in data transmission and a Graph Neural Network (GNN) for determining affected network segments upon threat detection, the pre-processing unit configured to format and transform encrypted data prior to AI-based threat detection, the authorization verification module verifies access credentials of recipients, ensuring data access only to authorized entities, the path selection module is configured to identify an optimal network path for data transmission by evaluating network parameters such as latency, bandwidth, and traffic conditions, thereby routing data through secure nodes, the dynamic response mechanism operatively connected to the threat detection module to implement re-routing of data upon detection of compromised nodes or anomalies, ensuring continuous secure data transmission, and the decryption module at the recipient end is configured to decrypt received data using the symmetric key post-authentication and authorization validation.

Further disclosed here a method for secure transmission of sensitive data in networked environments, comprising the steps of: encrypting data using a hybrid encryption approach, wherein symmetric encryption is employed for data encryption and asymmetric encryption is employed for secure key exchange; pre-processing the encrypted data for compatibility with AI-based threat detection models; applying a combination of LSTM and GNN models to detect anomalies in data transmission and identify affected network segments upon anomaly detection; validating the authorization credentials of the intended recipient prior to data transmission; determining an optimal path for data transmission by analyzing network metrics, including latency and traffic conditions, and routing data through secure nodes; dynamically re-routing data transmission to avoid compromised nodes or segments in response to detected threats; and decrypting the transmitted data at the recipient end after successful authorization verification, using the symmetric encryption key.

BRIEF DESCRIPTION OF THE FIGURES
Figure 1 is a block diagram showing the data transmission model.
Figure 2 is a block diagram that illustrates Secure Data Transmission using Hybrid model.

DETAILED DESCRIPTION OF THE INVENTION
The secure transmission of the data in the health sector is extremely significant has it contained highly sensitive data of the patient. The patient data like medical records, treatment plans, scan reports, personal details, doctor's detail etc., should not be accessed by the third party or by the man in the middle attack. To preserve patient and healthcare service provider assurance, patient's medical histories, prescription list, and diagnosed report must be treated with the highest security. The patient's data needs to be protected from the attackers and should be transmitted securely where the hackers or third party will not be able to steal the data.

The secure data transmission model (Figure 1) has been designed to transfer the sensitive data of patient. In this model the data will be transferred from sender to receiver. The data from the sender will be encrypted using symmetric encryption technique where the encryption uses same key for the encryption and the decryption assuring the data is only accessible to the authorised user with the right key. The data is transferred in its encrypted state after encryption. This makes sure that the data is uncertain by unauthorised parties where the data is intercepted. After the data has been encrypted the data is taken for pre-processing where it involves cleaning, formatting or transforming the encrypted data to the next process. Then the pre-processed data is fed into the ANN model. The main role of the model is to detect the anomalies and block those threats for the safe transmission of data. The model helps to ensure that only authorised users are able to access the system by validating the credentials or access permissions of users. Once the data has been processed by the model go through the Authorization check. This step ensures that the recipient has the necessary credentials or accessibility rights for the sent data. And then the receiver will authenticate themselves through login process by providing valid credentials for obtaining the access of the sensitive data. After the verification of the authentication process the encrypted data will be finally decrypted by using the same key that was used for the encryption. Finally, the data has been accessed by the receiver.

The model used for training the dataset would be able to work for small quantity of data and not designed to handle temporal or sequential data, such network traffic over time. Instead of using the existing model, the disclosed hybrid model (LSTM and GNN) will be used for secure data transmission. Hybrid model allows you to identify the risk throughout the network within a short span of time. A secure and absolute threat detection system is the result of this model. After LSTM detects a threat, GNN can assist in determining which network segments are impacted and recommend the best course of action, such as re-routing the traffic through secure nodes.

This approach starts with data that needs to be secure and will be transmitted from sender to the receiver using encryption process. During encryption, a symmetric key is generated. Large volumes of data can be encrypted quickly and efficiently with symmetric encryption, but secure key sharing between the sender and recipient is required. In this model (Figure 2) it is used a hybrid encryption for encrypting the data. In the medical industry, utilising a hybrid encryption model that combines AES (Advanced Encryption Standard) and RSA (Rivest-Shamir-Adleman) has several key advantages, particularly when it comes to protecting sensitive data like patient data and medical device communication. This approach reduces the possibility of data breaches and guarantees that data is not altered during transmission by using RSA to assure secure key exchanges and AES to encrypt the patient data. The bulk amounts of medical data are frequently found in imaging files (such as MRI and CT scans) and electronic health records (EHRs). The immense datasets can be quickly encrypted and decrypted using AES, which maintains data security without degrading system speed.

When an individual's medical information is transferred over public network for e-health applications, hybrid encryption guarantees safe communication between clinician and patient. The secure encryption for both moving and resting data is provided by the disclosed paradigm, which helps assure compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA), which instructs that patient data can be protected during transmission and storage.

After the encryption the data will reach the network traffic source using TCP protocols. Data security is achieved by various components such as network tapes, firewalls, intrusion detection systems (IDS), and routers. Then data pre-processing is performed on the encrypted data. This model is powered by AI, that receives encrypted data and employs machine learning models.

This approach guarantees that the threats are identified more accurately and detected early by analysing their potential effects on the network and suspicious traffic patterns. This approach validates flexible and dynamic responses to dangers. The data transmission is re-routed to avoid compromised nodes which detect an anomaly, guaranteeing safe connectivity during an attack. This system is scaled to secure and monitor complex networks in real time using this model. This is particularly crucial for industries like healthcare, where networks may include a large number of linked devices and private patient information. Network administrators may now see the entire picture of threat propagation, including the origin of an attack, its path of propagation, and the compromised nodes and connections. It improves the system's capacity to more successfully control and mitigate threats. This combination enables proactive threat detection, which expects potential future threats' locations and methods used for detecting the current threats. As a result, proactive actions replace reactive ones in greater numbers. This approach aids in the defence against long-term, covert threats that conventional models will overlook. Critical assets are protected by the early identification and containment using this approach.

After training the data has been sent for an optimal network path for data transmission. In order to make sure the path is safe and optimal; the system finds an accessible path and assesses its metrics. This feeds back into the AI system. After analysing the computation cost of the network path, the expense may be associated with network traffic condition, bandwidth, or latency. This system routes the possible paths and associated costs for the transmission. The purpose of this ranking is to select the best route and path for data verification during transmission. This system returns to re-evaluating and selecting a better path if the path that was chosen is not optimal or if a problem is found. Once the secure path has been selected the data is decrypted and then securely transmitted to the receiver. The data arrives at the recipient once it has been transferred. The symmetric key is used by the recipient to decrypt the data and restore the original raw data.

This invention enables proactive threat detection, supporting a preemptive security strategy against potential threats. Additionally, the system's adaptability and scalability allow it to handle complex, real-time data transmission needs across multiple sectors.
 
, Claims:We Claim:

1. A secure data transmission system for sensitive information in networked environments, comprises:
an encryption module;
a threat detection module;
a pre-processing unit;
an authorization verification module;
a path selection module;
a dynamic response mechanism; and
a decryption module,
wherein the encryption module is configured to encrypt data using a hybrid encryption model combining symmetric encryption for high-speed data encryption and asymmetric encryption for secure key exchange, the threat detection module employs artificial intelligence (AI) models, wherein the AI models consist of a Long Short-Term Memory (LSTM) model for identifying anomalies in data transmission and a Graph Neural Network (GNN) for determining affected network segments upon threat detection, the pre-processing unit configured to format and transform encrypted data prior to AI-based threat detection, the authorization verification module verifies access credentials of recipients, ensuring data access only to authorized entities, the path selection module is configured to identify an optimal network path for data transmission by evaluating network parameters such as latency, bandwidth, and traffic conditions, thereby routing data through secure nodes, the dynamic response mechanism operatively connected to the threat detection module to implement re-routing of data upon detection of compromised nodes or anomalies, ensuring continuous secure data transmission, and the decryption module at the recipient end is configured to decrypt received data using the symmetric key post-authentication and authorization validation.

2. The system as claimed in claim 1, wherein the encryption module utilizes Advanced Encryption Standard (AES) for symmetric encryption to encrypt large datasets efficiently, and Rivest-Shamir-Adleman (RSA) for asymmetric encryption to secure key exchange between sender and receiver.

3. The system as claimed in claim 1, wherein the threat detection module utilizes the LSTM model to analyze network traffic patterns in real-time and detect any deviations or anomalies indicative of potential threats.

4. The system as claimed in claim 1, wherein the Graph Neural Network (GNN) within the threat detection module assists in identifying compromised nodes or pathways in the network based on detected anomalies, enabling targeted responses to isolate or reroute around affected segments.

5. The system as claimed in claim 1, wherein the path selection module comprises a feedback mechanism configured to dynamically reassess and adjust selected network paths based on changing network conditions, thereby optimizing transmission security and efficiency.

6. A method for secure transmission of sensitive data in networked environments, comprising the steps of:
encrypting data using a hybrid encryption approach, wherein symmetric encryption is employed for data encryption and asymmetric encryption is employed for secure key exchange;
pre-processing the encrypted data for compatibility with AI-based threat detection models;
applying a combination of LSTM and GNN models to detect anomalies in data transmission and identify affected network segments upon anomaly detection;
validating the authorization credentials of the intended recipient prior to data transmission;
determining an optimal path for data transmission by analyzing network metrics, including latency and traffic conditions, and routing data through secure nodes;
dynamically re-routing data transmission to avoid compromised nodes or segments in response to detected threats; and
decrypting the transmitted data at the recipient end after successful authorization verification, using the symmetric encryption key.

7. The method as claimed in claim 6, wherein the step of encryption involves utilizing Advanced Encryption Standard (AES) for the encryption of bulk data, while Rivest-Shamir-Adleman (RSA) is used to manage secure symmetric key distribution between sender and receiver.

8. The method as claimed in claim 6, wherein the step of anomaly detection includes analyzing temporal patterns in network traffic to proactively identify deviations that may indicate potential security threats.

9. The method as claimed in claim 6, wherein, upon detection of a compromised node, the system activates the dynamic response mechanism to re-route data transmission paths, ensuring continued secure data delivery without interruption.

10. The method as claimed in claim 6, wherein the path selection step includes a ranking mechanism to select the most optimal and secure route based on a weighted analysis of network performance metrics, including real-time bandwidth and latency, thereby enhancing overall transmission security and efficiency.

Documents