To solve the data leakage problem of data plane in Software Defined Network (SDN), a new data security processing mechanism based on OpenFlow protocol was proposed. Firstly, the flow table structure of OpenFlow protocol was reconstructed, the OpenFlow data security policies including safe matching fields, safe actions were designed and implemented. Secondly, a centralized management controller was designed to sense changes in the network in a timely manner through the development of multiple functional modules, which effectively controlled the global network, maintained and distributed data encryption/decryption keys and data security policies. Thirdly, the open virtual switch OVS (Open vSwitch) architecture was reconstructed deeply, the complete process including data security strategy matching and data security processing was designed, and the extraction interface of data payload information was programmed. Through the development of multiple functional modules, OVS can match the data packets according to the fine-grained granularity of data security policies, and perform complete data security processing operations on matched data packets. Finally, by building the hardware and software platform, the results of the encryption and decryption mechanisms, and the time delay, throughput and CPU utilization rate were tested and compared. The experimental results show that the proposed mechanism can accurately operate data encryption and decryption. The latency and throughput of the proposed mechanism are at normal levels, but its CPU usage rate is between 45% and 60%, which indicates that it needs to be optimized furtherer.