CN102571771B - Safety authentication method of cloud storage system - Google Patents
Safety authentication method of cloud storage system Download PDFInfo
- Publication number
- CN102571771B CN102571771B CN201110444484.5A CN201110444484A CN102571771B CN 102571771 B CN102571771 B CN 102571771B CN 201110444484 A CN201110444484 A CN 201110444484A CN 102571771 B CN102571771 B CN 102571771B
- Authority
- CN
- China
- Prior art keywords
- user
- access
- client
- return
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a safety authentication method of a cloud storage system, belonging to the field of storage technology and information security technology of computers. The method solves the problems that the existing safety authentication methods are complex in authentication process and great in authentication consumption, and aims at providing simple, flexible and efficient authentication with high expandability and high safety for service safety of a cloud storage system, so as to prevent invasion of external or internal attackers to the storage system. The method comprises a client process, an authentication end progress and a storage end progress; the client loads the user identifiers of all login users, and the authentication end loads an access control library. The method checks whether the operation authorization of the user is legal by calculating the verifying identifier, the storage end does not need to maintain the access control library any longer, and verification on the access request of the user can be completed with simple calculation, thereby greatly reducing expense of the storage system on access control, and providing flexible, safe, reliable and efficient file access for users having operation authorization in the large-scale cloud storage system.
Description
Technical field
The invention belongs to computer memory technical and field of information security technology, be specifically related to a kind of safety certifying method of cloud storage system.
Background technology
Cloud storage system is that cloud storage system, to user, does not refer to some concrete equipment, and refers to an aggregate being made up of many memory devices and server in the conceptive extension of cloud computing and a development new concept out.The safety of cloud storage system, basic target is to guarantee storage and the safety of visit data, so carrying out before authorized user visit data, cloud storage system should authenticate this user's identity.In the time that user accesses a data object, by inquire about the Access Control List (ACL) of this data object in certification end, if can find this user's access control entry, and while thering is the authority of solicit operation, just can authorize user accesses data, otherwise refusal user's request.Under the environment of cloud storage system, storage end direct-connected in complicated customer network to obtain the high concurrency of system, therefore, certification end and storage end all need the access rights of authentication of users to file.
How to provide have simple, flexibly, the authentication of efficient, enhanced scalability and high security, become the purpose of design of cloud storage system safety certification.The safety certifying method of existing cloud storage system, storage end and certification end must safeguard that same list of access rights carrys out authentication of users whether file is had to access rights.In the time that user and quantity of documents sharply rise, will inevitably produce the Access Control List (ACL) of huge information content, certification end and storage end need to spend great network control expense and go to safeguard same list of access rights, guarantee that the information of access rights is consistent; Meanwhile, the time complexity of queried access control list can increase and increase along with the information content of Access Control List (ACL).
Below the explanation of nouns in the present invention:
Action type, comprises " reading ", " writing " and " deletion ", with string representation;
Access control storehouse is the database that records the Access Control List (ACL) of All Files;
Access Control List (ACL) is the list of all access control entries of corresponding a file;
Access control entry, represents the access rights of designated user to file;
Access rights are the set that combined by different action types; For example { " reading ", " writing " }, { " writing ", " deletion " };
Access control string is the character string that user ID, file identification and access rights connect and compose;
Access tickets is that certification end is the binary data that user's file operation requests calculates;
Checking bill is the binary data that storage end calculates for user's user access request;
Expired time point, is the expired time of access tickets, exceedes corresponding access tickets of this time and loses efficacy;
Global secret is the secret binary data that certification end and storage end are shared;
Escape way, is to make communicating pair obtain safely common key by the mode of key agreement, carrys out coded communication message and guarantee the safety of communication information transmission with this key.
Summary of the invention
The present invention proposes a kind of safety certifying method of cloud storage system, solve verification process complexity, the huge problem of authentication consumption that existing safety certifying method exists, for cloud storage system service safe provide simply, flexibly, the authentication of efficient, enhanced scalability and high security, prevent outside or the person of the internaling attack intrusion to storage system.
The safety certifying method of a kind of cloud storage system of the present invention, comprises client process, certification end process and storage end process; Client is loaded the user ID of all login user, and access control storehouse is loaded in certification end; After startup, client, certification end, storage end connect respectively each other between two, between certification end and storage end, set up escape way;
It is characterized in that:
A. described client process, comprises the steps:
(A1) client generates an access request sequence number R0 at random, send to storage end, wait the return information of end to be stored, receive after the return information of storage end, judge that whether sequence number storage successfully indicates this information, is to go to step (A2); Otherwise go to step (A1);
(A2) wait for that user initiates file operation requests, receive after file operation requests, go to step (A3);
Wherein, file operation requests comprises user ID, file identification and action type, and action type comprises " reading ", " writing " and " deletion ";
(A3) submitting file operation requests to certification end, then judge whether certification end returns to user rs authentication result, is cache user the result, goes to step (A4); Otherwise forbid user's file operation requests, go to step (A2);
Wherein, user rs authentication result comprises access tickets TK, expired time point ET and access control string V;
(A4) judge whether current time exceedes the expired time point ET in user rs authentication result, is to delete this user rs authentication result, goes to step (A3); Otherwise generate an access request sequence number R1 of synchronizeing with storage end, user's the result, calculates access identities TG:
TG=H(TK,R1,V);
Wherein, H () represents the variable uses hash algorithm in bracket to calculate, and goes to step (A5);
(A5) by access identities TG, access character string V, expired time point ET and file operation requests composition user access request, send to storage end, then the information type that judgement storage end returns: desired data, return to request desired data to user, delete this user rs authentication result, go to step (A2); Ask expiredly, go to step (A4); Denied access, the file operation requests of forbidding user, deletes this user rs authentication result, goes to step (A2);
Wherein, storage end return information is divided into desired data, asks expired and denied access;
B. described certification end process comprises the steps:
(B1) certification end generates a global secret K at random, sends global secret K by escape way to storage end; Etc. the return information of end to be stored, receive the return information of storage end, judge whether global secret storage successfully indicates this information, is to carry out step (B2), goes to step (B4) simultaneously; Otherwise go to step (B1);
(B2), after stand-by period T, go to step (B3); T=0.01 second~1 year, by default;
(B3) generate at random a new global secret, then submit replacing key request by escape way to storage end, change key request and comprise new global secret; Judge whether key updating successfully indicates the information that storage end returns, and is to use new global secret to replace former global secret, goes to step (B3) after stand-by period T; Otherwise go to step (B3);
(B4) file operation requests of wait client, receive after the file operation requests that client submits, whether the Access Control List (ACL) that the file identification in use file operation requests is searched corresponding document in access control storehouse exists, and is to go to step (B5); Otherwise return to denied access to client, go to step (B4);
(B5) whether the access control entry that uses user ID in file operation requests to search relative users in Access Control List (ACL) exists, and is to go to step (B6); Otherwise return to denied access to client, go to step (B4);
(B6) judging the whether subset of access rights in access control entry of action type in file operation requests, is that user has the authority of access file, goes to step (B7); Otherwise user does not have the authority of access file, returns to denied access to client, go to step (B4);
(B7) certification end is connected the access rights in user ID, file identification and access control entry as access control string V, chooses expired time point ET, calculates access tickets TK:
TK=H(K,V,ET);
By TK, ET and V composition user rs authentication result, return to client by escape way; Go to step (B4);
C. described storage end process comprises the steps:
(C1) wait for that certification end sends global secret K, receive the global secret K that certification end sends, buffer memory global secret K also judges whether to store successfully, is to return to global secret storage successfully to indicate to certification end, go to step (C2), go to step (C3) simultaneously; Otherwise return to global secret storage failure flags to certification end, go to step (C1);
(C2) wait for that certification end sends replacing key request, receive and change after key request, use the new global secret of changing in key request to replace former global secret; Judge whether global secret is updated successfully, and is to be updated successfully mark to certification end " return " key", goes to step (C2); Otherwise upgrade failure flags to certification end " return " key", go to step (C2);
(C3) wait for the access request sequence number R0 that client sends, receive after the access request sequence number R0 of client transmission, by its buffer memory and judge whether to store successfully, be to return to sequence number storage to client successfully to indicate, go to step (C4); Otherwise return to sequence number storage failure flags to client, go to step (C3);
(C4) wait for the user access request of client, receive after the user access request that client submits, extract the action type of file operation requests in user access request, and extract the access rights that in user access request, access control string comprises; Then judging the whether subset of access rights of this action type, is that user has the authority of access file, goes to step (C5); Otherwise return to denied access to client, go to step (C4);
(C5) judging whether current time exceedes the expired time point ET in user access request, is that to return to client-requested expired, goes to step (C4); Otherwise go to step (C6);
(C6) storage end generates an access request sequence number R1 of synchronizeing with client; Use access control string V, expired time point ET in global secret K and user access request to calculate checking bill TK ':
TK’=H(K,V,ET),
Use access request sequence number R1, calculate checking mark TG ':
TG’=H(TK’,R1,V);
Go to step (C7);
(C7) judge whether the access identities TG in checking mark TG ' and user access request equates, is to return to respective request desired data according to the file operation requests in user access request to user, goes to step (C4); Otherwise return to denied access to client, go to step (C4).
Use time of the present invention, in the time that storage end is received the access request from user, whether legally verify that by calculating mark is carried out the operating right of inspection user, therefore make storage end no longer need maintenance access control storehouse, user access request is verified to simple computation and just can completes, reduced dramatically the expense of storage system for access control; Simultaneously, guaranteeing to transmit under the confidentiality prerequisite of confidentiality in access tickets process and shared global secret, the present invention is for the user in extensive cloud storage system with operating right provides flexible, safe, reliable and efficient file access, also can effectively stop have no right, unauthorized user or internal-external assailant's access and attack.
Accompanying drawing explanation
Fig. 1 is schematic flow sheet of the present invention;
Fig. 2 is client process schematic diagram;
Fig. 3 is certification end process schematic diagram;
Fig. 4 is storage end process schematic diagram;
Fig. 5 is work flow sequential chart.
Embodiment
The invention describes a kind of safety certifying method and realization of cloud storage system, and realize in a kind of distributed file system.
Below in conjunction with embodiment and accompanying drawing, the present invention is further described.
As shown in Figure 1, embodiments of the invention, comprise client process, certification end process and storage end process, operate in respectively on client host, certification end main frame and the storage end main frame of distributed file system; Client is loaded the user ID of all login user, and access control storehouse is loaded in certification end;
A. as shown in Figure 2, described client process, comprises the steps:
(A1) client generates an access request sequence number R0 at random, send to storage end, wait the return information of end to be stored, receive after the return information of storage end, judge that whether sequence number storage successfully indicates this information, is to go to step (A2); Otherwise go to step (A1);
(A2) wait for that user initiates file operation requests, receive after file operation requests, go to step (A3);
Wherein, file operation requests is divided into five fields, is command number, order length successively, user ID, and file identification and action type, action type comprises " reading ", " writing " and " deletion "; The form of file operation requests is as follows:
| Command number | Order length | User ID | File identification | Action type |
Command number is set to code name corresponding to file operation requests, order length is set to the length of file operation requests, user ID is set to user ID, and file identification is set to filename, and action type is set to corresponding action type; Mail to after setting completed certification end;
(A3) submitting file operation requests to certification end, then judge whether certification end returns to user rs authentication result, is cache user the result, goes to step (A4); Otherwise forbid user's file operation requests, go to step (A2);
Wherein, user rs authentication result comprises access tickets TK, expired time point ET and access control string V;
(A4) judge whether current time exceedes the expired time point ET in user rs authentication result, is to delete this user rs authentication result, goes to step (A3); Otherwise generate an access request sequence number R1 of synchronizeing with storage end, user's the result, calculates access identities TG:
TG=H(TK,R1,V);
Wherein, H () represents the variable uses hash algorithm in bracket to calculate, and goes to step (A5);
(A5) by access identities TG, access character string V, expired time point ET and file operation requests composition user access request, send to storage end, then the information type that judgement storage end returns: desired data, return to request desired data to user, delete this user rs authentication result, go to step (A2); Ask expiredly, go to step (A4); Denied access, the file operation requests of forbidding user, deletes this user rs authentication result, goes to step (A2);
Wherein, storage end return information is divided into desired data, asks expired and denied access;
Wherein, user access request is divided into seven fields, is command number, order length, expired time point, access identities, access control string length, access control string and file operation requests successively, and the form of user access request is as follows:
| Command number | Order length | Expired time point | Access identities | Access control string length | Access control string | File operation requests |
Command number is set to code name corresponding to user access request, order length is set to the length of user access request, expired time point is set to corresponding expired time point, access identities is set to corresponding access identities, access control string length is set to corresponding access control string length, access control tandem arrangement is corresponding access control string, and file operation requests is set to corresponding file operation requests; Mail to after setting completed client;
B. as shown in Figure 3, described certification end process comprises the steps:
(B1) certification end generates a global secret K at random, sends global secret K by escape way to storage end; Etc. the return information of end to be stored, receive the return information of storage end, judge whether global secret storage successfully indicates this information, is to carry out step (B2), goes to step (B4) simultaneously; Otherwise go to step (B1);
(B2), after stand-by period T=24h, go to step (B3);
Time T is by default, span 0.01 second~1 year, and T is the cycle time that represents to change global secret, the less replacing global secret of T value is more frequent; When system is during in unstable or unsafe condition, T value is little; When system is during in stable or safe state, T is can value large;
(B3) generate at random a new global secret, then submit replacing key request by escape way to storage end, change key request and comprise new global secret; Judge whether key updating successfully indicates the information that storage end returns, and is to use new global secret to replace former global secret, goes to step (B3) after stand-by period T; Otherwise go to step (B3);
(B4) file operation requests of wait client, receive after the file operation requests that client submits, whether the Access Control List (ACL) that the file identification in use file operation requests is searched corresponding document in access control storehouse exists, and is to go to step (B5); Otherwise return to denied access to client, go to step (B4);
File identification uses filename to represent, uses filename to search access control storehouse, and for example lookup result is following Access Control List (ACL):
| 102 | { " reading " } |
| 501 | { " reading ", " writing " } |
| 502 | { " writing ", " deletion " } |
Wherein, first row represents user ID, and secondary series represents access rights; The user that for example user ID is 501 is { " reading ", " writing " } to the access rights of file;
(B5) whether the access control entry that uses user ID in file operation requests to search relative users in Access Control List (ACL) exists, and is to go to step (B6); Otherwise return to denied access to client, go to step (B4);
(B6) judging the whether subset of access rights in access control entry of action type in file operation requests, is that user has the authority of access file, goes to step (B7); Otherwise user does not have the authority of access file, returns to denied access to client, go to step (B4);
User ID user ID represents, for example user ID is 501, action type is " writing ", access control entry corresponding to this user is { 501 so, { " reading ", " writing " } }, it is access rights { " reading " that action type " is write ", " write " } a subset, so this user has the authority of access file;
(B7) certification end is connected the access rights in user ID, file identification and access control entry as access control string V, chooses expired time point ET, calculates access tickets TK:
TK=H(K,V,ET);
By TK, ET and V composition user rs authentication result, return to client by escape way; Go to step (B4);
Wherein, user rs authentication result is divided into six fields, is command number, order length, expired time point ET, access tickets TK, access control string length and access control string V successively, and the form of user rs authentication result is as follows:
| Command number | Order length | Expired time point | Access tickets | Access control string length | Access control string |
Command number is set to code name corresponding to user rs authentication result, order length is set to the length of user rs authentication result, expired time point is set to corresponding expired time point, and access tickets is set to corresponding access tickets, and access control string length is set to corresponding access control string length; Corresponding access control string is put in access control displacement; Mail to after setting completed client;
C. as shown in Figure 4, described storage end process comprises the steps:
(C1) wait for that certification end sends global secret K, receive the global secret K that certification end sends, buffer memory global secret K also judges whether to store successfully, is to return to global secret storage successfully to indicate to certification end, go to step (C2), go to step (C3) simultaneously; Otherwise return to global secret storage failure flags to certification end, go to step (C1);
(C2) wait for that certification end sends replacing key request, receive and change after key request, use the new global secret of changing in key request to replace former global secret; Judge whether global secret is updated successfully, and is to be updated successfully mark to certification end " return " key", goes to step (C2); Otherwise upgrade failure flags to certification end " return " key", go to step (C2);
(C3) wait for the access request sequence number R0 that client sends, receive after the access request sequence number R0 of client transmission, by its buffer memory and judge whether to store successfully, be to return to sequence number storage to client successfully to indicate, go to step (C4); Otherwise return to sequence number storage failure flags to client, go to step (C3);
(C4) wait for the user access request of client, receive after the user access request that client submits, extract the action type of file operation requests in user access request, and extract the access rights that in user access request, access control string comprises; Then judging the whether subset of access rights of this action type, is that user has the authority of access file, goes to step (C5); Otherwise return to denied access to client, go to step (C4);
(C5) judging whether current time exceedes the expired time point ET in user access request, is that to return to client-requested expired, goes to step (C4); Otherwise go to step (C6);
(C6) storage end generates an access request sequence number R1 of synchronizeing with client; Use access control string V, expired time point ET in global secret K and user access request to calculate checking bill TK ':
TK’=H(K,V,ET),
Use access request sequence number R1, calculate checking mark TG ':
TG’=H(TK’,R1,V);
Go to step (C7);
(C7) judge whether the access identities TG in checking mark TG ' and user access request equates, is to return to respective request desired data according to the file operation requests in user access request to user, goes to step (C4); Otherwise return to denied access to client, go to step (C4).
Fig. 5 is work flow sequential chart, and in figure, the longitudinal axis represents time sequencing from top to bottom.
Claims (1)
1. a safety certifying method for cloud storage system, comprises client process, certification end process and storage end process; Client is loaded the user ID of all login user, and access control storehouse is loaded in certification end; After startup, client, certification end, storage end connect respectively each other between two, between certification end and storage end, set up escape way;
It is characterized in that:
A. described client process, comprises the steps:
(A1) client generates an access request sequence number R0 at random, send to storage end, wait the return information of end to be stored, receive after the return information of storage end, judge that whether sequence number storage successfully indicates this information, is to go to step (A2); Otherwise go to step (A1);
(A2) wait for that user initiates file operation requests, receive after file operation requests, go to step (A3);
Wherein, file operation requests comprises user ID, file identification and action type, and action type comprises " reading ", " writing " and " deletion ";
(A3) submitting file operation requests to certification end, then judge whether certification end returns to user rs authentication result, is cache user the result, goes to step (A4); Otherwise forbid user's file operation requests, go to step (A2);
Wherein, user rs authentication result comprises access tickets TK, expired time point ET and access control string V;
(A4) judge whether current time exceedes the expired time point ET in user rs authentication result, is to delete this user rs authentication result, goes to step (A3); Otherwise generate an access request sequence number R1 of synchronizeing with storage end, user's the result, calculates access identities TG:
TG=H(TK,R1,V);
Wherein, H () represents the variable uses hash algorithm in bracket to calculate, and goes to step (A5);
(A5) by access identities TG, access character string V, expired time point ET and file operation requests composition user access request, send to storage end, then the information type that judgement storage end returns: desired data, return to request desired data to user, delete this user rs authentication result, go to step (A2); Ask expiredly, go to step (A4); Denied access, the file operation requests of forbidding user, deletes this user rs authentication result, goes to step (A2);
Wherein, storage end return information is divided into desired data, asks expired and denied access;
B. described certification end process comprises the steps:
(B1) certification end generates a global secret K at random, sends global secret K by escape way to storage end; Etc. the return information of end to be stored, receive the return information of storage end, judge whether global secret storage successfully indicates this information, is to carry out step (B2), goes to step (B4) simultaneously; Otherwise go to step (B1);
(B2), after stand-by period T, go to step (B3); T=0.01 second~1 year, by default;
(B3) generate at random a new global secret, then submit replacing key request by escape way to storage end, change key request and comprise new global secret; Judge whether key updating successfully indicates the information that storage end returns, and is to use new global secret to replace former global secret, then after stand-by period T, goes to step (B3); Otherwise go to step (B3);
(B4) file operation requests of wait client, receive after the file operation requests that client submits, whether the Access Control List (ACL) that the file identification in use file operation requests is searched corresponding document in access control storehouse exists, and is to go to step (B5); Otherwise return to denied access to client, go to step (B4);
(B5) whether the access control entry that uses user ID in file operation requests to search relative users in Access Control List (ACL) exists, and is to go to step (B6); Otherwise return to denied access to client, go to step (B4);
(B6) judging the whether subset of access rights in access control entry of action type in file operation requests, is that user has the authority of access file, goes to step (B7); Otherwise user does not have the authority of access file, returns to denied access to client, go to step (B4);
(B7) certification end is connected the access rights in user ID, file identification and access control entry as access control string V, chooses expired time point ET, calculates access tickets TK:
TK=H(K,V,ET);
By TK, ET and V composition user rs authentication result, return to client by escape way; Go to step (B4);
C. described storage end process comprises the steps:
(C1) wait for that certification end sends global secret K, receive the global secret K that certification end sends, buffer memory global secret K also judges whether to store successfully, is to return to global secret storage successfully to indicate to certification end, go to step (C2), go to step (C3) simultaneously; Otherwise return to global secret storage failure flags to certification end, go to step (C1);
(C2) wait for that certification end sends replacing key request, receive and change after key request, use the new global secret of changing in key request to replace former global secret; Judge whether global secret is updated successfully, and is to be updated successfully mark to certification end " return " key", goes to step (C2); Otherwise upgrade failure flags to certification end " return " key", go to step (C2);
(C3) wait for the access request sequence number R0 that client sends, receive after the access request sequence number R0 of client transmission, by its buffer memory and judge whether to store successfully, be to return to sequence number storage to client successfully to indicate, go to step (C4); Otherwise return to sequence number storage failure flags to client, go to step (C3);
(C4) wait for the user access request of client, receive after the user access request that client submits, extract the action type of file operation requests in user access request, and extract the access rights that in user access request, access control string comprises; Then judging the whether subset of access rights of this action type, is that user has the authority of access file, goes to step (C5); Otherwise return to denied access to client, go to step (C4);
(C5) judging whether current time exceedes the expired time point ET in user access request, is that to return to client-requested expired, goes to step (C4); Otherwise go to step (C6);
(C6) storage end generates an access request sequence number R1 of synchronizeing with client; Use access control string V, expired time point ET in global secret K and user access request to calculate checking bill TK':
TK’=H(K,V,ET),
Use access request sequence number R1, calculate checking mark TG ':
TG'=H(TK’,R1,V);
Go to step (C7);
(C7) judge whether the access identities TG in checking mark TG' and user access request equates, is to return to respective request desired data according to the file operation requests in user access request to user, goes to step (C4); Otherwise return to denied access to client, go to step (C4).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110444484.5A CN102571771B (en) | 2011-12-23 | 2011-12-23 | Safety authentication method of cloud storage system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110444484.5A CN102571771B (en) | 2011-12-23 | 2011-12-23 | Safety authentication method of cloud storage system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102571771A CN102571771A (en) | 2012-07-11 |
| CN102571771B true CN102571771B (en) | 2014-06-04 |
Family
ID=46416247
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110444484.5A Active CN102571771B (en) | 2011-12-23 | 2011-12-23 | Safety authentication method of cloud storage system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571771B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103077337B (en) * | 2013-01-09 | 2015-09-16 | 大唐移动通信设备有限公司 | User right method of calibration and device |
| CN104216907B (en) * | 2013-06-02 | 2018-12-18 | 上海诺基亚贝尔股份有限公司 | It is a kind of for providing the method, apparatus and system of Access and control strategy of database |
| JP6175679B2 (en) * | 2013-10-16 | 2017-08-09 | 株式会社 日立産業制御ソリューションズ | Business management system |
| CN104092652B (en) * | 2013-12-25 | 2017-08-01 | 腾讯数码(天津)有限公司 | Data handling system and method |
| WO2015149309A1 (en) * | 2014-04-02 | 2015-10-08 | 华为终端有限公司 | Data processing method and terminal |
| CN104980401B (en) * | 2014-04-09 | 2018-05-01 | 北京亿赛通科技发展有限责任公司 | Nas server date safety storing system, secure storage and read method |
| US10223363B2 (en) * | 2014-10-30 | 2019-03-05 | Microsoft Technology Licensing, Llc | Access control based on operation expiry data |
| CN104331346B (en) * | 2014-11-21 | 2017-08-25 | 四川神琥科技有限公司 | A kind of data guard method |
| CN105007279B (en) * | 2015-08-04 | 2018-11-27 | 北京百度网讯科技有限公司 | Authentication method and Verification System |
| CN106487856A (en) * | 2015-09-01 | 2017-03-08 | 天脉聚源(北京)科技有限公司 | A kind of method and system of network file storage |
| CN107332836B (en) * | 2017-06-27 | 2021-04-23 | 张海洋 | Data sharing method and device |
| CN108737377A (en) * | 2018-04-17 | 2018-11-02 | 深圳市网心科技有限公司 | Data guard method, server and computer readable storage medium |
| TWI698754B (en) * | 2018-05-29 | 2020-07-11 | 普安科技股份有限公司 | Method for managing the access authority to cloud storage and the system therefor |
| CN117371030A (en) * | 2023-09-27 | 2024-01-09 | 上海嗨普智能信息科技股份有限公司 | Multi-tenant limited access object storage method and management system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050246311A1 (en) * | 2004-04-29 | 2005-11-03 | Filenet Corporation | Enterprise content management network-attached system |
| CN102263804A (en) * | 2010-05-26 | 2011-11-30 | 中华电信股份有限公司 | cloud storage system and method |
| CN102281314A (en) * | 2011-01-30 | 2011-12-14 | 程旭 | Realization method and apparatus for high-efficient and safe data cloud storage system |
| CN102281285A (en) * | 2011-06-17 | 2011-12-14 | 程旭 | Method and device for establishing safe and efficient Internet of Things |
-
2011
- 2011-12-23 CN CN201110444484.5A patent/CN102571771B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050246311A1 (en) * | 2004-04-29 | 2005-11-03 | Filenet Corporation | Enterprise content management network-attached system |
| CN102263804A (en) * | 2010-05-26 | 2011-11-30 | 中华电信股份有限公司 | cloud storage system and method |
| CN102281314A (en) * | 2011-01-30 | 2011-12-14 | 程旭 | Realization method and apparatus for high-efficient and safe data cloud storage system |
| CN102281285A (en) * | 2011-06-17 | 2011-12-14 | 程旭 | Method and device for establishing safe and efficient Internet of Things |
Non-Patent Citations (3)
| Title |
|---|
| 《云存储技术及应用》;周可等;《中兴通讯技术》;20100830;第16卷(第4期);第24-27页 * |
| US2005、0246311A1 2005.11.03 |
| 周可等.《云存储技术及应用》.《中兴通讯技术》.2010,第16卷(第4期),第24-27页. |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102571771A (en) | 2012-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102571771B (en) | Safety authentication method of cloud storage system | |
| CN109074433B (en) | Method and system for verifying digital asset integrity using a distributed hash table and a peer-to-peer distributed ledger | |
| CN101316273B (en) | Distributed safety memory system | |
| CN103078859B (en) | Operation system right management method, equipment and system | |
| US20180285839A1 (en) | Providing data provenance, permissioning, compliance, and access control for data storage systems using an immutable ledger overlay network | |
| CN104580395B (en) | A kind of cloudy collaboration Storage Middleware Applying system based on existing cloud storage platform | |
| CN102546664A (en) | User and authority management method and system for distributed file system | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| CN104468615A (en) | Data sharing based file access and permission change control method | |
| CN106789875A (en) | A kind of block chain service unit, block chain service system and its communication means | |
| CN111988338A (en) | Permission-controllable Internet of things cloud platform based on block chain and data interaction method | |
| US20190141048A1 (en) | Blockchain identification system | |
| US20180145983A1 (en) | Distributed data storage system using a common manifest for storing and accessing versions of an object | |
| US11580206B2 (en) | Project-based permission system | |
| CN102571380A (en) | Multi-instance GIS platform unified user management method and system | |
| CN112118269A (en) | Identity authentication method, system, computing equipment and readable storage medium | |
| CN113966597B (en) | Resolving a dispersion identifier using multiple resolvers | |
| CN108573308A (en) | The automated construction method and system of soft project knowledge base based on big data | |
| EP3915060A1 (en) | Methods for self-aware, self-healing, and self-defending data | |
| CN110149198A (en) | A kind of autonomous system and method that safeguard protection and storage controllably are carried out to data | |
| CN109284622B (en) | Contact information processing method and device and storage medium | |
| CN115022070A (en) | Attribute-based block chain data access control method and system | |
| CN109033882A (en) | A kind of safe dissemination method of retrospective big data and system | |
| CN111200638A (en) | Distributed memory blockchain system | |
| Wang et al. | Distributed Electronic Data Storage and Proof System Based on Blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |