CN103108028A - Cloud computing processing system with security architecture - Google Patents
Cloud computing processing system with security architecture Download PDFInfo
- Publication number
- CN103108028A CN103108028A CN2012105268667A CN201210526866A CN103108028A CN 103108028 A CN103108028 A CN 103108028A CN 2012105268667 A CN2012105268667 A CN 2012105268667A CN 201210526866 A CN201210526866 A CN 201210526866A CN 103108028 A CN103108028 A CN 103108028A
- Authority
- CN
- China
- Prior art keywords
- module
- cloud
- data analysis
- cloud computing
- analysis module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
A cloud computing processing system with a security architecture includes a client module, a database module, a cloud computing server and a data analysis module. The client module sends a request to the data analysis module, the database module is used for storing data, the cloud computing server is used for setting computing rules and providing the special computing rules to the data analysis module according to different situations, the data analysis module is used for receiving the request and acquiring the corresponding computing rules according to the requested parameters, combining with the data in the database to carry out the cloud computing process according to the computing rules and returning processed results to the client module. The cloud computing processing system further includes a client encryption/decryption module and a cloud security module, the client encryption/decryption module is used for encrypting the request and sending the encrypted request to the data analysis module and for decrypting the results returned by the data analysis module. The cloud security module is used for authenticating the identities of users, decrypting the request, encrypting the results returned by the data analysis module and monitoring the operation of the users. The cloud computing processing system with the security architecture can improve the safety of the cloud computing processing system.
Description
Technical field
The present invention relates to a kind of cloud computing system, especially relate to a kind of cloud computation treating system with security architecture.
Background technology
Fast development along with Internet technology, a kind of account form-cloud computing of Internet-based technology is just flourish, by the cloud computing mode, software and hardware resources and the information shared can offer corresponding computer and miscellaneous equipment as required, make the user carry out the Internet when operation and can overcome the restriction of self software and hardware resources, efficient quick ground obtains resource and the information that oneself needs from the Internet, this content that obtains the magnanimity information from the Internet for the user oneself being concerned about has very important significance.
cloud computing service normally realize by accessing by online business cloud computing platform, cloud computing platform is to be responsible for building and safeguarding by specific cloud computing platform provider, can bring in by corresponding client through the user who authenticates cloud computing platform is conducted interviews and uses, cloud computing platform generally comprises cloud computing server, be arranged on the software on cloud computing server and have the data center that stores data, client is connected with cloud computing platform by the Internet, the user can submit request to by client, after the corresponding safety of request process to the user authenticates with license, the request that cloud computing server can propose based on the user is also called software according to corresponding algorithm and is carried out the cloud computing operation, the data that for example user provided are processed, according to user's requirement mining data on the internet, the data that the user is submitted to send to other user etc., data center is an important component part of cloud computing platform, its user stores user's various request msgs, the data message that arrives by web mining, and the operation rules of storage cloud computing platform and security control content etc.
Because the user visits and use cloud computation treating system by client, and cloud computing system by the Internet with corresponding data information transfer to the user, in this two-way data transmission procedure, the safety issue of the safety issue of transfer of data and cloud computation treating system itself is all vital.On the one hand, prevent that the user is transferred to the leakage of information of cloud computation treating system, with protection user's privacy; On the other hand, to prevent that also cloud computation treating system from sending to the fail safe of user data, prevent that simultaneously the disabled user from carrying out some unwarranted operations to cloud computation treating system, brings risk with the exempt from customs examination cloud computation treating system.And also there is certain defective in present cloud computation treating system at above-mentioned secure context, it is only that identity to the user authenticates, this authentication is generally to realize by user name and the user cipher of input registration in client, there is very large leak in this safety certifying method, be easy to network hacker with opportunity, in case these disabled users steal subscriber identity information and log in cloud computation treating system, will possibly whole cloud computation treating system be caused larger loss.
Therefore, provide a kind of cloud computation treating system with higher safety assurance to become the instant work in this area.
Summary of the invention
The invention provides a kind of cloud computation treating system with security architecture, it is by in the corresponding security mechanism of customer end adopted and by the cloud security module is set, can effectively guarantee the fail safe of client submission data and the fail safe of cloud computation treating system itself, and can monitor user's all operations, greatly improved the safe operation of cloud computation treating system.
cloud computation treating system with security architecture of the present invention comprises client modules, database module, cloud computing server, data analysis module, wherein, described client modules is used for sending request to described data analysis module, described database module is used for the storage data, described cloud computing server is used for computation rule being set and according to different situations, specific computation rule being offered data analysis module, described data analysis module be used for to receive request that client modules sends and according to the computation rule of the parameter acquiring cloud computing server of described request, and carry out calculation process with this computation rule in conjunction with the data in database, result is back to client modules, it is characterized in that:
Described cloud computation treating system also comprises client encrypt/deciphering module and cloud security module, wherein, described client encrypt/deciphering module sends to described data analysis module after being used for the request that the user inputs by client modules is encrypted, and the result that is used for data analysis module is returned is decrypted; Described cloud security module be used for to the user carry out authentication, result that the request of user's input is decrypted, described data analysis module is returned is encrypted and user's operating process is monitored etc.
Wherein, described client encrypt/deciphering module is implemented as by chip hardware, symmetric cryptographic algorithm and combination key generating algorithm in conjunction with the smart card that forms, in the chip of smart card, adopt symmetric cryptographic algorithm to set up the client encrypt system, and write symmetric cryptographic algorithm, combination key generating algorithm, encrypt/decrypt agreement.
wherein, described cloud security module comprises the authenticating user identification unit, data decryption unit, DEU data encryption unit and operation supervise and control unit, described authenticating user identification unit is used for according to the rules authentication protocol to authenticating with user identity, cleartext information after described data decryption unit is used for the request that client modules sends is decrypted and will deciphers according to corresponding decipherment algorithm is transferred to described data analysis module, described DEU data encryption unit is used for the result of described data analysis module is encrypted and ciphertext is returned to described client modules, described operation supervise and control unit is used for to the user all operations on cloud computing platform and monitors.
Wherein, described operation supervise and control unit is provided with login log database and Operation Log database, recording user login cloud computing platform and operating for information about on cloud computing platform.
Wherein, the keeper of described cloud computation treating system can check and download the described recorded information that logs in log database and described Operation Log database.
Description of drawings
Fig. 1 is the composition structural representation with cloud computation treating system of security architecture of the present invention.
Embodiment
Cloud computation treating system of the present invention comprises client modules 1, database module 2, cloud computing server 3, data analysis module 4.Wherein, client modules 1 is arranged on user's terminal computer, it is the private client software that is provided by cloud computation treating system provider, this client modules 1 is used for sending request to data analysis module 4, database module 2 is used for the storage data, and these data comprise that data that solicited message, cloud computation treating system work that the user sends are required and cloud computation treating system process the data message that obtains etc. according to user's request; Cloud computing server 3 is used for computation rule being set and according to different situations, specific computation rule being offered data analysis module 4, the computation rule here can have multiple, it should comprise the computation rule that present this area is commonly used, and can be regular or irregularly upgrade and safeguard; Data analysis module 4 is used for receiving request that client modules 1 sends and according to the computation rule of the parameter acquiring cloud computing server 2 of described request, and carry out calculation process with this computation rule in conjunction with the data in database, result is back to client modules 1.
Send the fail safe of information in order to improve the user side module, as a key of the present invention, cloud computation treating system of the present invention also comprises client encrypt/deciphering module 5 and cloud security module 6, wherein, client encrypt/deciphering module 5 sends to data analysis module 4 after being used for the request that the user inputs by client modules 1 is encrypted, and the result that is used for data analysis module 4 is returned is decrypted; Cloud security module 6 be used for to the user carry out authentication, result that the request of user's input is decrypted, data analysis module 4 is returned is encrypted and user's operating process is monitored etc.
In the present invention, in order to improve the security mechanism of client modules, client encrypt/deciphering module 5 is implemented as by chip hardware, symmetric cryptographic algorithm and combination key generating algorithm in conjunction with the smart card that forms, in the chip of smart card, adopt symmetric cryptographic algorithm to set up the client encrypt system, and write symmetric cryptographic algorithm, combination key generating algorithm, encrypt/decrypt agreement.When the user logs on this cloud computation treating system by client modules, this smart card should be connected with user's terminal computer, be connected thereby set up safety between client modules 1 and cloud computing platform.
in the present invention, cloud security module 6 comprises authenticating user identification unit 61, data decryption unit 62, DEU data encryption unit 63 and operation supervise and control unit 64, the authentication protocol that authenticating user identification unit 61 is used for according to the rules authenticates user identity, cleartext information after data decryption unit 62 is used for the request that client modules 1 sends is decrypted and will deciphers according to corresponding decipherment algorithm is transferred to data analysis module 4, DEU data encryption unit 63 is used for the result of data analysis module 4 is encrypted and ciphertext is returned to client modules 1, operation supervise and control unit 64 is used for to the user all operations on cloud computing platform and monitors.
For the ease of recording-related information, operation supervise and control unit 64 also is provided with login log database and Operation Log database, recording user login cloud computing platform and operating for information about on cloud computing platform.Log in log database and Operation Log database by setting, can accurately and timely the user be stored all operations of cloud computation treating system, so that later using and analyzing.
When needs use and analyze above-mentionedly when logging in log database and Operation Log database canned data, the keeper of cloud computation treating system of the present invention can check and download the described recorded information that logs in log database and described Operation Log database.In general, so that the fail safe of cloud computation treating system, just the system manager is generally only arranged and can check and download above-mentioned recorded information through the personnel that authorize.
In sum, because cloud computation treating system of the present invention has adopted corresponding security architecture, can guarantee effectively that the user uses the fail safe of information in this cloud computation treating system process, also can effectively guarantee the fail safe of cloud computation treating system itself, have positive meaning for applying of cloud computation treating system.
Claims (5)
1. cloud computation treating system with security architecture, it comprises client modules, database module, cloud computing server, data analysis module, wherein, described client modules is used for sending request to described data analysis module, described database module is used for the storage data, described cloud computing server is used for computation rule being set and according to different situations, specific computation rule being offered data analysis module, described data analysis module be used for to receive request that client modules sends and according to the computation rule of the parameter acquiring cloud computing server of described request, and carry out calculation process with this computation rule in conjunction with the data in database, result is back to client modules, it is characterized in that:
Described cloud computation treating system also comprises client encrypt/deciphering module and cloud security module, wherein, described client encrypt/deciphering module sends to described data analysis module after being used for the request that the user inputs by client modules is encrypted, and the result that is used for data analysis module is returned is decrypted; Described cloud security module be used for to the user carry out authentication, result that the request of user's input is decrypted, described data analysis module is returned is encrypted and user's operating process is monitored etc.
2. cloud computation treating system according to claim 1, wherein, described client encrypt/deciphering module is implemented as by chip hardware, symmetric cryptographic algorithm and combination key generating algorithm in conjunction with the smart card that forms, in the chip of smart card, adopt symmetric cryptographic algorithm to set up the client encrypt system, and write symmetric cryptographic algorithm, combination key generating algorithm, encrypt/decrypt agreement.
3. cloud computation treating system according to claim 1, wherein, described cloud security module comprises the authenticating user identification unit, data decryption unit, DEU data encryption unit and operation supervise and control unit, described authenticating user identification unit is used for according to the rules authentication protocol to authenticating with user identity, cleartext information after described data decryption unit is used for the request that client modules sends is decrypted and will deciphers according to corresponding decipherment algorithm is transferred to described data analysis module, described DEU data encryption unit is used for the result of described data analysis module is encrypted and ciphertext is returned to described client modules, described operation supervise and control unit is used for to the user all operations on cloud computing platform and monitors.
4. cloud computation treating system according to claim 3, wherein, described operation supervise and control unit is provided with login log database and Operation Log database, recording user login cloud computing platform and operating for information about on cloud computing platform.
5. cloud computing system according to claim 4, wherein, the keeper of described cloud computation treating system can check and download the described recorded information that logs in log database and described Operation Log database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012105268667A CN103108028A (en) | 2012-12-10 | 2012-12-10 | Cloud computing processing system with security architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012105268667A CN103108028A (en) | 2012-12-10 | 2012-12-10 | Cloud computing processing system with security architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103108028A true CN103108028A (en) | 2013-05-15 |
Family
ID=48315595
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012105268667A Pending CN103108028A (en) | 2012-12-10 | 2012-12-10 | Cloud computing processing system with security architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103108028A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105450636A (en) * | 2015-11-06 | 2016-03-30 | 长春智信创联科技有限公司 | Cloud computing management system and management method of cloud computing management system |
| CN105512567A (en) * | 2015-12-07 | 2016-04-20 | 中国电力科学研究院 | Easily-extensible rule customization data monitoring method |
| CN105590064A (en) * | 2015-12-14 | 2016-05-18 | 中国建设银行股份有限公司 | File processing method, file processing device and file server |
| CN105761081A (en) * | 2016-02-18 | 2016-07-13 | 流量海科技成都有限公司 | Data transaction method and data transaction apparatus |
| CN105872013A (en) * | 2016-03-08 | 2016-08-17 | 周口师范学院 | Cloud computing system |
| CN106104549A (en) * | 2014-03-07 | 2016-11-09 | 诺基亚技术有限公司 | Method and apparatus for the data of verification process |
| CN106960035A (en) * | 2017-03-22 | 2017-07-18 | 东莞职业技术学院 | A kind of enterprise's cloud computing is served by system |
| CN108183966A (en) * | 2018-01-15 | 2018-06-19 | 江苏冠达通电子科技有限公司 | A kind of cloud stocking system |
| CN110275498A (en) * | 2019-06-28 | 2019-09-24 | 泉州信息工程学院 | A kind of intelligence manufacture method and system and equipment based on internet and deep learning |
| CN114117493A (en) * | 2021-11-30 | 2022-03-01 | 谢同玲 | Computer safety protection system based on cloud calculates |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102143230A (en) * | 2011-04-01 | 2011-08-03 | 广州杰赛科技股份有限公司 | Method for mini-station to authenticate and log in virtual machine in cloud system and login system |
| CN102291418A (en) * | 2011-09-23 | 2011-12-21 | 胡祥义 | Method for realizing cloud computing security architecture |
-
2012
- 2012-12-10 CN CN2012105268667A patent/CN103108028A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102143230A (en) * | 2011-04-01 | 2011-08-03 | 广州杰赛科技股份有限公司 | Method for mini-station to authenticate and log in virtual machine in cloud system and login system |
| CN102291418A (en) * | 2011-09-23 | 2011-12-21 | 胡祥义 | Method for realizing cloud computing security architecture |
Non-Patent Citations (4)
| Title |
|---|
| 康瑛石;吴吉义;王海宁: "基于云计算的一体化煤矿安全监管信息系统", 《煤炭学报》, vol. 36, no. 5, 15 May 2011 (2011-05-15) * |
| 段春乐: "云计算的安全性及数据安全传输的研究", 《中国优秀硕士学位论文全文数据库》, 15 May 2012 (2012-05-15) * |
| 洑涵妤: "基于云计算的安全数据存储系统的设计与实现", 《煤炭技术》, vol. 29, no. 12, 10 December 2010 (2010-12-10), pages 1 * |
| 鲍伟民: "基于云计算的安全审计系统研究与设计", 《软件产业与工程》, 10 November 2012 (2012-11-10) * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106104549A (en) * | 2014-03-07 | 2016-11-09 | 诺基亚技术有限公司 | Method and apparatus for the data of verification process |
| US10693657B2 (en) | 2014-03-07 | 2020-06-23 | Nokia Technologies Oy | Method and apparatus for verifying processed data |
| CN105450636A (en) * | 2015-11-06 | 2016-03-30 | 长春智信创联科技有限公司 | Cloud computing management system and management method of cloud computing management system |
| CN105450636B (en) * | 2015-11-06 | 2019-02-01 | 长春智信创联科技有限公司 | A kind of cloud computing management system |
| CN105512567A (en) * | 2015-12-07 | 2016-04-20 | 中国电力科学研究院 | Easily-extensible rule customization data monitoring method |
| CN105512567B (en) * | 2015-12-07 | 2020-08-28 | 中国电力科学研究院 | Easily-extensible rule customized data monitoring method |
| CN105590064B (en) * | 2015-12-14 | 2018-10-19 | 中国建设银行股份有限公司 | Document handling method, document handling apparatus and file server |
| CN105590064A (en) * | 2015-12-14 | 2016-05-18 | 中国建设银行股份有限公司 | File processing method, file processing device and file server |
| CN105761081A (en) * | 2016-02-18 | 2016-07-13 | 流量海科技成都有限公司 | Data transaction method and data transaction apparatus |
| CN105761081B (en) * | 2016-02-18 | 2019-07-05 | 流量海科技成都有限公司 | Data trade method and data trade device |
| CN105872013A (en) * | 2016-03-08 | 2016-08-17 | 周口师范学院 | Cloud computing system |
| CN106960035A (en) * | 2017-03-22 | 2017-07-18 | 东莞职业技术学院 | A kind of enterprise's cloud computing is served by system |
| CN108183966A (en) * | 2018-01-15 | 2018-06-19 | 江苏冠达通电子科技有限公司 | A kind of cloud stocking system |
| CN110275498A (en) * | 2019-06-28 | 2019-09-24 | 泉州信息工程学院 | A kind of intelligence manufacture method and system and equipment based on internet and deep learning |
| CN114117493A (en) * | 2021-11-30 | 2022-03-01 | 谢同玲 | Computer safety protection system based on cloud calculates |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103108028A (en) | Cloud computing processing system with security architecture | |
| CN102685093B (en) | A kind of identity authorization system based on mobile terminal and method | |
| CN103001976A (en) | Safe network information transmission method | |
| CN102986161B (en) | For carrying out the method and system of cryptoguard to application | |
| CN111770088A (en) | Data authentication method, device, electronic equipment and computer readable storage medium | |
| CN102075327A (en) | Method, device and system for unlocking electronic key | |
| CN113242238B (en) | Secure communication method, device and system | |
| CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
| CN102025748B (en) | Method, device and system for acquiring user name of Kerberos authentication mode | |
| WO2012176506A1 (en) | Single sign-on system, single sign-on method, and authentication server linking program | |
| CN112989320B (en) | User state management system and method for password equipment | |
| US10417448B2 (en) | Management of sensitive information access and use | |
| CN106713372B (en) | A kind of method of controlling security and safety control system based on permission control | |
| CN112865965A (en) | Train service data processing method and system based on quantum key | |
| CN102629928B (en) | Implementation method for safety link of internet lottery ticket system based on public key | |
| CN117081815A (en) | Method, device, computer equipment and storage medium for data security transmission | |
| CN111368271A (en) | Method and system for realizing password management based on multiple encryption | |
| CN106453259A (en) | Internet finance safety link realization method based on block chaining encryption technology | |
| CN104184580A (en) | Network operating method and network operating system | |
| CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
| CN111935164B (en) | Https interface request method | |
| US11102187B2 (en) | Systems and methods for managing workflow transactions including protected personal data in regulated computing environments | |
| CN113472770A (en) | Safe outsourcing computing architecture suitable for big data of power grid | |
| CN104618105A (en) | Online trading system based on verification and data encryption | |
| CN110278127A (en) | A kind of Agent dispositions method and system based on secure transfer protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130515 |