CN103237019A - Cloud service accessing gateway system and cloud service accessing method - Google Patents
Cloud service accessing gateway system and cloud service accessing method Download PDFInfo
- Publication number
- CN103237019A CN103237019A CN2013101160056A CN201310116005A CN103237019A CN 103237019 A CN103237019 A CN 103237019A CN 2013101160056 A CN2013101160056 A CN 2013101160056A CN 201310116005 A CN201310116005 A CN 201310116005A CN 103237019 A CN103237019 A CN 103237019A
- Authority
- CN
- China
- Prior art keywords
- cloud service
- user
- request
- cloud
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to a cloud service accessing gateway system and a cloud service accessing method. The cloud service accessing gateway system comprises a client side, a cloud service accessing gateway and a cloud resource server. The cloud service accessing gateway comprises three functional layers including a user interaction layer, a safety certification layer and a single sign-on layer. According to requirements on security and management of the cloud service accessing gateway system, frequent data transmission and synchronous information processing are performed among the cloud service accessing gateway, the client side and the cloud resource server, so that coordination action of cryptographic authentication and single sign-on is realized. The cloud service accessing method includes: a user of the client side logins in the cloud service accessing gateway system to get login authentication via conversation initializing units like request interaction, resolution, message audit and resource authorization; the user logins in the cloud service accessing gateway to request a cloud service; and the user logins in the cloud service accessing gateway for cloud service migration. Via forms of one-time registration, one-time login-in and multiple times of accessing, procedures for the user to use the cloud service are simplified, and great convenient conditions are provided to management of cloud resources.
Description
Technical field
The application relates to the cloud computing field, particularly a kind of cloud service visit gateway system and the method for user encryption authentication and resource single-sign-on under the cloud environment.
Background technology
Cloud computing relates to the mutual of multiple computer resource and integrates, as hardware infrastructure, Database Systems and various application service systems etc.These resources physically the strange land distribute, single presenting in logic, have different user management strategy and calling interface between the different resource, they can provide the service selected that changes according to its business demand by separately or the form of associating for the user.Along with increasing of number of users under the cloud environment, and the user not only need carry out login authentication at multiple servers to the increasing of xenogenesis cloud service utilization, and also need login and publish operation frequently between a plurality of cloud services.User profile is subjected to the illegal possibility of intercepting and capturing and destroying and can increases, and fail safe can not get ensureing, also can cause the delay of system's visit.And at the management of multi-user's multiple target service also because the disunity of user ID becomes to become increasingly complex, for example, it is that the cloud resource is chargeed and caused difficulty that same user logins different service meetings with different identity.
In the prior art, the method that improves security of system by encrypting and authenticating is arranged, the method that improves the user management convenience by single-sign-on is also arranged.
2012, Japan Patent " spy opens JP 2012-247858 communique " disclosed under the cloud computing environment authentication method and system based on the key confirmation user identity.The client of this system does not need to preserve the private key of cipher key pair, but generates immediately in verification process according to user cipher, even therefore client device is lost, can not cause revealing for the private key information of authentication yet.But this method must one the Password Management server to generate key right, and the PKI of inciting somebody to action wherein is sent to another public key management server, if PKI is destroyed or malice intercepting and capturing in process of transmitting, will cause whole Verification System invalid, fail safe does not have collateral security yet.Particularly when the user will carry out the cloud service migration owing to business demand, above-mentioned key generated, verify data is encrypted, the step of verify data deciphering must repeat, and can reduce the response speed of system, also makes troubles for striding Service Management.Along with the raising of the cloud computing resource consolidation degree of depth and increasing of cloud service kind, user's this demand also can strengthen, and therefore presses for a kind of safe, general, succinct authentication method and Verification System.
2013, Japan Patent " spy opens JP 2013-8140 communique " was opened JP 2012-247858 communique situation at the spy, has proposed a kind of and has once landed the single sign-on Verification System that just can visit a plurality of cloud services.The Verification System collaborative work of this system and data center that cloud service relies on, the user only needs once to authenticate login in terminal, the services migrating in the time of just can realizing service needed.But the major defect of this system is, user's login first is based on the cipher authentication of plaintext transmission, but not based on the key authentication of ciphertext transmission, so fail safe is not high, for bringing potential safety hazard in the visit of cloud service and the migration.
Summary of the invention
In view of this, the objective of the invention is: a kind of cloud service visit gateway system is provided, this system synthesis adopts user interactions layer, safety certification layer, single-sign-on layer and cloud service access technique, these three functional layers can improve security of system simultaneously, reduce the system handles delay, strengthen the centralized management to the user, are convenient to realize moving between cloud service.
Technical scheme of the present invention is:
A kind of cloud service visit gateway system comprises client, cloud service visit gateway, cloud Resource Server, wherein:
Described client, connect by internet and each cloud Resource Server, cloud service visit gateway, it is mutual to carry out data and event, this client comprises hardware and software, wherein hardware is computer, or be smart mobile phone, or be touching computer, pass through the wired or wireless connection of network between the hardware;
Described cloud service visit gateway comprises at least one gateway server, is used for receiving and handle from user's request with from the event response at cloud computing center, and for the two sets up data and the mutual passage of event;
Described cloud Resource Server, comprise cloud service and cloud service management database, it is the server that is deployed in the cloud computing center, for providing physics and logic, cloud service relies on, this cloud service comprises the infrastructure services of the final visit of at least one user, or the application system service, as: mailing system service, Database Systems service.
Particularly: described cloud service visit gateway comprises user interactions layer, safety certification layer and single-sign-on layer;
Described user interactions layer, comprise that the user asks interactive unit, user's request analysis unit, the customer incident response unit, the user lands control unit, be used for carrying out information interaction with client, carry out user's registration, user's login, account modification, cloud service customization, cloud service visit, cloud service reach;
Described safety certification layer comprises user profile examination unit, user account setup unit, encrypting and authenticating unit, authentication letter
The breath database is used for user login information is carried out legitimate verification, and it is synchronous that the log-on message database that the safety certification layer generates back and single-sign-on layer in account carries out accounts information;
Described single-sign-on layer, comprise the resource authorization administrative unit, cloud service life cycle management unit, the conversation initialization unit, the conversation shift unit, the log-on message database, be used for realizing utilizing sole user ID to stride the application service visit, the single-sign-on layer will land information and the account of state and revise information synchronization to the cloud Resource Server, the result notification safety certification layer of simultaneously information synchronization being finished, after the single-sign-on layer is handled service customization request, service-creation request, services migrating request, feedback notice user interactions layer;
User interactions layer, safety certification layer and three functional layer of single-sign-on layer in the cloud service visit gateway, needs according to cloud service visit gateway system safety and management, carry out transfer of data and synchronizing information processing frequently with client and cloud Resource Server, realize the co-operating of encrypting and authenticating and single-sign-on.
A kind of method of cloud service visit gateway system, particularly: the execution flow process of cloud service visit gateway system comprises the steps:
The user asks interactive unit, receives the request from client, and the request result that gateway is visited in cloud service is replied to client;
User's request analysis unit is divided into Account Registration request, user's logging request, account modification request, cloud service customization request, cloud service access request and cloud service migration request according to user's request content with request;
The customer incident response unit will specifically be asked to send to safety certification layer or single-sign-on layer and will ask answer to be notified to the user, the request interactive unit;
User profile examination unit, accept and concrete solicited message or resource requirement information are verified, confirm that these information are whether legal and meet cloud service visit gateway system standard, the encrypting and authenticating unit as the encrypting and authenticating request, returns to the user interactions layer with the random number of encrypting;
The user account setup unit is created and modification user account and client public key, and user profile is set to authentication information database,
The resource authorization administrative unit for user institute request resource is authorized, and with user's registration, login, utilization of resources situation, is set to the log-on message database;
Cloud service life cycle management unit, the moment of recording user login system and User Status;
Communicating to connect of user and application service set up in the conversation initialization unit, and the conversation shift unit is asked to communicate to connect for the user rebuilds, and guaranteed that the user need not to publish the cloud service platform and namely carries out conversation shift at the utilization change of user to resource;
The method of described cloud service visit gateway system also comprises: the user logins cloud service visit gateway, and login authentication, user login cloud service visit gateway, and request cloud service, user login cloud service visit gateway, carry out the cloud service migration;
The user logins cloud service visit gateway, and the process step of login authentication is:
The user submits logging request with user ID to cloud service visit gateway by client;
Cloud service visit gateway verifies to the user identity legitimacy that at logging request at first cloud service visit gateway generation random number, and the PKI that passes through user's login in advance is to this random number encryption, and request sends to client as encrypting and authenticating with encrypted result;
Client is used the private key corresponding with landing on gateway PKI in advance, described encrypted result is decrypted, and decrypted result replied as encrypting and authenticating turns back to cloud service and visit gateway;
If described decrypted result is identical with described random number, cloud service visit gateway is thought and is landed success, returns the login authentication success to client;
The user logins cloud service visit gateway, and the process step of request cloud service is:
Behind the login cloud service visit gateway, the user sends the cloud service access request by client;
Cloud service visit gateway is attempted setting up communication port with destination service, sends the conversation establishing request to cloud service;
Cloud service is created session id, starts cloud service and is replied the conversation establishing success to cloud service visit gateway according to current resource operating position and service customization situation;
Cloud service visit gateway with session information typing cloud service management database after, reply cloud service to client and visit successfully;
User and the cloud service of client are mutual;
The user logins cloud service visit gateway, and the process step that carries out the cloud service migration is:
When business demand changed, the user sent the cloud service migration request to cloud service visit gateway;
Cloud service visit gateway is responsible for nullifying the session connection of current cloud service, and sends the conversation shift request to new target cloud service;
Cloud service is created session id, starts cloud service and is replied the conversation shift success to cloud service visit gateway according to current resource operating position and service customization situation;
Cloud service visit gateway with session information typing cloud service management database after, reply cloud service to client and move successfully;
Client realizes that thus user and cloud service are mutual.
Beneficial effect
At present in the prior art, cloud computing has solved the integration of software and hardware resources in the distributed computing environment (DCE) and has utilized pattern, and the resource that strange land is physically distributed offers the user with the form of cloud service, and can reconfigure and make up these resources according to user's request.Though need not consider the physics of resource when the user visits cloud service relies on, but each operation of user all can cause data to be transmitted between a plurality of physical servers of diverse geographic location, this has not only increased the delay of system handles, has also increased the possibility that user profile is intercepted and captured and stolen.On the other hand, when business demand changed, the user can publish current cloud service system then the next destination service of login, and login authentication not only reduces the fail safe of system frequently, also makes troubles for user management and cloud resource management.
The application takes all factors into consideration the problem of these several respects, the system and method for cloud service visit gateway is proposed, guarantee that with encrypting and authenticating the user logins the fail safe of cloud service, guarantee that with single-sign-on the user utilizes the convenience of cloud service, avoid authentication information and the transmission of cloud service management information between different server, prevent that system handles from postponing.From cloud service provider's angle, debarkation authentication and the repeatedly realization of services migrating, the centralized management problem that is used for solving the safety problem of distributed computing environment (DCE) cross-server visit and strides resource access.
Be analyzed as follows for beneficial effect of the present invention:
One, with respect to prior art, cloud service provided by the invention visit gateway system comprises client, cloud service visit gateway, cloud Resource Server, is used for receiving and handle from client user's request with from the event response of cloud computing center cloud Resource Server.As the exchange channels of setting up data and event response, be integrated with safety certification layer, single sign-on layer and user interactions layer on the cloud service visit gateway;
The user carries out user's registration, user's login, account modification, cloud service customization, cloud service visit, cloud service reach by the user interactions layer; After cloud service visit gateway receives the client logging request, encrypting and authenticating unit in client and the safety certification layer is encrypted checking to the user identity legitimacy, and it is synchronous that the log-on message database of safety certification layer account generation back and single-sign-on layer carries out accounts information;
The user proposes cloud service and utilizes request after logining cloud service visit gateway, and the cloud service content that the single sign-on layer customizes in advance according to the user is for the user serves connection; When the customer service demand changes and after proposing new service request, the single-sign-on layer will land information and the account of state and revise information synchronization to the cloud Resource Server, the result notification safety certification layer of simultaneously information synchronization being finished, after the single-sign-on layer is handled service customization request, service-creation request, services migrating request, feedback notice user interactions layer;
In the specific embodiment of the invention, visit gateway system Fig. 4 in Fig. 6 in cloud service, three functional layers are because the needs of safety and management, carry out transfer of data and information processing frequently with client and cloud Resource Server, realize the co-operating of encrypting and authenticating and single-sign-on, by the login of an encrypting and authenticating, realize striding the visit of cloud service; Cloud service visit gateway adopts the technological means of the mutual transmission of each layer, the execution efficient and the fail safe that solve cloud service visit gateway system.
They are two years old, in a kind of method of cloud service visit gateway system, mode by key authentication is carried out disposable authentication to the user, allows all cloud services that are authorized to are conducted interviews, and allows the user to come the redirection target cloud service according to the transformation of own service demand simultaneously.Cloud service visit gateway can be protected the terseness of safety of data transmission and event response between user and the cloud computing center cloud Resource Server.
The user carries out the data transmitted in the disposable authentication process itself, all is the cipher-text information through secret key encryption, rather than based on user password information expressly, can prevent that therefore the third party from inferring the malice of password and steal.And, cloud service visit gateway verifies that to user identity to be based on user key right, i.e. PKI and private key collaborative work through cipher key pair could realize the checking purpose, even gateway server and client by malicious attack, can not cause security breaches owing to the leakage of PKI or private key yet.
Cloud service takes place in the process of migration, and the user does not need current service is published operation and new destination service is logined operation, only needs land the transfer that user profile in the gateway database realizes target according to first encrypting and authenticating.Like this, by taking unified user identity and key management method, can realize that sole user ID strides cloud service visit and the cloud service switching of different application systems, can reduce management cost and security breaches that a plurality of user ID and many cover cryptographic systems cause again.It is just loaded down with trivial details, simple just dangerous that prior art has been safety, and the present invention is both simple safety.
The essential distinction that cloud service is different from other application service systems is that cloud service is a kind of measurable service mode.The cloud service provider charges by the cloud resource that quantizes user's use, thereby reaches the purpose that stops the user to abuse resource and optimize whole resource distribution.Towards magnanimity cloud user, how to the thousands of kinds of heterogeneous cloud services of isomery in cloud computing center quantize technically with management on all difficult, even the sole user also can be that management brings very big system consumption with the tolerance of multiple identity visit cloud service.And cloud service visit gateway system provided by the invention, by the form of once registering, once landing and repeatedly visit, not only simplified the formality that the user utilizes cloud service, the system of also being convenient to carries out the stack of multiple cloud service and charges, for the cloud resource management provides great prerequisite convenience.
Description of drawings
Fig. 1 is the system configuration schematic diagram of cloud service visit gateway;
Fig. 2 is the systemic-function schematic diagram of cloud service visit gateway;
Fig. 3 is the schematic flow sheet of cloud service visit gateway system;
Fig. 4 is the handling process schematic diagram of user interactions layer in the cloud service visit gateway;
Fig. 5 is the handling process schematic diagram of safety certification layer in the cloud service visit gateway;
Fig. 6 is the handling process schematic diagram of single-sign-on layer in the cloud service visit gateway.
Embodiment
Hereinafter will be further explained in conjunction with the accompanying drawings and embodiments.
Fig. 1 is the system configuration schematic diagram of cloud service visit gateway, and in Fig. 1: client is 1, cloud service visit gateway is 2, the cloud Resource Server is 3.
Client 1 provides the user interactions interface of cloud service visit gateway 2, comprises that the user who is used for client 1 sends request and acceptance responses to cloud service visit gateway 2 based on the graphic user interface of browser with based on the character user interface of order line;
The internet provides being connected of client 1 and cloud service visit gateway 2, is the local area network (LAN) at client 1 place, can be wired network or wireless network; Cloud service visit gateway 2 receives and handles from the request of client 1 with from the response of cloud Resource Server 3, for the event handling passage is set up in user and cloud service; The internet also connects cloud service visit gateway 2 and cloud Resource Server 3, is positioned at the wide area network at cloud service visit gateway 2 and cloud Resource Server 3 places, can be wired network or wireless network;
Fig. 2 is the systemic-function schematic diagram of cloud service visit gateway; In Fig. 2: the main body of the system of cloud service visit gateway is cloud service visit gateway 2, needs client 1 and the cloud Resource Server 3 collaborative cloud service access process of finishing simultaneously.
In the client 1, user's request unit 101 is used for structure based on browser graphical user interface or based on the character user interface of order line, submits user's login to and utilizes the request of cloud service to the cloud service gateway; Request-response unit 102 receives from the request result of cloud service gateway and the notice of next step operation based on browser or order line; Key generation unit 103, the key that is used for generation user encryption verification process is right; Encrypting and authenticating unit 104 is used in the encrypting and authenticating process enciphered message that gateway returns being decrypted operation, and key all adopts disclosed algorithm to generation and information encryption and deciphering.
Cloud service visit gateway 2 comprises three functional layers, i.e. user interactions layer 21, safety certification layer 22 and single-sign-on layer 23.
Single-sign-on layer 23 is used for realizing utilizing sole user ID to stride the application service visit.Wherein, resource authorization administrative unit 231 for user institute request resource is authorized, and is set to log-on message database 235 with user's registration, login, utilization of resources situation; Cloud service life cycle management unit 232 is used for the moment and the User Status of recording user login system; Conversation initialization unit 233 is used for setting up communicating to connect of user and application service; Conversation shift unit 234 at the utilization change of user to resource, is asked to communicate to connect for the user rebuilds, and is guaranteed that the user need not to publish the cloud platform and just can carry out conversation shift, for platform management facilitates.
Described cloud Resource Server 3 is used for providing cloud service 301 and cloud service management database 302.Cloud Resource Server 3 has only a legend in Fig. 2, but in fact has a lot of such department servers to be deployed in the cloud computing center, is connected the service that externally provides with gateway by network.
In the cloud service visit gateway system, software environment and the functional layer of cloud service visit gateway 2 and cloud Resource Server 3 all are applicable to computer and peripheral hardware accessory thereof, client 1 can be equipment such as computer, smart mobile phone and touching computer, and these hardware interconnect by network.
Cloud service visit gateway system is made of the software of hardware such as computer and peripheral hardware accessory with these hardware of control.
In the described hardware, comprising: message input device, information-storing device, information processor, information carrying means and information table showing device.Message input device is made up of computer, mouse, keyboard, also can be touch smart mobile phone or panel computer, and wherein client 1 is used to the user that input terminal is provided; Information-storing device can be equipment such as internal memory, hard disk, CD, is used for depositing the communication data of described cloud service visit gateway system; Information processor is the CPU with computing function; Information carrying means is various wired networks and wireless network, and corresponding information transmission interface; The information table showing device is that LCD or touch are liquid crystal flat-panels.
Described software is made up of computer program and the data of these hardware of control.Software can be preserved by information-storing device, activates execution by information processor, also can externally issue by information carrying means.
Fig. 3 is the schematic flow sheet of cloud service visit gateway system; In Fig. 3:
Client 1 is carried out transfer of data and signal processing by cloud service visit gateway 2 when the visit cloud service, the information communication passage is set up in final and cloud service.The method flow of this cloud service visit gateway system is as follows:
Steps A 01 is logined the process of cloud service visit gateway 2 for the user to steps A 04;
Steps A 05 to steps A 09 for the user by cloud service visit gateway 2 login the process of request cloud service;
Steps A 10 is carried out the process of cloud service migration for the user to steps A 14.
Particularly, the user submits logging request A01 with user ID to cloud service visit gateway 2 by client 1; Cloud service visit gateway is verified at the user identity legitimacy of logging request A01, at first cloud service visit gateway 2 generates random number, and the PKI that passes through user's login in advance sends to client 1 with encrypted result as encrypting and authenticating request A02 then to this random number encryption; Client 1 uses the private key corresponding with landing on cloud service visit gateway 2 PKI in advance that described encrypted result is decrypted, and decrypted result is replied A03 as encrypting and authenticating turns back to cloud service and visit gateway 2; If decrypted result is identical with random number, cloud service visit gateway 2 is thought and is landed success, returns login authentication success A04 to client 1.
Behind the login cloud service visit gateway 2, the user sends cloud service access request A05 by client 1; Cloud service visit gateway 2 is attempted setting up communication port with destination service, sends conversation establishing request A06 to cloud service 301; Cloud service 301 is created session id, starts cloud service 301 and is replied conversation establishing success A07 to cloud service visit gateway 2 according to current resource operating position and service customization situation; Cloud service visit gateway 2 with session information input database after, reply cloud service to client 1 and visit successful A08; Client 1 can realize the mutual A09 of user and cloud service thus.
When business demand changed, the user sent cloud service migration request A10 to cloud service visit gateway 2; Cloud service visit gateway 2 is responsible for nullifying the session connection of current cloud service, and sends conversation shift request A11 to new target cloud service; Cloud service 301 is created session id, starts cloud service 301 and is replied conversation shift success A12 to cloud service visit gateway 2 according to current resource operating position and service customization situation; Cloud service visit gateway 2 with session information input database after, reply cloud service to client 1 and move successful A13; Client 1 can realize the mutual A14 of user and cloud service thus.
Fig. 4 is the handling process schematic diagram of user interactions layer in the cloud service visit gateway; In Fig. 4:
Step B01 is the handling process of Account Registration event to step B13.After the user asks interactive unit 211 to receive that user from client 1 asks B01, resolve by user's request analysis unit 212, the judgement customer incident is Account Registration, is extracted log-on message and it is sent to safety certification layer 22 with Account Registration request B04 by customer incident response unit 213 then.Safety certification layer 22 carries out log-on message examination B05, asks interactive unit 211 to send key request B07 to the user with the form of authenticate key request B06 by the user then.It is right that client 1 generates B08 generation key by key, and PKI is wherein carried out PKI transmission B09.After the user asks interactive unit 211 to receive PKI, send PKI registration request to safety certification layer 22, after other information input databases of user ID, client public key and user were finished, receiving succeeds in registration replied B12, returns the notice of request successful respond B13 then to client 1.So far, user's registration is finished.
Step B14 is the handling process of user's log-in events to step B32.Step B14 is that user interactions layer 21 receives and resolve user's request to step B16; Step B17 is to login control unit 214 to the user to login goal verification to step B19; Step B20 sends user's logging request B20 to safety certification layer 22; Step B21 is encrypted authentication to step B25; Step B26 is to carry out login times to confirm to step B28; Step B29 is that safety certification layer 22 carries out login authentication and makes answer to step B31.Step B32 notifies user's logging request successful respond by client.
Step B33 is the handling process that accounts information is revised event to step B42.This process is to be based upon step B14 to login on the basis to the user of step B32, and namely the user just can carry out following operation after logining the cloud service gateway.Step B33 is that user interactions layer 21 receives and resolve user's request to step B35; Step B36 is to login control unit 214 to the user to carry out the login time affirmation to step B38, operates to prevent the long-time nothing in login back; Step B39 is that safety certification layer 22 carries out the accounts information modification and makes answer to step B41.Step B42 revises successful respond by client 1 notice user account.
Step B43 is the handling process of cloud service customization event to step B52.This process is to be based upon step B14 to login on the basis to the user of step B32, and namely the user just can carry out following operation after logining the cloud service gateway.Step B43 is that user interactions layer 21 receives and resolve user's request to step B45; Step B46 is to login control unit 214 to the user to carry out the login time affirmation to step B48, operates to prevent the long-time nothing in login back; Step B49 is that customer incident response unit 213 sends the service customization request to single-sign-on layer 23, with the target resource of determining will use in the future; Step B50 is that single-sign-on layer 23 carries out the mandate of cloud service information and makes customization successful respond B51.Step B52 notifies user's cloud service customization request successful respond by client 1.
Step B53 is the handling process of cloud service Access Events to step B61.This process is to be based upon step B14 to login on the basis to the user of step B32, and namely the user just can carry out following operation after logining the cloud service gateway.Step B53 is that user interactions layer 21 receives and resolve user's request to step B55; Step B56 is to login control unit 214 to the user to carry out the login time affirmation to step B58, operates to prevent the long-time nothing in login back; Step B59 is to send service access request and obtain visiting successful respond to single-sign-on layer 23 to step B60.Step B61 notifies user's cloud service access request successful respond by client 1.
Step B62 is the handling process of cloud service migration event to step B70.This process is to be based upon step B53 to visit on the basis to the cloud service of step B61, and namely the user just can carry out following operation after having logined certain cloud service.Step B62 is that user interactions layer 21 receives and resolve user's request to step B64; Step B65 is to login control unit 214 to the user to carry out the login time affirmation to step B67, operates to prevent the long-time nothing in login back; Step B68 is to send the services migrating request and obtain moving successful respond to single-sign-on layer 23 to step B69.Step B70 notifies user's cloud service migration request successful respond by client 1.
Fig. 5 is the handling process schematic diagram of safety certification layer in the cloud service visit gateway; In Fig. 5:
22 pairs of user interactions layer of safety certification layer 21 transmit the customer incident that comes and handle.Below the implementation of respectively each user being asked is illustrated.
Step C01 is Account Registration processing of request flow process to step C10.After Account Registration request C01 is received in user profile examination unit 221, execution in step C02, carry out the log-on message examination, account name, user ID, user identity, address, contact method to the user are verified, confirm that these information are whether legal and meet system specifications, if qualified then require the user to be provided for the PKI of encrypting and authenticating, so would send authenticate key request C03 to user interactions layer 21; User profile examination unit 221 receives it is the PKI registration request C04 that user interactions layer 21 is replied, and sends account creation request C05 to user account setup unit 222; Step C06 is that user account setup unit 222 carries out account creation and public key setting is arrived authentication information database; Step C07 is to step C09, and it is synchronous that the log-on message database that generates back and single-sign-on layer 23 in account carries out accounts information, realizes the co-operating of encrypting and authenticating and single-sign-on thus; So far, account creation and accounts information are with finishing, and user account setup unit 222 is replied to succeed in registration to user interactions layer 21 and replied C10.
Step C11 is the handling process of user's logging request to step C23.Step C11 is that the 221 pairs of user's logging request in user profile examination unit are carried out the log-on message examination to step C23, and sends the login authentication request to encrypting and authenticating unit 223; Step C14 is the final checking of the 223 pairs of user identity legitimacies in encrypting and authenticating unit to step C19, if the key authentication request is sent in failure again.In the scope of login control permission, operate successfully up to this.Then, step C20 to step C22 to the single-sign-on layer 23 issue land successful information, cloud service visit gateway system obtains to stride the information interlock of cloud service visit thus; Afterwards, step C23 replys the login successful respond to user interactions layer 21.
Step C24 is that account is revised the processing of request flow process to step C30.This process is to be based upon step C11 to login on the successful basis to the user of step C23, and namely the user just can carry out following operation after logining the cloud service gateway.Step C24 is to treat the modification accounts information to examine and send the request of modification to step C26; Step C27 is that 222 pairs of accounts informations of user account setup unit are revised or PKI is reset; Step C28 is 23 issue accounts modification information to step C30 to the single-sign-on layer; At last, step C31 replys to user interactions layer 21 and revises successful respond.
Fig. 6 is the handling process schematic diagram of single-sign-on layer in the cloud service visit gateway.In Fig. 6:
23 pairs of user interactions layer 21 of single-sign-on layer and safety certification layer 22 transmit the information of coming and handle.Below respectively the execution mode of each request is illustrated.
Step D01 is the handling process of log-on message issue to step D06.After single-sign-on layer 23 was received the notice of log-on message issue D01, resource authorization administrative unit 231 execution in step D02 registered to the log-on message database with log-on message, sent the synchronous D03 of log-on message to cloud Resource Server 3 simultaneously; Cloud Resource Server 3 execution in step D04 register to the cloud service management database with the number of the account log-on message, obtain the qualified accounts information that carries out the cloud service visit thus; Resource authorization administrative unit 231 receives that the information synchronization that cloud resource management server 3 is replied replys D05, notifies safety certification layer 22 to finish synchronously then, sends information synchronization and replys D06.
Step D07 is the handling process of logging status issue to step D12.Step D07 registers to logging status the log-on message database of being managed by single-sign-on layer 23 to step D08; Step D09 will land the information synchronization of state to cloud Resource Server 3 to step D11; The result notification safety certification layer 22 that step D12 finishes information synchronization.
Step D13 is the handling process of modification information issue to step D18.This process is to be based upon on the basis of user's login in advance.Step D13 registers to account modification information the log-on message database of being managed by single-sign-on layer 23 to step D14; Step D15 revises information synchronization to cloud Resource Server 3 to step D17 with account; The result notification safety certification layer 22 that step D18 finishes information synchronization.
Step D19 is service customization processing of request flow process to step D26.This process is based upon on the basis that the user logins cloud service visit gateway in advance.Resource authorization administrative unit 231 is received after the service customization request D19, sends resource status inquiry D20 to cloud Resource Server 3, confirms current resource operating position; After receive that status poll replys D21, obtaining the available notification of institute's request resource, carry out authorization message login D22, resource information and user profile are registered to log-on message database by 23 management of single-sign-on layer; Send the synchronous D23 of authorization message to cloud Resource Server 3 then; Cloud Resource Server 3 is carried out the synchronous D24 of authorization message, obtains the qualified accounts information that carries out the cloud service visit thus; Resource authorization administrative unit 231 receives that information synchronization replys D25, determines to finish synchronously, replys user interactions layer 21 customization successful respond D26 then, notifies its cloud service customization to finish.
Step D27 is the handling process of service access request to step D36.This process is based upon on the basis of user's login in advance.Step D27 carries out authorization check to step D29 to the service of asking, if within the scope of authority, then sends the service-creation request to service life cycle management unit 232; Step D30 is that conversation initialization unit 233 is created to cloud Resource Server 3 queued sessions to step D35, if create, gives service life cycle management unit 232 with the session information-reply, is convenient to it this session is managed; At last, step D36 notice user interactions layer 21 cloud service visit successful respond.
Step D37 is services migrating processing of request flow process to step D53.This process establishment step D19 visits on the basis to the cloud service of step D36, and namely the user just can carry out following operation after having logined certain cloud service.Step D37 carries out authorization check to step D39 to the cloud service of plan migration, if within the scope of authority, then sends the services migrating request to service life cycle management unit 232; Step D40 nullifies ongoing session to step D46; Step D47 carries out new conversation establishing to step D51; Step D52 is to step D53 notice user interactions layer 21 cloud service migration successful respond.
Fig. 4 is in the described cloud service visit of Fig. 6 gateway system, and three functional layers are because the needs of safety and management carry out transfer of data and information processing frequently.Three layers all are integrated in the cloud service visit gateway, can effectively reduce system handles and postpone.Therefore, native system can realize striding the visit of cloud service by the login of an encrypting and authenticating.
Claims (5)
1. a cloud service visit gateway system comprises client (1), cloud service visit gateway (2), cloud Resource Server (3), wherein:
Described client (1) connects by internet and each cloud Resource Server (3), cloud service visit gateway (2), and it is mutual to carry out data and event;
Described cloud service visit gateway (2) comprises at least one gateway server, is used for receiving and handle from user's request with from the event response at cloud computing center, and for the two sets up data and the mutual passage of event;
Described cloud Resource Server (3) comprises cloud service (302) and cloud service management database (301), is the server that is deployed in the cloud computing center, relies on for cloud service provides physics and logic;
It is characterized in that:
Described cloud service visit gateway (2) comprises user interactions layer (21), safety certification layer (22) and single-sign-on layer (23);
Described user interactions layer (21), comprise that the user asks interactive unit (211), user's request analysis unit (212), customer incident response unit (213), the user lands control unit (214), be used for and client (1) is carried out information interaction, carry out user's registration, user's login, account modification, cloud service customization, cloud service visit, cloud service and move forward;
Described safety certification layer (22), comprise user profile examination unit (221), user account setup unit (222), encrypting and authenticating unit (223), authentication information database (224), be used for user login information is carried out legitimate verification, it is synchronous that the log-on message database of safety certification layer (22) account generation back and single-sign-on layer (23) carries out accounts information;
Described single-sign-on layer (23), comprise resource authorization administrative unit (231), cloud service life cycle management unit (232), conversation initialization unit (233), conversation shift unit (234), log-on message database (235), be used for realizing utilizing sole user ID to stride the application service visit, single-sign-on layer (23) will land information and the account of state and revise information synchronization to cloud Resource Server (3), the result notification safety certification layer of simultaneously information synchronization being finished (22), single-sign-on layer (23) is handled the service customization request, the service-creation request, after the services migrating request, the feedback notice is to user interactions layer (21);
User interactions layer (21), safety certification layer (22) and (23) three functional layer of single-sign-on layer in the cloud service visit gateway (2), needs according to cloud service visit gateway system safety and management, carry out transfer of data and synchronizing information processing frequently with client (1) and cloud Resource Server (3), realize the co-operating of encrypting and authenticating and single-sign-on.
2. according to the described a kind of cloud service visit gateway system of claim 1, it is characterized in that: described client (1) comprises hardware and software, and wherein hardware is computer, or is smart mobile phone, or be touching computer, pass through the wired or wireless connection of network between the hardware.
3. described a kind of for cloud service visit gateway system according to claim 1, it is characterized in that: described cloud service (302) comprises at least one user, finally visit is infrastructure services, or mailing system service, Database Systems service in the application system service.
4. the method for a cloud service visit gateway system is characterized in that the execution flow process of cloud service visit gateway system comprises the steps:
The user asks interactive unit (211), receives the request from client (1), and the request result of cloud service being visited gateway is replied to client (1);
User's request analysis unit (212) is divided into Account Registration request, user's logging request, account modification request, cloud service customization request, cloud service access request and cloud service migration request according to user's request content with request;
Customer incident response unit (213) will specifically be asked to send to safety certification layer (22) or single-sign-on layer (23) and will ask answer to be notified to the user, request interactive unit (211);
User profile examination unit (221), accept and concrete solicited message or resource requirement information are verified, confirm that these information are whether legal and meet cloud service visit gateway system standard, encrypting and authenticating unit (223) as the encrypting and authenticating request, returns to user interactions layer (21) with the random number of encrypting;
User account setup unit (222) is created and modification user account and client public key, and user profile is set to authentication information database (224),
Resource authorization administrative unit (231) for user institute request resource is authorized, and with user's registration, login, utilization of resources situation, is set to log-on message database (235);
Cloud service life cycle management unit (232), the moment of recording user login system and User Status;
Communicating to connect of user and application service set up in conversation initialization unit (233), and conversation shift unit (234) are asked to communicate to connect for the user rebuilds, and guaranteed that the user need not to publish the cloud platform and namely carries out conversation shift at the utilization change of user to resource.
5. according to the method for the described a kind of cloud service visit of claim 4 gateway system, the method that it is characterized in that described cloud service visit gateway system also comprises: the user logins cloud service visit gateway (2), login authentication, user login cloud service visit gateway (2), request cloud service, user login cloud service visit gateway (2), carry out the cloud service migration;
The user logins cloud service visit gateway (2), and the process step of login authentication is:
The user visits gateway (2) with user ID to cloud service by client (1) and submits logging request (A01) to;
Cloud service visit gateway (2) is verified the user identity legitimacy at logging request (A01), at first cloud service visit gateway (2) generates random number, and the PKI that passes through user's login in advance sends to client (1) with encrypted result as encrypting and authenticating request (A02) to this random number encryption;
Client (1) is used the private key corresponding with landing on gateway PKI in advance, described encrypted result is decrypted, and decrypted result is replied (A03) as encrypting and authenticating turns back to cloud service and visit gateway (2);
If described decrypted result is identical with described random number, cloud service visit gateway (2) is thought and is landed success, returns login authentication success (A04) to client (1);
The user logins cloud service visit gateway (2), and the process step of request cloud service is:
Behind the login cloud service visit gateway (2), the user sends cloud service access request (A05) by client (1);
Cloud service visit gateway (2) is attempted setting up communication port with destination service, sends conversation establishing request (A06) to cloud service;
Cloud service is created session id, starts cloud service and is replied conversation establishing success (A07) to cloud service visit gateway (2) according to current resource operating position and service customization situation;
Cloud service visit gateway (2) with session information input database after, reply cloud service to client (1) and visit successfully (A08);
The user of client (1) and cloud service mutual (A09);
The user logins cloud service visit gateway (2), and the process step that carries out the cloud service migration is:
When business demand changed, the user visited gateway (2) to cloud service and sends cloud service migration request (A10);
Cloud service visit gateway (2) is responsible for nullifying the session connection of current cloud service, and sends conversation shift request (A11) to new target cloud service;
Cloud service is created session id, starts cloud service and is replied conversation shift success (A12) to cloud service visit gateway (2) according to current resource operating position and service customization situation;
Cloud service visit gateway (2) with session information input database after, reply cloud service to client (1) and move successfully (A13);
Client (1) realizes user and cloud service mutual (A14) thus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310116005.6A CN103237019B (en) | 2013-04-03 | 2013-04-03 | A kind of cloud service accesses gateway system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310116005.6A CN103237019B (en) | 2013-04-03 | 2013-04-03 | A kind of cloud service accesses gateway system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103237019A true CN103237019A (en) | 2013-08-07 |
| CN103237019B CN103237019B (en) | 2016-08-31 |
Family
ID=48885036
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310116005.6A Active CN103237019B (en) | 2013-04-03 | 2013-04-03 | A kind of cloud service accesses gateway system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103237019B (en) |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491094A (en) * | 2013-09-26 | 2014-01-01 | 成都三零瑞通移动通信有限公司 | Rapid identity authentication method based on C/S mode |
| CN103532966A (en) * | 2013-10-23 | 2014-01-22 | 成都卫士通信息产业股份有限公司 | Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop |
| CN103944883A (en) * | 2014-03-19 | 2014-07-23 | 华存数据信息技术有限公司 | System and method for cloud application access control under cloud computing environment |
| CN104092602A (en) * | 2014-06-20 | 2014-10-08 | 裴兆欣 | Cloud computing gateway |
| CN104394214A (en) * | 2014-11-26 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | Method and system for protecting desktop cloud service through access control |
| CN104580115A (en) * | 2013-10-25 | 2015-04-29 | 中国科学院声学研究所 | Information processing system and method based on virtualization service and SNS information aggregation |
| CN104767620A (en) * | 2015-04-13 | 2015-07-08 | 苏州阔地网络科技有限公司 | Identity information management method and device |
| CN105009521A (en) * | 2013-12-23 | 2015-10-28 | 华为技术有限公司 | Message processing method and gateway |
| CN105262741A (en) * | 2015-09-29 | 2016-01-20 | 浪潮集团有限公司 | Method for login-free access with permission between clouds |
| CN105871854A (en) * | 2016-04-11 | 2016-08-17 | 浙江工业大学 | Self-adaptive cloud access control method based on dynamic authorization mechanism |
| CN106789276A (en) * | 2016-12-27 | 2017-05-31 | 甘肃万维信息技术有限责任公司 | A kind of cloud computing service Mobile Online of store formula provides system |
| CN107404485A (en) * | 2017-08-02 | 2017-11-28 | 北京天翔睿翼科技有限公司 | A kind of self-validation cloud connection method and its system |
| CN108234664A (en) * | 2014-10-23 | 2018-06-29 | 邹铁梅 | A kind of account management system and its method based on cloud service |
| CN108268472A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of SaaS softwares mall system and its implementation |
| CN108270848A (en) * | 2017-12-28 | 2018-07-10 | 广州华夏职业学院 | A kind of Financial Information sharing platform system based on cloud service technology |
| CN109491808A (en) * | 2018-11-09 | 2019-03-19 | 国网山东省电力公司信息通信公司 | A kind of cloud service management system |
| CN110011850A (en) * | 2019-04-09 | 2019-07-12 | 苏州浪潮智能科技有限公司 | The management method and device serviced in cloud computing system |
| CN110071855A (en) * | 2019-03-18 | 2019-07-30 | 深圳绿米联创科技有限公司 | Equipment linkage control method, device, system, gateway and storage medium |
| CN110493319A (en) * | 2019-07-23 | 2019-11-22 | 视联动力信息技术股份有限公司 | Method of data synchronization, system and device |
| CN110661782A (en) * | 2019-08-27 | 2020-01-07 | 紫光云(南京)数字技术有限公司 | Public basic service system based on single sign-on and micro-service architecture and implementation method thereof |
| CN110823414A (en) * | 2019-12-12 | 2020-02-21 | 国网湖南省电力有限公司 | Method and system for monitoring temperature of surface layer and core of cable joint |
| CN110881039A (en) * | 2019-11-27 | 2020-03-13 | 杭州安恒信息技术股份有限公司 | Cloud security management system |
| WO2020057438A1 (en) * | 2018-09-17 | 2020-03-26 | 华为技术有限公司 | Software debugging method for cloud computing service, and device |
| CN110933014A (en) * | 2018-09-19 | 2020-03-27 | 中兴通讯股份有限公司 | Cloud service access method, device and computer-readable storage medium |
| CN110930150A (en) * | 2019-11-28 | 2020-03-27 | 吉林亿联银行股份有限公司 | Voucher generation method, voucher signature device, voucher verification method, voucher generation device, voucher verification device, and storage medium |
| WO2020140903A1 (en) * | 2019-01-04 | 2020-07-09 | Byton Limited | Unique id for correlating services across regions |
| CN111400777A (en) * | 2019-11-14 | 2020-07-10 | 杭州海康威视系统技术有限公司 | Network storage system, user authentication method, device and equipment |
| CN111698250A (en) * | 2020-06-11 | 2020-09-22 | 腾讯科技(深圳)有限公司 | Access request processing method and device, electronic equipment and computer storage medium |
| CN111819588A (en) * | 2019-11-13 | 2020-10-23 | 深圳海付移通科技有限公司 | Payment account management method, payment management system and device |
| CN113010911A (en) * | 2021-02-07 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Data access control method and device and computer readable storage medium |
| CN113906714A (en) * | 2019-08-14 | 2022-01-07 | 华为技术有限公司 | Method and device for cloud-based console service in cloud network |
| CN114338223A (en) * | 2022-01-14 | 2022-04-12 | 百果园技术(新加坡)有限公司 | User authentication method, system, device, equipment and storage medium |
| CN114422212A (en) * | 2021-12-31 | 2022-04-29 | 中煤科工集团信息技术有限公司 | Industrial Internet device cloud connection method, system and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222488A (en) * | 2007-01-10 | 2008-07-16 | 华为技术有限公司 | Method and network authentication server for controlling client terminal access to network appliance |
| CN101986599A (en) * | 2010-12-09 | 2011-03-16 | 北京交通大学 | Network security control method based on cloud service and cloud security gateway |
| CN102333065A (en) * | 2010-07-12 | 2012-01-25 | 戴元顺 | Cloud interaction protocol design |
| US20120151568A1 (en) * | 2010-12-13 | 2012-06-14 | International Business Machines Corporation | Method and system for authenticating a rich client to a web or cloud application |
| JP2013008140A (en) * | 2011-06-23 | 2013-01-10 | Hitachi Systems Ltd | Single sign-on system, single sign-on method and authentication server cooperation program |
| CN102970292A (en) * | 2012-11-20 | 2013-03-13 | 无锡成电科大科技发展有限公司 | Single sign on system and method based on cloud management and key management |
-
2013
- 2013-04-03 CN CN201310116005.6A patent/CN103237019B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222488A (en) * | 2007-01-10 | 2008-07-16 | 华为技术有限公司 | Method and network authentication server for controlling client terminal access to network appliance |
| CN102333065A (en) * | 2010-07-12 | 2012-01-25 | 戴元顺 | Cloud interaction protocol design |
| CN101986599A (en) * | 2010-12-09 | 2011-03-16 | 北京交通大学 | Network security control method based on cloud service and cloud security gateway |
| US20120151568A1 (en) * | 2010-12-13 | 2012-06-14 | International Business Machines Corporation | Method and system for authenticating a rich client to a web or cloud application |
| JP2013008140A (en) * | 2011-06-23 | 2013-01-10 | Hitachi Systems Ltd | Single sign-on system, single sign-on method and authentication server cooperation program |
| CN102970292A (en) * | 2012-11-20 | 2013-03-13 | 无锡成电科大科技发展有限公司 | Single sign on system and method based on cloud management and key management |
Cited By (47)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491094A (en) * | 2013-09-26 | 2014-01-01 | 成都三零瑞通移动通信有限公司 | Rapid identity authentication method based on C/S mode |
| CN103532966A (en) * | 2013-10-23 | 2014-01-22 | 成都卫士通信息产业股份有限公司 | Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop |
| CN104580115A (en) * | 2013-10-25 | 2015-04-29 | 中国科学院声学研究所 | Information processing system and method based on virtualization service and SNS information aggregation |
| CN104580115B (en) * | 2013-10-25 | 2018-02-16 | 中国科学院声学研究所 | The information processing system and method being polymerize based on virtualization services and SNS information |
| CN105009521B (en) * | 2013-12-23 | 2018-10-19 | 华为技术有限公司 | Message treatment method and gateway |
| CN105009521A (en) * | 2013-12-23 | 2015-10-28 | 华为技术有限公司 | Message processing method and gateway |
| CN103944883B (en) * | 2014-03-19 | 2017-08-11 | 华存数据信息技术有限公司 | The system and method for cloud application access control under a kind of cloud computing environment |
| CN103944883A (en) * | 2014-03-19 | 2014-07-23 | 华存数据信息技术有限公司 | System and method for cloud application access control under cloud computing environment |
| CN104092602A (en) * | 2014-06-20 | 2014-10-08 | 裴兆欣 | Cloud computing gateway |
| CN108234664B (en) * | 2014-10-23 | 2019-08-09 | 北京人民在线网络有限公司 | A kind of account management method based on cloud service |
| CN108234664A (en) * | 2014-10-23 | 2018-06-29 | 邹铁梅 | A kind of account management system and its method based on cloud service |
| CN104394214A (en) * | 2014-11-26 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | Method and system for protecting desktop cloud service through access control |
| CN104767620A (en) * | 2015-04-13 | 2015-07-08 | 苏州阔地网络科技有限公司 | Identity information management method and device |
| CN105262741A (en) * | 2015-09-29 | 2016-01-20 | 浪潮集团有限公司 | Method for login-free access with permission between clouds |
| CN105871854A (en) * | 2016-04-11 | 2016-08-17 | 浙江工业大学 | Self-adaptive cloud access control method based on dynamic authorization mechanism |
| CN105871854B (en) * | 2016-04-11 | 2018-11-20 | 浙江工业大学 | Adaptive cloud access control method based on dynamic authorization mechanism |
| CN106789276A (en) * | 2016-12-27 | 2017-05-31 | 甘肃万维信息技术有限责任公司 | A kind of cloud computing service Mobile Online of store formula provides system |
| CN106789276B (en) * | 2016-12-27 | 2020-09-08 | 中电万维信息技术有限责任公司 | Mall-type cloud computing service mobile online providing system |
| CN108268472A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of SaaS softwares mall system and its implementation |
| CN107404485B (en) * | 2017-08-02 | 2023-11-07 | 北京天翔睿翼科技有限公司 | Self-verification cloud connection method and system thereof |
| CN107404485A (en) * | 2017-08-02 | 2017-11-28 | 北京天翔睿翼科技有限公司 | A kind of self-validation cloud connection method and its system |
| CN108270848A (en) * | 2017-12-28 | 2018-07-10 | 广州华夏职业学院 | A kind of Financial Information sharing platform system based on cloud service technology |
| WO2020057438A1 (en) * | 2018-09-17 | 2020-03-26 | 华为技术有限公司 | Software debugging method for cloud computing service, and device |
| CN110933014B (en) * | 2018-09-19 | 2023-01-10 | 中兴通讯股份有限公司 | Cloud service access method, device and computer-readable storage medium |
| CN110933014A (en) * | 2018-09-19 | 2020-03-27 | 中兴通讯股份有限公司 | Cloud service access method, device and computer-readable storage medium |
| CN109491808A (en) * | 2018-11-09 | 2019-03-19 | 国网山东省电力公司信息通信公司 | A kind of cloud service management system |
| WO2020140903A1 (en) * | 2019-01-04 | 2020-07-09 | Byton Limited | Unique id for correlating services across regions |
| CN110071855A (en) * | 2019-03-18 | 2019-07-30 | 深圳绿米联创科技有限公司 | Equipment linkage control method, device, system, gateway and storage medium |
| CN110071855B (en) * | 2019-03-18 | 2021-10-22 | 深圳绿米联创科技有限公司 | Equipment linkage control method, device, system, gateway and storage medium |
| CN110011850A (en) * | 2019-04-09 | 2019-07-12 | 苏州浪潮智能科技有限公司 | The management method and device serviced in cloud computing system |
| CN110493319A (en) * | 2019-07-23 | 2019-11-22 | 视联动力信息技术股份有限公司 | Method of data synchronization, system and device |
| CN113906714A (en) * | 2019-08-14 | 2022-01-07 | 华为技术有限公司 | Method and device for cloud-based console service in cloud network |
| CN110661782A (en) * | 2019-08-27 | 2020-01-07 | 紫光云(南京)数字技术有限公司 | Public basic service system based on single sign-on and micro-service architecture and implementation method thereof |
| CN111819588A (en) * | 2019-11-13 | 2020-10-23 | 深圳海付移通科技有限公司 | Payment account management method, payment management system and device |
| CN111400777A (en) * | 2019-11-14 | 2020-07-10 | 杭州海康威视系统技术有限公司 | Network storage system, user authentication method, device and equipment |
| CN111400777B (en) * | 2019-11-14 | 2023-05-02 | 杭州海康威视系统技术有限公司 | Network storage system, user authentication method, device and equipment |
| CN110881039B (en) * | 2019-11-27 | 2022-06-21 | 杭州安恒信息技术股份有限公司 | Cloud security management system |
| CN110881039A (en) * | 2019-11-27 | 2020-03-13 | 杭州安恒信息技术股份有限公司 | Cloud security management system |
| CN110930150A (en) * | 2019-11-28 | 2020-03-27 | 吉林亿联银行股份有限公司 | Voucher generation method, voucher signature device, voucher verification method, voucher generation device, voucher verification device, and storage medium |
| CN110823414A (en) * | 2019-12-12 | 2020-02-21 | 国网湖南省电力有限公司 | Method and system for monitoring temperature of surface layer and core of cable joint |
| CN111698250B (en) * | 2020-06-11 | 2023-11-28 | 腾讯科技(深圳)有限公司 | Access request processing method and device, electronic equipment and computer storage medium |
| CN111698250A (en) * | 2020-06-11 | 2020-09-22 | 腾讯科技(深圳)有限公司 | Access request processing method and device, electronic equipment and computer storage medium |
| CN113010911B (en) * | 2021-02-07 | 2024-05-10 | 腾讯科技(深圳)有限公司 | Data access control method, device and computer readable storage medium |
| CN113010911A (en) * | 2021-02-07 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Data access control method and device and computer readable storage medium |
| CN114422212A (en) * | 2021-12-31 | 2022-04-29 | 中煤科工集团信息技术有限公司 | Industrial Internet device cloud connection method, system and device |
| CN114338223A (en) * | 2022-01-14 | 2022-04-12 | 百果园技术(新加坡)有限公司 | User authentication method, system, device, equipment and storage medium |
| CN114338223B (en) * | 2022-01-14 | 2024-01-09 | 百果园技术(新加坡)有限公司 | User authentication method, system, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103237019B (en) | 2016-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103237019A (en) | Cloud service accessing gateway system and cloud service accessing method | |
| CN103236969B (en) | A kind of gateway system for cloud service accounting management and method | |
| US11297055B2 (en) | Multifactor contextual authentication and entropy from device or device input or gesture authentication | |
| US9992176B2 (en) | Systems and methods for encrypted communication in a secure network | |
| US20230066033A1 (en) | Trusted communication session and content delivery | |
| EP3219049B1 (en) | Account recovery protocol | |
| CN102457507B (en) | Cloud computing resources secure sharing method, Apparatus and system | |
| CN101350717B (en) | Method and system for logging on third party server through instant communication software | |
| CA2744971C (en) | Secure transaction authentication | |
| US10397778B2 (en) | Computer network providing secure mobile device enrollment features and related methods | |
| CN110322940B (en) | Access authorization method and system for medical data sharing | |
| CN111343001A (en) | Social data sharing system based on block chain | |
| KR102189301B1 (en) | System and method for providing blockchain based cloud service with robost security | |
| CN108881290A (en) | Digital certificate application method, system and storage medium based on block chain | |
| CN106471783A (en) | Business system certification and mandate via gateway | |
| CN109587101A (en) | A kind of digital certificate management method, device and storage medium | |
| CN108701094A (en) | The safely storage and distribution sensitive data in application based on cloud | |
| CN107743702A (en) | The single-sign-on of trustship mobile device | |
| CN107924431B (en) | Anonymous application program packaging | |
| EP3742698B1 (en) | Systems and methods providing connection lease anti-theft features for virtual computing sessions | |
| EP4211864A2 (en) | Systems and methods for non-deterministic multi-party, multi-user sender-receiver authentication and non-repudiatable resilient authorized access to secret data | |
| CN106576050B (en) | Three-tier security and computing architecture | |
| Oniga et al. | Iot infrastructure secured by tls level authentication and pki identity system | |
| CA3102920A1 (en) | A secure method to replicate on-premise secrets in a computing environment | |
| Kandil et al. | Mobile agents' authentication using a proposed light Kerberos system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |