CN104348846A - WPKI (wireless public key infrastructure)-based method and system for realizing data communication security of cloud storage system - Google Patents
WPKI (wireless public key infrastructure)-based method and system for realizing data communication security of cloud storage system Download PDFInfo
- Publication number
- CN104348846A CN104348846A CN201310314181.0A CN201310314181A CN104348846A CN 104348846 A CN104348846 A CN 104348846A CN 201310314181 A CN201310314181 A CN 201310314181A CN 104348846 A CN104348846 A CN 104348846A
- Authority
- CN
- China
- Prior art keywords
- wpki
- data
- cloud storage
- storage system
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a WPKI (wireless public key infrastructure)-based method and system for realizing data communication security of a cloud storage system. The method mainly comprises the following steps that: the cloud storage system receives a connection request which is transmitted by a user terminal and carries a WPKI digital certificate of a user; after receiving the connection request, the cloud storage system verifies the WPKI digital certificate, and a safe data channel is constructed between the cloud storage system and the user terminal after the WPKI digital certificate passes verification; and data transmission between the cloud storage system and the user terminal can be realized through utilizing the safe data channel. According to the WPKI-based method and system for realizing the data communication security of the cloud storage system of the invention, the security of communication between the user and cloud storage through the intelligent mobile terminal can be guaranteed though adopting the WPKI technologies, and data which are uploaded to the cloud storage system by the user can be protected. The method and system can be used for verifying whether data are tampered, and can be also used as electronic evidences in security audit, and can guarantee data security of cloud storage users.
Description
Technical field
The present invention relates to media communication technical field, particularly relate to a kind of based on WPKI(Wireless Public Key Infrastructure, WPKI) realize the method and system of cloud storage system data communications security.
Background technology
Cloud storage is to a cloud computing extension conceptually, it refers to by functions such as cluster application, grid or distributed file systems, various dissimilar memory device a large amount of in network is gathered collaborative work by application software, a system of data storage and Operational Visit function is externally provided jointly.The core that cloud stores is the store and management of large data, cloud storage system is by providing polytype interface, dissimilar application service can be provided, as network hard disc, remote data backup application platform, IPTV and video-on-demand applications platform etc. for user.Meanwhile, the user that cloud stores can pass through the multiple subscriber equipmenies such as PC, mobile phone, mobile multimedia, realizes concentrated storage and the resources sharing of the contents such as data, document, picture and video and audio.
But cloud storage system also exists the problem of data security.At the server end of cloud storage system, because a large amount of data all store on the server, present stage, technology cannot reach the ability of all data being carried out to encrypted private key, therefore when cloud storage system is invaded, user data will occur and leak, the dangerous situation such as to be tampered.And at the user side of system that cloud stores, common employing simple authentication method on current mobile intelligent terminal, namely adopts the mode of account encrypted code to carry out debarkation authentication, adopt form expressly to transmit simultaneously.Obviously, there is safety problem in this mechanism, and password just maliciously may be monitored with plaintext version transmission and even distort.
Therefore, develop and a kind ofly ensure data communications security between subscriber equipment and cloud storage system and the method for verification of data integrity is a problem demanding prompt solution.
Summary of the invention
The embodiment provides a kind of method and system realizing cloud storage system data communications security based on WPKI, to realize ensureing data communications security between subscriber equipment and cloud storage system.
Realize a method for cloud storage system data communications security based on WPKI, comprising:
Cloud storage system receives the connection request carrying the WPKI WPKI digital certificate of user that user terminal sends;
After described cloud storage system receives described connection request, described WPKI digital certificate is verified, after being verified of described WPKI digital certificate, between described cloud storage system and described user terminal, set up safe data channel;
Described safe data channel is utilized to carry out transfer of data between described cloud storage system and described user terminal.
After described cloud storage system receives described connection request, described WPKI digital certificate is verified, comprising:
After described cloud storage system receives described connection request, obtain the WPKI digital certificate carried in described connection request, send the certification verification request carrying described WPKI digital certificate to Light Directory Access Protocol ldap directory server;
After described ldap directory server receives described certification verification request, obtain unique identification, the term of validity, the scaling option of described WPKI digital certificate, described in described ldap directory server authentication, whether the term of validity of WPKI certificate is expired, verify whether described WPKI certificate is issued by appointment authentication center CA, verifies that whether the unique identification of described WPKI certificate, scaling option be effective;
Described ldap directory server, after all checkings of described WPKI digital certificate are all passed through, sends the qualified notice of checking to described cloud storage system; After all checkings of described WPKI digital certificate are not all pass through, send the defective notice of checking to described cloud storage system.
Set up safe data channel between described cloud storage system and described user terminal, comprising:
After described cloud storage system receives the qualified notice of checking of described ldap directory server transmission, between described cloud storage system and described user terminal, use the SSL SSL escape way of described WPKI certificate foundation for transmitting data.
Utilize described safe data channel to carry out transfer of data between described cloud storage system and described user terminal, comprising:
Described user terminal adopts digest algorithm to the data genaration digest value needing to upload, use the PKI of described WPKI certificate to be encrypted described digest value, the data write request of mark of the digest value after carrying described data, encryption and described data is transferred to described cloud storage system by described SSL escape way;
After described cloud storage system receives described data write request, the mark of the digest value after the described data of carrying in described data write request, encryption and described data is carried out association store.
Utilize described safe data channel to carry out transfer of data between described cloud storage system and described user terminal, comprising:
Described user terminal sends the data read request of carrying the mark of data to described cloud storage system by described SSL escape way, described cloud storage system obtain the mark correspondence of described data data A1, encryption after digest value B1, by SSL escape way by described data A1, encryption after digest value B1 send to described user terminal;
After described user terminal receives the digest value B1 after described data A1, encryption, digest algorithm is adopted to generate digest value A2 to described data A1, use the private key in described WPKI certificate to be decrypted operation to the digest value B1 after described encryption and obtain B2, described A2 and B2 is compared, when comparative result is consistent, then determine that the digest value B1 after described data A1, encryption is correct; When comparative result is inconsistent, then determine that the digest value B1 after described data A1, encryption is incorrect.
Realize a system for cloud storage system data communications security based on WPKI, comprising: user terminal and cloud storage system,
Described user terminal, for sending the connection request carrying the WPKI digital certificate of user to cloud storage system;
Described cloud storage system, for receive user terminal send carry the connection request of WPKI WPKI digital certificate of user after, described WPKI digital certificate is verified, after being verified of described WPKI digital certificate, and set up safe data channel between described user terminal, and described safe data channel between described user terminal, is utilized to carry out transfer of data.
Described system also comprises: ldap directory server
Described cloud storage system, specifically for sending the certification verification request carrying described WPKI digital certificate to described ldap directory server;
Described ldap directory server, after receiving described certification verification request, obtain unique identification, the term of validity, the scaling option of described WPKI digital certificate, verify that whether the term of validity of described WPKI certificate is expired, verify whether described WPKI certificate is issued by appointment authentication center CA, verifies that whether the unique identification of described WPKI certificate, scaling option be effective;
After all checkings of described WPKI digital certificate are all passed through, send the qualified notice of checking to described cloud storage system; After all checkings of described WPKI digital certificate are not all pass through, send the defective notice of checking to described cloud storage system.
Described cloud storage system, after receiving the qualified notice of checking that described ldap directory server sends, and uses described WPKI certificate to set up SSL SSL escape way for transmitting data between described user terminal.
Described user terminal, specifically for adopting digest algorithm to the data genaration digest value needing to upload, use the PKI of described WPKI certificate to be encrypted described digest value, the data write request of mark of the digest value after carrying described data, encryption and described data is transferred to described cloud storage system by described SSL escape way;
Described cloud storage system, after receiving described data write request, carries out association store by the mark of the digest value after the described data of carrying in described data write request, encryption and described data.
Described user terminal, specifically for sending the data read request of carrying the mark of data to described cloud storage system by described SSL escape way;
Described cloud storage system, specifically for obtain the mark correspondence of described data data A1, encryption after digest value B1, by SSL escape way by described data A1, encryption after digest value B1 send to described user terminal;
Described user terminal, after receiving the digest value B1 after described data A1, encryption, digest algorithm is adopted to generate digest value A2 to described data A1, use the private key in described WPKI certificate to be decrypted operation to the digest value B1 after described encryption and obtain B2, described A2 and B2 is compared, when comparative result is consistent, then determine that the digest value B1 after described data A1, encryption is correct; When comparative result is inconsistent, then determine that the digest value B1 after described data A1, encryption is incorrect.
The technical scheme provided as can be seen from the embodiment of the invention described above; by adopting WPKI technology to ensure, user protects by the safety of mobile intelligent terminal and cloud memory communicating and to the data that user uploads to cloud storage system the embodiment of the present invention; may be used for verification msg whether to distort; also can be used as the electronic evidence in security audit, ensure that cloud stores the data security of user.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is for the process of user terminal to cloud storage system write data, a kind of process chart realizing the method for cloud storage system data communications security based on WPKI that the embodiment of the present invention one provides;
Fig. 2 is the process reading data for user terminal to cloud storage system, a kind of process chart realizing the method for cloud storage system data communications security based on WPKI that the embodiment of the present invention two provides;
A kind of structural representation realizing the system 300 of cloud storage system data communications security based on WPKI that Fig. 3 provides for the embodiment of the present invention three, in figure, user terminal 310, cloud storage system 320 and ldap directory server 330.
Embodiment
For ease of the understanding to the embodiment of the present invention, be further explained explanation below in conjunction with accompanying drawing for several specific embodiment, and each embodiment does not form the restriction to the embodiment of the present invention.
WPKI is the PKI(PublicKeyInfrastructure in network, PKIX) safe practice is incorporated into a set of key and certificate management platform system following written standards in wireless network environment, WPKI establishes safe wireless network environment effectively, is used for managing the public-key cryptography that uses in mobile network environment and digital certificate.WPKI as the optimization expansion in the wireless network of PKI technology, by third-party CA(CertificateAuthority, authentication center) carry out the identity of authentication of users, achieve the safe transmission of information.
LDAP(Lightweight Directory Access Protocol, Light Directory Access Protocol) LIST SERVER is used for each generic attribute of storage object and information, it define one to be used for issuing the agreement of directory information to many different resources, make various application can obtain corresponding information by standard interface LIST SERVER.In PKI platform, ldap directory server is mainly used in issuing certificate information and CRL(Certificate Revocation List, CRL), by this LIST SERVER, application system can inquire certificate information and the certificate status of user.
Embodiment one
For the process of user terminal to cloud storage system write data, this embodiment offers and a kind ofly realize the handling process of the method for managing resource in the method multimedia communications system of cloud storage system data communications security as shown in Figure 1 based on WPKI, comprise following treatment step:
Step S110, user initiate to cloud storage system the connection request carrying the WPKI digital certificate of user by mobile intelligent terminal (i.e. user terminal), carry certificate DN(Distinct Name in above-mentioned WPKI digital certificate, unique identification), the content such as the term of validity, scaling option.
After step S120, cloud storage system receive described connection request, obtain the WPKI digital certificate carried in described connection request, send the certification verification request carrying described WPKI digital certificate to ldap directory server.
After step S130, described ldap directory server receive described certification verification request, obtain unique identification, the term of validity, the scaling option of described WPKI digital certificate.Described in described ldap directory server authentication, whether the term of validity of WPKI certificate is expired, verifies whether described WPKI certificate is issued by appointment authentication center CA, verifies that whether the unique identification of described WPKI certificate, scaling option be effective;
Described ldap directory server, after all checkings of described WPKI digital certificate are all passed through, sends the qualified notice of checking to described cloud storage system; After all checkings of described WPKI digital certificate are not all pass through, send the defective notice of checking to described cloud storage system.
After step S140, cloud storage system receive the qualified notice of above-mentioned checking, between described cloud storage system and described user terminal, use the SSL SSL escape way of described WPKI certificate foundation for transmitting data.
Cloud storage system refuses the connection request of above-mentioned mobile intelligent terminal after receiving the defective notice of above-mentioned checking.
After step S150, SSL escape way are set up, above-mentioned mobile intelligent terminal adopts digest algorithm to the data genaration digest value needing to upload, and then uses the PKI of WPKI certificate to be encrypted digest value.
The data write request of the digest value after step S160, above-mentioned mobile intelligent terminal carry described data, encryption and the mark of described data is transferred to described cloud storage system by described SSL escape way.
After step S170, described cloud storage system receive described data write request, the digest value after the described data of carrying in described data write request, encryption and being identified in data storage of described data are carried out association store.Then, above-mentioned cloud storage system sends data to above-mentioned mobile intelligent terminal and stores success message.
Embodiment two
Read the process of data from cloud storage system for user terminal, this embodiment offers and a kind ofly realize the handling process of the method for managing resource in the method multimedia communications system of cloud storage system data communications security as shown in Figure 2 based on WPKI, comprise following treatment step:
Step S210, user initiate to cloud storage system the connection request carrying the WPKI digital certificate of user by mobile intelligent terminal (i.e. user terminal), carry the contents such as certificate DN, the term of validity, scaling option in above-mentioned WPKI digital certificate.
After step S220, cloud storage system receive described connection request, obtain the WPKI digital certificate carried in described connection request, send the certification verification request carrying described WPKI digital certificate to ldap directory server.
After step S230, described ldap directory server receive described certification verification request, obtain unique identification, the term of validity, the scaling option of described WPKI digital certificate.Described in described ldap directory server authentication, whether the term of validity of WPKI certificate is expired, verifies whether described WPKI certificate is issued by appointment authentication center CA, verifies that whether the unique identification of described WPKI certificate, scaling option be effective;
Described ldap directory server, after all checkings of described WPKI digital certificate are all passed through, sends the qualified notice of checking to described cloud storage system; After all checkings of described WPKI digital certificate are not all pass through, send the defective notice of checking to described cloud storage system.
After step S240, cloud storage system receive the qualified notice of above-mentioned checking, between described cloud storage system and described user terminal, use the SSL SSL escape way of described WPKI certificate foundation for transmitting data.
Cloud storage system refuses the connection request of above-mentioned mobile intelligent terminal after receiving the defective notice of above-mentioned checking.
After step S250, SSL escape way are set up, above-mentioned mobile intelligent terminal sends the data read request of carrying the mark of data to described cloud storage system by described SSL escape way.
Step S260, described cloud storage system are according to the identified query data storage of described data, obtain the digest value B1 after the data A1 of the mark correspondence of described data, encryption, by SSL escape way, the digest value B1 after described data A1, encryption is sent to described mobile intelligent terminal.
After step S270, described mobile intelligent terminal receive the digest value B1 after described data A1, encryption, digest algorithm is adopted to generate digest value A2 to described data A1, use the private key in described WPKI certificate to be decrypted operation to the digest value B1 after described encryption and obtain B2, described A2 and B2 is compared.
Step S280, when above-mentioned comparative result is consistent, then determine described data A1, encryption after digest value B1 be correct, show that user's data be stored in cloud storage system are complete, be not tampered.Complete user's reading data flow journey.
When above-mentioned comparative result is inconsistent, then determines that the digest value B1 after described data A1, encryption is wrong, show that the data that user is stored in cloud storage system may be tampered.User initiates feedback by mobile intelligent terminal to cloud storage system, the reason of interpellation data variation or carry out the mode process such as complaining;
Above-mentioned mobile intelligent terminal sends the whether correct information of the digest value B1 after above-mentioned data A1, encryption to above-mentioned cloud storage system.
Those skilled in the art will be understood that the application type of above-mentioned SSL escape way is only citing; other data transmission security channel types that are existing or that may occur from now on are as being applicable to the embodiment of the present invention; also within scope should being included in, and this is contained at this with way of reference.
Embodiment three
This embodiment offers a kind of system 300 realizing cloud storage system data communications security based on WPKI, its structural representation as shown in Figure 3, comprising: user terminal 310, cloud storage system 320 and ldap directory server 330,
Described user terminal 310, for sending the connection request carrying the WPKI digital certificate of user to cloud storage system;
Described cloud storage system 320, for receive user terminal send carry the connection request of WPKI WPKI digital certificate of user after, described WPKI digital certificate is verified, after being verified of described WPKI digital certificate, and set up safe data channel between described user terminal, and described safe data channel between described user terminal, is utilized to carry out transfer of data.
Concrete, described cloud storage system 320, specifically for sending the certification verification request carrying described WPKI digital certificate to described ldap directory server;
Concrete, described ldap directory server 330, after receiving described certification verification request, obtain unique identification, the term of validity, the scaling option of described WPKI digital certificate, verify that whether the term of validity of described WPKI certificate is expired, verify whether described WPKI certificate is issued by appointment authentication center CA, verifies that whether the unique identification of described WPKI certificate, scaling option be effective;
After all checkings of described WPKI digital certificate are all passed through, send the qualified notice of checking to described cloud storage system; After all checkings of described WPKI digital certificate are not all pass through, send the defective notice of checking to described cloud storage system.
Concrete, described cloud storage system 320, after receiving the qualified notice of checking that described ldap directory server sends, and uses described WPKI certificate to set up SSL SSL escape way for transmitting data between described user terminal.
Concrete, described user terminal 310, specifically for adopting digest algorithm to the data genaration digest value needing to upload, use the PKI of described WPKI certificate to be encrypted described digest value, the data write request of mark of the digest value after carrying described data, encryption and described data is transferred to described cloud storage system by described SSL escape way;
Concrete, described cloud storage system 320, after receiving described data write request, carries out association store by the mark of the digest value after the described data of carrying in described data write request, encryption and described data.
Concrete, described user terminal 310, specifically for sending the data read request of carrying the mark of data to described cloud storage system by described SSL escape way;
Concrete, described cloud storage system 320, specifically for obtaining the digest value B1 after the data A1 of the mark correspondence of described data, encryption, is sent to described user terminal by SSL escape way by the digest value B1 after described data A1, encryption;
Concrete, described user terminal 310, after receiving the digest value B1 after described data A1, encryption, digest algorithm is adopted to generate digest value A2 to described data A1, use the private key in described WPKI certificate to be decrypted operation to the digest value B1 after described encryption and obtain B2, described A2 and B2 is compared, when comparative result is consistent, then determines that the digest value B1 after described data A1, encryption is correct; When comparative result is inconsistent, then determine that the digest value B1 after described data A1, encryption is incorrect
Undertaken realizing the detailed process of cloud storage system data communications security based on WPKI by the system of the embodiment of the present invention and preceding method embodiment similar, repeat no more herein.
In sum; by adopting WPKI technology to ensure, user protects by the safety of mobile intelligent terminal and cloud memory communicating and to the data that user uploads to cloud storage system the embodiment of the present invention; may be used for the data that authentication of users is stored in cloud storage system whether to distort; also can be used as the electronic evidence in security audit, ensure that cloud stores the data security of user.
In the embodiment of the present invention, user terminal is communicated with cloud storage system by SSL escape way, has also ensured the fail safe of communication process, in communication process, all have employed encryption technology to key message, ensured information safety secret.When user is by mobile intelligent terminal uploading data, by making a summary to data with digest algorithm, the method for employing WPKI signature, certifying signature ensures that user uploads to the data security of cloud storage system.
One of ordinary skill in the art will appreciate that: accompanying drawing is the schematic diagram of an embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
As seen through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add required general hardware platform by software and realizes.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment of the present invention or embodiment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for device or system embodiment, because it is substantially similar to embodiment of the method, so describe fairly simple, relevant part illustrates see the part of embodiment of the method.Apparatus and system embodiment described above is only schematic, the wherein said unit illustrated as separating component or can may not be and physically separates, parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of module wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
The above; be only the present invention's preferably embodiment, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (10)
1. realize a method for cloud storage system data communications security based on WPKI, it is characterized in that, comprising:
Cloud storage system receives the connection request carrying the WPKI WPKI digital certificate of user that user terminal sends;
After described cloud storage system receives described connection request, described WPKI digital certificate is verified, after being verified of described WPKI digital certificate, between described cloud storage system and described user terminal, set up safe data channel;
Described safe data channel is utilized to carry out transfer of data between described cloud storage system and described user terminal.
2. the method realizing cloud storage system data communications security based on WPKI according to claim 1, is characterized in that, after described cloud storage system receives described connection request, verifies, comprising described WPKI digital certificate:
After described cloud storage system receives described connection request, obtain the WPKI digital certificate carried in described connection request, send the certification verification request carrying described WPKI digital certificate to Light Directory Access Protocol ldap directory server;
After described ldap directory server receives described certification verification request, obtain unique identification, the term of validity, the scaling option of described WPKI digital certificate, described in described ldap directory server authentication, whether the term of validity of WPKI certificate is expired, verify whether described WPKI certificate is issued by appointment authentication center CA, verifies that whether the unique identification of described WPKI certificate, scaling option be effective;
Described ldap directory server, after all checkings of described WPKI digital certificate are all passed through, sends the qualified notice of checking to described cloud storage system; After all checkings of described WPKI digital certificate are not all pass through, send the defective notice of checking to described cloud storage system.
3. the method realizing cloud storage system data communications security based on WPKI according to claim 1 and 2, is characterized in that, sets up safe data channel, comprising between described cloud storage system and described user terminal:
After described cloud storage system receives the qualified notice of checking of described ldap directory server transmission, between described cloud storage system and described user terminal, use the SSL SSL escape way of described WPKI certificate foundation for transmitting data.
4. the method realizing cloud storage system data communications security based on WPKI according to claim 1, is characterized in that, utilizes described safe data channel to carry out transfer of data, comprising between described cloud storage system and described user terminal:
Described user terminal adopts digest algorithm to the data genaration digest value needing to upload, use the PKI of described WPKI certificate to be encrypted described digest value, the data write request of mark of the digest value after carrying described data, encryption and described data is transferred to described cloud storage system by described SSL escape way;
After described cloud storage system receives described data write request, the mark of the digest value after the described data of carrying in described data write request, encryption and described data is carried out association store.
5. the method realizing cloud storage system data communications security based on WPKI according to claim 3, is characterized in that, utilizes described safe data channel to carry out transfer of data, comprising between described cloud storage system and described user terminal:
Described user terminal sends the data read request of carrying the mark of data to described cloud storage system by described SSL escape way, described cloud storage system obtain the mark correspondence of described data data A1, encryption after digest value B1, by SSL escape way by described data A1, encryption after digest value B1 send to described user terminal;
After described user terminal receives the digest value B1 after described data A1, encryption, digest algorithm is adopted to generate digest value A2 to described data A1, use the private key in described WPKI certificate to be decrypted operation to the digest value B1 after described encryption and obtain B2, described A2 and B2 is compared, when comparative result is consistent, then determine that the digest value B1 after described data A1, encryption is correct; When comparative result is inconsistent, then determine that the digest value B1 after described data A1, encryption is incorrect.
6. realize a system for cloud storage system data communications security based on WPKI, it is characterized in that, comprising: user terminal and cloud storage system,
Described user terminal, for sending the connection request carrying the WPKI digital certificate of user to cloud storage system;
Described cloud storage system, for receive user terminal send carry the connection request of WPKI WPKI digital certificate of user after, described WPKI digital certificate is verified, after being verified of described WPKI digital certificate, and set up safe data channel between described user terminal, and described safe data channel between described user terminal, is utilized to carry out transfer of data.
7. the system realizing cloud storage system data communications security based on WPKI according to claim 6, is characterized in that, described system also comprises: ldap directory server
Described cloud storage system, specifically for sending the certification verification request carrying described WPKI digital certificate to described ldap directory server;
Described ldap directory server, after receiving described certification verification request, obtain unique identification, the term of validity, the scaling option of described WPKI digital certificate, verify that whether the term of validity of described WPKI certificate is expired, verify whether described WPKI certificate is issued by appointment authentication center CA, verifies that whether the unique identification of described WPKI certificate, scaling option be effective;
After all checkings of described WPKI digital certificate are all passed through, send the qualified notice of checking to described cloud storage system; After all checkings of described WPKI digital certificate are not all pass through, send the defective notice of checking to described cloud storage system.
8. the system realizing cloud storage system data communications security based on WPKI according to claim 6 or 7, it is characterized in that, described cloud storage system, after receiving the qualified notice of checking that described ldap directory server sends, and described WPKI certificate between described user terminal, is used to set up SSL SSL escape way for transmitting data.
9. the system realizing cloud storage system data communications security based on WPKI according to claim 8, is characterized in that:
Described user terminal, specifically for adopting digest algorithm to the data genaration digest value needing to upload, use the PKI of described WPKI certificate to be encrypted described digest value, the data write request of mark of the digest value after carrying described data, encryption and described data is transferred to described cloud storage system by described SSL escape way;
Described cloud storage system, after receiving described data write request, carries out association store by the mark of the digest value after the described data of carrying in described data write request, encryption and described data.
10. the system realizing cloud storage system data communications security based on WPKI according to claim 8, is characterized in that:
Described user terminal, specifically for sending the data read request of carrying the mark of data to described cloud storage system by described SSL escape way;
Described cloud storage system, specifically for obtain the mark correspondence of described data data A1, encryption after digest value B1, by SSL escape way by described data A1, encryption after digest value B1 send to described user terminal;
Described user terminal, after receiving the digest value B1 after described data A1, encryption, digest algorithm is adopted to generate digest value A2 to described data A1, use the private key in described WPKI certificate to be decrypted operation to the digest value B1 after described encryption and obtain B2, described A2 and B2 is compared, when comparative result is consistent, then determine that the digest value B1 after described data A1, encryption is correct; When comparative result is inconsistent, then determine that the digest value B1 after described data A1, encryption is incorrect.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310314181.0A CN104348846A (en) | 2013-07-24 | 2013-07-24 | WPKI (wireless public key infrastructure)-based method and system for realizing data communication security of cloud storage system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310314181.0A CN104348846A (en) | 2013-07-24 | 2013-07-24 | WPKI (wireless public key infrastructure)-based method and system for realizing data communication security of cloud storage system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104348846A true CN104348846A (en) | 2015-02-11 |
Family
ID=52503642
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310314181.0A Pending CN104348846A (en) | 2013-07-24 | 2013-07-24 | WPKI (wireless public key infrastructure)-based method and system for realizing data communication security of cloud storage system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104348846A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105488186A (en) * | 2015-12-01 | 2016-04-13 | 徐红伟 | Decentralized distributed credit investigation inquiry release method |
| CN105592059A (en) * | 2015-10-14 | 2016-05-18 | 杭州华三通信技术有限公司 | Digital certificate verification method and device |
| CN106357675A (en) * | 2016-10-21 | 2017-01-25 | 上海爱数信息技术股份有限公司 | Content management method, system and server of security certificate-based authentication method |
| CN106656955A (en) * | 2016-09-26 | 2017-05-10 | 山东浪潮商用系统有限公司 | Communication method and system and user terminal |
| CN106815495A (en) * | 2017-02-21 | 2017-06-09 | 郑州云海信息技术有限公司 | A kind of data processing method and device in cloud environment |
| CN106921481A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | A kind of system and method for tenant's division and purview certification based on PKI |
| CN107257334A (en) * | 2017-06-08 | 2017-10-17 | 中国电子科技集团公司第三十二研究所 | Identity authentication method for Hadoop cluster |
| WO2017177866A1 (en) * | 2016-04-11 | 2017-10-19 | Huawei Technologies Co., Ltd. | Activation of mobile devices in enterprise mobile management |
| CN109981551A (en) * | 2017-12-28 | 2019-07-05 | 航天信息股份有限公司 | A kind of data transmission system based on block chain, method and relevant device |
| CN110351276A (en) * | 2019-07-12 | 2019-10-18 | 全链通有限公司 | Data processing method, equipment and computer readable storage medium |
| CN111149337A (en) * | 2017-10-19 | 2020-05-12 | 国际商业机器公司 | Secure access management of tools within a secure environment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002019609A2 (en) * | 2000-09-01 | 2002-03-07 | 724 Solutions International Srl | Public key infrastructure systems and methods |
| CN1615632A (en) * | 2002-01-12 | 2005-05-11 | 英特尔公司 | Mechanism for supporting wired and wireless methods for client and server side authentication |
| CN101064717A (en) * | 2006-04-26 | 2007-10-31 | 北京华科广通信息技术有限公司 | Safety protection system of information system or equipment and its working method |
| CN101969427A (en) * | 2010-08-24 | 2011-02-09 | 吉林大学 | Set of core equipment for realizing gas station online payment system based on WPKI (Wireless Public Key Infrastructure) |
| CN102413159A (en) * | 2011-03-15 | 2012-04-11 | 北京邮电大学 | Trusty online storage system oriented to network operating system |
| US20130132718A1 (en) * | 2009-04-28 | 2013-05-23 | Sunil C. Agrawal | System And Method For Long-Term Digital Signature Verification Utilizing Light Weight Digital Signatures |
-
2013
- 2013-07-24 CN CN201310314181.0A patent/CN104348846A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002019609A2 (en) * | 2000-09-01 | 2002-03-07 | 724 Solutions International Srl | Public key infrastructure systems and methods |
| CN1615632A (en) * | 2002-01-12 | 2005-05-11 | 英特尔公司 | Mechanism for supporting wired and wireless methods for client and server side authentication |
| CN101064717A (en) * | 2006-04-26 | 2007-10-31 | 北京华科广通信息技术有限公司 | Safety protection system of information system or equipment and its working method |
| US20130132718A1 (en) * | 2009-04-28 | 2013-05-23 | Sunil C. Agrawal | System And Method For Long-Term Digital Signature Verification Utilizing Light Weight Digital Signatures |
| CN101969427A (en) * | 2010-08-24 | 2011-02-09 | 吉林大学 | Set of core equipment for realizing gas station online payment system based on WPKI (Wireless Public Key Infrastructure) |
| CN102413159A (en) * | 2011-03-15 | 2012-04-11 | 北京邮电大学 | Trusty online storage system oriented to network operating system |
Non-Patent Citations (2)
| Title |
|---|
| 李昊 等: "《证书撤销方法研究》", 《计算机与信息》 * |
| 李福祥 等: "《基于数字证书的移动支付协议》", 《计算机科学》 * |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105592059A (en) * | 2015-10-14 | 2016-05-18 | 杭州华三通信技术有限公司 | Digital certificate verification method and device |
| CN105488186A (en) * | 2015-12-01 | 2016-04-13 | 徐红伟 | Decentralized distributed credit investigation inquiry release method |
| CN106921481A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | A kind of system and method for tenant's division and purview certification based on PKI |
| US10142323B2 (en) | 2016-04-11 | 2018-11-27 | Huawei Technologies Co., Ltd. | Activation of mobile devices in enterprise mobile management |
| CN108886530B (en) * | 2016-04-11 | 2021-02-12 | 华为技术有限公司 | Method for activating mobile device in enterprise mobile management and mobile device |
| WO2017177866A1 (en) * | 2016-04-11 | 2017-10-19 | Huawei Technologies Co., Ltd. | Activation of mobile devices in enterprise mobile management |
| CN108886530A (en) * | 2016-04-11 | 2018-11-23 | 华为技术有限公司 | The activation of mobile device in Enterprise Mobile management |
| CN106656955A (en) * | 2016-09-26 | 2017-05-10 | 山东浪潮商用系统有限公司 | Communication method and system and user terminal |
| CN106357675A (en) * | 2016-10-21 | 2017-01-25 | 上海爱数信息技术股份有限公司 | Content management method, system and server of security certificate-based authentication method |
| CN106815495A (en) * | 2017-02-21 | 2017-06-09 | 郑州云海信息技术有限公司 | A kind of data processing method and device in cloud environment |
| CN106815495B (en) * | 2017-02-21 | 2020-08-04 | 苏州浪潮智能科技有限公司 | Data processing method and device in cloud environment |
| CN107257334B (en) * | 2017-06-08 | 2020-07-14 | 中国电子科技集团公司第三十二研究所 | Identity authentication method for Hadoop cluster |
| CN107257334A (en) * | 2017-06-08 | 2017-10-17 | 中国电子科技集团公司第三十二研究所 | Identity authentication method for Hadoop cluster |
| CN111149337A (en) * | 2017-10-19 | 2020-05-12 | 国际商业机器公司 | Secure access management of tools within a secure environment |
| US11799861B2 (en) | 2017-10-19 | 2023-10-24 | International Business Machines Corporation | Secure access management for tools within a secure environment |
| CN109981551A (en) * | 2017-12-28 | 2019-07-05 | 航天信息股份有限公司 | A kind of data transmission system based on block chain, method and relevant device |
| CN110351276A (en) * | 2019-07-12 | 2019-10-18 | 全链通有限公司 | Data processing method, equipment and computer readable storage medium |
| CN110351276B (en) * | 2019-07-12 | 2021-11-23 | 全链通有限公司 | Data processing method, device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104348846A (en) | WPKI (wireless public key infrastructure)-based method and system for realizing data communication security of cloud storage system | |
| US8788811B2 (en) | Server-side key generation for non-token clients | |
| US11716207B1 (en) | System and method for a dynamic-PKI for a social certificate authority | |
| US8407477B2 (en) | Information distribution system and program for the same | |
| KR20180029695A (en) | System and method for transmitting data using block-chain | |
| CN104348870A (en) | Data management method and system of cloud storage system based on trusted timestamp | |
| US20110296171A1 (en) | Key recovery mechanism | |
| KR20190031989A (en) | System and method for processing electronic contracts based on blockchain | |
| US20180109530A1 (en) | Peer to peer enterprise file sharing | |
| CN109905474B (en) | Data security sharing method and device based on block chain | |
| US20170279807A1 (en) | Safe method to share data and control the access to these in the cloud | |
| US7877600B2 (en) | Method and apparatus for distributing root certification | |
| US9203610B2 (en) | Systems and methods for secure peer-to-peer communications | |
| KR102325725B1 (en) | Digital certificate management method and device | |
| US8726406B2 (en) | Controlling a usage of digital data between terminals of a telecommunications network | |
| KR20210045676A (en) | Vehicle communication system and method of secure communication therefor | |
| CN113541970B (en) | Method and system for using distributed identifier | |
| CN108632251B (en) | Credible authentication method based on cloud computing data service and encryption algorithm thereof | |
| CN113193961B (en) | Digital certificate management method and device | |
| WO2023221591A1 (en) | Data transmission method, and related apparatus, device and storage medium | |
| CN106465107A (en) | Authorization method and apparatus for management of embedded universal integrated circuit card | |
| CN109391473B (en) | Electronic signature method, device and storage medium | |
| WO2004071123A1 (en) | Radio ad hoc communication system, terminal, attribute certificate issuing proposal method and attribute certificate issuing request method at the terminal, and a program for executing the methods | |
| CN106257483B (en) | Processing method, equipment and the system of electronic data | |
| KR101256114B1 (en) | Message authentication code test method and system of many mac testserver |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150211 |
|
| RJ01 | Rejection of invention patent application after publication |