CN105354507B - A kind of data safety time slot scrambling under cloud environment - Google Patents
A kind of data safety time slot scrambling under cloud environment Download PDFInfo
- Publication number
- CN105354507B CN105354507B CN201510696609.1A CN201510696609A CN105354507B CN 105354507 B CN105354507 B CN 105354507B CN 201510696609 A CN201510696609 A CN 201510696609A CN 105354507 B CN105354507 B CN 105354507B
- Authority
- CN
- China
- Prior art keywords
- user
- control module
- cloud
- information
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses the data safety time slot scramblings under a kind of cloud environment, it is based on a kind of independent Third Party Authentication and storage device and terminal security detects program, the Third Party Authentication and storage device include automatic control chip and memory, the program run on the automatic control chip includes control module and file system module, the memory includes encryption memory block and general memory area, the control module is by calling file system module to access the encryption memory block of memory, the general memory area includes that terminal security detects program, the encryption memory block includes authentication information, key and algorithm software carrier, the key uses AES symmetric keys and the united cipher mode of RSA unsymmetrical key, it is additionally provided with Fingerprint Identification Unit in the Third Party Authentication and storage device.Data safety time slot scrambling under a kind of cloud environment of the present invention has ensured that data are not stolen in cloud environment and has distorted that improve user data has higher safety and confidentiality in terminal and server-side.
Description
【Technical field】
The present invention relates to a kind of method of protection information safety, more particularly to the data safety secrecy side under a kind of cloud environment
Method.
【Background technology】
Cloud computing supports user to obtain application service at an arbitrary position, using various terminals, and requested resource comes from
" cloud ", rather than fixed tangible entity.Either all there is a large amount of private data, such as enterprise in enterprise or personal user
Trade secret data, corporate client information data, financial data, Private Banking's account and password, privacy photo etc..For making
For the user of cloud computing service, " cloud " just as a black box, because in cloud environment, user is not aware that its data most
Eventually storage wherein, data transmission procedure whether safety, do not know whether cloud service provider has special access right to obtain user yet
Data.In other words, user is unable to control the data under cloud environment, this will necessarily cause secret of the user to stored data
The worry of the safety problems such as property, integrality and user privacy.
How to ensure safety of the data of user under cloud environment simultaneously using cloud computing service in user, i.e., how to protect
Data are not stolen and distort in card network transmission process;How to ensure that cloud computing service quotient can not will use when obtaining data
Family sensitive data is simultaneously leaked out;As by stringent purview certification and being that legal data are visited with guarantee access user
It asks, ensures that user at any time can be safe is accessed the data of itself, have become and calculate service evolution
Problem in the urgent need to address in the middle.
【Invention content】
It is an object of the invention to overcome above-mentioned the deficiencies in the prior art, the data safety secrecy under a kind of cloud environment is provided
Method aims to solve the problem that not strong, data are easy to be compromised using information privacy during cloud computing service in the prior art
Technical problem.
To achieve the above object, the present invention proposes the data safety time slot scrambling under a kind of cloud environment, based on one kind
Independent Third Party Authentication and storage device and terminal security detect program, and the Third Party Authentication and storage device include automatic control
Chip and memory, the program run on the automatic control chip include control module and file system module, the memory packet
The memory block containing encryption and general memory area, the control module are stored by the encryption for calling file system module to access memory
Area, the general memory area include that terminal security detects program, and the encryption memory block includes authentication information, key and calculation
Method software carrier, the key are recognized using AES symmetric keys and the united cipher mode of RSA unsymmetrical key, the third party
It is additionally provided with Fingerprint Identification Unit in card and storage device, is as follows:
A) original state:Third Party Authentication and storage device are accessed terminal device with cloud to communicate by usb protocol
It connects, the control module operation on automatic control chip;
B) password authentification:Third Party Authentication and storage device and cloud access after terminal equipment in communication connect, automatic spring the
Tripartite's certification and storage device password authentification frame wait for the input of user, and password input by user are transmitted to control module,
Control module calls file system module to access the encryption memory block of memory, by password input by user and Third Party Authentication and
The device password of storage device configurations is compared, if be consistent, goes to step E), if be not consistent, password is tested
The number of card is counted, if the number that password authentification is not consistent reaches N1It is secondary, go to step D), not up to N1It is secondary, it feeds back
The information of password authentification mistake, goes to step C);
C) authentication failed:Third Party Authentication and storage device pop-up device password authentification frame again, wait for the input of user,
Return back to step B);
D failure) is accessed:Control module checks Third Party Authentication and the scheduled configuration information of storage device, if matching confidence
To format, then control module resets to defaults breath by password is verified, and file system module is called to remove memory inside
All Files, while being automatically closed after popping up the excessive caution frame of errors number, disconnect Third Party Authentication and storage device with
Cloud accesses the communication connection of terminal device, returns back to step A), if configuration information is not format, control module is by mistake
The excessive information of number feeds back to user by popping up caution frame on Third Party Authentication and storage device, goes to step W);
E) initialization apparatus:After user password is proved to be successful, Third Party Authentication and storage device load generic storage automatically
Area, and automatic control chip, the program in encryption memory block and file are initialized, automatic control chip checks that cloud accesses eventually by control module
End equipment whether there is safety detection program, and if it exists, then go to step G), if being not present, go to step F);
F) safety detection program is installed:Automatic control chip calls file system module to access generic storage by control module
Area, and operational safety detects program, and the automatic installation for completing safety detection program on terminal device is accessed in cloud service, goes to step
Rapid I);
G security strategy) is updated:Automatic control chip updates the safety inspection that cloud service accesses terminal device system by control module
Strategy is looked into, step I is gone to after the completion of update);
I) safety inspection:User's operational safety detects program and carries out safety inspection to accessing terminal system, and judges terminal
Whether system meets secure access baseline, if satisfied, then going to step K), if not satisfied, then going to step J);
J) terminal system security hardening:Safety detection program carries out custom security early warning in terminal system and safety adds
Gu returning back to step I);
K) purview certification:Control module pops up user identity purview certification according to the information for meeting secure access baseline
Certification frame, user input authentication information in certification frame, and control module is preset by authentication information and encryption memory block
Authentication information be compared, if be consistent, go to step M), if be not consistent, to the number of authentication into
Row counts, if the number of authentication reaches N2It is secondary, then go to step W), not up to N2It is secondary, feed back authentication mistake
Information goes to step L);
L) authentification failure:Control module pops up authentication frame again according to the information of authentification failure, waits for user's input,
Return back to step K);
M) Cloud Server logs in:Control module is according to the successful information of authentication, and in cloud service terminal, pop-up user steps on
Information Authentication frame is recorded, user's input, control module is waited for compare log-on message input by user and former configuration information, if
It is consistent, then goes to step P), if be not consistent, the number of log-on message verification is counted, if log-on message is verified
Number reach N3It is secondary, then go to step W), not up to N3It is secondary, feed back the information of log-on message authentication error, go to step O);
O) login failure:User login information is popped up again according to the information of authentication failed and verifies frame, waits for user's input,
Return back to step M);
P Cloud Server) is accessed:After user logins successfully, called by the control module of Third Party Authentication and storage device
File system module directly accesses the resource in cloud computing server;
Q) Data Encryption Transmission:User calls file system module to access encryption memory block by control module, using RSA
The public key of unsymmetrical key and run algorithm software carrier to AES symmetric keys and encryption memory block in significant data together into
The processing of row asymmetric encryption, makes AES symmetric keys and significant data exist with ciphertext form, and be sent to cloud by trusted channel
The cloud processor module of server;
R) data application is handled:Significant data in ciphertext is applied with cloud processor die processing routine in the block
Processing;
S) symmetric cryptography is handled:With the encrypting module of Cloud Server, symmetric encipherment algorithm is run using AES symmetric keys
Corresponding with treated, significant data is encrypted again, and data is made to exist with secondary encrypted ciphertext form;
T) data store:Control module directly accesses the cloud storage processing module of Cloud Server, into data and the file of racking
Storage service, secondary encrypted ciphertext is stored into cloud computing data storage server;
U Cloud Server) is exited:After the completion of storage, user exits Cloud Server;
V) record log:After user completes operation, control module process, file data information depending on the user's operation
Transmission process is organized into log information, and the log information is written in the record space in memory;
W) end operation:Control module directly controls Third Party Authentication and storage device and cloud according to the information received
It accesses terminal device and disconnects communication connection.
Preferably, the Fingerprint Identification Unit is connect with automatic control chip, and communicated with control module, the Fingerprint Identification Unit
The fingerprint of upper recording is bound with user.
Preferably, the step B) in N1Value >=3.
Preferably, the step K) in N2Value >=3.
Preferably, the step M) in N3Value >=3.
Preferably, the step I) in safety inspection object include cloud access terminal device OS Type, end
Mouth development situation, antivirus software installation situation, viral wooden horse situation.
Preferably, the step Q) in trusted channel include http protocol, the channels VPN.
Preferably, the public key of the RSA unsymmetrical key and the private key of RSA unsymmetrical key match, RSA is asymmetric close
The private key of key is only that user is all.
Preferably, the step W) in the information that receives of control module include the information not formatted, identity authority
Certification number reaches N2Secondary information and log-on message verification number reach N3Secondary information.
Beneficial effects of the present invention:Compared with prior art, a kind of cloud service provided by the invention accesses the safety of terminal
Support method, step is reasonable, is managed to authentication information and key using independent Third Party Authentication and storage device,
And data are carried out with the encryption of data in cloud service terminal and server-side, make data under cloud environment with the shape of encrypted cipher text
Formula exists, and avoids data with non-so that plaintext version exists and is easily stolen the case where stealing, improves data in cloud environment
Safety, ensure the data ownership of user.Before accessing Cloud Server, safety detection, right is carried out to terminal device system
The safety of terminal system carries out automatic early-warning and security hardening processing, to use cloud computing service to lay foundation for security;Data
Asymmetric encryption processing is first passed around, it is rear to be handled again by the encrypting module symmetric cryptography of Cloud Server, ensure in transmission and cloud
Data in server exist in the form of ciphertext always, and data is prevented to be compromised, steal and illegally visit in terminal, server-side
It asks, further improves the safety of data, ensured the security reliability under user data cloud environment.
The feature and advantage of the present invention will be described in detail by embodiment combination attached drawing.
【Description of the drawings】
Fig. 1 is the flow diagram of the embodiment of the present invention.
【Specific implementation mode】
In order to make the objectives, technical solutions and advantages of the present invention clearer, right below by attached drawing and embodiment
The present invention is further elaborated.However, it should be understood that specific embodiment described herein is only used to explain this hair
Range that is bright, being not intended to restrict the invention.In addition, in the following description, descriptions of well-known structures and technologies are omitted, with
Avoid unnecessarily obscuring idea of the invention.
Refering to fig. 1, the embodiment of the present invention provides the data safety time slot scrambling under a kind of cloud environment, is based on a kind of independence
Third Party Authentication and storage device and terminal security detect program, the Third Party Authentication and storage device include automatic control chip
And memory, the program run on the automatic control chip include control module and file system module, the memory include plus
Close memory block and general memory area, the control module access the encryption memory block of memory by calling file system module,
The general memory area includes that terminal security detects program, and the encryption memory block includes authentication information, key and algorithm
Software carrier, the key use AES symmetric keys and the united cipher mode of RSA unsymmetrical key, the Third Party Authentication
And Fingerprint Identification Unit is additionally provided in storage device.
Usually, ordinary mobile storage contains only general memory area, and the file of its internal storage can be serviced
Terminal operating system is directly parsed and is operated, and movable storage device does not have the function of keeping secret to data, i.e. device memory is stored up
Data be easy to be compromised or steal, therefore, in order to avoid the generation of the above situation, the third party in the embodiment of the present invention recognizes
Card and storage device carry automatic control chip, and the Third Party Authentication and storage device include to encrypt memory block and general memory area,
Vital document or data be stored in encryption memory block in, accessed by automatic control chip or parse encryption memory block in data with
File is encrypted in memory block comprising authentication information, key, significant data etc., is set using Third Party Authentication and storage in addition
Standby automatic control chip directly accesses, and important information, key and data is accessed terminal system physical isolation with cloud service, it is ensured that weight
The case where wanting information not to be stolen and leak significantly reduces the worry degree of user.
It is as follows:
A) original state:Third Party Authentication and storage device are accessed terminal device with cloud to communicate by usb protocol
It connects, the control module operation on automatic control chip.
B) password authentification:Third Party Authentication and storage device and cloud access after terminal equipment in communication connect, automatic spring the
Tripartite's certification and storage device password authentification frame wait for the input of user, and password input by user are transmitted to control module,
Control module calls file system module to access the encryption memory block of memory, by password input by user and Third Party Authentication and
The device password of storage device configurations is compared, if be consistent, goes to step E), if be not consistent, password is tested
The number of card is counted, if the number that password authentification is not consistent reaches N1It is secondary, go to step D), not up to N1It is secondary, it feeds back
The information of password authentification mistake, goes to step C).
In embodiments of the present invention, user needs the device password authentication by Third Party Authentication and storage device configurations
The equipment, i.e. step B can be run) it is limited in the first step of cloud service terminal as using before cloud computing service, it prevents illegal
User directly accesses the memory block of Third Party Authentication and storage device, while control module can be set in Third Party Authentication and storage
Standby to access with cloud service after terminal device disconnection communicate, still retain password authentification does not meet number, and disabled user is avoided to lead to
It crosses disconnection Third Party Authentication and storage device and is verified with terminal device is accessed to continuously attempt to password.
Wherein, N1Value >=3, in an embodiment of the present invention, N1Value take 5.
C) authentication failed:Third Party Authentication and storage device pop-up device password authentification frame again, wait for the input of user,
Return back to step B).
D failure) is accessed:Control module checks Third Party Authentication and the scheduled configuration information of storage device, if matching confidence
To format, then control module resets to defaults breath by password is verified, and file system module is called to remove memory inside
All Files, while being automatically closed after popping up the excessive caution frame of errors number, disconnect Third Party Authentication and storage device with
Cloud accesses the communication connection of terminal device, returns back to step A), if configuration information is not format, control module is by mistake
The excessive information of number feeds back to user by popping up caution frame on Third Party Authentication and storage device, goes to step W).
In embodiments of the present invention, the information of configuration is set by the producer in the control chip manufacturing stage, also can be by
User is adjusted and sets according to the significance level of storage data.If user's configuration information is to format, third party recognizes
Vital document or data in the memory block of card and storage device will be formatted by control module, prevent internal number
It is stolen according to by disabled user, avoids unnecessary loss.
E) initialization apparatus:After user password is proved to be successful, Third Party Authentication and storage device load generic storage automatically
Area, and automatic control chip, the program in encryption memory block and file are initialized, automatic control chip checks that cloud accesses eventually by control module
End equipment whether there is safety detection program, and if it exists, then go to step G), if being not present, go to step F).
F) safety detection program is installed:Automatic control chip calls file system module to access generic storage by control module
Area, and operational safety detects program, and the automatic installation for completing safety detection program on terminal device is accessed in cloud service, goes to step
Rapid I).
G security strategy) is updated:Automatic control chip updates the safety inspection that cloud service accesses terminal device system by control module
Strategy is looked into, step I is gone to after the completion of update).
I) safety inspection:User's operational safety detects program and carries out safety inspection to accessing terminal system, and judges terminal
Whether system meets secure access baseline, if satisfied, then going to step K), if not satisfied, then going to step J).
Wherein, safety inspection object includes that access the OS Type of terminal device, port development situation, antivirus soft for cloud
Part installation situation, viral wooden horse situation etc..
J) terminal system security hardening:Safety detection program carries out custom security early warning in terminal system and safety adds
Gu returning back to step I).
In embodiments of the present invention, step E) to step J) as using before cloud computing service the second of cloud service terminal
Step limitation controls chip initiation equipment and parses the safety of terminal system, until terminal system is there are security checking program,
By the safety inspection of security checking program, the security performance of terminal system is reinforced, until terminal system meets secure access base
Line is allowed for access and is operated in next step.
Further, Third Party Authentication and storage device carry terminal security and detect program, if accessing terminal device without peace
Total inspection program, then control module operation terminal security detection program, program self-analytic data simultaneously are completed to install.
Further, safety detection program is soft to access terminal progress OS Type, port development situation, antivirus
The safety detection of part installation situation, viral wooden horse situation etc..
K) control module pops up the certification frame of user identity purview certification according to the information for meeting secure access baseline, uses
Family inputs authentication information in certification frame, and control module is by authentication information and encrypts the preset authentication in memory block
Information is compared, if be consistent, goes to step M), if be not consistent, the number of authentication is counted, if
The number of authentication reaches N2It is secondary, then go to step W), not up to N2It is secondary, the information of authentication mistake is fed back, step is gone to
Rapid L).
Wherein, N2Value >=3, in an embodiment of the present invention, N2Value take 4.
L) authentification failure:Control module pops up authentication frame again according to the information of authentification failure, waits for user's input,
Return back to step K).
In embodiments of the present invention, step K) as using the third step limitation before cloud computing service, prevent disabled user
Limited by preceding twice and access file or data, user need by purview certification can access encryption memory block file or
Data, and will be warned by purview certification, while control module can write down the number of authentification failure, and recognize in third party
Card and storage device with access terminal device disconnect communicate to connect when, which still retains, avoid disabled user pass through it is disconnected
It opens Third Party Authentication and storage device to record to remove authentification failure with the connection for accessing terminal device, to prevent disabled user
Continuously attempt to purview certification.
Further, Third Party Authentication and storage device are equipped with Fingerprint Identification Unit, the Fingerprint Identification Unit and control core
Piece connects, and is communicated with control module, and authentication information is bound with user, i.e., authentication information is that the fingerprint of user is believed
Breath.
M) Cloud Server logs in:Control module is according to the successful information of authentication, and in cloud service terminal, pop-up user steps on
Information Authentication frame is recorded, user's input, control module is waited for compare log-on message input by user and former configuration information, if
It is consistent, then goes to step P), if be not consistent, the number of log-on message verification is counted, if log-on message is verified
Number reach N3It is secondary, then go to step W), not up to N3It is secondary, feed back the information of log-on message authentication error, go to step O).
O) login failure:User login information is popped up again according to the information of authentication failed and verifies frame, waits for user's input,
Return back to step M).
In embodiments of the present invention, step M) it is limited in the 4th step of service terminal as using before cloud computing service,
The data in encryption memory block are accessed after preventing disabled user from breaking through first three step limitation, if login authentication number is more than N3It is secondary, control
Molding block can still retain after the disconnection of third party's movable storage device and hardware platform communicate verifies number, without the
Tripartite's movable storage device removes login authentication record after being disconnected by force with hardware platform, avoid disabled user and continuously attempt to step on
Record.
Wherein, N3Value >=3, in an embodiment of the present invention, N3Value take 4.
P Cloud Server) is accessed:After user logins successfully, called by the control module of Third Party Authentication and storage device
File system module directly accesses the resource in cloud computing server.
Q) Data Encryption Transmission:User calls file system module to access encryption memory block by control module, using RSA
The public key of unsymmetrical key and run algorithm software carrier to AES symmetric keys and encryption memory block in significant data together into
The processing of row asymmetric encryption, makes AES symmetric keys and significant data exist with ciphertext form, and be sent to cloud by trusted channel
The cloud processor module of server.
Wherein, trusted channel includes http protocol, the channels VPN.
It is non-right together in conjunction with significant data to AES symmetric keys by the public key of RSA unsymmetrical key in cloud service terminal
Claim encryption, it is ensured that significant data exists in the form of ciphertext always during transmission and in Cloud Server, really
Protect data safe enough.
Further, the public key of RSA unsymmetrical key and the private key of RSA unsymmetrical key match, RSA unsymmetrical key
Private key is only that user is all.The data deciphering of private key pair encryption, ability further operating are used and if only if user, and private key is only
It is all for user, there is enough confidentiality, further ensured the safety of data.
R) data application is handled:Significant data in ciphertext is applied with cloud processor die processing routine in the block
Processing.
S) symmetric cryptography is handled:With the encrypting module of Cloud Server, symmetric encipherment algorithm is run using AES symmetric keys
Corresponding with treated, significant data is encrypted again, and data is made to exist with secondary encrypted ciphertext form.
T) data store:Control module directly accesses the cloud storage processing module of Cloud Server, into data and the file of racking
Storage service, secondary encrypted ciphertext is stored into cloud computing data storage server.
It when data are in Cloud Server, is encrypted again by symmetric encipherment algorithm so that data are finally in cloud service
Exist with secondary encrypted ciphertext form when in device, further enhances the privacy degrees and safe coefficient of data, user is not required to
Worry significant data which position of cloud computing data storage server, whether can be stolen the case where.
Further, first significant data is handled using RSA asymmetric encryption, RSA rivest, shamir, adelmans intensity complexity,
It is safe, it can ensure that significant data and AES symmetric keys are not stolen, symmetric cryptography is being carried out in Cloud Server, this
When encryption Environmental security, and AES symmetric keys and significant data, with non-readable ciphertext form, safety increases
By force.
U Cloud Server) is exited:After the completion of storage, user exits Cloud Server.
V) record log:After user completes operation, control module information such as process, file data depending on the user's operation
Transmission process be organized into log information, and the log information is written in the record space in memory.
W) end operation:Control module directly controls Third Party Authentication and storage device and cloud according to the information received
It accesses terminal device and disconnects communication connection.
In embodiments of the present invention, after data are by secondary encryption, encrypted cipher text is stored into depositing to cloud data and file
It stores up in server, has ensured that user data permanent storage, disabled user can not be stolen, can not have been accessed stealing, ensure
Reliability and securities of the data in cloud environment.
Further, for user after exiting Cloud Server, control module gets off log information recording, and log information is
It is separately written in the record space in memory by control module, to prevent the third party or poisoning intrusion in encryption memory block
File when either data access or are deleted, user can by checking the log information inside control module,
Understand transmission path and the time of file or data, and give for change in time, avoids unnecessary loss.
Closer, control module can according to the information that receives, including do not format information, identity authority certification
Number reaches N2Secondary information and log-on message verification number reach N3Secondary information, disconnect in time Third Party Authentication and storage device with
Cloud accesses the communication connection of terminal device, and the possibility that data are stolen will most zero.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
Any modification, equivalent replacement or improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.
Claims (9)
1. the data safety time slot scrambling under a kind of cloud environment, it is characterised in that:It is based on a kind of independent Third Party Authentication and
Storage device and terminal security detect program, the Third Party Authentication and storage device and include automatic control chip and memory, described
The program run on automatic control chip includes control module and file system module, and the memory is comprising encryption memory block and commonly
Memory block, the control module is by calling file system module to access the encryption memory block of memory, the general memory area
Including terminal security detects program, the encryption memory block includes authentication information, key and algorithm software carrier, described close
Key uses AES symmetric keys and the united cipher mode of RSA unsymmetrical key, is also set in the Third Party Authentication and storage device
There is Fingerprint Identification Unit, is as follows:
A) original state:Third Party Authentication and storage device are accessed terminal device with cloud to be communicatively coupled by usb protocol,
Control module operation on automatic control chip;
B) password authentification:After Third Party Authentication and storage device are connect with cloud access terminal equipment in communication, automatic spring third party
Certification and storage device password authentification frame wait for the input of user, and password input by user are transmitted to control module, control
Module calls the encryption memory block of file system module access memory, by password input by user and Third Party Authentication and storage
The device password of device configuration is compared, if be consistent, goes to step E), if be not consistent, to password authentification
Number is counted, if the number that password authentification is not consistent reaches N1It is secondary, go to step D), not up to N1Secondary then feedback cipher
The information of authentication error, goes to step C);
C) authentication failed:Third Party Authentication and storage device pop-up device password authentification frame again, wait for the input of user, turn round
To step B);
D failure) is accessed:Control module checks Third Party Authentication and the scheduled configuration information of storage device, if configuration information is
It formats, then control module resets to defaults password is verified, and calls the institute of file system module removing memory inside
There is file, while being automatically closed after popping up the excessive caution frame of errors number, disconnects Third Party Authentication and storage device and visited with cloud
The communication connection for asking terminal device, returns back to step
A), if configuration information is not format, control module passes through the excessive information of errors number in Third Party Authentication
And pop up caution frame in storage device and feed back to user, go to step W);
E) initialization apparatus:After user password is proved to be successful, Third Party Authentication and storage device load general memory area automatically, and
Automatic control chip, the program in encryption memory block and file are initialized, automatic control chip checks that cloud accesses terminal and sets by control module
It is standby to whether there is safety detection program, and if it exists, then to go to step G), if being not present, go to step F);
F) safety detection program is installed:Automatic control chip calls file system module to access general memory area by control module, and
Operational safety detects program, and the automatic installation for completing safety detection program on terminal device is accessed in cloud service, goes to step I);
G security strategy) is updated:Automatic control chip updates the safety inspection plan that cloud service accesses terminal device system by control module
Slightly, step I is gone to after the completion of update);
I) safety inspection:User's operational safety detects program and carries out safety inspection to accessing terminal system, and judges terminal system
Whether satisfaction has secure access to baseline, if satisfied, then going to step K), if not satisfied, then going to step J);
J) terminal system security hardening:Safety detection program carries out custom security early warning and security hardening in terminal system,
Return back to step I);
K) purview certification:Control module pops up the certification of user identity purview certification according to the information for meeting secure access baseline
Frame, user input authentication information in certification frame, and control module is by authentication information and encrypts the preset body in memory block
Part authentication information is compared, if be consistent, goes to step M), if be not consistent, the number of authentication is counted
Number, if the number of authentication reaches N2It is secondary, then go to step W), not up to N2It is secondary, the information of authentication mistake is fed back,
Go to step L);
L) authentification failure:Control module pops up authentication frame again according to the information of authentification failure, waits for user's input, revolution
To step K);
M) Cloud Server logs in:Control module is according to the successful information of authentication, and in cloud service terminal, pop-up user logs in letter
Breath verification frame waits for user's input, and control module compares log-on message input by user and former configuration information, if phase
Symbol, then go to step P), if be not consistent, the number of log-on message verification is counted, if log-on message verification
Number reaches N3It is secondary, then go to step W), not up to N3It is secondary, feed back the information of log-on message authentication error, go to step O);
O) login failure:User login information is popped up again according to the information of authentication failed and verifies frame, waits for user's input, revolution
To step M);
P Cloud Server) is accessed:After user logins successfully, file is called by the control module of Third Party Authentication and storage device
System module directly accesses the resource in cloud computing server;
Q) Data Encryption Transmission:User calls file system module to access encryption memory block by control module, non-right using RSA
Claim key public key and run algorithm software carrier to AES symmetric keys and encryption memory block in significant data carry out together it is non-
Symmetric cryptography processing, makes AES symmetric keys and significant data exist with ciphertext form, and be sent to cloud service by trusted channel
The cloud processor module of device;
R) data application is handled:Significant data in ciphertext is carried out using place with cloud processor die processing routine in the block
Reason;
S) symmetric cryptography is handled:With the encrypting module of Cloud Server, corresponded to using AES symmetric keys operation symmetric encipherment algorithm
With treated, significant data is encrypted again, and data is made to exist with secondary encrypted ciphertext form;
T) data store:Control module directly accesses the cloud storage processing module of Cloud Server, into depositing for rack data and file
Storage service, secondary encrypted ciphertext is stored into cloud computing data storage server;
U Cloud Server) is exited:After the completion of storage, user exits Cloud Server;
V) record log:After user completes operation, the transmission of control module process, file data information depending on the user's operation
Process is organized into log information, and the log information is written in the record space in memory;
W) end operation:Control module directly controls Third Party Authentication and storage device and is accessed with cloud according to the information received
Terminal device disconnects communication connection.
2. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The fingerprint recognition
Device is connect with automatic control chip, and is communicated with control module, and the fingerprint recorded on the Fingerprint Identification Unit is bound with user.
3. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step B) in
N1Value >=3.
4. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step K) in
N2Value >=3.
5. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step M) in
N3Value >=3.
6. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step I) in
Safety inspection object includes that cloud accesses the OS Type of terminal device, port development situation, antivirus software installation situation, disease
Malicious wooden horse situation.
7. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step Q) in
Trusted channel include http protocol, the channels VPN.
8. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The RSA is non-right
The private key of the public key for claiming key and RSA unsymmetrical key matches, and the private key of RSA unsymmetrical key is only that user is all.
9. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step W) in
The information that control module receives include the information not formatted, identity authority certification number reach N2Secondary information and log-on message
It verifies number and reaches N3Secondary information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510696609.1A CN105354507B (en) | 2015-10-23 | 2015-10-23 | A kind of data safety time slot scrambling under cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510696609.1A CN105354507B (en) | 2015-10-23 | 2015-10-23 | A kind of data safety time slot scrambling under cloud environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105354507A CN105354507A (en) | 2016-02-24 |
CN105354507B true CN105354507B (en) | 2018-09-11 |
Family
ID=55330478
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510696609.1A Active CN105354507B (en) | 2015-10-23 | 2015-10-23 | A kind of data safety time slot scrambling under cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105354507B (en) |
Families Citing this family (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105656945B (en) * | 2016-03-28 | 2018-12-11 | 北京天地和兴科技有限公司 | A kind of industrial control host secure storage verification method and system |
US11050726B2 (en) | 2016-04-04 | 2021-06-29 | Nxp B.V. | Update-driven migration of data |
CN105847305A (en) * | 2016-06-21 | 2016-08-10 | 新昌县七星街道明盛模具厂 | Safe processing and accessing method of cloud resource |
CN105871931A (en) * | 2016-06-21 | 2016-08-17 | 新昌县七星街道明盛模具厂 | Safety processing and accessing method of cloud service terminal |
CN105956496A (en) * | 2016-06-21 | 2016-09-21 | 新昌县七星街道明盛模具厂 | Security and secrecy method for sharing storage files |
CN106169035A (en) * | 2016-06-28 | 2016-11-30 | 西安建筑科技大学 | A kind of high-security mobile storage system and method |
CN106612272A (en) * | 2016-07-12 | 2017-05-03 | 四川用联信息技术有限公司 | Verification and recovery algorithm for data tampering in cloud storage |
CN109308417B (en) * | 2017-07-27 | 2022-11-01 | 阿里巴巴集团控股有限公司 | Unlocking method and device based on trusted computing |
CN107438071A (en) * | 2017-07-28 | 2017-12-05 | 北京信安世纪科技有限公司 | cloud storage security gateway and access method |
CN107770195B (en) * | 2017-11-27 | 2024-01-09 | 中电万维信息技术有限责任公司 | Cross-domain identity authentication system based on cloud environment and application method thereof |
CN108965222B (en) * | 2017-12-08 | 2021-12-07 | 普华云创科技(北京)有限公司 | Identity authentication method, system and computer readable storage medium |
CN108256302B (en) * | 2018-01-10 | 2020-05-29 | 四川阵风科技有限公司 | Data security access method and device |
CN108491735A (en) * | 2018-03-07 | 2018-09-04 | 京信通信系统(中国)有限公司 | Nor Flash method for secure storing, device and equipment |
CN108710361B (en) * | 2018-05-30 | 2020-07-28 | 广州明珞软控信息技术有限公司 | Security program checking method and system |
CN109324839A (en) * | 2018-09-21 | 2019-02-12 | 郑州云海信息技术有限公司 | A kind of server processing method and device |
RU2724713C1 (en) * | 2018-12-28 | 2020-06-25 | Акционерное общество "Лаборатория Касперского" | System and method of changing account password in case of threatening unauthorized access to user data |
CN109951844A (en) * | 2019-01-31 | 2019-06-28 | 维沃移动通信有限公司 | A kind of information protecting method and device |
CN110234110B (en) * | 2019-06-26 | 2021-11-02 | 恒宝股份有限公司 | Automatic switching method for mobile network |
CN110311974A (en) * | 2019-06-28 | 2019-10-08 | 东北大学 | A kind of cloud storage service method based on asynchronous message |
CN110535832A (en) * | 2019-08-05 | 2019-12-03 | 慧镕电子系统工程股份有限公司 | A kind of domestic server platform framework for data encryption |
CN111786958B (en) * | 2020-06-10 | 2022-08-19 | 正弦科技有限公司 | Industrial data safety protection system based on industrial internet technology |
CN111737739A (en) * | 2020-06-11 | 2020-10-02 | 国网河北省电力有限公司建设公司 | Information identification early warning communication system and method based on two-dimension code physical isolation |
CN111787271A (en) * | 2020-07-31 | 2020-10-16 | 平安信托有限责任公司 | Video conference control method, device, equipment and computer readable storage medium |
CN111859378B (en) * | 2020-07-31 | 2022-11-18 | 中国工商银行股份有限公司 | Processing method and device for protecting data model |
CN111950002B (en) * | 2020-08-04 | 2022-08-09 | 珠海市鸿瑞信息技术股份有限公司 | Encryption terminal management system based on power distribution network |
CN111881445A (en) * | 2020-08-07 | 2020-11-03 | 武汉空心科技有限公司 | Working platform file sharing encryption method based on feedback correction function |
CN112968859A (en) * | 2020-11-27 | 2021-06-15 | 长威信息科技发展股份有限公司 | Encryption storage system for work privacy data |
CN112738219B (en) * | 2020-12-28 | 2022-06-10 | 中国第一汽车股份有限公司 | Program running method, program running device, vehicle and storage medium |
CN112613011B (en) * | 2020-12-29 | 2024-01-23 | 北京天融信网络安全技术有限公司 | USB flash disk system authentication method and device, electronic equipment and storage medium |
CN113010875A (en) * | 2021-03-17 | 2021-06-22 | 紫光国芯微电子股份有限公司 | Information isolation method, memory card and mobile terminal |
CN113315786B (en) * | 2021-06-25 | 2023-05-26 | 郑州信源信息技术股份有限公司 | Security authentication method and system |
CN113572849B (en) * | 2021-07-29 | 2023-08-01 | 中国联合网络通信集团有限公司 | File access system and method |
CN114389879A (en) * | 2022-01-13 | 2022-04-22 | 重庆东电通信技术有限公司 | Internet of things terminal data management and control system |
CN116305330B (en) * | 2023-05-22 | 2023-08-04 | 西安晟昕科技股份有限公司 | Safety management method for CPU hardware |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102567683A (en) * | 2011-12-31 | 2012-07-11 | 曙光信息产业股份有限公司 | Cloud computing system and cloud computing realizing method |
CN103491080A (en) * | 2013-09-12 | 2014-01-01 | 深圳市文鼎创数据科技有限公司 | Information safety protecting method and system |
CN103532966A (en) * | 2013-10-23 | 2014-01-22 | 成都卫士通信息产业股份有限公司 | Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop |
CN104378206A (en) * | 2014-10-20 | 2015-02-25 | 中国科学院信息工程研究所 | Virtualization desktop safety certification method and system based on USB-Key |
CN104394214A (en) * | 2014-11-26 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | Method and system for protecting desktop cloud service through access control |
-
2015
- 2015-10-23 CN CN201510696609.1A patent/CN105354507B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102567683A (en) * | 2011-12-31 | 2012-07-11 | 曙光信息产业股份有限公司 | Cloud computing system and cloud computing realizing method |
CN103491080A (en) * | 2013-09-12 | 2014-01-01 | 深圳市文鼎创数据科技有限公司 | Information safety protecting method and system |
CN103532966A (en) * | 2013-10-23 | 2014-01-22 | 成都卫士通信息产业股份有限公司 | Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop |
CN104378206A (en) * | 2014-10-20 | 2015-02-25 | 中国科学院信息工程研究所 | Virtualization desktop safety certification method and system based on USB-Key |
CN104394214A (en) * | 2014-11-26 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | Method and system for protecting desktop cloud service through access control |
Also Published As
Publication number | Publication date |
---|---|
CN105354507A (en) | 2016-02-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105354507B (en) | A kind of data safety time slot scrambling under cloud environment | |
US11637696B2 (en) | End-to-end communication security | |
CN105847305A (en) | Safe processing and accessing method of cloud resource | |
US8375220B2 (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
US8719568B1 (en) | Secure delivery of sensitive information from a non-communicative actor | |
US20170208049A1 (en) | Key agreement method and device for verification information | |
US8452954B2 (en) | Methods and systems to bind a device to a computer system | |
KR101482564B1 (en) | Method and apparatus for trusted authentication and logon | |
CN110489996B (en) | Database data security management method and system | |
US8321924B2 (en) | Method for protecting software accessible over a network using a key device | |
EP2328319A1 (en) | Method, system and server for realizing the secure access control | |
CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
US11050570B1 (en) | Interface authenticator | |
CN100353787C (en) | Security guarantee for memory data information of mobile terminal | |
CN105956496A (en) | Security and secrecy method for sharing storage files | |
CN113557703B (en) | Authentication method and device of network camera | |
WO2015180689A1 (en) | Method and apparatus for acquiring verification information | |
TW201729562A (en) | Server, mobile terminal, and internet real name authentication system and method | |
CN101262669B (en) | A secure guarantee method for information stored in a mobile terminal | |
US20110154436A1 (en) | Provider Management Methods and Systems for a Portable Device Running Android Platform | |
US20140250499A1 (en) | Password based security method, systems and devices | |
CN108900595B (en) | Method, device and equipment for accessing data of cloud storage server and computing medium | |
WO2018121394A1 (en) | Mobile terminal, alarm information acquisition and sending method and device | |
US11184339B2 (en) | Method and system for secure communication | |
CN114466353A (en) | App user ID information protection device and method, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |