CN105354507B - A kind of data safety time slot scrambling under cloud environment - Google Patents

A kind of data safety time slot scrambling under cloud environment Download PDF

Info

Publication number
CN105354507B
CN105354507B CN201510696609.1A CN201510696609A CN105354507B CN 105354507 B CN105354507 B CN 105354507B CN 201510696609 A CN201510696609 A CN 201510696609A CN 105354507 B CN105354507 B CN 105354507B
Authority
CN
China
Prior art keywords
user
control module
cloud
information
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510696609.1A
Other languages
Chinese (zh)
Other versions
CN105354507A (en
Inventor
邵森龙
傅如毅
蒋行杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Yuanwang Software Co Ltd
Original Assignee
Zhejiang Yuanwang Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Yuanwang Software Co Ltd filed Critical Zhejiang Yuanwang Software Co Ltd
Priority to CN201510696609.1A priority Critical patent/CN105354507B/en
Publication of CN105354507A publication Critical patent/CN105354507A/en
Application granted granted Critical
Publication of CN105354507B publication Critical patent/CN105354507B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses the data safety time slot scramblings under a kind of cloud environment, it is based on a kind of independent Third Party Authentication and storage device and terminal security detects program, the Third Party Authentication and storage device include automatic control chip and memory, the program run on the automatic control chip includes control module and file system module, the memory includes encryption memory block and general memory area, the control module is by calling file system module to access the encryption memory block of memory, the general memory area includes that terminal security detects program, the encryption memory block includes authentication information, key and algorithm software carrier, the key uses AES symmetric keys and the united cipher mode of RSA unsymmetrical key, it is additionally provided with Fingerprint Identification Unit in the Third Party Authentication and storage device.Data safety time slot scrambling under a kind of cloud environment of the present invention has ensured that data are not stolen in cloud environment and has distorted that improve user data has higher safety and confidentiality in terminal and server-side.

Description

A kind of data safety time slot scrambling under cloud environment
【Technical field】
The present invention relates to a kind of method of protection information safety, more particularly to the data safety secrecy side under a kind of cloud environment Method.
【Background technology】
Cloud computing supports user to obtain application service at an arbitrary position, using various terminals, and requested resource comes from " cloud ", rather than fixed tangible entity.Either all there is a large amount of private data, such as enterprise in enterprise or personal user Trade secret data, corporate client information data, financial data, Private Banking's account and password, privacy photo etc..For making For the user of cloud computing service, " cloud " just as a black box, because in cloud environment, user is not aware that its data most Eventually storage wherein, data transmission procedure whether safety, do not know whether cloud service provider has special access right to obtain user yet Data.In other words, user is unable to control the data under cloud environment, this will necessarily cause secret of the user to stored data The worry of the safety problems such as property, integrality and user privacy.
How to ensure safety of the data of user under cloud environment simultaneously using cloud computing service in user, i.e., how to protect Data are not stolen and distort in card network transmission process;How to ensure that cloud computing service quotient can not will use when obtaining data Family sensitive data is simultaneously leaked out;As by stringent purview certification and being that legal data are visited with guarantee access user It asks, ensures that user at any time can be safe is accessed the data of itself, have become and calculate service evolution Problem in the urgent need to address in the middle.
【Invention content】
It is an object of the invention to overcome above-mentioned the deficiencies in the prior art, the data safety secrecy under a kind of cloud environment is provided Method aims to solve the problem that not strong, data are easy to be compromised using information privacy during cloud computing service in the prior art Technical problem.
To achieve the above object, the present invention proposes the data safety time slot scrambling under a kind of cloud environment, based on one kind Independent Third Party Authentication and storage device and terminal security detect program, and the Third Party Authentication and storage device include automatic control Chip and memory, the program run on the automatic control chip include control module and file system module, the memory packet The memory block containing encryption and general memory area, the control module are stored by the encryption for calling file system module to access memory Area, the general memory area include that terminal security detects program, and the encryption memory block includes authentication information, key and calculation Method software carrier, the key are recognized using AES symmetric keys and the united cipher mode of RSA unsymmetrical key, the third party It is additionally provided with Fingerprint Identification Unit in card and storage device, is as follows:
A) original state:Third Party Authentication and storage device are accessed terminal device with cloud to communicate by usb protocol It connects, the control module operation on automatic control chip;
B) password authentification:Third Party Authentication and storage device and cloud access after terminal equipment in communication connect, automatic spring the Tripartite's certification and storage device password authentification frame wait for the input of user, and password input by user are transmitted to control module, Control module calls file system module to access the encryption memory block of memory, by password input by user and Third Party Authentication and The device password of storage device configurations is compared, if be consistent, goes to step E), if be not consistent, password is tested The number of card is counted, if the number that password authentification is not consistent reaches N1It is secondary, go to step D), not up to N1It is secondary, it feeds back The information of password authentification mistake, goes to step C);
C) authentication failed:Third Party Authentication and storage device pop-up device password authentification frame again, wait for the input of user, Return back to step B);
D failure) is accessed:Control module checks Third Party Authentication and the scheduled configuration information of storage device, if matching confidence To format, then control module resets to defaults breath by password is verified, and file system module is called to remove memory inside All Files, while being automatically closed after popping up the excessive caution frame of errors number, disconnect Third Party Authentication and storage device with Cloud accesses the communication connection of terminal device, returns back to step A), if configuration information is not format, control module is by mistake The excessive information of number feeds back to user by popping up caution frame on Third Party Authentication and storage device, goes to step W);
E) initialization apparatus:After user password is proved to be successful, Third Party Authentication and storage device load generic storage automatically Area, and automatic control chip, the program in encryption memory block and file are initialized, automatic control chip checks that cloud accesses eventually by control module End equipment whether there is safety detection program, and if it exists, then go to step G), if being not present, go to step F);
F) safety detection program is installed:Automatic control chip calls file system module to access generic storage by control module Area, and operational safety detects program, and the automatic installation for completing safety detection program on terminal device is accessed in cloud service, goes to step Rapid I);
G security strategy) is updated:Automatic control chip updates the safety inspection that cloud service accesses terminal device system by control module Strategy is looked into, step I is gone to after the completion of update);
I) safety inspection:User's operational safety detects program and carries out safety inspection to accessing terminal system, and judges terminal Whether system meets secure access baseline, if satisfied, then going to step K), if not satisfied, then going to step J);
J) terminal system security hardening:Safety detection program carries out custom security early warning in terminal system and safety adds Gu returning back to step I);
K) purview certification:Control module pops up user identity purview certification according to the information for meeting secure access baseline Certification frame, user input authentication information in certification frame, and control module is preset by authentication information and encryption memory block Authentication information be compared, if be consistent, go to step M), if be not consistent, to the number of authentication into Row counts, if the number of authentication reaches N2It is secondary, then go to step W), not up to N2It is secondary, feed back authentication mistake Information goes to step L);
L) authentification failure:Control module pops up authentication frame again according to the information of authentification failure, waits for user's input, Return back to step K);
M) Cloud Server logs in:Control module is according to the successful information of authentication, and in cloud service terminal, pop-up user steps on Information Authentication frame is recorded, user's input, control module is waited for compare log-on message input by user and former configuration information, if It is consistent, then goes to step P), if be not consistent, the number of log-on message verification is counted, if log-on message is verified Number reach N3It is secondary, then go to step W), not up to N3It is secondary, feed back the information of log-on message authentication error, go to step O);
O) login failure:User login information is popped up again according to the information of authentication failed and verifies frame, waits for user's input, Return back to step M);
P Cloud Server) is accessed:After user logins successfully, called by the control module of Third Party Authentication and storage device File system module directly accesses the resource in cloud computing server;
Q) Data Encryption Transmission:User calls file system module to access encryption memory block by control module, using RSA The public key of unsymmetrical key and run algorithm software carrier to AES symmetric keys and encryption memory block in significant data together into The processing of row asymmetric encryption, makes AES symmetric keys and significant data exist with ciphertext form, and be sent to cloud by trusted channel The cloud processor module of server;
R) data application is handled:Significant data in ciphertext is applied with cloud processor die processing routine in the block Processing;
S) symmetric cryptography is handled:With the encrypting module of Cloud Server, symmetric encipherment algorithm is run using AES symmetric keys Corresponding with treated, significant data is encrypted again, and data is made to exist with secondary encrypted ciphertext form;
T) data store:Control module directly accesses the cloud storage processing module of Cloud Server, into data and the file of racking Storage service, secondary encrypted ciphertext is stored into cloud computing data storage server;
U Cloud Server) is exited:After the completion of storage, user exits Cloud Server;
V) record log:After user completes operation, control module process, file data information depending on the user's operation Transmission process is organized into log information, and the log information is written in the record space in memory;
W) end operation:Control module directly controls Third Party Authentication and storage device and cloud according to the information received It accesses terminal device and disconnects communication connection.
Preferably, the Fingerprint Identification Unit is connect with automatic control chip, and communicated with control module, the Fingerprint Identification Unit The fingerprint of upper recording is bound with user.
Preferably, the step B) in N1Value >=3.
Preferably, the step K) in N2Value >=3.
Preferably, the step M) in N3Value >=3.
Preferably, the step I) in safety inspection object include cloud access terminal device OS Type, end Mouth development situation, antivirus software installation situation, viral wooden horse situation.
Preferably, the step Q) in trusted channel include http protocol, the channels VPN.
Preferably, the public key of the RSA unsymmetrical key and the private key of RSA unsymmetrical key match, RSA is asymmetric close The private key of key is only that user is all.
Preferably, the step W) in the information that receives of control module include the information not formatted, identity authority Certification number reaches N2Secondary information and log-on message verification number reach N3Secondary information.
Beneficial effects of the present invention:Compared with prior art, a kind of cloud service provided by the invention accesses the safety of terminal Support method, step is reasonable, is managed to authentication information and key using independent Third Party Authentication and storage device, And data are carried out with the encryption of data in cloud service terminal and server-side, make data under cloud environment with the shape of encrypted cipher text Formula exists, and avoids data with non-so that plaintext version exists and is easily stolen the case where stealing, improves data in cloud environment Safety, ensure the data ownership of user.Before accessing Cloud Server, safety detection, right is carried out to terminal device system The safety of terminal system carries out automatic early-warning and security hardening processing, to use cloud computing service to lay foundation for security;Data Asymmetric encryption processing is first passed around, it is rear to be handled again by the encrypting module symmetric cryptography of Cloud Server, ensure in transmission and cloud Data in server exist in the form of ciphertext always, and data is prevented to be compromised, steal and illegally visit in terminal, server-side It asks, further improves the safety of data, ensured the security reliability under user data cloud environment.
The feature and advantage of the present invention will be described in detail by embodiment combination attached drawing.
【Description of the drawings】
Fig. 1 is the flow diagram of the embodiment of the present invention.
【Specific implementation mode】
In order to make the objectives, technical solutions and advantages of the present invention clearer, right below by attached drawing and embodiment The present invention is further elaborated.However, it should be understood that specific embodiment described herein is only used to explain this hair Range that is bright, being not intended to restrict the invention.In addition, in the following description, descriptions of well-known structures and technologies are omitted, with Avoid unnecessarily obscuring idea of the invention.
Refering to fig. 1, the embodiment of the present invention provides the data safety time slot scrambling under a kind of cloud environment, is based on a kind of independence Third Party Authentication and storage device and terminal security detect program, the Third Party Authentication and storage device include automatic control chip And memory, the program run on the automatic control chip include control module and file system module, the memory include plus Close memory block and general memory area, the control module access the encryption memory block of memory by calling file system module, The general memory area includes that terminal security detects program, and the encryption memory block includes authentication information, key and algorithm Software carrier, the key use AES symmetric keys and the united cipher mode of RSA unsymmetrical key, the Third Party Authentication And Fingerprint Identification Unit is additionally provided in storage device.
Usually, ordinary mobile storage contains only general memory area, and the file of its internal storage can be serviced Terminal operating system is directly parsed and is operated, and movable storage device does not have the function of keeping secret to data, i.e. device memory is stored up Data be easy to be compromised or steal, therefore, in order to avoid the generation of the above situation, the third party in the embodiment of the present invention recognizes Card and storage device carry automatic control chip, and the Third Party Authentication and storage device include to encrypt memory block and general memory area, Vital document or data be stored in encryption memory block in, accessed by automatic control chip or parse encryption memory block in data with File is encrypted in memory block comprising authentication information, key, significant data etc., is set using Third Party Authentication and storage in addition Standby automatic control chip directly accesses, and important information, key and data is accessed terminal system physical isolation with cloud service, it is ensured that weight The case where wanting information not to be stolen and leak significantly reduces the worry degree of user.
It is as follows:
A) original state:Third Party Authentication and storage device are accessed terminal device with cloud to communicate by usb protocol It connects, the control module operation on automatic control chip.
B) password authentification:Third Party Authentication and storage device and cloud access after terminal equipment in communication connect, automatic spring the Tripartite's certification and storage device password authentification frame wait for the input of user, and password input by user are transmitted to control module, Control module calls file system module to access the encryption memory block of memory, by password input by user and Third Party Authentication and The device password of storage device configurations is compared, if be consistent, goes to step E), if be not consistent, password is tested The number of card is counted, if the number that password authentification is not consistent reaches N1It is secondary, go to step D), not up to N1It is secondary, it feeds back The information of password authentification mistake, goes to step C).
In embodiments of the present invention, user needs the device password authentication by Third Party Authentication and storage device configurations The equipment, i.e. step B can be run) it is limited in the first step of cloud service terminal as using before cloud computing service, it prevents illegal User directly accesses the memory block of Third Party Authentication and storage device, while control module can be set in Third Party Authentication and storage Standby to access with cloud service after terminal device disconnection communicate, still retain password authentification does not meet number, and disabled user is avoided to lead to It crosses disconnection Third Party Authentication and storage device and is verified with terminal device is accessed to continuously attempt to password.
Wherein, N1Value >=3, in an embodiment of the present invention, N1Value take 5.
C) authentication failed:Third Party Authentication and storage device pop-up device password authentification frame again, wait for the input of user, Return back to step B).
D failure) is accessed:Control module checks Third Party Authentication and the scheduled configuration information of storage device, if matching confidence To format, then control module resets to defaults breath by password is verified, and file system module is called to remove memory inside All Files, while being automatically closed after popping up the excessive caution frame of errors number, disconnect Third Party Authentication and storage device with Cloud accesses the communication connection of terminal device, returns back to step A), if configuration information is not format, control module is by mistake The excessive information of number feeds back to user by popping up caution frame on Third Party Authentication and storage device, goes to step W).
In embodiments of the present invention, the information of configuration is set by the producer in the control chip manufacturing stage, also can be by User is adjusted and sets according to the significance level of storage data.If user's configuration information is to format, third party recognizes Vital document or data in the memory block of card and storage device will be formatted by control module, prevent internal number It is stolen according to by disabled user, avoids unnecessary loss.
E) initialization apparatus:After user password is proved to be successful, Third Party Authentication and storage device load generic storage automatically Area, and automatic control chip, the program in encryption memory block and file are initialized, automatic control chip checks that cloud accesses eventually by control module End equipment whether there is safety detection program, and if it exists, then go to step G), if being not present, go to step F).
F) safety detection program is installed:Automatic control chip calls file system module to access generic storage by control module Area, and operational safety detects program, and the automatic installation for completing safety detection program on terminal device is accessed in cloud service, goes to step Rapid I).
G security strategy) is updated:Automatic control chip updates the safety inspection that cloud service accesses terminal device system by control module Strategy is looked into, step I is gone to after the completion of update).
I) safety inspection:User's operational safety detects program and carries out safety inspection to accessing terminal system, and judges terminal Whether system meets secure access baseline, if satisfied, then going to step K), if not satisfied, then going to step J).
Wherein, safety inspection object includes that access the OS Type of terminal device, port development situation, antivirus soft for cloud Part installation situation, viral wooden horse situation etc..
J) terminal system security hardening:Safety detection program carries out custom security early warning in terminal system and safety adds Gu returning back to step I).
In embodiments of the present invention, step E) to step J) as using before cloud computing service the second of cloud service terminal Step limitation controls chip initiation equipment and parses the safety of terminal system, until terminal system is there are security checking program, By the safety inspection of security checking program, the security performance of terminal system is reinforced, until terminal system meets secure access base Line is allowed for access and is operated in next step.
Further, Third Party Authentication and storage device carry terminal security and detect program, if accessing terminal device without peace Total inspection program, then control module operation terminal security detection program, program self-analytic data simultaneously are completed to install.
Further, safety detection program is soft to access terminal progress OS Type, port development situation, antivirus The safety detection of part installation situation, viral wooden horse situation etc..
K) control module pops up the certification frame of user identity purview certification according to the information for meeting secure access baseline, uses Family inputs authentication information in certification frame, and control module is by authentication information and encrypts the preset authentication in memory block Information is compared, if be consistent, goes to step M), if be not consistent, the number of authentication is counted, if The number of authentication reaches N2It is secondary, then go to step W), not up to N2It is secondary, the information of authentication mistake is fed back, step is gone to Rapid L).
Wherein, N2Value >=3, in an embodiment of the present invention, N2Value take 4.
L) authentification failure:Control module pops up authentication frame again according to the information of authentification failure, waits for user's input, Return back to step K).
In embodiments of the present invention, step K) as using the third step limitation before cloud computing service, prevent disabled user Limited by preceding twice and access file or data, user need by purview certification can access encryption memory block file or Data, and will be warned by purview certification, while control module can write down the number of authentification failure, and recognize in third party Card and storage device with access terminal device disconnect communicate to connect when, which still retains, avoid disabled user pass through it is disconnected It opens Third Party Authentication and storage device to record to remove authentification failure with the connection for accessing terminal device, to prevent disabled user Continuously attempt to purview certification.
Further, Third Party Authentication and storage device are equipped with Fingerprint Identification Unit, the Fingerprint Identification Unit and control core Piece connects, and is communicated with control module, and authentication information is bound with user, i.e., authentication information is that the fingerprint of user is believed Breath.
M) Cloud Server logs in:Control module is according to the successful information of authentication, and in cloud service terminal, pop-up user steps on Information Authentication frame is recorded, user's input, control module is waited for compare log-on message input by user and former configuration information, if It is consistent, then goes to step P), if be not consistent, the number of log-on message verification is counted, if log-on message is verified Number reach N3It is secondary, then go to step W), not up to N3It is secondary, feed back the information of log-on message authentication error, go to step O).
O) login failure:User login information is popped up again according to the information of authentication failed and verifies frame, waits for user's input, Return back to step M).
In embodiments of the present invention, step M) it is limited in the 4th step of service terminal as using before cloud computing service, The data in encryption memory block are accessed after preventing disabled user from breaking through first three step limitation, if login authentication number is more than N3It is secondary, control Molding block can still retain after the disconnection of third party's movable storage device and hardware platform communicate verifies number, without the Tripartite's movable storage device removes login authentication record after being disconnected by force with hardware platform, avoid disabled user and continuously attempt to step on Record.
Wherein, N3Value >=3, in an embodiment of the present invention, N3Value take 4.
P Cloud Server) is accessed:After user logins successfully, called by the control module of Third Party Authentication and storage device File system module directly accesses the resource in cloud computing server.
Q) Data Encryption Transmission:User calls file system module to access encryption memory block by control module, using RSA The public key of unsymmetrical key and run algorithm software carrier to AES symmetric keys and encryption memory block in significant data together into The processing of row asymmetric encryption, makes AES symmetric keys and significant data exist with ciphertext form, and be sent to cloud by trusted channel The cloud processor module of server.
Wherein, trusted channel includes http protocol, the channels VPN.
It is non-right together in conjunction with significant data to AES symmetric keys by the public key of RSA unsymmetrical key in cloud service terminal Claim encryption, it is ensured that significant data exists in the form of ciphertext always during transmission and in Cloud Server, really Protect data safe enough.
Further, the public key of RSA unsymmetrical key and the private key of RSA unsymmetrical key match, RSA unsymmetrical key Private key is only that user is all.The data deciphering of private key pair encryption, ability further operating are used and if only if user, and private key is only It is all for user, there is enough confidentiality, further ensured the safety of data.
R) data application is handled:Significant data in ciphertext is applied with cloud processor die processing routine in the block Processing.
S) symmetric cryptography is handled:With the encrypting module of Cloud Server, symmetric encipherment algorithm is run using AES symmetric keys Corresponding with treated, significant data is encrypted again, and data is made to exist with secondary encrypted ciphertext form.
T) data store:Control module directly accesses the cloud storage processing module of Cloud Server, into data and the file of racking Storage service, secondary encrypted ciphertext is stored into cloud computing data storage server.
It when data are in Cloud Server, is encrypted again by symmetric encipherment algorithm so that data are finally in cloud service Exist with secondary encrypted ciphertext form when in device, further enhances the privacy degrees and safe coefficient of data, user is not required to Worry significant data which position of cloud computing data storage server, whether can be stolen the case where.
Further, first significant data is handled using RSA asymmetric encryption, RSA rivest, shamir, adelmans intensity complexity, It is safe, it can ensure that significant data and AES symmetric keys are not stolen, symmetric cryptography is being carried out in Cloud Server, this When encryption Environmental security, and AES symmetric keys and significant data, with non-readable ciphertext form, safety increases By force.
U Cloud Server) is exited:After the completion of storage, user exits Cloud Server.
V) record log:After user completes operation, control module information such as process, file data depending on the user's operation Transmission process be organized into log information, and the log information is written in the record space in memory.
W) end operation:Control module directly controls Third Party Authentication and storage device and cloud according to the information received It accesses terminal device and disconnects communication connection.
In embodiments of the present invention, after data are by secondary encryption, encrypted cipher text is stored into depositing to cloud data and file It stores up in server, has ensured that user data permanent storage, disabled user can not be stolen, can not have been accessed stealing, ensure Reliability and securities of the data in cloud environment.
Further, for user after exiting Cloud Server, control module gets off log information recording, and log information is It is separately written in the record space in memory by control module, to prevent the third party or poisoning intrusion in encryption memory block File when either data access or are deleted, user can by checking the log information inside control module, Understand transmission path and the time of file or data, and give for change in time, avoids unnecessary loss.
Closer, control module can according to the information that receives, including do not format information, identity authority certification Number reaches N2Secondary information and log-on message verification number reach N3Secondary information, disconnect in time Third Party Authentication and storage device with Cloud accesses the communication connection of terminal device, and the possibility that data are stolen will most zero.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention Any modification, equivalent replacement or improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.

Claims (9)

1. the data safety time slot scrambling under a kind of cloud environment, it is characterised in that:It is based on a kind of independent Third Party Authentication and Storage device and terminal security detect program, the Third Party Authentication and storage device and include automatic control chip and memory, described The program run on automatic control chip includes control module and file system module, and the memory is comprising encryption memory block and commonly Memory block, the control module is by calling file system module to access the encryption memory block of memory, the general memory area Including terminal security detects program, the encryption memory block includes authentication information, key and algorithm software carrier, described close Key uses AES symmetric keys and the united cipher mode of RSA unsymmetrical key, is also set in the Third Party Authentication and storage device There is Fingerprint Identification Unit, is as follows:
A) original state:Third Party Authentication and storage device are accessed terminal device with cloud to be communicatively coupled by usb protocol, Control module operation on automatic control chip;
B) password authentification:After Third Party Authentication and storage device are connect with cloud access terminal equipment in communication, automatic spring third party Certification and storage device password authentification frame wait for the input of user, and password input by user are transmitted to control module, control Module calls the encryption memory block of file system module access memory, by password input by user and Third Party Authentication and storage The device password of device configuration is compared, if be consistent, goes to step E), if be not consistent, to password authentification Number is counted, if the number that password authentification is not consistent reaches N1It is secondary, go to step D), not up to N1Secondary then feedback cipher The information of authentication error, goes to step C);
C) authentication failed:Third Party Authentication and storage device pop-up device password authentification frame again, wait for the input of user, turn round To step B);
D failure) is accessed:Control module checks Third Party Authentication and the scheduled configuration information of storage device, if configuration information is It formats, then control module resets to defaults password is verified, and calls the institute of file system module removing memory inside There is file, while being automatically closed after popping up the excessive caution frame of errors number, disconnects Third Party Authentication and storage device and visited with cloud The communication connection for asking terminal device, returns back to step
A), if configuration information is not format, control module passes through the excessive information of errors number in Third Party Authentication And pop up caution frame in storage device and feed back to user, go to step W);
E) initialization apparatus:After user password is proved to be successful, Third Party Authentication and storage device load general memory area automatically, and Automatic control chip, the program in encryption memory block and file are initialized, automatic control chip checks that cloud accesses terminal and sets by control module It is standby to whether there is safety detection program, and if it exists, then to go to step G), if being not present, go to step F);
F) safety detection program is installed:Automatic control chip calls file system module to access general memory area by control module, and Operational safety detects program, and the automatic installation for completing safety detection program on terminal device is accessed in cloud service, goes to step I);
G security strategy) is updated:Automatic control chip updates the safety inspection plan that cloud service accesses terminal device system by control module Slightly, step I is gone to after the completion of update);
I) safety inspection:User's operational safety detects program and carries out safety inspection to accessing terminal system, and judges terminal system Whether satisfaction has secure access to baseline, if satisfied, then going to step K), if not satisfied, then going to step J);
J) terminal system security hardening:Safety detection program carries out custom security early warning and security hardening in terminal system, Return back to step I);
K) purview certification:Control module pops up the certification of user identity purview certification according to the information for meeting secure access baseline Frame, user input authentication information in certification frame, and control module is by authentication information and encrypts the preset body in memory block Part authentication information is compared, if be consistent, goes to step M), if be not consistent, the number of authentication is counted Number, if the number of authentication reaches N2It is secondary, then go to step W), not up to N2It is secondary, the information of authentication mistake is fed back, Go to step L);
L) authentification failure:Control module pops up authentication frame again according to the information of authentification failure, waits for user's input, revolution To step K);
M) Cloud Server logs in:Control module is according to the successful information of authentication, and in cloud service terminal, pop-up user logs in letter Breath verification frame waits for user's input, and control module compares log-on message input by user and former configuration information, if phase Symbol, then go to step P), if be not consistent, the number of log-on message verification is counted, if log-on message verification Number reaches N3It is secondary, then go to step W), not up to N3It is secondary, feed back the information of log-on message authentication error, go to step O);
O) login failure:User login information is popped up again according to the information of authentication failed and verifies frame, waits for user's input, revolution To step M);
P Cloud Server) is accessed:After user logins successfully, file is called by the control module of Third Party Authentication and storage device System module directly accesses the resource in cloud computing server;
Q) Data Encryption Transmission:User calls file system module to access encryption memory block by control module, non-right using RSA Claim key public key and run algorithm software carrier to AES symmetric keys and encryption memory block in significant data carry out together it is non- Symmetric cryptography processing, makes AES symmetric keys and significant data exist with ciphertext form, and be sent to cloud service by trusted channel The cloud processor module of device;
R) data application is handled:Significant data in ciphertext is carried out using place with cloud processor die processing routine in the block Reason;
S) symmetric cryptography is handled:With the encrypting module of Cloud Server, corresponded to using AES symmetric keys operation symmetric encipherment algorithm With treated, significant data is encrypted again, and data is made to exist with secondary encrypted ciphertext form;
T) data store:Control module directly accesses the cloud storage processing module of Cloud Server, into depositing for rack data and file Storage service, secondary encrypted ciphertext is stored into cloud computing data storage server;
U Cloud Server) is exited:After the completion of storage, user exits Cloud Server;
V) record log:After user completes operation, the transmission of control module process, file data information depending on the user's operation Process is organized into log information, and the log information is written in the record space in memory;
W) end operation:Control module directly controls Third Party Authentication and storage device and is accessed with cloud according to the information received Terminal device disconnects communication connection.
2. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The fingerprint recognition Device is connect with automatic control chip, and is communicated with control module, and the fingerprint recorded on the Fingerprint Identification Unit is bound with user.
3. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step B) in N1Value >=3.
4. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step K) in N2Value >=3.
5. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step M) in N3Value >=3.
6. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step I) in Safety inspection object includes that cloud accesses the OS Type of terminal device, port development situation, antivirus software installation situation, disease Malicious wooden horse situation.
7. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step Q) in Trusted channel include http protocol, the channels VPN.
8. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The RSA is non-right The private key of the public key for claiming key and RSA unsymmetrical key matches, and the private key of RSA unsymmetrical key is only that user is all.
9. the data safety time slot scrambling under a kind of cloud environment as described in claim 1, it is characterised in that:The step W) in The information that control module receives include the information not formatted, identity authority certification number reach N2Secondary information and log-on message It verifies number and reaches N3Secondary information.
CN201510696609.1A 2015-10-23 2015-10-23 A kind of data safety time slot scrambling under cloud environment Active CN105354507B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510696609.1A CN105354507B (en) 2015-10-23 2015-10-23 A kind of data safety time slot scrambling under cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510696609.1A CN105354507B (en) 2015-10-23 2015-10-23 A kind of data safety time slot scrambling under cloud environment

Publications (2)

Publication Number Publication Date
CN105354507A CN105354507A (en) 2016-02-24
CN105354507B true CN105354507B (en) 2018-09-11

Family

ID=55330478

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510696609.1A Active CN105354507B (en) 2015-10-23 2015-10-23 A kind of data safety time slot scrambling under cloud environment

Country Status (1)

Country Link
CN (1) CN105354507B (en)

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105656945B (en) * 2016-03-28 2018-12-11 北京天地和兴科技有限公司 A kind of industrial control host secure storage verification method and system
US11050726B2 (en) 2016-04-04 2021-06-29 Nxp B.V. Update-driven migration of data
CN105847305A (en) * 2016-06-21 2016-08-10 新昌县七星街道明盛模具厂 Safe processing and accessing method of cloud resource
CN105871931A (en) * 2016-06-21 2016-08-17 新昌县七星街道明盛模具厂 Safety processing and accessing method of cloud service terminal
CN105956496A (en) * 2016-06-21 2016-09-21 新昌县七星街道明盛模具厂 Security and secrecy method for sharing storage files
CN106169035A (en) * 2016-06-28 2016-11-30 西安建筑科技大学 A kind of high-security mobile storage system and method
CN106612272A (en) * 2016-07-12 2017-05-03 四川用联信息技术有限公司 Verification and recovery algorithm for data tampering in cloud storage
CN109308417B (en) * 2017-07-27 2022-11-01 阿里巴巴集团控股有限公司 Unlocking method and device based on trusted computing
CN107438071A (en) * 2017-07-28 2017-12-05 北京信安世纪科技有限公司 cloud storage security gateway and access method
CN107770195B (en) * 2017-11-27 2024-01-09 中电万维信息技术有限责任公司 Cross-domain identity authentication system based on cloud environment and application method thereof
CN108965222B (en) * 2017-12-08 2021-12-07 普华云创科技(北京)有限公司 Identity authentication method, system and computer readable storage medium
CN108256302B (en) * 2018-01-10 2020-05-29 四川阵风科技有限公司 Data security access method and device
CN108491735A (en) * 2018-03-07 2018-09-04 京信通信系统(中国)有限公司 Nor Flash method for secure storing, device and equipment
CN108710361B (en) * 2018-05-30 2020-07-28 广州明珞软控信息技术有限公司 Security program checking method and system
CN109324839A (en) * 2018-09-21 2019-02-12 郑州云海信息技术有限公司 A kind of server processing method and device
RU2724713C1 (en) * 2018-12-28 2020-06-25 Акционерное общество "Лаборатория Касперского" System and method of changing account password in case of threatening unauthorized access to user data
CN109951844A (en) * 2019-01-31 2019-06-28 维沃移动通信有限公司 A kind of information protecting method and device
CN110234110B (en) * 2019-06-26 2021-11-02 恒宝股份有限公司 Automatic switching method for mobile network
CN110311974A (en) * 2019-06-28 2019-10-08 东北大学 A kind of cloud storage service method based on asynchronous message
CN110535832A (en) * 2019-08-05 2019-12-03 慧镕电子系统工程股份有限公司 A kind of domestic server platform framework for data encryption
CN111786958B (en) * 2020-06-10 2022-08-19 正弦科技有限公司 Industrial data safety protection system based on industrial internet technology
CN111737739A (en) * 2020-06-11 2020-10-02 国网河北省电力有限公司建设公司 Information identification early warning communication system and method based on two-dimension code physical isolation
CN111787271A (en) * 2020-07-31 2020-10-16 平安信托有限责任公司 Video conference control method, device, equipment and computer readable storage medium
CN111859378B (en) * 2020-07-31 2022-11-18 中国工商银行股份有限公司 Processing method and device for protecting data model
CN111950002B (en) * 2020-08-04 2022-08-09 珠海市鸿瑞信息技术股份有限公司 Encryption terminal management system based on power distribution network
CN111881445A (en) * 2020-08-07 2020-11-03 武汉空心科技有限公司 Working platform file sharing encryption method based on feedback correction function
CN112968859A (en) * 2020-11-27 2021-06-15 长威信息科技发展股份有限公司 Encryption storage system for work privacy data
CN112738219B (en) * 2020-12-28 2022-06-10 中国第一汽车股份有限公司 Program running method, program running device, vehicle and storage medium
CN112613011B (en) * 2020-12-29 2024-01-23 北京天融信网络安全技术有限公司 USB flash disk system authentication method and device, electronic equipment and storage medium
CN113010875A (en) * 2021-03-17 2021-06-22 紫光国芯微电子股份有限公司 Information isolation method, memory card and mobile terminal
CN113315786B (en) * 2021-06-25 2023-05-26 郑州信源信息技术股份有限公司 Security authentication method and system
CN113572849B (en) * 2021-07-29 2023-08-01 中国联合网络通信集团有限公司 File access system and method
CN114389879A (en) * 2022-01-13 2022-04-22 重庆东电通信技术有限公司 Internet of things terminal data management and control system
CN116305330B (en) * 2023-05-22 2023-08-04 西安晟昕科技股份有限公司 Safety management method for CPU hardware

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102567683A (en) * 2011-12-31 2012-07-11 曙光信息产业股份有限公司 Cloud computing system and cloud computing realizing method
CN103491080A (en) * 2013-09-12 2014-01-01 深圳市文鼎创数据科技有限公司 Information safety protecting method and system
CN103532966A (en) * 2013-10-23 2014-01-22 成都卫士通信息产业股份有限公司 Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop
CN104378206A (en) * 2014-10-20 2015-02-25 中国科学院信息工程研究所 Virtualization desktop safety certification method and system based on USB-Key
CN104394214A (en) * 2014-11-26 2015-03-04 成都卫士通信息产业股份有限公司 Method and system for protecting desktop cloud service through access control

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102567683A (en) * 2011-12-31 2012-07-11 曙光信息产业股份有限公司 Cloud computing system and cloud computing realizing method
CN103491080A (en) * 2013-09-12 2014-01-01 深圳市文鼎创数据科技有限公司 Information safety protecting method and system
CN103532966A (en) * 2013-10-23 2014-01-22 成都卫士通信息产业股份有限公司 Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop
CN104378206A (en) * 2014-10-20 2015-02-25 中国科学院信息工程研究所 Virtualization desktop safety certification method and system based on USB-Key
CN104394214A (en) * 2014-11-26 2015-03-04 成都卫士通信息产业股份有限公司 Method and system for protecting desktop cloud service through access control

Also Published As

Publication number Publication date
CN105354507A (en) 2016-02-24

Similar Documents

Publication Publication Date Title
CN105354507B (en) A kind of data safety time slot scrambling under cloud environment
US11637696B2 (en) End-to-end communication security
CN105847305A (en) Safe processing and accessing method of cloud resource
US8375220B2 (en) Methods and systems for secure remote wake, boot, and login to a computer from a mobile device
US8719568B1 (en) Secure delivery of sensitive information from a non-communicative actor
US20170208049A1 (en) Key agreement method and device for verification information
US8452954B2 (en) Methods and systems to bind a device to a computer system
KR101482564B1 (en) Method and apparatus for trusted authentication and logon
CN110489996B (en) Database data security management method and system
US8321924B2 (en) Method for protecting software accessible over a network using a key device
EP2328319A1 (en) Method, system and server for realizing the secure access control
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
US11050570B1 (en) Interface authenticator
CN100353787C (en) Security guarantee for memory data information of mobile terminal
CN105956496A (en) Security and secrecy method for sharing storage files
CN113557703B (en) Authentication method and device of network camera
WO2015180689A1 (en) Method and apparatus for acquiring verification information
TW201729562A (en) Server, mobile terminal, and internet real name authentication system and method
CN101262669B (en) A secure guarantee method for information stored in a mobile terminal
US20110154436A1 (en) Provider Management Methods and Systems for a Portable Device Running Android Platform
US20140250499A1 (en) Password based security method, systems and devices
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
WO2018121394A1 (en) Mobile terminal, alarm information acquisition and sending method and device
US11184339B2 (en) Method and system for secure communication
CN114466353A (en) App user ID information protection device and method, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant