CN109067868A - A kind of method and system for being stored to cloud data - Google Patents
A kind of method and system for being stored to cloud data Download PDFInfo
- Publication number
- CN109067868A CN109067868A CN201810857390.2A CN201810857390A CN109067868A CN 109067868 A CN109067868 A CN 109067868A CN 201810857390 A CN201810857390 A CN 201810857390A CN 109067868 A CN109067868 A CN 109067868A
- Authority
- CN
- China
- Prior art keywords
- cloud data
- location
- data storage
- file
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
Abstract
The invention discloses a kind of method and system for storing to cloud data, it include: the position strategy for obtaining the access that management stores cloud data, the position strategy specifies the one or more location rules to be met to access file in cloud data storage, request is received from FTP client FTP to access one or more files in the storage of cloud data, it verifies whether the request meets location rule and therefore meet position strategy, and provides the access to file in the storage of cloud data for FTP client FTP.
Description
Technical field
The present invention relates to field of cloud computer technology, in particular to a kind of method for storing to cloud data and are
System.
Background technique
An important trend in recent years is data and services the transfer to system based on cloud.Individuals and organizations are increasingly
Data storage based on cloud is relied on, even for sensitive data and so.Data storage based on cloud can provide many excellent
Point, such as improved data access.Cloud data can be accessed from substantially any position to store and use various calculating equipment.It is many
Cloud service provides the data sharing function that can promote to cooperate and communicate.
Unfortunately, the user of cloud data storage service may also abandon certain controls to its data.User may not
Know the physical location of the data storage facility of cloud service.Cloud service can move between position in the case where not notifying user
Dynamic data from a position are moved to another position with data, and data may belong to various legislation areas, each law
There is the law of oneself in administrative area to manage and when must disclose data to government entity.
Cloud storage user can quite trust cloud service provider, i.e. security strategy is abundant and observable.In addition, cloud
The accessibility of data storage could also mean that the hacker being located at Anywhere may attempt access data.Managing data can
The contract or legal requirement of access property possibly even exclude to use cloud storage completely.Therefore, the disclosure identify and solve to
In the demand that is additional and improving system that cloud data are stored with progress location aware access.
Summary of the invention
The invention proposes a kind of method for storing to cloud data, this method is used to carry out location aware access, until
Few a part is executed by the calculating equipment including at least one processor, this method comprises:
Obtain the position strategy for the access that management store cloud data, the specified location rule to be accessed of the position strategy with
Just the file in the storage of access cloud data, the location rule include the permission data store position that mark is used for the data storage location
The location criteria set;Cloud data storage be different from allow access cloud data storage request allow request position;
The request of at least one file in access cloud data storage is received from FTP client FTP;
Whether checking request meets location rule, therefore is located at the data storage location allowed by verifying cloud data storage
It is inside tactful to meet position;
Location-based service by being different from the storage of cloud data is provided to FTP client FTP, and is deposited in response to verifying cloud data
Storage space is one by the access client system provided to the file in the storage of cloud data and adds in the data storage location of permission
Close element;
After providing encryption element to FTP client FTP by location-based service, by FTP client FTP from the storage of cloud data
Retrieval file;With
FTP client FTP is decrypted file using cipher component, wherein cryptographic element, which is supplied to FTP client FTP, to be made
FTP client FTP directly can download reconciliation ciphertext part from cloud data storage, rather than receive file by location-based service.
The method further includes being initiated by receiving as user authentication the voucher stored to cloud data from user pair
The encryption of file in the storage of cloud data.
The method starts the encryption to the file in the storage of cloud data further include: in response to receiving voucher, will use
Family authenticates to the storage of cloud data.
The method starts the encryption of the file in the storage of cloud data further include:
Generate the encryption element for encrypting the file in reconciliation Miyun data storage;With
Use the file in encryption aes encryption cloud data storage.
The method, the location-based service are provided by calculating security service provider;Location rule includes:
Identify the location criteria of the permission data storage location of cloud data storage;With
One additional position standard, for identify allow access cloud data storage request allow request position;With
It includes that positional standard and additional position standard all meet that checking request, which meets location rule,.
The method further includes the access for the file that revocation in the following manner is previously provided in the storage of cloud data:
The user stored from the received voucher of user as cloud data is used to carry out authentication;
At least one new encryption element is generated, for encrypting the file in reconciliation Miyun data storage;
Use the file in encryption element decryption cloud data storage;With
Use the file in new encryption element re-encrypted cloud data storage.
The method, the location rule identify the data storage location of the permission using Internet Protocol address;
Wherein cryptographic element is a part of asymmetric key pair comprising:
Common encryption key;And private decipherment key;Wherein, using the file in encryption element encryption cloud data storage
Including common encryption key is supplied to encryption client to encrypt the file in the storage of cloud data;The wherein password client
Including at least one of the following: client;It is stored with cloud data.
The method, the permission data storage location of the cloud data storage include permitting for the cloud data storage
Perhaps geographic location area;Wherein the location rule requires the combination using geographic location identifier or following two or more
To identify the data storage location of the permission:
Internet protocol address;
Location information in security socket layer certificate;
Hardware attestation-signatures;
Media access control address;
Autonomous system number;With
Border Gateway Protocol information.
A kind of system for storing to cloud data, the system include:
Policy module stored in memory, a part as location-based service obtain what management stored cloud data
The position strategy of access, the specified location rule to be met of the position strategy are described to access the file in the storage of cloud data
Location rule includes location criteria, and the permission data storage location that cloud data store is identified as and allows to visit by the location criteria
That asks the request of cloud data storage allows to request position different;
Communication module stored in memory receives asking for a part as location-based service from FTP client FTP
It asks, to access at least one file in the storage of cloud data, location-based service and cloud data storage are different;
Authentication module stored in memory, verifies a part as location-based service, which meets position rule
Then, and therefore it is located in the data storage location allowed by verifying cloud data storage and meets position strategy;
Access modules stored in memory, a part as location-based service is supplied to FTP client FTP, and rings
The data storage location allowed should be located in verifying cloud data storage, the file in access cloud data storage is by client system
System provides encryption element;
FTP client FTP:
After receiving encryption element from location-based service, the retrieval file from the storage of cloud data;With
File is decrypted using encryption element, keeps FTP client FTP straight wherein encryption element is supplied to FTP client FTP
It connects from cloud data and stores downloading reconciliation ciphertext part, rather than file is received by location-based service;With
At least one physical processor is used for implementation strategy module, communication module, authentication module and access modules.
Detailed description of the invention
From following description with reference to the accompanying drawings it will be further appreciated that the present invention.Component in figure is not drawn necessarily to scale,
But it focuses on and shows in the principle of embodiment.In the figure in different views, identical appended drawing reference is specified to be corresponded to
Part.
Fig. 1 is the schematic diagram of the method for storing to cloud data of the invention.
Specific embodiment
In order to enable the objectives, technical solutions, and advantages of the present invention are more clearly understood, below in conjunction with embodiment, to this
Invention is further elaborated;It should be appreciated that described herein, the specific embodiments are only for explaining the present invention, and does not have to
It is of the invention in limiting.To those skilled in the art, after access is described in detail below, other systems of the present embodiment
System, method and/or feature will become obvious.All such additional systems, method, feature and advantage are intended to be included in
It in this specification, is included within the scope of the invention, and by the protection of the appended claims.In description described in detail below
The other feature of the disclosed embodiments, and these characteristic roots will be apparent according to described in detail below.
As shown in Figure 1, this method is for carrying out position for the invention proposes a kind of methods for storing to cloud data
Perception access, at least partially by including the calculating equipment execution of at least one processor, this method comprises:
Obtain the position strategy for the access that management store cloud data, the specified location rule to be accessed of the position strategy with
Just the file in the storage of access cloud data, the location rule include the permission data store position that mark is used for the data storage location
The location criteria set;Cloud data storage be different from allow access cloud data storage request allow request position;
The request of at least one file in access cloud data storage is received from FTP client FTP;
Whether checking request meets location rule, therefore is located at the data storage location allowed by verifying cloud data storage
It is inside tactful to meet position;
Location-based service by being different from the storage of cloud data is provided to FTP client FTP, and is deposited in response to verifying cloud data
Storage space is one by the access client system provided to the file in the storage of cloud data and adds in the data storage location of permission
Close element;
After providing encryption element to FTP client FTP by location-based service, by FTP client FTP from the storage of cloud data
Retrieval file;With
FTP client FTP is decrypted file using cipher component, wherein cryptographic element, which is supplied to FTP client FTP, to be made
FTP client FTP directly can download reconciliation ciphertext part from cloud data storage, rather than receive file by location-based service.
The method further includes being initiated by receiving as user authentication the voucher stored to cloud data from user pair
The encryption of file in the storage of cloud data.
The method starts the encryption to the file in the storage of cloud data further include: in response to receiving voucher, will use
Family authenticates to the storage of cloud data.
The method starts the encryption of the file in the storage of cloud data further include:
Generate the encryption element for encrypting the file in reconciliation Miyun data storage;With
Use the file in encryption aes encryption cloud data storage.
The method, the location-based service are provided by calculating security service provider;Location rule includes:
Identify the location criteria of the permission data storage location of cloud data storage;With
One additional position standard, for identify allow access cloud data storage request allow request position;With
It includes that positional standard and additional position standard all meet that checking request, which meets location rule,.
The method further includes the access for the file that revocation in the following manner is previously provided in the storage of cloud data:
The user stored from the received voucher of user as cloud data is used to carry out authentication;
At least one new encryption element is generated, for encrypting the file in reconciliation Miyun data storage;
Use the file in encryption element decryption cloud data storage;With
Use the file in new encryption element re-encrypted cloud data storage.
The method, the location rule identify the data storage location of the permission using Internet Protocol address;
Wherein cryptographic element is a part of asymmetric key pair comprising:
Common encryption key;And private decipherment key;Wherein, using the file in encryption element encryption cloud data storage
Including common encryption key is supplied to encryption client to encrypt the file in the storage of cloud data;The wherein password client
Including at least one of the following: client;It is stored with cloud data.
The method, the permission data storage location of the cloud data storage include permitting for the cloud data storage
Perhaps geographic location area;Wherein the location rule requires the combination using geographic location identifier or following two or more
To identify the data storage location of the permission:
Internet protocol address;
Location information in security socket layer certificate;
Hardware attestation-signatures;
Media access control address;
Autonomous system number;With
Border Gateway Protocol information.
A kind of system for storing to cloud data, the system include:
Policy module stored in memory, a part as location-based service obtain what management stored cloud data
The position strategy of access, the specified location rule to be met of the position strategy are described to access the file in the storage of cloud data
Location rule includes location criteria, and the permission data storage location that cloud data store is identified as and allows to visit by the location criteria
That asks the request of cloud data storage allows to request position different;
Communication module stored in memory receives asking for a part as location-based service from FTP client FTP
It asks, to access at least one file in the storage of cloud data, location-based service and cloud data storage are different;
Authentication module stored in memory, verifies a part as location-based service, which meets position rule
Then, and therefore it is located in the data storage location allowed by verifying cloud data storage and meets position strategy;
Access modules stored in memory, a part as location-based service is supplied to FTP client FTP, and rings
The data storage location allowed should be located in verifying cloud data storage, the file in access cloud data storage is by client system
System provides encryption element;
FTP client FTP:
After receiving encryption element from location-based service, the retrieval file from the storage of cloud data;With
File is decrypted using encryption element, keeps FTP client FTP straight wherein encryption element is supplied to FTP client FTP
It connects from cloud data and stores downloading reconciliation ciphertext part, rather than file is received by location-based service;With
At least one physical processor is used for implementation strategy module, communication module, authentication module and access modules.
Although describing the present invention by reference to various embodiments above, but it is to be understood that of the invention not departing from
In the case where range, many changes and modifications can be carried out.Therefore, be intended to foregoing detailed description be considered as it is illustrative and
It is unrestricted, and it is to be understood that following following claims (including all equivalents) is intended to limit spirit and model of the invention
It encloses.The above embodiment is interpreted as being merely to illustrate the present invention rather than limit the scope of the invention.It is reading
After the content of record of the invention, technical staff can be made various changes or modifications the present invention, these equivalence changes and
Modification equally falls into the scope of the claims in the present invention.
Claims (9)
1. a kind of method for being stored to cloud data, which is characterized in that this method is for carrying out location aware access, at least one
Part is executed by the calculating equipment including at least one processor, this method comprises:
The position strategy for the access that management stores cloud data is obtained, which specifies the location rule to be accessed to visit
Ask the file in the storage of cloud data, which includes the permission data store position that mark is used for the data storage location
Location criteria;Cloud data storage be different from allow access cloud data storage request allow request position;
The request of at least one file in access cloud data storage is received from FTP client FTP;
Whether checking request meets location rule, thus by verifying cloud data storage be located in the data storage location allowed come
Meet position strategy;
Location-based service by being different from the storage of cloud data is provided to FTP client FTP, and stores position in response to verifying cloud data
It is an encrypted element by the access client system provided to the file in the storage of cloud data in the data storage location of permission
Element;
After providing encryption element to FTP client FTP by location-based service, retrieved from the storage of cloud data by FTP client FTP
File;With
FTP client FTP is decrypted file using cipher component, wherein cryptographic element, which is supplied to FTP client FTP, makes client
End system directly can download reconciliation ciphertext part from cloud data storage, rather than receive file by location-based service.
2. the method as described in claim 1, which is characterized in that further include by receiving from user as user authentication to cloud number
The encryption of the file in storing to cloud data is initiated according to the voucher of storage.
3. method according to claim 2, which is characterized in that start the encryption to the file in the storage of cloud data further include:
In response to receiving voucher, the storage of cloud data is authenticated the user to.
4. method as claimed in claim 3, which is characterized in that the encryption of the file in starting cloud data storage further include:
Generate the encryption element for encrypting the file in reconciliation Miyun data storage;With
Use the file in encryption aes encryption cloud data storage.
5. the method as described in claim 1, which is characterized in that the location-based service is provided by calculating security service provider;
Location rule includes:
Identify the location criteria of the permission data storage location of cloud data storage;With
One additional position standard, for identify allow access cloud data storage request allow request position;With
It includes that positional standard and additional position standard all meet that checking request, which meets location rule,.
6. method as claimed in claim 4, which is characterized in that further include that revocation in the following manner is previously provided to cloud data
The access of file in storage:
The user stored from the received voucher of user as cloud data is used to carry out authentication;
At least one new encryption element is generated, for encrypting the file in reconciliation Miyun data storage;
Use the file in encryption element decryption cloud data storage;With
Use the file in new encryption element re-encrypted cloud data storage.
7. the method as described in claim 1, which is characterized in that the location rule is using described in Internet Protocol address identification
The data storage location of permission;Wherein cryptographic element is a part of asymmetric key pair comprising:
Common encryption key;And private decipherment key;Wherein, include using the file in encryption element encryption cloud data storage
Common encryption key is supplied to encryption client to encrypt the file in the storage of cloud data;Wherein the password client includes
At least one of the following: client;It is stored with cloud data.
8. the method as described in claim 1, which is characterized in that the permission data storage location packet of the cloud data storage
Include the permission geographic location area of the cloud data storage;Wherein the location rule require using geographic location identifier or with
Under two or more combinations identify the data storage location of the permission:
Internet protocol address;
Location information in security socket layer certificate;
Hardware attestation-signatures;
Media access control address;
Autonomous system number;With
Border Gateway Protocol information.
9. a kind of system for being stored to cloud data, which is characterized in that the system includes:
Policy module stored in memory, a part as location-based service obtain the access that management stores cloud data
Position strategy, the position strategy specify the location rule to be met so as to access cloud data storage in file, the position
Rule includes location criteria, and the permission data storage location that cloud data store is identified as and allows to access cloud by the location criteria
The request of data storage allows to request position different;
Communication module stored in memory receives the request of a part as location-based service from FTP client FTP, with
At least one file in the storage of cloud data is accessed, location-based service and cloud data storage are different;
Authentication module stored in memory verifies a part as location-based service, which meets location rule, and
Therefore it is located in the data storage location allowed by verifying cloud data storage and meets position strategy;
Access modules stored in memory, a part as location-based service are supplied to FTP client FTP, and in response to
It verifies the storage of cloud data and is located at the data storage location allowed, the file in access cloud data storage to FTP client FTP by mentioning
For encrypting element;
FTP client FTP:
After receiving encryption element from location-based service, the retrieval file from the storage of cloud data;With
Using encryption element decrypt file, wherein will encryption element be supplied to FTP client FTP enable FTP client FTP directly from
Cloud data storage downloading reconciliation ciphertext part, rather than file is received by location-based service;With
At least one physical processor is used for implementation strategy module, communication module, authentication module and access modules.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810857390.2A CN109067868A (en) | 2018-07-31 | 2018-07-31 | A kind of method and system for being stored to cloud data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810857390.2A CN109067868A (en) | 2018-07-31 | 2018-07-31 | A kind of method and system for being stored to cloud data |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109067868A true CN109067868A (en) | 2018-12-21 |
Family
ID=64831835
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810857390.2A Withdrawn CN109067868A (en) | 2018-07-31 | 2018-07-31 | A kind of method and system for being stored to cloud data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109067868A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111045606A (en) * | 2019-12-13 | 2020-04-21 | 西安奥卡云数据科技有限公司 | Extensible cloud scale IOT storage method and device and server |
US11606432B1 (en) * | 2022-02-15 | 2023-03-14 | Accenture Global Solutions Limited | Cloud distributed hybrid data storage and normalization |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103327002A (en) * | 2013-03-06 | 2013-09-25 | 西安电子科技大学 | Cloud storage access control system based on attribute |
WO2016051615A1 (en) * | 2014-09-29 | 2016-04-07 | 株式会社日立ソリューションズ | Data management system, data management method, and client terminal |
US10015173B1 (en) * | 2015-03-10 | 2018-07-03 | Symantec Corporation | Systems and methods for location-aware access to cloud data stores |
-
2018
- 2018-07-31 CN CN201810857390.2A patent/CN109067868A/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103327002A (en) * | 2013-03-06 | 2013-09-25 | 西安电子科技大学 | Cloud storage access control system based on attribute |
WO2016051615A1 (en) * | 2014-09-29 | 2016-04-07 | 株式会社日立ソリューションズ | Data management system, data management method, and client terminal |
US10015173B1 (en) * | 2015-03-10 | 2018-07-03 | Symantec Corporation | Systems and methods for location-aware access to cloud data stores |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111045606A (en) * | 2019-12-13 | 2020-04-21 | 西安奥卡云数据科技有限公司 | Extensible cloud scale IOT storage method and device and server |
CN111045606B (en) * | 2019-12-13 | 2021-08-27 | 西安奥卡云数据科技有限公司 | Extensible cloud scale IOT storage method and device and server |
US11606432B1 (en) * | 2022-02-15 | 2023-03-14 | Accenture Global Solutions Limited | Cloud distributed hybrid data storage and normalization |
US11876863B2 (en) * | 2022-02-15 | 2024-01-16 | Accenture Global Solutions Limited | Cloud distributed hybrid data storage and normalization |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3090520B1 (en) | System and method for securing machine-to-machine communications | |
RU2501081C2 (en) | Multi-factor content protection | |
US7774611B2 (en) | Enforcing file authorization access | |
EP2731043B1 (en) | Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method | |
US8752196B2 (en) | Protecting privacy of shared personal information | |
US10567370B2 (en) | Certificate authority | |
KR101215343B1 (en) | Method and Apparatus for Local Domain Management Using Device with Local Domain Authority Module | |
EP2820792B1 (en) | Method of operating a computing device, computing device and computer program | |
US9332002B1 (en) | Authenticating and authorizing a user by way of a digital certificate | |
CN106487763B (en) | Data access method based on cloud computing platform and user terminal | |
EP3662403B1 (en) | Private data processing | |
US20070005964A1 (en) | Methods and apparatus for authenticating a remote service to another service on behalf of a user | |
KR101809974B1 (en) | A system for security certification generating authentication key combinating multi-user element and a method thereof | |
JP5992535B2 (en) | Apparatus and method for performing wireless ID provisioning | |
US11146552B1 (en) | Decentralized application authentication | |
Guo et al. | Using blockchain to control access to cloud data | |
Shajina et al. | A novel dual authentication protocol (DAP) for multi-owners in cloud computing | |
CN109067868A (en) | A kind of method and system for being stored to cloud data | |
CN105518696B (en) | Operation is executed to data storage | |
CN112215591B (en) | Distributed encryption management method, device and system for encrypted money bags | |
EP2920732B1 (en) | Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method | |
KR101809976B1 (en) | A method for security certification generating authentication key combinating multi-user element | |
JP6293617B2 (en) | Authentication control system, control server, authentication control method, program | |
KR102005534B1 (en) | Smart device based remote access control and multi factor authentication system | |
JP2012073888A (en) | Electronic data transfer system, electronic data transfer method, and electronic data transfer program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20181221 |