CN109842659A - TCP Opposite direction connection method in SaaS service - Google Patents
TCP Opposite direction connection method in SaaS service Download PDFInfo
- Publication number
- CN109842659A CN109842659A CN201711219089.0A CN201711219089A CN109842659A CN 109842659 A CN109842659 A CN 109842659A CN 201711219089 A CN201711219089 A CN 201711219089A CN 109842659 A CN109842659 A CN 109842659A
- Authority
- CN
- China
- Prior art keywords
- master
- agent
- data
- enterprise
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses the TCP Opposite direction connection methods in a kind of SaaS service, are related to field of cloud computer technology.It is comprised the following steps: using Master/Agent structure, Master is that SaaS services primary server;Agent is the agent node being mounted on inside client network environment, and the sensitive information of all clients is stored in Agent end;Connection is actively initiated by Agent, and all-network transmission uses SSL encryption, prevents man-in-the-middle attack, client can also close Agent at any time;After Agent end generates data, obtain whether need to be transmitted to Master via program comparison;If Master need to be transferred to, then analyze whether data are sensitive data, if data itself are related to enterprise's sensitive information, is transmitted to Master after encryption;If being not involved with enterprise's sensitive information, Master is directly sent data to.Based on Encryption Algorithm such as RC4, MD5 and RSA, using 40 keys, suitable for the encryption of business information, there is sizable advantage compared with other single Encryption Algorithm of going together, more confident can ensure the data safety of user.
Description
Technical field
The present invention relates to field of cloud computer technology, and in particular to a kind of to solve to believe tenant in the application of enterprise-level multi-tenant
Breath carries out the TCP Opposite direction connection method in the Master/Agent structure SaaS service of the problem of security isolation.
Background technique
Cloud computing is the increase, use and delivery mode of related service Internet-based, is usually directed to and passes through internet
To provide the resource of dynamic easily extension and often virtualization.Cloud is a kind of metaphor saying of network, internet.Past is in figure
Telecommunications network is often indicated with cloud, also is used to indicate the abstract of internet and underlying infrastructure later.Therefore, cloud computing is even
You can be allowed to experience the operational capability of 10 trillion times per second, possessing so powerful computing capability can be with simulated-nuclear explosion, prediction
Climate change and market trend.User accesses data center by modes such as computer, notebook, mobile phones, by the need of oneself
Ask carry out operation.
Today, SaaS, cloud computing, cloud security, cloud service come tumbling just like billow: almost all of software enterprise is all
It makes the transition to SaaS;All IT service providers are ready for cloud computing of fighting in different parts;All software venture companies will start an undertaking in cloud;
All risk investments for being intended to investment software have all aimed at SaaS and cloud computing.
After cloud computing era arrives, more and more enterprises use or the cloud computing service of offer SaaSization, but
In the SaaSization application of enterprise-level, network security and data safety, become part that client most worries and developer exists
Most scabrous technological difficulties in SaaS application service.
Summary of the invention
The object of the present invention is to provide one kind to be fitted based on Encryption Algorithm such as RC4, MD5 and RSA using 40 keys
For the encryption of business information, there is sizable advantage compared with other single Encryption Algorithm of going together, it can be more confident
Ensure the TCP Opposite direction connection method in the SaaS service of the data safety of user.
In order to solve the problems existing in background technology, the present invention adopts the following technical scheme: in a kind of SaaS service
TCP Opposite direction connection method, it is comprised the following steps:
(1) Master/Agent structure is used, Master is that SaaS services primary server, for offering customers service;
(2) Agent is the agent node being mounted on inside client network environment, and the sensitive information of all clients is stored in
Agent end;
(3) connection is actively initiated by Agent, and all-network transmission uses SSL encryption, prevents man-in-the-middle attack, Ke Huye
Agent can be closed at any time;
(4) after Agent end generates data, obtain whether need to be transmitted to Master via program comparison;
(5) if Master need to be transferred to, then analyze whether data are sensitive data, if to be related to enterprise quick for data itself
Feel information, is then transmitted to Master after encrypting;
(6) if being not involved with enterprise's sensitive information, Master is directly sent data to.
After adopting the above technical scheme, the invention has the following advantages:
1, the problem of data safety that corporate client is concerned about is solved;
2, it solves the problems, such as SaaS to apply under certain scenes and needs client's internal data;
3, the data safety that client can be ensured in public network is passed with the safe encryption connection that Agent end is actively initiated
Transmission of data is used to reinforce safety in transport layer.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is flow chart of the invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing and specific implementation
Mode, the present invention will be described in further detail.It should be appreciated that the specific embodiments described herein are only to explain this
Invention, is not intended to limit the present invention.
Referring to Fig. 1, present embodiment uses following technical scheme: the TCP Opposite direction connection in a kind of SaaS service
Method, it is specifically included the following steps:
1, client installs Agent;
2, Agent end actively initiates network connection and arrives the end Master;
3, Agent end and the end Master are kept fit inspection;
4, after Agent end generates data, obtain whether need to be transmitted to Master via program comparison;
If Master 5, need to be transferred to, then analyze whether data are sensitive data, if to be related to enterprise quick for data itself
Feel information, is then transmitted to Master after encrypting;
If 6, being not involved with enterprise's sensitive information, Master is directly sent data to.
The present invention compares other existing data transmission schemes, and performance has also been taken into account while having ensured Information Security,
The mechanism of Opposite direction connection has also prevented the hacker's behaviors such as man-in-the-middle attack, is to be more suitable the data transmission scheme of cloud era.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims
Variation is included within the present invention.
In addition, it should be understood that although this specification is described in terms of embodiments, but not each embodiment is only wrapped
Containing an independent technical solution, this description of the specification is merely for the sake of clarity, and those skilled in the art should
It considers the specification as a whole, the technical solutions in the various embodiments may also be suitably combined, forms those skilled in the art
The other embodiments being understood that.
Claims (1)
1. a kind of TCP Opposite direction connection method in SaaS service, which is characterized in that it is comprised the following steps:
(1) Master/Agent structure is used, Master is that SaaS services primary server, for offering customers service;
(2) Agent is the agent node being mounted on inside client network environment, and the sensitive information of all clients is stored in Agent
End;
(3) connection is actively initiated by Agent, and all-network transmission uses SSL encryption, prevents man-in-the-middle attack, and client can also be
Whenever Agent is closed;
(4) after Agent end generates data, obtain whether need to be transmitted to Master via program comparison;
(5) if Master need to be transferred to, then analyze whether data are sensitive data, if data itself are related to enterprise's sensitivity letter
Breath is transmitted to Master after then encrypting;
(6) if being not involved with enterprise's sensitive information, Master is directly sent data to.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711219089.0A CN109842659A (en) | 2017-11-28 | 2017-11-28 | TCP Opposite direction connection method in SaaS service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711219089.0A CN109842659A (en) | 2017-11-28 | 2017-11-28 | TCP Opposite direction connection method in SaaS service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109842659A true CN109842659A (en) | 2019-06-04 |
Family
ID=66881421
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711219089.0A Pending CN109842659A (en) | 2017-11-28 | 2017-11-28 | TCP Opposite direction connection method in SaaS service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109842659A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140195798A1 (en) * | 2013-01-09 | 2014-07-10 | International Business Machines Corporation | Transparent Encryption/Decryption Gateway for Cloud Storage Services |
| CN106131097A (en) * | 2016-09-29 | 2016-11-16 | 汉兴德创(武汉)科技有限公司 | A kind of network intelligence based on cloud computing storage system |
| CN106856467A (en) * | 2015-12-08 | 2017-06-16 | 中国科学院声学研究所 | A kind of TSM Security Agent device for being deployed in cloud storage client and TSM Security Agent method |
| CN106973034A (en) * | 2015-09-29 | 2017-07-21 | 西门子公司 | System and method for the data of connection object |
| CN107222509A (en) * | 2017-07-17 | 2017-09-29 | 郑州云海信息技术有限公司 | A kind of guard method of network Web service data and device based on cloud storage |
-
2017
- 2017-11-28 CN CN201711219089.0A patent/CN109842659A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140195798A1 (en) * | 2013-01-09 | 2014-07-10 | International Business Machines Corporation | Transparent Encryption/Decryption Gateway for Cloud Storage Services |
| CN106973034A (en) * | 2015-09-29 | 2017-07-21 | 西门子公司 | System and method for the data of connection object |
| CN106856467A (en) * | 2015-12-08 | 2017-06-16 | 中国科学院声学研究所 | A kind of TSM Security Agent device for being deployed in cloud storage client and TSM Security Agent method |
| CN106131097A (en) * | 2016-09-29 | 2016-11-16 | 汉兴德创(武汉)科技有限公司 | A kind of network intelligence based on cloud computing storage system |
| CN107222509A (en) * | 2017-07-17 | 2017-09-29 | 郑州云海信息技术有限公司 | A kind of guard method of network Web service data and device based on cloud storage |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9917818B2 (en) | Multi-tenant secure separation of data in a cloud-based application | |
| JP6397957B2 (en) | Providing a managed browser | |
| JP6348661B2 (en) | Company authentication through third-party authentication support | |
| US10038721B2 (en) | Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly | |
| US8924723B2 (en) | Managing security for computer services | |
| US8826001B2 (en) | Securing information within a cloud computing environment | |
| US10298591B2 (en) | Secure integration of independent cloud foundry applications in a fiori launchpad | |
| US9887968B2 (en) | Enhanced security when sending asynchronous messages | |
| CA3032883C (en) | Technologies for managing application configurations and associated credentials | |
| JP2017142849A (en) | Provision of mobile device management functions | |
| US20140245411A1 (en) | Method and apparatus for providing account-less access via an account connector platform | |
| US20140068258A1 (en) | Backup and restore in a secure appliance with integrity and confidentiality | |
| US11082413B2 (en) | Secure network connections | |
| US20160094521A1 (en) | Data encryption, transport, and storage service for carrier-grade networks | |
| US20210064643A1 (en) | Natural language interface for a data management system | |
| US20140380044A1 (en) | Accessing local applications when roaming using a nfc mobile device | |
| WO2017192549A1 (en) | System and method for secure and efficient communication within an organization | |
| JP2023544884A (en) | Ultrasonic split key transmission for enhanced security | |
| US10116634B2 (en) | Intercepting secure session upon receipt of untrusted certificate | |
| US9449194B2 (en) | Secure access to running client application features from a browser application | |
| US10462113B1 (en) | Systems and methods for securing push authentications | |
| US11032073B2 (en) | Seamless abort and reinstatement of TLS sessions | |
| US10972455B2 (en) | Secure authentication in TLS sessions | |
| CN109842659A (en) | TCP Opposite direction connection method in SaaS service | |
| US10482397B2 (en) | Managing identifiers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |