CN101771699A - Method and system for improving SaaS application security - Google Patents

Method and system for improving SaaS application security Download PDF

Info

Publication number
CN101771699A
CN101771699A CN201010019224A CN201010019224A CN101771699A CN 101771699 A CN101771699 A CN 101771699A CN 201010019224 A CN201010019224 A CN 201010019224A CN 201010019224 A CN201010019224 A CN 201010019224A CN 101771699 A CN101771699 A CN 101771699A
Authority
CN
China
Prior art keywords
client
data
server
key
business datum
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201010019224A
Other languages
Chinese (zh)
Inventor
宋海涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongguan Zhengxin Science & Technology Co Ltd
South China University of Technology SCUT
Original Assignee
Dongguan Zhengxin Science & Technology Co Ltd
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dongguan Zhengxin Science & Technology Co Ltd, South China University of Technology SCUT filed Critical Dongguan Zhengxin Science & Technology Co Ltd
Priority to CN201010019224A priority Critical patent/CN101771699A/en
Publication of CN101771699A publication Critical patent/CN101771699A/en
Pending legal-status Critical Current

Links

Abstract

The invention provides a method and a system for improving SaaS application security. The encryption method includes that a public password belonging to the client is set up; a data password used for encrypting business data for the client is randomly generated when the business data of the client is saved; the data password is used as the password to encrypt the business data according to a symmetrical cryptographic algorithm; the business data are encrypted through the public password and according to an unsymmetrical cryptographic algorithm; the business data cryptograph and the data password cryptograph are saved in a server; the client gets the cryptograph saved in the server after successfully decrypting the challenge message of the server with the private password; the client decrypts the data password cryptograph with the private password and further decrypts the business data according to the symmetrical cryptographic algorithm. The system includes a WEB server, an authentication server and a database server which can transmit data each other. The invention effectively prevents the administrator from reveal and malicious use of the data password.

Description

A kind of method and system that improve the SaaS application security
Technical field
The present invention relates to computer software and internet arena, improve the method and system of application security in particularly a kind of SaaS environment based on data encryption.
Background technology
The meaning of SaaS (Software-as-a-Service) is that software is promptly served, and is based on the software application pattern that the Internet provides software service.For vast medium-sized and small enterprises, SaaS is the preferred approach of sophistication implementation informationization.But SaaS never only is only applicable to medium-sized and small enterprises, and the enterprise of all scales can make a profit from SaaS.
The SaaS service mode is compared with traditional Licensing Model software has a lot of advantages, not only reduced or cancelled traditional soft ware authorization expense, and manufacturer is deployed in application software on the unified server, exempted the expenditure of end user's server hardware, Network Security Device and software upgrading maintenance, the client need other IT investment except PC and Internet connection just can not obtain required software and services by the Internet, thereby has saved the enterprise operation cost greatly.In addition, a large amount of new technologies as Web Service, provides simpler, more flexible, more practical SaaS operation to support.
Enterprises use the SaaS service to mean that data can leave on service provider's the server, so, the safety problem of user's business datum---the sensitive traffic data that more especially relate to privacy---should not be underestimated, and is the prerequisite that the SaaS pattern exists and develops.Usually adopt following dual mode that client's business datum is encrypted under the prior art, to prevent the leakage of business datum.
First kind of cipher mode is: data base encryption.
So-called data base encryption promptly is the encryption function that adopts database to provide, and sets key by the DBA, and the same key of all The data is encrypted.But key is kept at server end, is difficult to reduce conscientiously the disclosure risk of client's business datum.
Second kind of cipher mode is: client hardware is encrypted.
The called customer terminal hardware encipher promptly is to provide a hardware encipher device (for example, USB flash disk is encrypted) to the client, thereby realizes the encryption of business datum in client.But this kind mode needs hardware supports, has brought inconvenience for the client uses, and has also increased the realization cost.
Summary of the invention
The objective of the invention is to overcome the prior art above shortcomings, a kind of method and system of the SaaS of raising application security are provided, in the SaaS environment, avoid business datum to reveal by data encryption.
Technical scheme provided by the invention is as follows:
A kind of method that improves the SaaS application security comprises:
When creating the client, the corresponding ID of each client is provided with the client public key that belongs to this client, and client public key is used to verify client identity and the data key is encrypted;
According to client's indication, when this client's business datum is preserved, generate the described data key that is used for the secure service data at random at this client's ID;
Adopting symmetric encipherment algorithm to make key with data key encrypts business datum; Adopt rivest, shamir, adelman described data key to be encrypted with this client's client public key; The business datum ciphertext after the client will encrypt and the ciphertext of data key are kept on the server;
Behind the challenge message of client with the private key success decryption server of oneself, the client obtains the aforementioned ciphertext that is kept on the server; The client therefrom obtains the data key of aforementioned secure service data, and further decrypts aforementioned business datum according to symmetric encipherment algorithm with the ciphertext of the private key deciphering data key wherein of oneself.
In the above-mentioned method, described symmetric encipherment algorithm can be DES algorithm or aes algorithm; Described rivest, shamir, adelman can be RSA Algorithm or ECC algorithm.
In the above-mentioned method, when business datum being encrypted, select whole business datums is encrypted or only to the part sensitive traffic data encryption in the business datum with data key.
A kind of system that improves the SaaS application security comprises WEB server, certificate server and the database server that can carry out transfer of data each other:
The WEB server, be used to create Customer ID, and the business datum that belongs to this Customer ID is carried out business processing (how to process relevant with concrete data service, do not belong to the technical problem to be solved in the present invention), and behind identifying user identity, business datum after the client provides encryption and data encrypted key;
Certificate server, be provided for verifying the client public key of this client identity according to the indication of WEB server, and generate the data key that is used for the secure service data at the business datum of Customer ID, according to data key business datum is carried out symmetric cryptography, the data key is carried out asymmetric encryption according to client public key;
Database server is used to preserve business datum and each user's user ID data, if business datum has been done encryption, preserves the ciphertext of corresponding service data key simultaneously.
User ID data described in the said system comprises user name and client public key.
In the said system, client has the private key and the client public key of a pair of pairing, and wherein client public key is preserved same backup on database server; After client's business datum is sent to the WEB server end, certificate server is encrypted as symmetry business datum with the data key that produces at random, obtain the business datum ciphertext, described business datum ciphertext is kept in the database server after the ciphertext of data key behind the client public key asymmetric encryption packed; Client is sent request to the WEB server when needed, obtain the described ciphertext after packing, will be wherein the data encrypted key decipher according to private key for user, and with the data key that obtains after deciphering again to the business datum decrypt ciphertext, restore the plaintext of business datum.
Compared with prior art, the present invention has following advantage and effect:
A kind of method and system that improves the SaaS application security of the present invention is in the business datum behind the storage encryption only on the server, and the equal no user private key of server end in the overall process before key is changed, server end does not have the plaintext of professional data yet during client access, can effectively avoid administrative staff that the leakage and the malice of data key are used like this, thereby prevented the leakage of business datum effectively, promoted the fail safe of business datum.
Description of drawings
Fig. 1 is SaaS application system architectural framework figure in the embodiment of the present application;
Fig. 2 is a business datum encryption and decryption process schematic diagram in the embodiment of the present application;
In using, creates Saas the customer account number flow chart in Fig. 3 the embodiment of the present application;
The flow chart that Fig. 4 lands for user in the embodiment of the present application;
Fig. 5 in the embodiment of the present application under SaaS uses the user use business datum flow process figure;
Fig. 6 be in the embodiment of the present application under SaaS uses user's modification login password flow chart.
Embodiment
In the embodiment of the present application, when creating the client, be provided with and make user's authentication usefulness after the PKI that belongs to this Customer ID is equipped with; According to described at least one user's indication, when respective client ID is preserved relevant business datum, generate the data key that is used for the secure service data at random at this client's customer ID ID; Adopting symmetric encipherment algorithm to make key with data key encrypts business datum; Adopt rivest, shamir, adelman described data key to be encrypted with the PKI of this Customer ID; Allow the client that data encrypted and data key are kept on the server; Behind the challenge message of client with the private key success decryption server of oneself, allow described client to obtain the aforementioned ciphertext that is kept on the server; The client can decipher aforementioned ciphertext with the private key of oneself, therefrom obtains the data key of aforementioned secure service data, and further decrypts aforementioned business datum according to symmetric encipherment algorithm.
For in Saas uses, avoid user's business datum to reveal, promote the business datum fail safe, in the present embodiment, when business datum being encrypted, can encrypt whole business datums according to data key, also can be only to wherein part sensitive traffic data encryption.
For allow above-mentioned purpose of the present invention and feature, advantage can be more obvious, below in conjunction with accompanying drawing the application preferred embodiment is elaborated.
Consult shown in Figure 1ly, in the embodiment of the present application, the system that uses the SaaS technology comprises client 10, Website server 11, certificate server 12, database server 13, wherein, client 10 is used to visit SaaS service, typically has based on forms such as the client 101 of PC and portable terminals 102; WEB server 11 is used to create customer ID ID, and will belong to client's related data of this Customer ID, and for example information such as customer name, telephone number, fax are committed to database server 13 preservations; Certificate server 12, be provided for verifying the client public key of this user identity according to indication, and generate the data key that is used for the secure service data at the business datum of described Customer ID, according to data key business datum is carried out symmetric cryptography, the data key is carried out asymmetric encryption according to client public key; Database server 13 is used to preserve business datum, and each user's user ID data, comprises contents such as user name, client public key in this user ID data.
Consult shown in Figure 2ly, in the embodiment of the present application, client 10 has the private key 20 and the PKI 21 of a pair of pairing, and wherein PKI 21 is preserved same backup at server end; Client's business datum 22 is sent to ciphertext 25 behind (business datum 23) data key 24 symmetric cryptographies through producing at random behind the server end, with the ciphertext 26 of data key 24 behind client public key 21 asymmetric encryption, together be kept in the database server after the packing; Client can be obtained this ciphertext package when needed from database server, wherein data encrypted key 28 is according to private key for user 20 deciphering, and with the data key 29 that obtains after the deciphering again to 27 deciphering of business datum ciphertext, restore the plaintext 22 of business datum.
Based on the system architecture that above-mentioned SaaS uses, accompanying drawing 3 has showed in the embodiment of the present application that the detailed process of creating a client in the system that uses the SaaS technology is as follows.
Step 300: client 10 sends the user's request of creating to WEB server 11.
Step 301:WEB server 11 sends the create account user request to certificate server 12.
Step 302: certificate server 12 is provided with the data encryption PKI of number of the account.
Step 303: certificate server 12 is stored the account number data in database server 13.
Step 304: database server 13 is beamed back the successful response of storage to certificate server 12.
Step 305: certificate server 12 is beamed back the response of creating the number of the account success to WEB server 11.
Step 306:WEB server 11 is beamed back the response of creating user's success to client 10.
The flow chart that accompanying drawing 4 lands for user in the embodiment of the present application, in the present embodiment in user's the constructive process, because the PKI 21 that adopts rivest, shamir, adelman is as the basis of checking of checking user identity, can't extrapolate user's private key 20 from the PKI 21 that server is preserved, when the user logins, 12 challenge content and original challenge contents of its generation to user's response of certificate server are made comparisons, if unanimity determines that then the user passes through login authentication.Step is as follows:
Step 400: client 10 sends the user to WEB server 11 and lands request.
Step 401; WEB server 11 sends ID authentication request to certificate server 12.
Step 402: certificate server 12 is to obtain the request of user account data from database server 13.
Step 403: database server 13 is beamed back the response of number of the account data to certificate server 12.
Step 404: the challenge content that certificate server 12 generates at random according to the public key encryption in the subscriber data.
Step 405: certificate server 12 sends the ciphertext of challenge content to client 12.
Step 406: client 10 is according to private key for user deciphering challenge content.
Step 407: client 10 is returned the plaintext of challenge content and is given certificate server 12.
Step 408: whether certificate server 12 contrast users return the challenge content correct.
Step 409: if step 408 is proved to be successful, certificate server 12 is beamed back the response of landing success to WEB server 11.
Step 410:WEB server 11 sends the response of landing success to client 10.
Fig. 5 in the embodiment of the present application under SaaS uses the user use business datum flow process figure, from embodiment as can be seen, the deciphering flow process of business datum, finish voluntarily by client 10, and the encryption of business datum employing is that (business datum adopts data key to encrypt to client public key 21, data key adopts PKI to encrypt again), it can not be used for deciphering, therefore, the private key for user 20 that is used for deciphering is taken care of voluntarily by the client all the time, even the data ciphertext 25 of server end, 26 leak, and also can't obtain business datum plaintext 22, thus the fail safe of the business datum that ensures effectively.Step is as follows:
Step 500: client 10 sends the request of user's Added Business data to WEB server 11.
Step 501:WEB server 11 sends the request of encrypting the Added Business data to certificate server 12.
Step 502: certificate server 12 is searched the ciphering user data PKI at database server 13.
Step 503: database server 13 returns the user encryption PKI and gives certificate server 12.
Step 504: certificate server 12 generates and generates symmetric key at random and encrypt the new business data with it.
Step 505: certificate server 12 public key encryption random symmetric key.
Step 506: certificate server 12 is preserved the ciphertext of business datum and random symmetric key in database server 13.
Step 507: database server 13 sends to certificate server 12 and preserves success response.
Step 508: certificate server 12 sends to WEB server 11 and encrypts success response.
Step 509:WEB server 11 sends the response of Added Business data success to client 10.
Step 550: client 10 sends the user to WEB server 11 and checks the request of business datum.
Step 551:WEB server 11 sends user data service to database server 13 and checks request.
Step 552: database server 13 returns the ciphertext of business datum and gives WEB server 11.
Step 553:WEB server 11 is beamed back ciphertext described in the step 552 and is given client 10.
Step 554: client 10 deciphers out symmetric data encryption key in the ciphertext according to private key for user.
Step 555: client 10 usefulness symmetric cryptographic key decrypt business datum.
Fig. 6 be in the embodiment of the present application under SaaS uses user's modification login key flow chart, from embodiment as can be seen, the user is as long as be committed to server with original private key with new PKI, server to the data key of the business datum of encrypting again with new public key encryption, the operation of consumes resources such as data encryption can not increase the burden of client all in the server end operation when changing new key like this.Step is as follows:
Step 600: client 10 sends the request of user's modification password to WEB server 11.
Step 601:WEB server 11 sends the request of revising key to certificate server 12.
Step 602: certificate server 12 is inquiring user number of the account data from database server 13.
Step 603: database server 13 returns the number of the account data and gives certificate server 12.
Step 604: the right correctness of certificate server 12 check original cipher keys.
Step 605: certificate server 12 sends the request of obtaining user service data to database server 13.
Step 606: database server 13 returns user service data and gives certificate server 12.
Step 607: 12 pairs of the certificate servers business datum after with the original cipher key deciphering is expressly encrypted again with new PKI.
Step 608: the user service data that certificate server 12 upgrades in the database server 13.
Step 609: database server 13 sends to certificate server 12 and upgrades success response.
Step 610: certificate server 12 sends to WEB server 11 and revises successful response.
Step 611:WEB server 11 sends password to client 10 and revises successful response.
In the various embodiments described above, symmetric encipherment algorithm typically can adopt DES, AES scheduling algorithm and rivest, shamir, adelman typically can adopt RSA, ECC scheduling algorithm, but according to the concrete applied environment of Verification System, also can adopt other similar cryptographic algorithm to substitute, not repeat them here.
In sum, in the above-described embodiments, one of the generation of client's business datum is at random data key independently, the leakage and the malice that have effectively prevented administrative staff are used, the private key for user that is used for deciphering is taken care of voluntarily by the client all the time, even the data ciphertext of server end leaks, also can't obtain business datum expressly, thus the fail safe of the business datum that ensures effectively.And, do not need to set up client hardware equipment, thereby avoided the increase of customer using cost.
The above certificate server, database server etc. can be physically independent multiple servers, also can be positioned at software or hardware that same station server has difference in functionality.Certainly, when implementing the application, can in same or a plurality of softwares or hardware, realize the functions of modules in each server.
Though aforesaid description and accompanying drawing have disclosed preferred embodiment of the present invention, must recognize that still those skilled in the art can carry out various changes and modification and the spirit and scope that do not break away from the application to the embodiment among the application.Like this, if these in the embodiment of the present application are revised and modification belongs within the scope of the application's claim and equivalent technologies thereof, then the embodiment among the application also is intended to comprise these changes and modification interior.Therefore, this paper, should be regarded as being used to illustrate the present invention in all viewpoints in this suggested embodiment, but not be used to limit the present invention.

Claims (10)

1. method that improves the SaaS application security is characterized in that comprising:
When creating the client, the corresponding ID of each client is provided with the client public key that belongs to this client, and client public key is used to verify client identity and the data key is encrypted;
According to client's indication, when this client's business datum is preserved, generate the described data key that is used for the secure service data at random at this client's ID;
Adopting symmetric encipherment algorithm to make key with data key encrypts business datum; Adopt rivest, shamir, adelman described data key to be encrypted with this client's client public key; The business datum ciphertext after the client will encrypt and the ciphertext of data key are kept on the server;
Behind the challenge message of client with the private key success decryption server of oneself, the client obtains the aforementioned ciphertext that is kept on the server; The client therefrom obtains the data key of aforementioned secure service data, and further decrypts aforementioned business datum according to symmetric encipherment algorithm with the ciphertext of the private key deciphering data key wherein of oneself.
2. method according to claim 1 is characterized in that described symmetric encipherment algorithm is DES algorithm or aes algorithm; Described rivest, shamir, adelman is RSA Algorithm or ECC algorithm.
3. method according to claim 1 when it is characterized in that with data key business datum being encrypted, is selected whole business datums is encrypted or only to the part sensitive traffic data encryption in the business datum.
4. system that improves the SaaS application security is characterized in that comprising WEB server, certificate server and the database server that can carry out transfer of data each other:
The WEB server is used to create Customer ID, and the business datum that belongs to this Customer ID is carried out business processing, and behind identifying user identity, business datum after the client provides encryption and data encrypted key;
Certificate server, be provided for verifying the client public key of this client identity according to the indication of WEB server, and generate the data key that is used for the secure service data at the business datum of Customer ID, according to data key business datum is carried out symmetric cryptography, the data key is carried out asymmetric encryption according to client public key;
Database server is used to preserve business datum and each user's user ID data, if business datum has been done encryption, preserves the ciphertext of corresponding service data key simultaneously.
5. system according to claim 4 is characterized in that described user ID data comprises user name and client public key.
6. system according to claim 4 is characterized in that client has the private key and the client public key of a pair of pairing, and wherein client public key is preserved same backup on database server; After client's business datum is sent to the WEB server end, certificate server is encrypted as symmetry business datum with the data key that produces at random, obtain the business datum ciphertext, described business datum ciphertext is kept in the database server after the ciphertext of data key behind the client public key asymmetric encryption packed; Client is sent request to the WEB server when needed, obtain the described ciphertext after packing, will be wherein the data encrypted key decipher according to private key for user, and with the data key that obtains after deciphering again to the business datum decrypt ciphertext, restore the plaintext of business datum.
7. system according to claim 6 is characterized in that comprising in the flow process of utilizing a client of this system creation:
Step 300: client sends the user's request of creating to the WEB server;
Step 301:WEB server sends the create account user request to certificate server;
Step 302: certificate server is provided with the data encryption PKI of number of the account;
Step 303: certificate server is stored the account number data in database server;
Step 304: database server is beamed back the successful response of storage to certificate server;
Step 305: certificate server is beamed back the response of creating the number of the account success to the WEB server;
Step 306:WEB server is beamed back the response of creating user's success to client.
8. system according to claim 6 is characterized in that client logins the flow process of this system and comprise:
Step 400: client sends the user to the WEB server and lands request;
Step 401:WEB server sends ID authentication request to certificate server;
Step 402: certificate server is to obtain the request of user account data from database;
Step 403: database server is beamed back the response of number of the account data to certificate server;
Step 404: the challenge content that certificate server generates at random according to the public key encryption in the subscriber data;
Step 405: certificate server sends the ciphertext of challenge content to client;
Step 406: client is according to private key for user deciphering challenge content;
Step 407: client is returned the plaintext of challenge content and is given certificate server;
Step 408: whether certificate server contrast user returns the challenge content correct;
Step 409: if step 408 is proved to be successful, certificate server is beamed back the response of landing success to the WEB server;
Step 410:WEB server sends the response of landing success to client.
9. system according to claim 6, it is characterized in that in the process of client use business datum, the deciphering flow process of business datum, finish voluntarily by client, and business datum adopts client public key that the data key is encrypted after encrypting, client public key can not be used for deciphering, and the private key for user that is used for deciphering is taken care of voluntarily by the client, specifically comprises:
Step 500: client sends the request of user's Added Business data to the WEB server;
Step 501:WEB server sends the request of encrypting the Added Business data to certificate server;
Step 502: certificate server is searched the ciphering user data PKI at database server;
Step 503: database server returns the user encryption PKI and gives certificate server;
Step 504: certificate server generates and generates symmetric key at random and encrypt the new business data with it;
Step 505: certificate server public key encryption random symmetric key;
Step 506: certificate server is preserved the ciphertext of business datum and data key in database;
Step 507: database server sends to certificate server and preserves success response;
Step 508: certificate server sends to the WEB server and encrypts success response;
Step 509:WEB server sends the response of Added Business data success to client;
Step 550: client sends the user to the WEB server and checks the request of business datum;
Step 551:WEB server sends user data service to database server and checks request;
Step 552: database server returns the ciphertext of business datum and gives the WEB server;
Step 553:WEB server is beamed back ciphertext described in the step 552 and is given client;
Step 554: client deciphers out data key in the ciphertext according to private key for user;
Step 555: client decrypts business datum with the data key that obtains in the step 554.
10. according to each described system of claim 6~9, it is characterized in that client modification login key is as long as be committed to server with original private key with new PKI, again with new public key encryption, concrete steps are as follows to the data key of the business datum of encrypting for server:
Step 600: client sends the request of user's modification password to the WEB server;
Step 601:WEB server sends the request of revising key to certificate server;
Step 602: certificate server is inquiring user number of the account data from database server;
Step 603: database server returns the number of the account data and gives certificate server;
Step 604: the right correctness of certificate server check original cipher key;
Step 605: certificate server sends the request of obtaining user service data to database server;
Step 606: database server returns user service data and gives certificate server;
Step 607: certificate server is to expressly encrypting again with new PKI with the business datum after the original cipher key deciphering;
Step 608: certificate server upgrades the user service data in the database server;
Step 609: database server sends to certificate server and upgrades success response;
Step 610: certificate server sends to the WEB server and revises successful response;
Step 611:WEB server sends password to client and revises successful response.
CN201010019224A 2010-01-06 2010-01-06 Method and system for improving SaaS application security Pending CN101771699A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010019224A CN101771699A (en) 2010-01-06 2010-01-06 Method and system for improving SaaS application security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010019224A CN101771699A (en) 2010-01-06 2010-01-06 Method and system for improving SaaS application security

Publications (1)

Publication Number Publication Date
CN101771699A true CN101771699A (en) 2010-07-07

Family

ID=42504290

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010019224A Pending CN101771699A (en) 2010-01-06 2010-01-06 Method and system for improving SaaS application security

Country Status (1)

Country Link
CN (1) CN101771699A (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102012906A (en) * 2010-10-27 2011-04-13 南京聚社数字科技有限公司 Three-dimensional scene management platform based on SaaS architecture and editing and browsing method
CN102033769A (en) * 2010-12-08 2011-04-27 北京航空航天大学 Virtualized-software flow type loading-oriented prefetching method and system
CN102098295A (en) * 2010-12-28 2011-06-15 上海华御信息技术有限公司 Method for improving data security under SaaS application
WO2012014220A1 (en) * 2010-07-27 2012-02-02 Hewlett-Packard Development Company L.P. Method and system for deploying saas(software as a service) service bundles
CN102404337A (en) * 2011-12-13 2012-04-04 华为技术有限公司 Data encryption method and device
CN102412964A (en) * 2010-09-20 2012-04-11 上海众融信息技术有限公司 Personal identity authentication information processing method and apparatus thereof
CN102694650A (en) * 2012-06-13 2012-09-26 苏州大学 Secret key generating method based on identity encryption
CN102882842A (en) * 2011-07-15 2013-01-16 横河电机株式会社 Wireless communication apparatus and method of preventing leakage of encrypted key
CN103036853A (en) * 2011-09-30 2013-04-10 中国移动通信集团公司 Business data transmission method and device and business processing method and device
CN103973632A (en) * 2013-01-25 2014-08-06 苏州精易会信息技术有限公司 Browser device for improving outer network data application security
CN104468627A (en) * 2014-12-30 2015-03-25 成都三零瑞通移动通信有限公司 Data encryption method and system conducting terminal data backup through server
CN104980397A (en) * 2014-04-03 2015-10-14 腾讯科技(深圳)有限公司 Instant messaging method, system and terminal
CN106375306A (en) * 2016-08-31 2017-02-01 武汉钢铁工程技术集团通信有限责任公司 Mobile phone application data transmission encrypting method and system
CN108256344A (en) * 2018-01-22 2018-07-06 商客通尚景科技江苏有限公司 A kind of SaaS enterprise platforms Database Systems and attaching method thereof
WO2018176781A1 (en) * 2017-04-01 2018-10-04 广东欧珀移动通信有限公司 Information sending method, information receiving method, apparatus, and system
CN108683671A (en) * 2018-05-21 2018-10-19 浙江长投云联信息科技有限公司 A kind of SaaS management system
CN105553934B (en) * 2015-12-01 2018-11-02 辽宁中科信科技有限公司 Based on SAAS layers of omnipotent decoding methods of EAB of cloud platform
CN109151061A (en) * 2018-09-28 2019-01-04 视联动力信息技术股份有限公司 A kind of date storage method and device
CN104601600B (en) * 2015-02-17 2019-04-23 苏盛辉 Rogue program preventing control method based on asymmetric identity
CN109818900A (en) * 2017-11-20 2019-05-28 高德软件有限公司 A kind of data management system and application server
CN110995648A (en) * 2019-10-25 2020-04-10 金现代信息产业股份有限公司 Secure encryption method
CN111008400A (en) * 2019-11-29 2020-04-14 恩亿科(北京)数据科技有限公司 Data processing method, device and system
CN111327616A (en) * 2020-02-25 2020-06-23 上海东普信息科技有限公司 Key management method, device, equipment and computer readable storage medium
CN112632593A (en) * 2021-03-09 2021-04-09 冷杉云(北京)科技股份有限公司 Data storage method, data processing method, device and storage medium

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103004139A (en) * 2010-07-27 2013-03-27 惠普发展公司,有限责任合伙企业 Method and system for deploying saas(software as a service) service bundles
WO2012014220A1 (en) * 2010-07-27 2012-02-02 Hewlett-Packard Development Company L.P. Method and system for deploying saas(software as a service) service bundles
CN102412964A (en) * 2010-09-20 2012-04-11 上海众融信息技术有限公司 Personal identity authentication information processing method and apparatus thereof
CN102012906A (en) * 2010-10-27 2011-04-13 南京聚社数字科技有限公司 Three-dimensional scene management platform based on SaaS architecture and editing and browsing method
CN102012906B (en) * 2010-10-27 2012-01-25 南京聚社数字科技有限公司 Three-dimensional scene management platform based on SaaS architecture and editing and browsing method
CN102033769A (en) * 2010-12-08 2011-04-27 北京航空航天大学 Virtualized-software flow type loading-oriented prefetching method and system
CN102033769B (en) * 2010-12-08 2013-05-22 北京航空航天大学 Virtualized-software flow type loading-oriented prefetching method and system
CN102098295A (en) * 2010-12-28 2011-06-15 上海华御信息技术有限公司 Method for improving data security under SaaS application
US8913749B2 (en) 2011-07-15 2014-12-16 Yokogawa Electric Corporation Wireless communication apparatus and method of preventing leakage of encrypted key
CN102882842A (en) * 2011-07-15 2013-01-16 横河电机株式会社 Wireless communication apparatus and method of preventing leakage of encrypted key
CN102882842B (en) * 2011-07-15 2016-05-04 横河电机株式会社 A kind of radio communication device
CN103036853A (en) * 2011-09-30 2013-04-10 中国移动通信集团公司 Business data transmission method and device and business processing method and device
CN102404337A (en) * 2011-12-13 2012-04-04 华为技术有限公司 Data encryption method and device
CN102694650A (en) * 2012-06-13 2012-09-26 苏州大学 Secret key generating method based on identity encryption
CN102694650B (en) * 2012-06-13 2015-03-11 苏州大学 Secret key generating method based on identity encryption
CN103973632A (en) * 2013-01-25 2014-08-06 苏州精易会信息技术有限公司 Browser device for improving outer network data application security
CN104980397B (en) * 2014-04-03 2019-04-26 腾讯科技(深圳)有限公司 Instant communicating method, system and terminal
CN104980397A (en) * 2014-04-03 2015-10-14 腾讯科技(深圳)有限公司 Instant messaging method, system and terminal
CN104468627A (en) * 2014-12-30 2015-03-25 成都三零瑞通移动通信有限公司 Data encryption method and system conducting terminal data backup through server
CN104468627B (en) * 2014-12-30 2018-09-04 成都三零瑞通移动通信有限公司 A kind of data ciphering method and system carrying out terminal data backup by server
CN104601600B (en) * 2015-02-17 2019-04-23 苏盛辉 Rogue program preventing control method based on asymmetric identity
CN105553934B (en) * 2015-12-01 2018-11-02 辽宁中科信科技有限公司 Based on SAAS layers of omnipotent decoding methods of EAB of cloud platform
CN106375306A (en) * 2016-08-31 2017-02-01 武汉钢铁工程技术集团通信有限责任公司 Mobile phone application data transmission encrypting method and system
WO2018176781A1 (en) * 2017-04-01 2018-10-04 广东欧珀移动通信有限公司 Information sending method, information receiving method, apparatus, and system
CN109818900A (en) * 2017-11-20 2019-05-28 高德软件有限公司 A kind of data management system and application server
CN108256344A (en) * 2018-01-22 2018-07-06 商客通尚景科技江苏有限公司 A kind of SaaS enterprise platforms Database Systems and attaching method thereof
CN108256344B (en) * 2018-01-22 2019-10-22 商客通尚景科技江苏有限公司 A kind of SaaS enterprise platform Database Systems and attaching method thereof
CN108683671A (en) * 2018-05-21 2018-10-19 浙江长投云联信息科技有限公司 A kind of SaaS management system
CN109151061A (en) * 2018-09-28 2019-01-04 视联动力信息技术股份有限公司 A kind of date storage method and device
CN110995648A (en) * 2019-10-25 2020-04-10 金现代信息产业股份有限公司 Secure encryption method
CN111008400A (en) * 2019-11-29 2020-04-14 恩亿科(北京)数据科技有限公司 Data processing method, device and system
CN111327616A (en) * 2020-02-25 2020-06-23 上海东普信息科技有限公司 Key management method, device, equipment and computer readable storage medium
CN112632593A (en) * 2021-03-09 2021-04-09 冷杉云(北京)科技股份有限公司 Data storage method, data processing method, device and storage medium

Similar Documents

Publication Publication Date Title
CN101771699A (en) Method and system for improving SaaS application security
JP4866863B2 (en) Security code generation method and user device
CN1985466B (en) Method of delivering direct proof private keys in signed groups to devices using a distribution CD
KR20170139093A (en) A method for a network access device to access a wireless network access point, a network access device, an application server, and a non-volatile computer readable storage medium
US20140270179A1 (en) Method and system for key generation, backup, and migration based on trusted computing
WO2017097041A1 (en) Data transmission method and device
CN106161402B (en) Encryption equipment key injected system, method and device based on cloud environment
CN103138939B (en) Based on the key access times management method of credible platform module under cloud memory module
CN101720071B (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN101510888B (en) Method, device and system for improving data security for SaaS application
CN101005357A (en) Method and system for updating certification key
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
CN101515319B (en) Cipher key processing method, cipher key cryptography service system and cipher key consultation method
CN106254342A (en) The secure cloud storage method of file encryption is supported under Android platform
CN102571329B (en) Password key management
CN102075544A (en) Encryption system, encryption method and decryption method for local area network shared file
CN103067160A (en) Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD)
CN101019368A (en) Method of delivering direct proof private keys to devices using a distribution CD
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
CN104412273A (en) Method and system for activation
CN104424446A (en) Safety verification and transmission method and system
CN100561913C (en) A kind of method of access code equipment
KR101982237B1 (en) Method and system for data sharing using attribute-based encryption in cloud computing
TW202015378A (en) Cryptographic operation method, method for creating work key, and cryptographic service platform and device
CN105119719A (en) Key management method of secure storage system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20100707