CN102075542B - Cloud computing data security supporting platform - Google Patents
Cloud computing data security supporting platform Download PDFInfo
- Publication number
- CN102075542B CN102075542B CN2011100291380A CN201110029138A CN102075542B CN 102075542 B CN102075542 B CN 102075542B CN 2011100291380 A CN2011100291380 A CN 2011100291380A CN 201110029138 A CN201110029138 A CN 201110029138A CN 102075542 B CN102075542 B CN 102075542B
- Authority
- CN
- China
- Prior art keywords
- cloud
- document
- data
- key
- metamessage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a cloud computing data security supporting platform, and belongs to the technical field of information security. The platform comprises a cloud computing or cloud storage system, a cloud data security service system and a secure cloud client; the cloud computing or cloud storage system, the cloud data security service system and the secure cloud client are interconnected through a network; the secure cloud client is used for encrypting data, uploading the encrypted data to the cloud computing or cloud storage system, meanwhile, extracting meta-information of the uploaded data, encrypting the extracted meta-information and sending the encrypted meta-information to the cloud data security service system; the cloud computing or cloud storage system is used for storing the data uploaded by the secure cloud client; and the cloud data security service system is used for storing the meta-information and key information uploaded by the secure cloud client and providing file access support and encrypted message retrieval and data verification service support. The platform greatly improves the security of the data, and has the advantages of high computing efficiency, good security and the like.
Description
Technical field
The present invention relates to the computer software association area, be specifically related to a kind of cloud computing data security support platform, belong to field of information security technology.
Background technology
Cloud computing is the hot issue of current information technical field, is the focus that all circles such as industrial circle, academia, government all very pay close attention to, and various types of cloud Infrastructure platforms, cloud service, cloud storage system etc. emerge in an endless stream.But the development of current cloud computing still faces a series of technological challenges, and fail safe is one of important bottleneck that limits its development.The cloud computing user worries that the latter has priority access power with behind data of oneself and the code payment cloud service merchant, and oneself will lack data control and safety assurance ability.The survey report of Gartner08 shows that the CTO of enterprise more than 70% does not adopt the first cause of cloud computing to be there are misgivings in the fail safe and the privacy of business data.And the cloud service platform safety incident that takes place has repeatedly recently also more been aggravated people's this worry, and demonstrating cloud computing also is not a kind of service of maturation at present.Serious cloud computing problem has all appearred in the huge crocodile of IT that Amazon, Google, three of Microsofts support cloud computing one after another; Large quantities of user files incident that leaks takes place in Google like in March, 2009; In February, 2009 and July Amazon " simple storage service " (Simple Storage Service; Be called for short S3) twice interruption cause depending on the compelled paralysis in website of the single stores service of network, and the data center server of Microsoft on a large scale the machine of delaying cause the thousands of Sidekick cellphone subscriber of T-Mobile company can't visit data of oneself or the like.It is thus clear that, let enterprise with organize large-scale application cloud computing technology and platform, own data are paid with cloud service provider manage relievedly, the data security problem that exists in the solution cloud computing is very urgent.
The master data demand for security comprises data confidentiality and integrality.The current Confidentiality protection method that generally adopts is data encryption or access control mechanisms.In cloud computing environment, because cloud service provider is insincere, causes access control to implement parts and operate in the incredible environment, can't correctly implement the access control policy that the user formulates.And another kind of mode, unauthorized propagation can be effectively taken precautions against in data encryption.At present existing part cloud storage system is supported the ciphertext document.But data encryption has brought and has been difficult to realize document retrieval and the problem of searching fast under the ciphertext state.For mass data in the cloud computing, if there is not corresponding searching ciphertext method to support with implementing framework efficiently, system availability will sharply descend, and the cloud user is difficult to accept equally.And the basic skills of current verification of data integrity is to adopt various hashing algorithms or signature algorithm; But in cloud computing system; If cloud service provider calculated in advance has also kept the hash value H (D) of document (D); Generate signature according to this value, so final signature result just can't reflect the truth of current document at every turn.The user maybe be with finding that always document is distorted, till the access document failure.
Therefore; Only depend on existing data confidentiality guard method and completeness protection method to be difficult to satisfy data security protecting demand in the cloud computing; Press for a kind of mechanism that is applicable to cloud computing computing environment and security threat model, for mass data in the cloud computing system provides the user reliable safety supports.
Summary of the invention
To the various data security risks that exist in the cloud computing system especially cloud storage system; The present invention proposes a kind of cloud computing data security support platform; Under the prerequisite that does not rely on cloud service provider reliability, for the cloud user provides data confidentiality and integrity protection.
Technical scheme of the present invention is:
A kind of cloud computing data security support platform is characterized in that comprising cloud computing or cloud storage system, cloud data security service system, secure cloud client; Between said cloud computing or cloud storage system, cloud data security service system, the secure cloud client through network interconnection; Wherein,
Said secure cloud client; Be uploaded to said cloud computing or cloud storage system after being used for data are utilized the document secret key encryption; Extract simultaneously and upload the metamessage of data, and send to said cloud data security service system after utilizing the metamessage key that the metamessage that extracts is encrypted, send to said cloud data security service system after utilizing master key to encrypt said document key and said metamessage key;
Said cloud computing or cloud storage system are used to store the data of said secure cloud client upload;
Said cloud data security service system is used to store metamessage and the key information that said secure cloud client encrypt is uploaded, and the file access support is provided, and searching ciphertext and data verification service support.
Further, said secure cloud client comprises a data encrypting and deciphering assembly, a key management assembly, a document management assembly, a data retrieval assembly, a data verification assembly, an application program entry assembly; Wherein,
Said application program entry assembly provides management, retrieval and the checking interface of ciphertext document for the user;
Said key management assembly is used for obtaining the document key of encryption and the metamessage key of encryption from said cloud data security service system;
Said data encrypting and deciphering assembly is used for the encryption key that obtains is deciphered, and obtains document key and metamessage key,
And utilize document key and metamessage key respectively document and metamessage to be carried out encryption and decryption;
Said document management assembly is used for document is uploaded, downloads, duplicates, shears, deleted;
Said data retrieval assembly is used to make up the metamessage of uploading document and it is uploaded to said cloud data security service system, and to the retrieval of cloud storage ciphertext document;
Said data verification assembly is used to make up the checking metamessage of uploading document and it is uploaded to said cloud data security service system, and to the integrity verification of cloud storage ciphertext document.
Further, said cloud data security service system comprises ciphertext cloud Database Systems, a document function serviced component, a searching ciphertext serviced component, a data verification serviced component; Wherein,
Said ciphertext cloud Database Systems are used to store the metamessage and the close attitude metamessage key of close attitude;
Said document function serviced component provides document correlation attribute information update service for it when being used for uploading, upgrading at customer documentation operation;
Said searching ciphertext serviced component is used to the attribute of user retrieval request ciphertext database retrieval service is provided;
Said data verification serviced component is used to user's data checking request visit cloud storage system, to document sampling and calculating checking label, returns to the user with precomputation checking label in the ciphertext database.
Further, said ciphertext cloud Database Systems comprise: a document key list is used for depositing the document key of the pairing close attitude of each document; Monobasic message key table is used for storing the pairing close attitude metamessage key of each user; One index meta information table is used for depositing the index metamessage of the pairing close attitude of each document; One verifies meta information table, is used for storing the authorization information of the pairing close attitude of each document.
Further, utilize said application program entry assembly to select file, the store path in said cloud computing or cloud storage system, confidence level, the checking number of times that to upload.
Further; Checking request for certain document; Said application program entry assembly utilizes said data verification serviced component from said ciphertext cloud database, to obtain the checking number of times of the document, and confidence level and document size calculate the document and read the position at random; Generate sample files, and calculate the checking label for it; The checking label that the serviced component of data verification simultaneously is relevant with document returns to the cloud user, and the cloud user is through calculating two types of relations between the checking label, and whether whether content changes to judge document.
Further, said secure cloud client utilizes said document management assembly that the content of uploading document is read, and after the encryption, uploads to the designated store path in cloud computing or the cloud storage system as required.
Further; Confidence level and checking number of times that said secure cloud client utilizes said data verification assembly to set according to the user; Verify label accordingly for the document generates, and the checking number of times of the confidence level of close attitude, close attitude and the checking mark of close attitude are uploaded in the checking meta information table of said ciphertext cloud database as a record through said data verification serviced component.
Further, said metamessage comprises: filename, file size, file keyword.
Further, said document key and said metamessage key are generated by said secure cloud client.
Cloud computing data security support platform provided by the invention; Be primarily characterized in that: this platform is made up of three parts that are mutually related: cloud computing/cloud storage system (the back literary composition is called for short the actual storage system) that the first is to be protected; What wherein stored is the data after handling through technological means such as encryptions, and the unauthorized propagation of these data can't directly cause data content to be revealed; It two is secure cloud clients, and the key of being responsible for preserving in this locality the cloud user line data encryption and decryption of going forward side by side is handled, the data security risk of avoiding key to leak causing; It three is cloud data security service system (backs literary composition be called for short safety service system), and this system is responsible for generating, store, managing and safeguard attribute and other metamessages of data in cloud computing/cloud storage system.Guarantee under the ciphertext state to provide multinomial secure data services such as searching ciphertext, integrity verification for the cloud user.
The primary features of this framework comprises:
(1) fail safe does not rely on the cloud computing service provider.Data in the actual storage system are handled (as with certain document secret key encryption) through specific safety; And core secret information (cloudlike user's master key) is stored in cloud user person's local computing environment; Therefore this framework guarantee in cloud computing/cloud storage system Information Security by the cloud user on top of, avoided the dependence of current cloud user to cloud computing service provider security capabilities and credibility;
(2) fail safe does not rely on the cloud security service provider.The metamessage that safety service system is managed is handled (for example using the attribute secret key encryption, perhaps special encryption algorithm processing etc.) through user's security in advance, and himself can't reveal the user data metamessage.Even the assailant obtains metamessage and data message simultaneously, also can't obtain the content or the metamessage of data.
(3) security service efficient is high.What safety service system was stored is the metamessage of the data of storing in the actual storage system.Through maintenance and retrieval, for the cloud user provides efficient, safe data, services to metamessage.For example, under the prerequisite that need not decipher, help the user to find out encrypt data with some determinant attribute.And for example, help the user to judge whether current content of storing lacks or destroyed etc.;
The concrete composition structure of this framework is shown in accompanying drawing, and each several part is explained as follows:
1. cloud data security service system
Cloud data security service system is by the ciphertext cloud Database Systems of bottom, and on plurality of data security service assembly constitute.Comprise: document function serviced component, searching ciphertext serviced component, and data verification serviced component.Be respectively operations such as download on user's the document, renewal, the searching ciphertext generic operation, and data integrity checking generic operation provides necessary service support.Ciphertext cloud Database Systems memory contents is the metamessage of data in the actual storage system and the metamessage key of encryption.These data contents all pass through the encryption or the encoding process of security client.The data security serviced component is accepted the operational order from the secure cloud client, and ciphertext cloud Database Systems are carried out the retrieval of each item database table, upgraded operation etc.
2. secure cloud client
The secure cloud client comprises application program entry assembly, data security feature assembly, and the key management assembly is with the data encrypting and deciphering assembly.Wherein the application program entry assembly provides the interface of the functions such as management, retrieval and checking of ciphertext document for the user.And, select to call suitable functional unit according to user's operation.
The data security feature assembly has comprised document management assembly, data retrieval assembly and data verification assembly.Wherein the document management assembly has been realized uploading, download, duplicate, shearing and function such as deletion document; The data retrieval assembly has been realized the structure of the index metamessage of uploading document and has been uploaded, and cloud has been stored the retrieval request systematic function of ciphertext document; The data verification assembly realized the structure of the checking metamessage of uploading document and uploaded, and to the integrity verification function of user's specified documents.
In addition, the key management assembly is responsible for obtaining the encryption and decryption key of document and metamessage.The data encrypting and deciphering assembly is at first deciphered encryption key and is obtained document key and metamessage key, utilizes the key the obtain encryption and decryption to document and metamessage then.
3. cloud computing/cloud storage system to be protected
It in this system the actual storage locations of cloud user data.The data of being stored are the contents after the cloud security client encrypt is handled.And the metamessage of the data of storing is safely stored in the aforementioned safety service system.
The mutual committed step of each several part comprises in this framework:
(1) the cloud user data is uploaded.Cloud user data upload process comprises two key steps: the first generates or extracts each item metamessage of data, after handling through secure cloud client data safety function assembly, with sending to safety service system after its encryption or the encoding process; Its two be the secure cloud client with data encryption, upload to then in actual cloud computing/cloud storage system.
(2) cloud user data retrieval.The cloud user can retrieve according to each generic attribute of data, for example the submission time of data, size, type, keyword or the like.This process key step is: at first the data directory assembly in the secure cloud client is handled, and cloud user's inquiry is rewritten as the cryptogram search statement to the ciphertext database system, and this order is sent to safety service system; Secondly, safety service system is found out all records that satisfy this querying command, and the user is shown Query Result.Comprise the memory location of data in the actual storage system among this result.If the cloud user need visit this data content, just it is downloaded to this locality according to this link.
(3) the cloud user data is downloaded.When the cloud user need visit the data content of certain designated storage location; Secure cloud client executing following steps: from the actual storage system, extract (ciphertext) data earlier; Decrypt the encryption key of document then according to master key in this locality, more further through this secret key decryption document.
(4) cloud user data update.Before the cloud user upgrades the data content in the actual cloud storage system, must look actual conditions and at first upgrade its pairing attribute information, comprise its retrieval metamessage, the checking metamessage, and basic metamessage etc.Secure cloud client call data security feature assembly is realized the security update of metamessage.This component internal comprises transaction processing facility, can realize the consistency of content between actual storage system and the safety service system.
(5) cloud user data checking.When the cloud user need check some data content, need the data verification serviced component in data verification assembly and cloud data security service system mutual.The latter accomplishes two parts work: return the relevant checking metamessage that is kept in the ciphertext server; The parameter of sending according to the former then, the document in the visit actual storage system calculates and returns current state information.The former is analysis-by-synthesis after receiving two information, and whether the judgment data content is unusual.
Compared with prior art, the present invention has following advantage:
1. good based on cloud computing data security supporting framework of the present invention fail safe.Preserve master key by the user, ciphertext index receives the user index cryptographic key protection, has avoided because the cloud service merchant has the secure user data hidden danger that the high priority data access right is brought;
2. high based on cloud computing data security supporting framework efficient of the present invention.The user initiates continuous checking request with the challenge-response pattern, according to returning existence and the correctness that limited result can judge long-range magnanimity information according to the secret information of oneself;
3. compatible strong based on cloud computing data security supporting framework of the present invention, can be current all kinds of cloud computing or cloud storage system the data security service is provided.In the architecture design safety service system is independent of actual cloud computing/cloud storage system.Mutual through standard interface between the two, therefore, can expand based on ciphertext cloud storage and retrieval system elasticity of the present invention.
Description of drawings
Cloud computing data security support platform Organization Chart.
The practical implementation step
Below in conjunction with accompanying drawing and an example the present invention is done further detailed explanation, but the scope that does not limit the present invention in any way.
In an embodiment, can adopt the Hadoop software of increasing income to build a cloud storage system, adopt the HBase that increases income as the cloud Database Systems.
Cloud security client among the present invention exists with the card format of browser, when user's maiden visit cloud data security is served, installs.Client storage user's master key is used to protect document key and metamessage key.Wherein the document key is the key that document is carried out encipherment protection, and the metamessage key is the key that index metamessage and checking metamessage is carried out encipherment protection.Both generate by client at random automatically.
Create four tables of data in the HBase database in advance: wherein document key list Doc_Key and metamessage key list Meta_Key are respectively applied for all document keys and all user's metamessage keys of depositing with the master key encipherment protection; And index meta information table Index_Info is used for depositing the index metamessage of the pairing close attitude of each document and the authorization information of the pairing close attitude of each document respectively with checking meta information table Verify_Info.
Suppose that the document that the user wants ciphertext to upload is " test.doc ", the document size is 123k, and keyword is " test ", " safety ", " cloud storage ", uploads cloud memory location "/test.doc ".
1 ciphertext document is uploaded
When the user uploads document " test.doc "; Set the search key of the document simultaneously; The keyword that had both comprised the user's own selection is like " test ", " safety ", " cloud storage " etc.; Also comprise the document properties that system generates automatically, like filename " test ", file size " 123k " etc.Each attribute is (belonging to name, a property value) key-value pair.Upload among the index meta information table Index Info of HBase after through the data retrieval assembly foregoing being encrypted; Calling the document management assembly simultaneously uploads under the Hadoop assigned catalogue document " test.doc " content-encrypt.
If the user need verify the integrality of the document from now on, then when uploading document, also need set and upload the required parameters of checking, like confidence level and checking number of times etc.According to above-mentioned parameter, document content is extracted in sampling by client data service for checking credentials assembly, calculates to generate the confirmation of secretarial document label, and related content is uploaded among the checking meta information table Verify_Info.
The secure cloud client is called the data encrypting and deciphering assembly automatically when publishing papers shelves and metamessage thereof up and down.Key information is by key management module sets and renewal.System adopts affair mechanism to guarantee the atomicity of above-mentioned each item step.
2 ciphertext profile download
Certain document under the user's download specified path directly calls the document management assembly and from Hadoop, downloads during like " test.doc ", calls the data encrypting and deciphering assembly simultaneously and carries out decryption processing automatically to downloading document.
3 ciphertext file retrievals based on attribute/keyword
When the user need search the have keyword document of " cloud storage ", the data retrieval assembly generated search condition (" keyword=cloud storage "), and calls the data encrypting and deciphering assembly searching value is encrypted, and sends to the cloud service end.Retrieve through the index meta information table Index_Info of the searching ciphertext serviced component in the cloud data security service system then HBase; Result set is the index metamessage that acquisition comprises the routing information of the document that satisfies condition, and this result set returns to secure client decrypts.If desired, the user can according to designated directory and filename be downloaded and visit this document content.Detailed process is referring to a last example.
4 ciphertext confirmation of secretarial document
Behind the ciphertext document of selecting on the application program entry assembly to verify as the user "/test.doc ", call the data verification assembly, send request to the data verification serviced component of service end.The latter inquires about checking meta information table Verify_Info among the HBase; Obtain the checking number of times and the confidence level of the document, generate document according to these parameters and read the position at random, from cloud storage system, extract content formation sample on these positions; Calculate its checking label, return to the cloud user.The checking label (close attitude) that the serviced component of data verification simultaneously is relevant with document returns to the cloud user.The cloud user is through calculating two types of relations between the checking label, and whether whether content changes to judge document.The user also can specify one or several catalogues that need verify, verifies documents all under this catalogue in batches.
The concrete execution mode that more than specifies is only understood the present invention and is used for better; The present invention is not limited to this; Persons skilled in the art can adopt other numerous embodiments to come embodiment of the present invention according to disclosure of the present invention, every employing project organization of the present invention and thinking; With alternative, all belong to protection scope of the present invention in the conversion that does not break away from the claim scope.
Claims (10)
1. a cloud computing data security support platform is characterized in that comprising cloud computing or cloud storage system, cloud data security service system, secure cloud client; Between said cloud computing or cloud storage system, cloud data security service system, the secure cloud client through network interconnection; Wherein,
Said secure cloud client; Be uploaded to said cloud computing or cloud storage system after being used for data are utilized the document secret key encryption; Extract simultaneously and upload the metamessage of data, and send to said cloud data security service system after utilizing the metamessage key that the metamessage that extracts is encrypted, send to said cloud data security service system after utilizing master key to encrypt said document key and said metamessage key;
Said cloud computing or cloud storage system are used to store the data of said secure cloud client upload;
Said cloud data security service system is used to store metamessage and the key information that said secure cloud client encrypt is uploaded, and the file access support is provided, and searching ciphertext and data verification service support.
2. platform as claimed in claim 1 is characterized in that said secure cloud client comprises a data encrypting and deciphering assembly, a key management assembly, a document management assembly, a data retrieval assembly, a data verification assembly, an application program entry assembly;
Wherein,
Said application program entry assembly provides management, retrieval and the checking interface of ciphertext document for the user;
Said key management assembly is used for obtaining the document key of encryption and the metamessage key of encryption from said cloud data security service system;
Said data encrypting and deciphering assembly is used for the encryption key that obtains is deciphered, and obtains document key and metamessage key,
And utilize document key and metamessage key respectively document and metamessage to be carried out encryption and decryption;
Said document management assembly is used for document is uploaded, downloads, duplicates, shears, deleted;
Said data retrieval assembly is used to make up the metamessage of uploading document and it is uploaded to said cloud data security service system, and to the retrieval of cloud storage ciphertext document;
Said data verification assembly is used to make up the checking metamessage of uploading document and it is uploaded to said cloud data security service system, and to the integrity verification of cloud storage ciphertext document.
3. platform as claimed in claim 2 is characterized in that said cloud data security service system comprises ciphertext cloud Database Systems, a document function serviced component, a searching ciphertext serviced component, a data verification serviced component; Wherein,
Said ciphertext cloud Database Systems are used to store the metamessage and the close attitude metamessage key of close attitude;
Said document function serviced component provides document correlation attribute information update service for it when being used for uploading, upgrading at customer documentation operation;
Said searching ciphertext serviced component is used to the attribute of user retrieval request ciphertext database retrieval service is provided;
Said data verification serviced component is used to user's data checking request visit cloud storage system, to document sampling and calculating checking label, returns to the user with precomputation checking label in the ciphertext database.
4. platform as claimed in claim 3 is characterized in that said ciphertext cloud Database Systems comprise: a document key list is used for depositing the document key of the pairing close attitude of each document; Monobasic message key table is used for storing the pairing close attitude metamessage key of each user; One index meta information table is used for depositing the index metamessage of the pairing close attitude of each document; One verifies meta information table, is used for storing the authorization information of the pairing close attitude of each document.
5. platform as claimed in claim 4 is characterized in that utilizing said application program entry assembly to select file, the store path in said cloud computing or cloud storage system, confidence level, the checking number of times that will upload.
6. platform as claimed in claim 5; It is characterized in that checking request for certain document; Said application program entry assembly utilizes said data verification serviced component from said ciphertext cloud database, to obtain the checking number of times of the document, and confidence level and document size calculate the document and read the position at random; Generate sample files, and calculate the checking label for it; The checking label that the serviced component of data verification simultaneously is relevant with document returns to the cloud user, and the cloud user is through calculating two types of relations between the checking label, and whether whether content changes to judge document.
7. platform as claimed in claim 5 is characterized in that said secure cloud client utilizes said document management assembly that the content of uploading document is read, and after the encryption, uploads to the designated store path in cloud computing or the cloud storage system as required.
8. platform as claimed in claim 7; It is characterized in that confidence level and checking number of times that said secure cloud client utilizes said data verification assembly to set according to the user; Verify label accordingly for the document generates, and the checking number of times of the confidence level of close attitude, close attitude and the checking mark of close attitude are uploaded in the checking meta information table of said ciphertext cloud database as a record through said data verification serviced component.
9. platform as claimed in claim 5 is characterized in that said metamessage comprises: filename, file size, file keyword.
10. platform as claimed in claim 4 is characterized in that said document key and said metamessage key are generated by said secure cloud client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100291380A CN102075542B (en) | 2011-01-26 | 2011-01-26 | Cloud computing data security supporting platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100291380A CN102075542B (en) | 2011-01-26 | 2011-01-26 | Cloud computing data security supporting platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102075542A CN102075542A (en) | 2011-05-25 |
| CN102075542B true CN102075542B (en) | 2012-12-19 |
Family
ID=44033885
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100291380A Active CN102075542B (en) | 2011-01-26 | 2011-01-26 | Cloud computing data security supporting platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102075542B (en) |
Families Citing this family (46)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139149A (en) * | 2011-11-25 | 2013-06-05 | 国民技术股份有限公司 | Method and system for accessing data in cloud storage |
| CN102413192B (en) * | 2011-12-30 | 2016-08-17 | 北京交通大学 | Data security insurance method in cloud computing environment |
| JP5923753B2 (en) * | 2012-01-23 | 2016-05-25 | パナソニックIpマネジメント株式会社 | Recording apparatus and content transmission system |
| CN103248479A (en) * | 2012-02-06 | 2013-08-14 | 中兴通讯股份有限公司 | Cloud storage safety system, data protection method and data sharing method |
| CN103326998B (en) * | 2012-03-23 | 2017-11-14 | 中兴通讯股份有限公司 | Security capability information querying method, feedback method and device |
| DE102012007217A1 (en) | 2012-04-11 | 2013-10-17 | Torsten Schmale | Information technology method for safe handling and safe processing of sensitive data for social security number, involves performing translation of sensitive data on placeholder data and vice versa to use services of private cloud |
| CN102685148B (en) * | 2012-05-31 | 2014-10-15 | 清华大学 | Method for realizing secure network backup system under cloud storage environment |
| CN102722576B (en) * | 2012-06-05 | 2014-10-15 | 西安未来国际信息股份有限公司 | Encipherment protection system and encipherment protection method for database in cloud computing environment |
| CN103595696B (en) * | 2012-08-15 | 2018-05-01 | 中兴通讯股份有限公司 | The method and device that a kind of File Ownership proves |
| CN102882933B (en) * | 2012-09-05 | 2015-08-19 | 苏州大学 | A kind of encryption cloud storage system |
| CN102882966A (en) * | 2012-09-27 | 2013-01-16 | 江苏乐买到网络科技有限公司 | Internal data transmission method for cloud computing system |
| CN102916948B (en) * | 2012-09-29 | 2015-05-06 | 深圳市易联盛世科技有限公司 | Data safety processing method and device, and terminal |
| CN102945356B (en) * | 2012-12-12 | 2015-11-18 | 上海交通大学 | The access control method of search engine under cloud environment and system |
| CN103077446A (en) * | 2013-01-18 | 2013-05-01 | 浪潮电子信息产业股份有限公司 | Library informatization platform based on cloud computing |
| CN103106100B (en) * | 2013-02-06 | 2016-07-13 | 中电长城网际系统应用有限公司 | The processing method of application of software data information and system based on Intel Virtualization Technology |
| CN103107889B (en) * | 2013-02-06 | 2016-08-03 | 中电长城网际系统应用有限公司 | A kind of cloud computing environment data encryption storage system and method that can search for |
| CN103107995B (en) * | 2013-02-06 | 2015-11-25 | 中电长城网际系统应用有限公司 | A kind of cloud computing environment date safety storing system and method |
| CN104065680B (en) * | 2013-03-21 | 2017-03-08 | 华为终端有限公司 | Information processing method, search method, device, user terminal and server |
| CN103389928B (en) * | 2013-08-14 | 2016-02-10 | 陈谦 | A kind of method of computer data backup and recovery |
| CN104427398B (en) * | 2013-08-30 | 2017-12-15 | 上海欧忆智能网络有限公司 | A kind of intelligent grid interactive television Broadcast Control platform |
| CN103428299B (en) * | 2013-09-04 | 2016-06-01 | 安徽大学 | A kind of cloud stores access control method |
| CN103607420A (en) * | 2013-09-23 | 2014-02-26 | 北京理工大学 | Safe electronic medical system for cloud storage |
| CN103544301A (en) * | 2013-10-31 | 2014-01-29 | 上海交通大学 | Efficient and safe multi-keyword-supporting searching method in mobile cloud |
| CN103595730B (en) * | 2013-11-28 | 2016-06-08 | 中国科学院信息工程研究所 | A kind of ciphertext cloud storage method and system |
| CN103812862A (en) * | 2014-01-23 | 2014-05-21 | 厦门密安信息技术有限责任公司 | Dependable security cloud computing composition method |
| CN104767745A (en) * | 2015-03-26 | 2015-07-08 | 浪潮集团有限公司 | Cloud data security protection method |
| CN104811300B (en) * | 2015-04-22 | 2017-11-17 | 电子科技大学 | The key updating method of cloud storage and the implementation method of cloud data accountability system |
| CN104992124A (en) * | 2015-08-03 | 2015-10-21 | 电子科技大学 | Document safety access method for cloud storage environment |
| US10887371B2 (en) * | 2015-09-14 | 2021-01-05 | Google Llc | Systems and methods for content storage and retrieval |
| CN105357202A (en) * | 2015-11-12 | 2016-02-24 | 中国电子科技网络信息安全有限公司 | Cloud platform user key management device and management method |
| CN105260937A (en) * | 2015-11-16 | 2016-01-20 | 上海晶赞科技发展有限公司 | Audience data safe and controllable transaction method |
| CN105656881B (en) * | 2015-12-21 | 2018-12-14 | 湖北工业大学 | A kind of electronic health record can verify that outsourcing storage and retrieval system and method |
| CN105610803A (en) * | 2015-12-23 | 2016-05-25 | 浙江工业大学 | Method for protecting privacy of cloud computed big data |
| CN105740727A (en) * | 2016-02-02 | 2016-07-06 | 上海斐讯数据通信技术有限公司 | Distributed storage method and system of private data |
| CN105827632B (en) * | 2016-04-26 | 2019-03-26 | 广东技术师范学院 | Cloud computing CCS fine-grained data control method |
| CN106302449B (en) * | 2016-08-15 | 2019-10-11 | 中国科学院信息工程研究所 | A kind of storage of ciphertext and the open cloud service method of searching ciphertext and system |
| CN106230856A (en) * | 2016-08-30 | 2016-12-14 | 孟玲 | A kind of System of Industrial Device Controls based on Internet of Things |
| CN106790303B (en) * | 2017-03-23 | 2019-07-23 | 西安电子科技大学 | The data integrity verification method completed in cloud storage by third party |
| CN107295069B (en) * | 2017-05-27 | 2020-06-02 | Oppo广东移动通信有限公司 | Data backup method and device, storage medium and server |
| WO2019006636A1 (en) * | 2017-07-04 | 2019-01-10 | 深圳齐心集团股份有限公司 | Big data secure cloud storage system |
| CN107463631A (en) * | 2017-07-14 | 2017-12-12 | 太仓诚泽网络科技有限公司 | A kind of kernel business system method |
| US10839091B2 (en) | 2017-12-05 | 2020-11-17 | International Business Machines Corporation | Protection of data privacy for cognitive demand forecasting |
| CN108600169B (en) * | 2018-03-19 | 2020-11-17 | 中山大学 | HBase fine-grained access control method based on encryption technology |
| CN110149198A (en) * | 2019-04-29 | 2019-08-20 | 成都信息工程大学 | A kind of autonomous system and method that safeguard protection and storage controllably are carried out to data |
| CN111464543B (en) * | 2020-04-01 | 2022-05-03 | 杭州云梯科技有限公司 | Teaching information safety protection system based on cloud platform |
| CN117010001B (en) * | 2023-09-28 | 2024-03-01 | 之江实验室 | Data security service method and device and cloud storage system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101930473A (en) * | 2010-09-14 | 2010-12-29 | 何吴迪 | Method for constructing cloud computing window search system with executable structure |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8762642B2 (en) * | 2009-01-30 | 2014-06-24 | Twinstrata Inc | System and method for secure and reliable multi-cloud data replication |
-
2011
- 2011-01-26 CN CN2011100291380A patent/CN102075542B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101930473A (en) * | 2010-09-14 | 2010-12-29 | 何吴迪 | Method for constructing cloud computing window search system with executable structure |
Non-Patent Citations (5)
| Title |
|---|
| 11th International Conference on Web-Age Information Management (WAIM 2010)》.2010,全文. |
| 冯登国,张敏,张妍,徐震.《云计算安全研究》.《软件学报》.2010,全文. * |
| 张大朋,蔡克,张敏,徐震.《云计算数据安全支撑平台架构研究》.《计算机研究与发展》.2011,全文. * |
| 张敏,蔡克,冯登国.《Fine-Grained Cloud DB Damage Examination Based on Bloom Filters》.《www.springerlink.com/index/Q22N4R5527T7V387.pdf,WEB-AGE INFORMATION MANAGEMENT, PROCEEDINGS,Lecture Notes in Computer Science |
| 张敏,蔡克,冯登国.《Fine-Grained Cloud DB Damage Examination Based on Bloom Filters》.《www.springerlink.com/index/Q22N4R5527T7V387.pdf,WEB-AGE INFORMATION MANAGEMENT, PROCEEDINGS,Lecture Notes in Computer Science 11th International Conference on Web-Age Information Management (WAIM 2010)》.2010,全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102075542A (en) | 2011-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102075542B (en) | Cloud computing data security supporting platform | |
| US10762229B2 (en) | Secure searchable and shareable remote storage system and method | |
| CN106302449B (en) | A kind of storage of ciphertext and the open cloud service method of searching ciphertext and system | |
| CN105678189B (en) | Data file encryption storage and retrieval system and method | |
| CN103595730B (en) | A kind of ciphertext cloud storage method and system | |
| CN107209787B (en) | Improving searching ability of special encrypted data | |
| KR102094497B1 (en) | System and method for providing storage service based on block chain | |
| CN103095847B (en) | Cloud storage safety-ensuring method and system thereof | |
| CN110417781A (en) | File encryption management method, client and server based on block chain | |
| EP2264634A1 (en) | Method, system and apparatus for content identification | |
| JP2015181010A (en) | System and method for protecting user privacy in multimedia uploaded to internet sites | |
| CN104580395B (en) | A kind of cloudy collaboration Storage Middleware Applying system based on existing cloud storage platform | |
| CN102024054A (en) | Ciphertext cloud-storage oriented document retrieval method and system | |
| CN103107889A (en) | System and method for cloud computing environment data encryption storage and capable of searching | |
| CN104603740A (en) | Archival data identification | |
| CN106341371A (en) | Cloud storage data encryption method and cloud storage system | |
| CN103051600A (en) | File access control method and system | |
| CN102685148A (en) | Method for realizing secure network backup system under cloud storage environment | |
| CN103931156A (en) | Cloud file system with server-side deduplication of user-agnostic encrypted files | |
| CN105493435A (en) | Virtual service provider zones | |
| CN104079568A (en) | Method and system for preventing file leakage based on cloud storage technology | |
| Jayapandian et al. | Secure deduplication for cloud storage using interactive message-locked encryption with convergent encryption, to reduce storage space | |
| CN106156345B (en) | Item file deposits card method, deposits card equipment and terminal device | |
| CN104992124A (en) | Document safety access method for cloud storage environment | |
| CN107094075A (en) | A kind of data block dynamic operation method based on convergent encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |