Background technology
At present, cloud computing is the important excessive and turn model in the IT service offering field; When the demand that faces when data center sharply increased, cloud computing can help significantly to promote efficient and flexibility.At the instrument of cloud computing, make up module and best practices all in continuous development, existing effective cloud computing solution of all kinds, along with trying to be the first, each manufacturer is devoted to the cloud service and the cloud computing ability that provide brand-new, between the interoperability of the easy deployment of height integrated solution and other type solution and flexibility, realize that balance is most important, can improve the economical and efficient of cloud computing solution whereby.In order to realize the cloud computing service, actively promote the open type data center plan of implementing, safer to make, the efficient and cloud computing data center of simplifying, the IT flexibility and the abundant selection that bring height for the user, to increase work efficiency, reduce cost simultaneously.
In public cloud and many privately owned cloud computing service systems, data are on the server of other people control, so protected data safety is most important.In addition, follow new cloud framework the new attack pattern also to occur.By numerous technology, for example isolate and the hardware assistant protection function of defensive attack when safer migration, data encryption/decryption, and startup faster by the virtual machine that realize to strengthen.It is less that but such technology discloses.
Do not find relevant improvement technology in the disclosed patent application yet, as, application number/patent No.: 201,010,184,346 1 kinds of personal data management methods based on cloud computing environment, this method is a background server with the cluster server of cloud computing environment, movable memory equipment is a client, the computer that is connected with movable memory equipment is a host, and this method may further comprise the steps: described movable memory equipment is configured to can be by the disk of a drive letter visit on host; By disk to background server upload, file in download, read/write disk and use "Green" software, simultaneously uploading, data carried out encryption and decryption when file in download, read/write disk, and background server and movable memory equipment client file are kept synchronously.It is slow that this type of existing main flow software levels is encrypted reaction speed, the encryption safe service can only be carried out simple encryption to note and address list, cryptographic algorithm is simple, easy crack, in a single day terminal loses, and information security can't ensure substantially, encrypts and relies on single terminal, need reset when the user changes terminal, and legacy data can't shift.
Embodiment
Below in conjunction with embodiment, further set forth the present invention.
System is made up of the portable terminal that storage card is encrypted in cloud computing cryptographic services end and installation.
System's cloud computing is encrypted to control to serve and is comprised hardware and software among the present invention;
Comprise cloud computing processor, cloud computing memory, the system front end module that the cloud computing user inserts, cloud computing background controller module, cloud computing third party inlet, enterprise or content supplier link to each other by third party's homologous ray that enters the mouth, portable terminal and cloud computing are encrypted by 2G, and wireless modes such as 3G or WIFI interconnect.
The cloud computing memory module that system comprises the cloud computing processor module, is made of cloud computing storage server and structural database, client, the system front end module, background server module etc., the personal user inserts cloud computing system by the system front end module, and the enterprise customer uses and then connects by enterprises service modular access port isostructure database; Background server is connected with system front end with structural database respectively.
The data of content supplier are connected with the cloud computing storage server by data acquisition module, and the distribution module is connected with structural database with the cloud computing storage server respectively; The enterprises service module is connected with structural database as third party's inlet, and the client that comprises portable terminal is connected with the cloud computing storage server, and the system front end module is connected with structural database; Background server is connected with system front end with structural database respectively.
Storage server and data acquisition module; data acquisition module comprises data typing, data protection and data transaction and data management and control submodule; wherein; data typing submodule is connected with storage server by the data transaction submodule, and data protection protection submodule is connected with storage server by data management and control submodule.
Comprise application program, mobile payment, mobile office and content subscription business in the enterprises service module, constitute by operation enterprise, moving advertising access, customer support and content issuer.
The mobile terminal device of client carries out network services such as authentication service, content stores, directory stores, the processing of Accreditation System personal content, third party's api interface, versions of data management and control, administrative management and control by having customization/subscription management module by NB/DB, and WEB calling party end also is connected with the client that comprises portable terminal, storage server and structural database respectively by network;
Background server is made of customer relationship management module, dynamic price system module, Enterprise Resources Planning module and logistics management and control module.Customer relationship management module comprises knowledge base, relational database; Dynamic price system module comprises user and inventory management module, pricing system module; The Enterprise Resources Planning module comprises the payment system with cryptographic services.Background server generates data sheet by the reporting system module.
Cloud computing storage server and structural database in the control system of encrypting stores service based on cloud computing of the present invention are made of cloud computing memory module, mobile authentication service module, application program shop module and CRM module, and the cloud computing memory module comprises: individual private datas such as address list, secret note, secret picture, secret video, secret video, secret memorandum; The mobile authentication service module comprises: authentication control, copyright management and control, mobile payment management and control, and associated dynamic policy update etc.; Application program shop module comprises: recreation, application program, dynamic strategy, digital version data; The CRM module comprises: accounting module, backstage statistics, customer information.Control system of encrypting stores service of the present invention based on cloud computing can finish to the user transmission, reception, storage, Long-distance Control are provided, return get, authentication and multiple assistance application.
The encryption storage card of hardware is implanted the encryption chip in storage card; Wherein, encryption chip is supported RSA, RSA1024, DES, 3DES, SHA-1, MD5, multiple key strategies such as RC4, RC2; This hardware encryption chip cooperates upper layer software (applications) control, and the cloud computing treatment system can provide perfect cryptographic services to use;
Cloud computing treatment system and be installed between the encryption storage card on the portable terminal and realize that by Control Software application program is downloaded, dynamically multiple application such as authentication, mobile payment, database update and remote upgrade.
The cloud computing server of encrypting the control system of stores service based on cloud computing of the present invention also has system maintenance and service channel.
The user can select to carry out alternately with cloud computing system by multiple network channels such as 2G, 3G or WIFI in the control system of encrypting stores service based on cloud computing of the present invention.
Use the distributed control centre that the Miyun storage service will become following portable terminal security protection cloud computing and secret storage that adds of control system of encrypting stores service based on cloud computing of the present invention, play great progradation for the portable terminal Secure Application in future.
Control system service main feature based on cloud computing encryption stores service of the present invention comprises: data are uploaded and are downloaded with encrypted test mode, and have only unique terminal to decipher; Support long-range OTA strategy and software upgrading; Support breakpoint transmission and incremental backup function; Support to get for long-range time; Support remote control function; The application platform characteristics; Support many numbers point to send, promptly disposablely send information can for a plurality of users; Connect mutually with the Internet, can realize mutual with the Internet; Mobile authentication can be realized dynamic authentication, and policy update reaches and stores synchronously with cloud; Dynamic download is promptly supported in the application program shop, and process is upgraded, the DRM management.
Control system based on cloud computing encryption stores service of the present invention comprises as the service platform major function: push function, and promptly platform can realize that independent data push according to user instruction; Storage and abstraction function, promptly certain space is provided is user ID user's secret file to platform, the user can utilize dynamic authentication functions that these data are carried out management and control at any time; And the user can also utilize dynamic authentication implementation platform to land encrypting and authenticating, payment authentication.
Provide the safe storage service in the face of enterprise customer and personal user respectively in the control system of encrypting stores service based on cloud computing of the present invention; Wherein the business that provides at the enterprise customer mainly comprises outer anti-and internal control two parts, its anti-at home and abroad business relates to mobile payment, digital management and control, program is built-in and digital destruction, internal control relates to mobile LAN and mobile office, and wherein, mobile office relates to OA, CRM, ERP; Wherein the business that provides at the personal user relates to fund security, number of the account protection and private space; wherein fund security relates to mobile terminal payment and portable terminal speculation in stocks; the number of the account protection relates to game of mobile terminal and e-book, and private space relates to SNS, note, numbering directory, video, picture.
Control system cloud computing server workflow based on cloud computing encryption stores service of the present invention is divided into four main parts: user's registration, data backup, reduction of data, data are returned and are got.
When the present invention used, at SIM, or under usim card and all normal situation of encryption storage card, the user started shooting for the first time, and portable terminal will be pointed out the user registration; The server end response request according to user profile, is set up and is used the data backup data field, in order to the storage of user data; When user profile is upgraded, registered under the situation, supported user's registration updating portable terminal number or the function of encrypting the storage card hardware ID user; The more moving terminal of new data time shift sends update request, and the server end response request provides data updated according to user profile; When invalid information is handled, under in abnormal conditions, portable terminal detects SIM, or usim card number and encrypt the inconsistent situation of storage card ID, to send the abnormality processing request to server, detect portable terminal number, encrypt storage card ID data with unusual substitute mode, portable terminal detects unusually, and sends request to server; The server end response request, relatively and back up unusual mobile terminal data.
Data backup comprises: contact person, note, picture, video, recording, personal data; The backup connected mode can be passed through 2G, and multiple wireless connections modes such as 3G or WIFI realize; Renewal synchronously can or be carried out timed backup by user's active request;
Breakpoint transmission is supported in data backup; When portable terminal sent request to server, the server end response request adopted continuous biography mode that the portable terminal internal data is backed up.
Reduction of data comprises: the Backup Data item relates to personal data such as contact person, note, picture, video, recording; The backup connected mode adopts user's active request reduction wireless data transmission to upgrade synchronously; Reduction requires to be divided into direct replacement reduction or compensation type reduction; When portable terminal sends request to server, server end response request, reduction mobile terminal data.
Data are returned to get and comprised: when situation such as unusual, for example stolen, as to lose appears in customer mobile terminal, only change SIM at portable terminal, or under the usim card situation about then using, the user can carry out data and return and get, and the data that will lose are preserved from server; Return the item that fetches data and relate to personal data such as contact person, note, picture, video, recording, return with the wireless connections transmission means and get; Return and to get flow process and comprise: when losing portable terminal, it is unusual to detect portable terminal, will send request to server; Server receives request; Begin relatively and back up the portable terminal content; Lose mobile phone users with the new portable terminal of changing, can send data to server and return the request of getting.With backed up data, download on the portable terminal from server; The portable terminal of mentioning in user's registration entries the inside number, tentative is a SIM, or a unique identification of usim card, with concrete mobile terminal number.
Control system enciphering rate based on cloud computing encryption stores service of the present invention is faster, more efficient, but encrypted content more comprehensively, can encrypt all kinds of personal information such as picture, video, note, address list, take three cover key strategies, this technology makes encrypts storage card as unique ID, even lost terminal also can ensure information safety, more convenient, encrypt the storage card plug and play, user password and key can be transferred to his terminal with card, combine with the cloud computing service platform, can make ordinary terminal possess the function of intelligent terminal, down load application program etc. for example
These case study on implementation only are used to illustrate the present invention, limit the scope of the invention and be not used in.In addition, those skilled in the art make various changes or modifications the present invention to be equal to substitute or become bad carrying out after having read content of the present invention, fall within the application's appended claims institute restricted portion equally.