CN102710605A - Information security management and control method under cloud manufacturing environment - Google Patents

Information security management and control method under cloud manufacturing environment Download PDF

Info

Publication number
CN102710605A
CN102710605A CN2012101396878A CN201210139687A CN102710605A CN 102710605 A CN102710605 A CN 102710605A CN 2012101396878 A CN2012101396878 A CN 2012101396878A CN 201210139687 A CN201210139687 A CN 201210139687A CN 102710605 A CN102710605 A CN 102710605A
Authority
CN
China
Prior art keywords
key
user
cloud
digital
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012101396878A
Other languages
Chinese (zh)
Inventor
尹超
和迪壮
李孝斌
郭晨
王明远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University
Original Assignee
Chongqing University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University filed Critical Chongqing University
Priority to CN2012101396878A priority Critical patent/CN102710605A/en
Publication of CN102710605A publication Critical patent/CN102710605A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses an information security management and control method under a cloud manufacturing environment. On the basis of a network security protocol, a password technology and a public key infrastructure (PKI), comprehensive security guarantee is supplied to information interaction among cloud internal networks, between one cloud and another cloud, and between a user and each cloud by using implementation technologies and methods, such as a virtual private network (VPN) based on multiple layers of protocols, a digital envelope and a password algorithm; Intranet, Extranet and Internet of a cloud manufacturing system are covered; comprehensive management and control technical information files are stored and transmitted to each used loop; a session key (SK) which is randomly produced by using a key production protocol is used for symmetrically encrypting the technical information files; and a receiver public key obtained according to a PKI digital certificate asymmetrically encrypts the SK to form the digital envelope for protecting the technical information files and the SK. The information security management and control method has the characteristics of being high in confidentiality, high inefficiency, flexible in arrangement and the like and can be widely applied to the cloud manufacturing system and other network manufacturing systems.

Description

Information security management and control method under a kind of cloud manufacturing environment
 
Technical field
The present invention relates to the information security management and control method under a kind of cloud manufacturing environment, specifically be meant through multi-level safety communication protocol, cryptographic technique reaches and sets up under the cloud manufacturing mode towards the mutual and shared method of the information security of user collaborative based on PKIX PKI.This invention belongs to distributed manufacturing system information integration technical field.
Technical background
Along with developing rapidly of information technology and computer networking technology, occurred a collection ofly striding enterprise, trans-regional even transnational cooperating processing manufacturing industry, and become one of manufacturing important component part of China gradually.But owing to lack efficient resource share service platform and cooperation support means; Vast manufacturing business; The medium and small manufacturing business that particularly has a large capacity and a wide range; The selection of its cooperation processing resource and utilize and mostly to be confined to certain several enterprise of knowing or certain several zone has production capacity more than needed and the cooperation processing resource that is more suitable for enterprise in a large number for enterprise, still a unknown resources and being underutilized.Therefore, how making resource in wider effective discovery and the outside society of optimization utilization, with raising enterprise production manufacturing capacity, is that the enforcement cooperation processing of current vast manufacturing business presses for one of major issue of solution.
To above problem, Li Baihu etc. have proposed a kind of networking based on the cloud computing service mode and have made new model---and the cloud manufacturing (Cloud Manufacturing, CMfg).The proposition of cloud manufacturing mode, for find the solution complicated manufacturing issue, manufacturing and Service Source share and carry out the large-scale cooperative manufacturing provide maybe, for manufacturing enterprise more extensively with more optimally select and utilize the cooperation processing resource that a better thinking is provided.Make under the service environment at cloud; Disperse to carry out virtual description and registration issue according to the certain standard standard with cooperation processing resource widely; Make service platform through public cloud; Supply the enterprise of different demands to find, mate and select for use as required, thereby realize disperseing the concentrated use of cooperation processing resource and concentrated cooperation processing resource distribution services under the cloud manufacturing service environment.
Under the cloud manufacturing environment, it is mutual that the user need carry out great deal of information through Internet, realize that the commercial affairs between enterprise are collaborative, design is collaborative, make collaborative and supply chain collaborative.Because the short of reliable information security management and control method has seriously restricted popularization and development that cloud is made.Cloud is made resource and is presented characteristics such as cross-domain property, extensive property, isomerism, autonomy, dynamic and opening, makes that the safe practice under the conventional closed environment can not satisfy its needs and face different challenge.Secondly, enterprise information security research mainly concentrates on the research aspect to triangular web, monotechnics, lacks system's consideration of cloud being made service platform general safety problem, is difficult to satisfy the technical information demand for security that cloud is made service process.
The cloud manufacturing system focuses on the data and the application of a large number of users, thereby attracts the attack and the stealing of malice more easily.These are attacked some and carry out through network, some in addition maybe be through physical attacks, the cloud manufacturing system faces new security challenge.One of which, the user is various bring safety problem.Here to consider influencing each other between the different user, how accomplish mutual isolation, need prevent that the user from having a mind to or the behavior of " escaping from prison " unintentionally through technological means.In addition, because user's program operates within the data center, therefore also to prevent malicious user to launch a offensive from cloud manufacturing system inside; Its two, the safety problem that adopts third party's platform to bring.Because deposit data is on third party's platform, therefore one very the problem of reality be that service provider administrative staff's authority is provided with problem, this need cooperate through technological means and management process together deals with; Its three, the continuity problem of service.Because the degree of dependence to information is high, makes that " the bucket benefit " of safety problem is more obvious, the cloud service that " Single Point of Faliure " problem causes interrupts influencing all users' in the cloud manufacturing system business, needs integrated planning and system to consider safety problem.Therefore, the foundation of cloud manufacturing system is badly in need of seeking information security management and control method a kind of multilayer, system, degree of depth defence.
In view of this, will apply in the cloud manufacturing system based on PKIX PKI system, though now a lot of cloud computing platform is not also supported the certificate operation, as: the APP Engine of Goole does not support the mode of certificate login.But be used widely when cloud computing, and when being applied in the high security field, the PKI system remains the most sane selection of safety.
Summary of the invention
Purpose: the present invention relates to the information security management and control method under a kind of cloud manufacturing environment, promptly a kind of method that can realize that information security is transmitted, shared and use.The present invention takes all factors into consideration demands for security such as the high stability, high availability, credible wilfulness, dynamic of cloud manufacturing system, has proposed based on multi-level secure communication protocols such as safety Internet protocol (IPSec), secure socket layer protocol (SSL), S/MIME, PEM, SSH and based on the security management and control framework of Public Key Infrastructure(PKI) system.Realization technology and methods such as the virtual private network technology (VPN) through network layer and transport layer, digital envelope, cryptographic algorithm; Realize that cloud makes the security management and control of the technical information file in the collaboration service, for the user carries out that the commercial affairs cloud manufacturing mode under are collaborative, design is collaborative, it is collaborative to make and supply chain is worked in coordination with comprehensive safety guarantee is provided.
Technical scheme: the information security management and control method under a kind of cloud manufacturing environment; Promptly to characteristics such as the cross-domain property of cloud manufacturing information, extensive property, isomerism, autonomy, dynamic and openings; Guarantee Network Communicate Security from network layer, transport layer and application layer respectively, guarantee the safety that technical information is shared, transmitted, uses through data encryption, digital signature and the Digital Envelope Technology of PKI system.This method specifically may further comprise the steps:
(Intrusion Detection Systems IDS) and the system vulnerability that upgrades in time, dynamically guarantees the safety of cloud manufacturing system web services layer to step 1) through safe route, the design of perfect fire compartment wall, intruding detection system;
Step 2) setting up perfect Public Key Infrastructure(PKI), is that user and network layer protocol (IPSec), transport layer protocol (SSL), application layer protocol (like S/MIME, PEM, SSH etc.) server are issued certificate by the CA of certificate issuance mechanism; Set up the VPN(Virtual Private Network) of layer protocol Network Based (IPSec), transport layer protocol (SSL), realize that the network security between cloud inside and the Yun Yuyun inserts and technical information safe transmission and shared;
Step 3) is a step 2) in the CA structure of Public Key Infrastructure(PKI) adopt to mix trust model, issue certificate according to the trust link of trust model for user and server; Generate agreement according to key and generate session key SK at random, symmetric cryptosystem information, and utilize X.509 certificate to obtain PKI asymmetric encryption session key SK to form digital envelope is used for the safety of resist technology message file and session key SK.Realize authentification of user and encrypted signature through digital certificate and digital envelope, realize the technical information safe transmission between user and the cloud, shared and use, and through log management agreement audit tracking technique transmission of Information process.
Step 4) user is through USB-Key storage key and certificate; Cloud Server is through intelligent chip storage key and certificate; Realize " double factor authentication " through setting up PIN code; Promptly must obtain storage medium simultaneously and PIN code could obtain key and digital certificate, guarantee that key and certificate can not be obtained by illegal person;
1. further, the safety of said web services layer is set up the subnet of an isolation through adopting 2 packet filtering routers, inserts Bastion Host in the subnet, the IP of inflow and outflow bag on monitoring and the screen; Dispose the whole network of intruding detection system dynamic protection through the Web portal place; Through scan for networks device discovery leak and repair, upgrade upgrading operation system, and carry out anti-virus work etc.;
2. further, said Public Key Infrastructure(PKI) is formed and is comprised the CA of certification authority, the RA of registration body, and the certificate issuance system, PKI uses, PKI strategy etc.The user arrives first RA registration, and the true identity by RA checking user is pooled to the CA place then, unifies grant a certificate by CA, for user and certificate server are signed and issued a pair of PKI and private key.Adopt the certificate management PKI, digital certificate binds together user's PKI and some other identification information, follows X.509 standard, and openly supplies user inquiring and download; Adopt USB-Key and intelligent chip storage private key, be used for digital signature and authentication, private key damages and can recover with recovery module and certificate revocation module and report the loss through the key backup of PKI certificate management system when losing;
3. further, the ipsec security agreement of said network layer, main purpose are to prevent that IP from faking, and mainly provide to all packages in network layer (IP layer) passage to carry out three kinds of security services, and service comprises:
A1. the property confirmed: confirm that the package of being received is to be seen off by the IP address described in the header file really, but not fraud.In addition, also need the integrality of confirmation content, in the process that transmits, be not tampered to guarantee package;
A2. confidentiality: the package of avoiding transmitting suffers the third party outside the communicating pair to peep knowledge;
A3. key management: adopt automatic key management mode, help the agreement of user security to go out needed privacy key, and with the user that sends to of secret key safety.
4. further, said transport layer protocol (SSL) is based on the security protocol that WEB uses, and ssl protocol comprises: data integrity and confidentiality on server authentication, authenticated client (optional), the SSL link.Communications conduit through authentication and encryption and decryption is provided between browser to server, has prevented that some sensitive informations from transmitting to be stolen or distort between network, and can protect the webpage of being browsed, three kinds of security services are provided, and service comprises:
B1. the confidentiality that transmits of data: adopt the DES symmetric cryptosystem to guarantee the confidentiality of data when transmission;
B2. the integrality that transmits of data: adopt MD5 or SHA-1 hash function (Hash Function) calculate to transmit the message authentication codes of data, utilize the contrast of message authentication codes can know whether received data complete;
B3. Authentication mechanism: adopt RSA asymmetric cryptography mechanism, cooperate the PKI digital certificate to verify confirmation sender's identity.
5. further, said application layer protocol is operated on network layer protocol and the transport layer protocol, can use the application layer security agreement according to the different security demand.Such as the SSH agreement provides authentication and data integrity protection, and the Confidentiality protection to the user account password is provided, for various application layer protocols such as FTP, SMTP provide safety curtain; S/MIME and PEM agreement can provide the safety E-mail service, can realize the security service of confidentiality, authentication and data integrity, 3 aspects of anti-repudiation property; The safety of application layer mainly is to guarantee that with cryptological technique technical information file transmits, shares to the safety of use;
6. further; Said mixing trust model (bridge joint trust structure) is a kind of integrated structure of different trust models such as comprehensive level, netted, trust list; Be a diversity and otherness and the CA system that can realize the mutual trust intercommunication, meet cloud and make characteristics such as resource isomerism, dynamic, cross-domain property.Particular content comprises:
D1. publicly-owned cloud CA (GCA) trusts the bridge that transmits as the PKI territory, carries out cross-certification with each multi-form privately owned cloud trust domain, and it is not the terminal of whole trusting relationship, and each privately owned cloud has the root trusted source of oneself.GCA can confirm the trust guarantee grade of cross-certification according to the actual conditions of each privately owned cloud master CA (SCA), confirms the grade of the other side's certificate policy, thereby confirm the trust status of SCA in whole PKI system that its major function comprises:
For each SCA issues the cross-certification certificate;
Set up the mapping relations between each privately owned cloud trust domain certificate policy and the GCA certificate policy;
Safeguard the certificate that GCA issues, upgrade the cross-certification certificate;
Issue cross-certification certificate blacklist (CRL tabulation).
D2. bridge CA (GCA) is connected with the two-way equity of each trust domain root CA (SCA).Privately owned cloud trust domain possibly be a level trust, so its root CA just with the GCA bridge joint, carry out interoperability; Privately owned cloud trust domain possibly be netted trust structure, and in them is connected with GCA so, carries out interoperability; SCA also possibly be an independently CA.
D3. produced the certificate of next stage CA or carried out cross-certification at the same level by privately owned cloud SCA, classification is issued, and the user finally obtains digital certificate, and digital certificate is followed X.509 standard.
7. further, said authentification of user is meant user side and cloud service end realization bidirectional identity authentication, allows or the refusal login.Concrete steps comprise:
F1. user side sends the request link information and gives Cloud Server, and the cloud service end returns a random number R 1, and keeps R1;
F2. the user carries out digital signature with private key to R1, and produces a random number R 2, and signature value, customer digital certificate and the R2 of R1 sent to the cloud service end in the lump, the local R2 that keeps;
F3. after Cloud Server was received data, earlier signature, the term of validity of this digital certificate of inspection if certificate is effective, then obtained PKI through customer digital certificate and decipher the R1 signature value and carry out subscriber authentication;
F4. the cloud service end carries out digital signature with private key to R2, then R2 signature value and server digital certificate is sent the user;
F5. after the user received data, earlier signature, the term of validity of this digital certificate of inspection if certificate is effective, then obtained PKI through customer digital certificate and decipher the R2 signature value and carry out the Cloud Server authentication;
F6. through behind the bidirectional identity authentication, in the role-security scope, the user can carry out with Service Source (SeaS, laaS, PeaS) alternately.
8. further, said Digital Envelope Technology, concrete steps comprise:
G1. the user expressly carries out MD5 or SHA-1 hash function (Hash Function) computing with technical information, produces the digital digest 1 of one section regular length;
G2. the user encrypts digital digest 1 with the private key of oneself, forms digital signature, is attached to transmission information original text back;
G3. randomizer produces a random number, and key production module utilizes random number to produce one at random symmetric session keys SK;
G4. the symmetric encipherment algorithm DES with session key SK comes technical information file, digital signature and digital certificate are done encryption, obtains ciphertext; G5. the digital certificate of transmit leg through the recipient obtains PKI, and comes session key SK is encrypted with the rivest, shamir, adelman RSA of this PKI, obtains digital envelope, is used for used session key SK among the safe transfer DES;
G6. after the recipient received ciphertext and digital envelope, the private key deciphering digital envelope with oneself obtained session key SK, and uses the SK decrypting ciphertext, obtains the digital certificate of technical information file, digital signature and transmit leg;
G7. the recipient obtains public key information through the digital certificate of transmit leg, and the decrypted digital signature file obtains digital digest 1;
G8. the recipient carries out MD5 or SHA-1 hash function (Hash Function) computing again to the message file after deciphering; Obtain digital digest 2, whether identical through contrast digital digest 1 with digital digest 2, if consistent; Descriptive information is not destroyed or distorts, otherwise abandons this document.
9. further, the USB-Key of said user side stores key seed storehouse, algorithms library, digital certificate and private key for user; The intelligent chip of service end stores the encrypted secret key seed bank, and algorithms library and privacy key are encrypted to ciphertext with fixed key K respectively to each user's key seed storehouse, and each cloud user is corresponding one by one with an encrypted secret key seed bank;
10. further, said key generates agreement and generates session key at random through the combination key generating algorithm, and concrete steps comprise:
H1. in the USB-Key equipment of user side, produce a random number, by random number one group key seed data is chosen and produced symmetric session keys SK;
H2. the intelligent chip of service end is then according to the user totem information of digital certificate; Location key seed ciphertext in the key seed database; Simultaneously; Produce a random number, Cloud Server calls the production of storage key K decruption key seed expressly, by random number one group key seed data is chosen and is produced symmetric session keys SK;
H3, session key SK are used for the encryption of technical information file, and it is all different to produce the session key SK that makes each time at random.
11. further, said log management agreement is used for recording user login and technical information file call operation.Login parameters is recorded in the login log database, and parameter comprises: ID, the random number that is used for authentication, login time etc.; Operating parameter is recorded in the Operation Log lane database; Operation comprises: browser document, modification, copied files, transmission or mimeograph documents etc., and parameter comprises: the IP address of cloud user or cloud manufacturing platform administrative staff's sign, filename, random number, digital signature and client computer etc.;
12. further, said USB-Key has the protection of hardware PIN code, and the user has only and obtained USB-Key and user's PIN code simultaneously, just can login system.Built-in CPU of USB-Key or intelligent chip; Realize data encrypting and deciphering and signature, data summarization through algorithm invokes module invokes DES, RSA, HASH algorithm etc.; All computings are all accomplished in USB-Key; Guaranteed that user key can not appear in the calculator memory, thereby stopped user key by the possibility of hacker's intercepting;
13. further, said user is divided into domestic consumer and advanced level user, domestic consumer holds and does not comprise digital certificate in the USB-Key.Domestic consumer generates agreement picked at random key seed storehouse through key and produces one group of symmetric key SK1 as authenticate key, and picked at random produces one group of symmetric key SK2 as signature key and encryption key.Because each group symmetric key is only corresponding with a random number, each cloud user is corresponding one by one with an encrypted secret key seed bank, has solved the difficult problem of symmetric key updating maintenance; Owing to do not need digital certificate, avoided the complicated process of application certificate; Owing to only adopt symmetric encipherment algorithm, can carry out authentication and encrypted signature fast, the efficient of improve the information security transmission, sharing and use, but this method safe class is not high enough.Advanced level user carries out authentication and encrypted signature through digital certificate, and safe class is higher.
Advantage and effect: the present invention is the basis with network security protocol design, cryptographic technique with based on PKIX PKI; Through realize technology and method based on the encrypted signature of the virtual private network of multi-layer protocol, digital envelope, technical information etc.; Between the cloud internal network; Between the Yun Yuyun, carry out between user and the cloud that commercial affairs under the cloud manufacturing mode are collaborative, design is collaborative, it is collaborative to make and supply chain is collaborative etc. that comprehensive safety guarantee is provided; Contained Intranet, Extranet and Internet that cloud is made, each link of use is stored, is delivered to comprehensive management and control technical information file; The session key SK that utilizes the key production agreement to produce at random carries out symmetric cryptography to technical information file; And obtain recipient's PKI through the PKI digital certificate session key SK asymmetric encryption is formed digital envelope, be used for the safety of resist technology message file and session key; Use the storage of USB-Key and intelligent chip digital certificate, private key information and session key seed bank; All computings all realize in physical storage medium; And USB-Key has the protection of hardware PIN code; Have only the holder to operate digital certificate, the fail safe of user key has obtained guarantee; The present invention has combined the advantage of network security protocol IPSec and SSL, combines the strong point of DES and RSA, has characteristics such as strong security, efficient is high, deployment is flexible, can be widely used in cloud manufacturing system and other networked mfg systems.
Description of drawings
The present invention has following accompanying drawing:
Fig. 1 shows the structural representation of information security managing and control system
Fig. 2 shows the VPN deployment diagram of security protocol Network Based
Fig. 3 shows CA bridge joint trust model
Fig. 4 shows key storage media hardware configuration sketch map
Fig. 5 shows information security managing and control system process sketch map.
Embodiment
In order to make the object of the invention, technical scheme and advantage clearer, the present invention is made further detailed description below in conjunction with accompanying drawing.
The present invention is through setting up secure tunnel VPN based on multi-layer protocols such as safety Internet protocol (IPSec), secure socket layer protocol (SSL), S/MIME, PEM, SSH, realizing that the network security of cloud manufacturing system Intranet, Extranet and Internet inserts; Through issuing X.509 digital certificate, and adopt Digital Envelope Technology protection session key SK, can realize the bidirectional identity authentication, digital signature, technical information encryption of user and cloud service end etc. based on PKIX PKI system.Guarantee information is transmitted, shared to confidentiality, integrality, non-repudiation, availability and the controllability of using overall process, and is as shown in Figure 1.
1. said IP Security Internet protocol (IPSec) requires communicating pair elder generation agreement to go out a common privacy key, calculates the pairing identifying code MAC of information with this privacy key then, MAC is placed in the property the confirmed application message supplies recipient's checking again.The Diffie-Hellman algorithm is adopted in the generation of privacy key, and utilizes Cookies to assist, and Cookies can be considered one 64 random number;
The IPSec processing procedure: dispose security policy database (SPDB) by the manager, SPDB points to security association database (SADB).With tlv triple (Security Parameter Index SPI, purpose IP address, security protocol identifier) is selector query safe policy library (SPDB), the security strategy that decision is taked data (such as being to receive, transmit or abandon data); Data by SPDB receives are passed to security association database (SADB), and the concrete safety measure that adopts of SADB decision is like AES, data distribution length, key length etc.
2. said Transport Layer Security socket layer agreement (SSL) comprises other various versions of SSLv2, SSLv3, TLSv1 and SSL and tls protocol, between ICP/IP protocol and various application layer protocol, for long-range access provides safe support.Version all can be supported SSL at IE more than 3.0 or netscape browser, is used for authentication and encrypted data transmission between WEB browser and the server.Ssl protocol can be divided into two-layer:
SSL record protocol (SSL Record Protocol): it is based upon on the reliable host-host protocol (like TCP), for upper-layer protocol provides burst, compression, message authentication codes MAC, encryption, packing service;
Ssl handshake protocol (SSL Handshake Protocol): it is based upon on the SSL record protocol; Be used for before the transfer of data of reality begins, communication two party carries out authentication (X.509 digital certificate), consulted encryption algorithm (DES and RSA), exchange session key SK (generating at random) etc.
The telesecurity cut-in method based on ssl protocol that proposes in applicant's Chinese invention patent application 200710063793.1: system comprises breaking piece, Internet public network and security switch; Security switch is disposed on the Internet public network, and breaking piece is deployed in Intranet or Intranet border.Said security switch receives the breaking piece of having connected for another one from the data forwarding of breaking piece, constitutes " secure exchange pattern ".This method quotes in full in the present invention.
3. set up VPN passage based on ipsec protocol; It is a kind of Intranet VPN (the inner VPN of cloud); Be used for connecting cloud general headquarters and each branch, make cloud Intranet have the strategy identical, comprise safety, service quality (QoS), reliability and manageability with dedicated network.Foundation is based on the VPN passage of ssl protocol, and it is a kind of Extranet VPN (cloud expansion VPN), and user, cloud resource, affiliate are connected to cloud Intranet, realizes information security transmission and shared between cloud and the cloud, and can realize the access control of grain refined; SSL VPN also is a kind of Access VPN (remote access VPN), makes various application programs and resource in simple and easy, the safe access purpose network of telecommuting personnel and terminal use.Through these flexibly access way let in the access cloud internal network of mobile subscriber, long-distance user or branch's safety, as shown in Figure 2.
4. said application layer protocol is operated on network layer protocol and the transport layer protocol, can use different application layer security protocol according to the different security demand, and the present invention does not do regulation.The safety of application layer mainly is the safety of utilizing PKI system and cryptological technique realization message transmission, sharing to use.
5. said PKI system, system comprises the CA of certification authority, the RA of registration body, the certificate issuance system, PKI uses, PKI strategy etc.Digital certificate is issued by certification authority CA signature, is generated by certificate server, and submits to certificate repository by the RA of registration body, supplies user's download and identity verification.Digital certificate is followed X.509 standard, and certification hierarchy comprises: version number, certificate serial number, signature algorithm identifier symbol, issuer title, the term of validity, principal name (having and the pairing private key main body of certificate), main body public key information, issuer unique identifier, main body unique identifier.The PKI system provides key management mechanism, and to the generation of key, storage, distribution, use, backup/restoration, renewal are cancelled and process such as destruction has been made specified in more detail, have solved the secret key safety problem of management.
6.PKI system CA structure adopts the bridge joint trust model, and is as shown in Figure 3.Publicly-owned cloud CA (GCA) is bridge CA center, to each privately owned cloud grant a certificate (SCA) and safeguard its CRL tabulation.YCA is sub-CA, and they are the CA of lower floor that are subordinated to hierarchical structure, and the level that has is shallow, just forms " brush and sac like ", and what have possibly just be subordinated to a main CA and a sub-CA.SSCA is the reciprocity CA in netted trust structure, and one of them is called main CA, carries out bridge joint with GCA.The bridge joint authentication becomes an entity trusty to a plurality of CA are coupled together; Cross-certification when the terminal use in so different PKI trust domain authenticates to root along different authentication link checks, just can reach the purpose of mutual trust to making the root CA of a plurality of CA sign and issue the root certificate mutually.In bridge mode, increase a trust domain, only need the root CA of bridge CA and this trust domain to sign and issue cross-certificate mutually, all the other trust domain need not be done any change.
In view of covering scale and branch's situation of cloud manufacturing system, the structure of the many RA of structure choice two-stage CA during the PKI system deployment.In general headquarters root CA is set, is responsible for the authentication of the whole network and organization directly under of general headquarters; Each branch is provided with secondary CA, is responsible for dividing the authentication of departments and organs, affiliated branch and scoping unit.General headquarters, branch and branch all are provided with RA, are responsible for providing the registration service in the administrative areas at different levels, and RA has shared the part task of CA, manage also more convenient.
7.PKI the key of system is the safe storage in digital certificate, private key for user and key seed storehouse, user side of the present invention is stored through USB-Key, and the cloud service end is stored through intelligent chip, and its hardware configuration is as shown in Figure 4.The USB-Key end mainly comprises document management module, algorithmic dispatching module, key production module, and the cloud service end mainly comprises file sharing module, algorithmic dispatching module, encrypted signature module, user authentication module, log management module.Cloud service end intelligent chip is encrypted to ciphertext through a fixing symmetric key K respectively with all cloud users' key seed data, and each cloud user is corresponding one by one with an encrypted secret key seed bank and digital certificate.
Wherein, each USB-Key has hardware PIN code protection, and hardware and PIN code have constituted two necessary factors that use USB-Key, and the user has only and obtains USB-Key and the available login cloud manufacturing system of PIN code ability simultaneously.Before the authentification of user; The user inserts terminal with USB-Key; Through client browser input Cloud Server address, system will point out the input PIN code to open USB-Key, and user side user authentication module automatic and the cloud service end carries out interactive authentication; For realizing single-sign-on, before extracting, USB-Key is in opening always.
Wherein, user authentication module carries out authentication to user's identity, can realize unidirectional authentication or bidirectional identity authentication, allows or the refusal login.The concrete steps of bidirectional identity authentication comprise: the A1. user side sends the request link information and gives Cloud Server, and the cloud service end returns a random number R 1, and keeps R1; A2. the user carries out digital signature with private key to R1, and produces a random number R 2, and signature value, customer digital certificate and the R2 of R1 sent to the cloud service end in the lump, the local R2 that keeps; A3. after Cloud Server was received data, earlier signature, the term of validity of this digital certificate of inspection if certificate is effective, then obtained PKI through customer digital certificate and decipher the R1 signature value and carry out subscriber authentication; A4. the cloud service end carries out digital signature with private key to R2, then R2 signature value and server digital certificate is sent the user; A5. after the user received data, earlier signature, the term of validity of this digital certificate of inspection if certificate is effective, then obtained PKI through customer digital certificate and decipher the R2 signature value and carry out the Cloud Server authentication; A6. through behind the bidirectional identity authentication, in the role-security scope, the user can carry out with Service Source (SeaS, laaS, PeaS) alternately.
Wherein, the encrypted signature module comprises digital signature and data encryption.Digital signature is meant expressly carries out MD5 or SHA-1 hash function (Hash Function) computing with technical information; Produce the digital digest of one section regular length; And with transmit leg encrypted private key digital digest formation digital signature; The recipient can use transmit leg PKI decrypted digital signature, obtains digital digest.If technical information file is tampered in transmission course, the technical information after the deciphering expressly passes through MD5 or SHA-1 hash function (Hash Function) computing is to obtain identical digital digest, thus verification of data integrity and authenticity; Data encryption is meant and utilizes session key SK symmetric encipherment algorithm (DES) encryption technology message file, is used for the safe transfer technical information file, and with rivest, shamir, adelman (RSA) encrypted session key, is used for safe transfer session key SK.
Wherein, Key production module produces session key SK at random through the key production agreement; Concrete steps comprise: in the USB-Key equipment of B1. user side, produce a random number, by random number one group key seed data is chosen and produced symmetric session keys SK; B2. the intelligent chip of service end is then according to the user totem information of digital certificate; Location key seed ciphertext in the key seed database; Simultaneously; Produce a random number, Cloud Server calls the production of storage key K decruption key seed expressly, by random number one group key seed data is chosen and is produced symmetric session keys SK; B3, session key SK are used for technical information file and encrypt, and it is all different to produce the session key SK that makes each time at random.
Wherein, the algorithmic dispatching module is called RSA (384,512,1024,2048) algorithm, DES (56,128) algorithm and MD5 or SHA-1 algorithm as required automatically, carries out message file and encrypts and digital signature.
Wherein, document management module has guaranteed that all computings all accomplish in USB-Key or intelligent chip, and function comprises: read/write technical information file, read/write digital certificate, read/write digital envelope, read/write keys seed bank, read/write private key etc.
Wherein, file sharing module provides the safety of technical information (two dimension or three-dimensional CAD drawing, NC program etc.) to share, and supplies validated user to download and uses.User side is uploaded shared file, and the ciphertext that cloud service end decrypted user is uploaded obtains clear data: technical information plaintext and digital signature, and at first the user authentication module decrypted digital signature by intelligent chip carries out the data integrity checking; File through checking is carried out digital signature and is encrypted to the data ciphertext clear data by the encrypted signature module of intelligent chip again, and is stored in the database of cloud service end, and all have computing all in intelligent chip, to accomplish.When needing man-machine interaction, the cloud service end is ferried the data ciphertext to the computer center foreground through gateway in the lump, supplies user's download.Gateway is the attack chain of blocking virus effectively, reduces virus greatly and obtains and destroy clear text file data probability.
Wherein, log management module is used for recording user login and technical information file call operation.Login parameters is recorded in the login log database, and parameter comprises: ID, the random number that is used for authentication, login time etc.; Operating parameter is recorded in the Operation Log lane database; Operation comprises: browser document, modification, copied files, transmission or mimeograph documents etc., parameter comprises: the IP address of cloud user or cloud manufacturing platform administrative staff's sign, filename, random number, digital signature and client computer etc.
8. in sum, the idiographic flow that system realizes is as shown in Figure 5, and step comprises:
C1. the user expressly carries out MD5 or SHA-1 hash function (Hash Function) computing with technical information, produces the digital digest 1 of one section regular length;
C2. the user encrypts digital digest 1 with the private key of oneself, forms digital signature, is attached to transmission information original text back;
C3. randomizer produces a random number, and key production module utilizes random number to produce one at random symmetric session keys SK;
C4. the symmetric encipherment algorithm DES with session key SK comes technical information file, digital signature and digital certificate are done encryption, obtains ciphertext; C5. the digital certificate of transmit leg through the recipient obtains PKI, and comes session key SK is encrypted with the rivest, shamir, adelman RSA of this PKI, obtains digital envelope, is used for used session key SK among the safe transfer DES;
C6. after the recipient received ciphertext and digital envelope, the private key deciphering digital envelope with oneself obtained session key SK, and uses the SK decrypting ciphertext, obtains the digital certificate of technical information file, digital signature and transmit leg;
C7. the recipient obtains public key information through the digital certificate of transmit leg, and the decrypted digital signature file obtains digital digest 1;
C8. the recipient carries out MD5 or SHA-1 hash function (Hash Function) computing again to the message file after deciphering; Obtain digital digest 2, whether identical through contrast digital digest 1 with digital digest 2, if consistent; Descriptive information is not destroyed or distorts, otherwise abandons this document;
The above is merely the present invention that preferably is not limited to of the present invention, and those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within claim of the present invention and the equivalent technologies scope thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.

Claims (10)

1. the information security management and control method under the cloud manufacturing environment, the method is characterized in that: the cloud in-house network adopts the safe Internet protocol (IPSec) of layer Network Based to carry out information interaction, and the protecting information safety of channel level is provided; Adopt secure socket layer protocol (SSL) and application layer protocol to carry out information interaction between the Yun Yuyun, the security protection of page-level and information level is provided based on transport layer; Adopt based on Public Key Infrastructure(PKI) between user and the cloud and realize authentification of user, encrypted signature etc., its CA trust model adopts and mixes trust model; This method may further comprise the steps:
(Intrusion Detection Systems IDS) and the system vulnerability that upgrades in time, dynamically guarantees the safety of cloud manufacturing system web services layer to step 1) through safe route, the design of perfect fire compartment wall, intruding detection system;
Step 2) setting up perfect Public Key Infrastructure(PKI), is that user and network layer protocol (IPSec), transport layer protocol (SSL), application layer protocol (like S/MIME, PEM, SSH etc.) server are issued certificate by the CA of certificate issuance mechanism; Set up the VPN(Virtual Private Network) of layer protocol Network Based (IPSec), transport layer protocol (SSL), realize that the network security between cloud inside and the Yun Yuyun inserts and technical information safe transmission and shared;
Step 3) is a step 2) in the CA structure of Public Key Infrastructure(PKI) adopt to mix trust model, issue certificate according to the trust link of trust model for user and server; Generate agreement according to key and generate session key SK at random, symmetric cryptosystem information, and utilize X.509 certificate to obtain PKI asymmetric encryption session key SK to form digital envelope is used for the safety of resist technology message file and session key SK; Realize authentification of user and encrypted signature through digital certificate and digital envelope, realize the technical information safe transmission between user and the cloud, shared and use, and through log management agreement audit tracking technique transmission of Information process;
Step 4) user is through USB-Key storage key and certificate; Cloud Server is through intelligent chip storage key and certificate; Realize " double factor authentication " through setting up PIN code; Promptly must obtain storage medium simultaneously and PIN code could obtain key and digital certificate, guarantee that key and certificate can not be obtained by illegal person.
2. according to the said method of claim 1, it is characterized in that: said VPN comprises the IPSec VPN of network layer and the SSL VPN of transport layer in the step 2; Ipsec protocol in network layer, provides security services such as the authentication of point-to-point data transmission safety, data encryption, access control, integrality discriminating with cryptographic applications; IPSec VPN realizes that the safety of cloud Intranet inserts; Guarantee between the cloud intranet server, the secure communication between general headquarters and branch, between Intranet user etc. on any IP network; Guarantee the information security in all passages; It is transparent for user and application program, to any transport layer and application layer protocol safety guarantee can both be provided for it is seamless; Ssl protocol is based on the security protocol that WEB uses, and agreement comprises: data integrity and confidentiality on server authentication, authenticated client (optional), the SSL link, between end and end, set up an escape way; SSL VPN provides between the Yun Yuyun, the telesecurity between user and the cloud inserts, and realize that cloud Extranet safety inserts cloud Intranet, and sensitive information (like digital certificate and private key) transmits through SSL VPN, prevents to be intercepted and captured by the third party.
3. according to the said method of claim 1, it is characterized in that: said application layer protocol is operated on network layer protocol and the transport layer protocol in the step 2, can use the application layer security agreement according to the different security demand; Such as the SSH agreement provides authentication and data integrity protection, and the Confidentiality protection to the user account password is provided, for various application layer protocols such as FTP, SMTP provide safety curtain; S/MIME and PEM agreement can provide the safety E-mail service, can realize the security service of confidentiality, authentication and data integrity, 3 aspects of anti-repudiation property; The safety of application layer mainly is to be the basis with the PKI system, guarantees that with cryptological technique technical information file transmits, shares to the safety of use.
4. according to the said method of claim 1; It is characterized in that: said mixing trust model (bridge joint trust structure) is a kind of integrated structure of different trust models such as comprehensive level, netted, trust list in the step 3; Be a diversity and otherness and the CA system that can realize the mutual trust intercommunication, meet characteristics such as cloud manufacturing system isomerism, dynamic, cross-domain property; Publicly-owned cloud CA (GCA) is bridge CA center; Trust the bridge and the guarantee person of intercommunication as each different trust domain; It has the basic function of certificate agency; To each privately owned cloud grant a certificate (SCA) and safeguard its CRL tabulation, be provided with the LIST SERVER of oneself, and be in charge of these cross-certification certificates; But it is different from a root CA and does not possess the function of trusting starting point; Only has the function of setting up trusting relationship between each privately owned cloud trust domain; Each privately owned cloud CA trust domain keeps original trusted source, adopts netted cross-certification, level with different trust links such as ca authentications according to s own situation.
5. according to the said method of claim 1, it is characterized in that: said authentification of user is meant and carries out bidirectional identity authentication between user and the Cloud Server in the step 3, allows or the refusal login; Concrete steps comprise:
A1. user side sends the request link information and gives Cloud Server, and the cloud service end returns a random number R 1, and keeps R1;
A2. the user carries out digital signature with private key to R1, and produces a random number R 2, and signature value, customer digital certificate and the R2 of R1 sent to the cloud service end in the lump, the local R2 that keeps;
A3. after Cloud Server was received data, earlier signature, the term of validity of this digital certificate of inspection if certificate is effective, then obtained PKI through customer digital certificate and decipher the R1 signature value and carry out subscriber authentication;
A4. the cloud service end carries out digital signature with private key to R2, then R2 signature value and server digital certificate is sent the user;
A5. after the user received data, earlier signature, the term of validity of this digital certificate of inspection if certificate is effective, then obtained PKI through customer digital certificate and decipher the R2 signature value and carry out the Cloud Server authentication;
A6. through behind the bidirectional identity authentication, in the role-security scope, the user can carry out with Service Source (SeaS, laaS, PeaS) alternately.
6. according to the said method of claim 1, it is characterized in that: said Digital Envelope Technology in the step 3, concrete steps comprise:
B1. the user expressly carries out MD5 or SHA-1 hash function (Hash Function) computing with technical information, produces the digital digest 1 of one section regular length;
B2. the user encrypts digital digest 1 with the private key of oneself, forms digital signature, is attached to transmission information original text back;
B3. randomizer produces a random number, and key production module utilizes random number to produce one at random symmetric session keys SK;
B4. the symmetric encipherment algorithm DES with session key SK comes technical information file, digital signature and digital certificate are done encryption, obtains ciphertext; B5. the digital certificate of transmit leg through the recipient obtains PKI, and comes session key SK is encrypted with the rivest, shamir, adelman RSA of this PKI, obtains digital envelope, is used for used session key SK among the safe transfer DES;
B6. after the recipient received ciphertext and digital envelope, the private key deciphering digital envelope with oneself obtained session key SK, and uses the SK decrypting ciphertext, obtains the digital certificate of technical information file, digital signature and transmit leg;
B7. the recipient obtains public key information through the digital certificate of transmit leg, and the decrypted digital signature file obtains digital digest 1;
B8. the recipient carries out MD5 or SHA-1 hash function (Hash Function) computing again to the message file after deciphering; Obtain digital digest 2, whether identical through contrast digital digest 1 with digital digest 2, if consistent; Descriptive information is not destroyed or distorts, otherwise abandons this document.
7. according to the said method of claim 1, it is characterized in that: the USB-Key of user side stores key seed storehouse, algorithms library, digital certificate and private key for user in the step 3; The intelligent chip of service end stores the encrypted secret key seed bank, and algorithms library and privacy key are encrypted to ciphertext with fixed key K respectively to each user's key seed storehouse, and each cloud user is corresponding one by one with an encrypted secret key seed bank; Generate agreement through key and adopt the combination key generating algorithm to generate session key SK at random, concrete steps comprise:
C1. in the USB-Key equipment of user side, produce a random number, by random number one group key seed data is chosen and produced symmetric session keys SK;
C2. the intelligent chip of service end is then according to the user totem information of digital certificate; Location key seed ciphertext in the key seed database; Simultaneously; Produce a random number, Cloud Server calls the production of storage key K decruption key seed expressly, by random number one group key seed data is chosen and is produced symmetric session keys SK;
C3. session key SK is used for the encryption of technical information file, and it is all different to produce the session key SK that makes each time at random.
8. according to the said method of claim 1, it is characterized in that: said log management agreement is used for recording user login and technical information file call operation in the step 3; Login parameters is recorded in the login log database, and parameter comprises: ID, the random number that is used for authentication, login time etc.; Operating parameter is recorded in the Operation Log lane database; Operation comprises: browser document, modification, copied files, transmission or mimeograph documents etc., parameter comprises: the IP address of cloud user or cloud manufacturing platform administrative staff's sign, filename, random number, digital signature and client computer etc.
9. according to the said method of claim 1; It is characterized in that: said USB-Key has the protection of hardware PIN code in the step 4; The user has only and has obtained USB-Key and user's PIN code simultaneously, just can login system, and built-in CPU of USB-Key or intelligent chip; Realize data encrypting and deciphering and signature, data summarization generation etc. through algorithm invokes module invokes DES, RSA, HASH algorithm etc.; All computings are all accomplished in USB-Key, have guaranteed that user key can not appear in the calculator memory, thereby have stopped user key by the possibility of hacker's intercepting.
10. according to the said method of claim 1; It is characterized in that: said user is divided into domestic consumer and advanced level user in the step 4; Domestic consumer holds and does not comprise digital certificate in the USB-Key; Domestic consumer generates agreement picked at random key seed storehouse through key and produces one group of symmetric key SK1 as authenticate key, and picked at random produces one group of symmetric key SK2 as signature key and encryption key, because each group symmetric key is only corresponding with a random number; Each cloud user is corresponding one by one with an encrypted secret key seed bank, has solved the difficult problem of symmetric key updating maintenance; Owing to do not need digital certificate, avoided the complicated process of application certificate; Owing to only adopt symmetric encipherment algorithm; Can carry out authentication and encrypted signature fast, the efficient of improve the information security transmission, sharing and use, but this method safe class is not high enough; Advanced level user carries out authentication and encrypted signature through digital certificate, and safe class is higher.
CN2012101396878A 2012-05-08 2012-05-08 Information security management and control method under cloud manufacturing environment Pending CN102710605A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012101396878A CN102710605A (en) 2012-05-08 2012-05-08 Information security management and control method under cloud manufacturing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012101396878A CN102710605A (en) 2012-05-08 2012-05-08 Information security management and control method under cloud manufacturing environment

Publications (1)

Publication Number Publication Date
CN102710605A true CN102710605A (en) 2012-10-03

Family

ID=46903161

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012101396878A Pending CN102710605A (en) 2012-05-08 2012-05-08 Information security management and control method under cloud manufacturing environment

Country Status (1)

Country Link
CN (1) CN102710605A (en)

Cited By (118)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103237235A (en) * 2013-03-18 2013-08-07 中国科学院信息工程研究所 Method and system for realizing identity authentication on Cloud TV terminals
CN103269326A (en) * 2012-12-22 2013-08-28 潘铁军 Safety equipment, multi-application system and safety method for ubiquitous networks
CN103312691A (en) * 2013-04-19 2013-09-18 无锡成电科大科技发展有限公司 Method and system for authenticating and accessing cloud platform
CN103368973A (en) * 2013-07-25 2013-10-23 浪潮(北京)电子信息产业有限公司 Safety system for cloud operating system
CN103401678A (en) * 2013-07-30 2013-11-20 成都卫士通信息产业股份有限公司 Method for ensuring data transmission safety of Internet of things
CN103414559A (en) * 2013-05-20 2013-11-27 广州中长康达信息技术有限公司 Identity authentication method based on IBE-like system in cloud computing environment
CN103457958A (en) * 2013-09-18 2013-12-18 浪潮电子信息产业股份有限公司 Cloud computing network server inner core safe access method
CN103490899A (en) * 2013-09-27 2014-01-01 浪潮齐鲁软件产业有限公司 Application cloud safety certification method based on third-party service
CN103607273A (en) * 2013-07-18 2014-02-26 焦点科技股份有限公司 Data file encryption and decryption method based on time limit control
CN103618610A (en) * 2013-12-06 2014-03-05 上海千贯节能科技有限公司 Information safety algorithm based on energy information gateway in smart power grid
CN103731756A (en) * 2014-01-02 2014-04-16 中国科学院信息工程研究所 Smart home remote security access control implementation method based on smart cloud television gateway
CN103905557A (en) * 2014-04-09 2014-07-02 曙光云计算技术有限公司 Data storage method and device used for cloud environment and downloading method and device
CN103905204A (en) * 2014-04-02 2014-07-02 天地融科技股份有限公司 Data transmission method and transmission system
WO2014110976A1 (en) * 2013-01-16 2014-07-24 中兴通讯股份有限公司 D2d discovery application method, d2d discovery implementing method, and corresponding apparatus
CN104052713A (en) * 2013-03-11 2014-09-17 李华 Novel network trust guarantee service method and device
CN104363233A (en) * 2014-11-20 2015-02-18 成都卫士通信息安全技术有限公司 Safety cross-domain communication method for application servers in VPN gateways
CN104378351A (en) * 2014-10-16 2015-02-25 江苏博智软件科技有限公司 Internal network security protection method based on dynamic encryption host identity authentication
CN104393998A (en) * 2014-12-10 2015-03-04 郑鹏 Intelligent encryption method for computer information transmission
CN104486300A (en) * 2014-11-29 2015-04-01 中国航空工业集团公司第六三一研究所 Aviation exchange system and method based on virtual machine
CN104639327A (en) * 2015-01-29 2015-05-20 杭州晟元芯片技术有限公司 Method for identifying and correlating equipment by digital certificate
CN104639516A (en) * 2013-11-13 2015-05-20 华为技术有限公司 Method, equipment and system for authenticating identities
CN104717643A (en) * 2013-12-12 2015-06-17 北京大学 Mobile device safety communication platform
CN104753879A (en) * 2013-12-30 2015-07-01 中国银联股份有限公司 Method and system for authenticating cloud service provider through terminal and method and system for authenticating terminal through cloud service provider
CN104835038A (en) * 2015-03-30 2015-08-12 恒宝股份有限公司 Networking payment device and networking payment method
CN104881817A (en) * 2015-06-11 2015-09-02 沈阳富创精密设备有限公司 Implement method of technological data cloud platform in manufacturing industry
WO2015184812A1 (en) * 2014-11-06 2015-12-10 中兴通讯股份有限公司 Method for logging in to cloud terminal, cloud terminal, cloud server and cloud system
CN105407072A (en) * 2014-09-05 2016-03-16 北京握奇智能科技有限公司 Method and system for achieving safety of Internet of Things, and interconnection equipment
CN105430000A (en) * 2015-12-17 2016-03-23 北京华油信通科技有限公司 Cloud computing security management system
CN105516188A (en) * 2016-01-07 2016-04-20 浪潮集团有限公司 Data exchange method based on electronic authentication technology
CN105610847A (en) * 2016-01-08 2016-05-25 成都卫士通信息产业股份有限公司 Method for supporting security transmission and exchange of electronic official documents of multiple exchange nodes
CN105656941A (en) * 2016-03-14 2016-06-08 美的集团股份有限公司 Identity authentication device and method
WO2016107320A1 (en) * 2014-12-30 2016-07-07 北京奇虎科技有限公司 Website security information loading method, and browser device
CN105847014A (en) * 2016-05-31 2016-08-10 浪潮集团有限公司 Realization method for applying e-signature service system to cloud-computing environment
CN103701848B (en) * 2013-11-07 2016-08-31 江南大学 A kind of Internet of Things secure storage method of data based on cloud computing and system
CN106209807A (en) * 2016-07-04 2016-12-07 浪潮集团有限公司 A kind of cloud computing safety access control method based on domestic cryptographic algorithm
CN106385313A (en) * 2016-09-08 2017-02-08 四川长虹电器股份有限公司 Random cryptograph system based on grouping encryption algorithm and realization method thereof
CN106464739A (en) * 2014-06-19 2017-02-22 微软技术许可有限责任公司 Securing communications with enhanced media platforms
CN106453405A (en) * 2016-11-24 2017-02-22 济南浪潮高新科技投资发展有限公司 Security authentication method for fog node in cloud environment
CN106656955A (en) * 2016-09-26 2017-05-10 山东浪潮商用系统有限公司 Communication method and system and user terminal
CN106788988A (en) * 2016-11-28 2017-05-31 暨南大学 Voidable key polymerization encryption method under cloud environment
CN106789060A (en) * 2016-11-18 2017-05-31 畅捷通信息技术股份有限公司 Data transmission method and device, data processing method and device, data transmission system
CN106817369A (en) * 2017-01-05 2017-06-09 深圳市证通电子股份有限公司 Data safety exchange method and system
CN106953732A (en) * 2017-03-10 2017-07-14 南方城墙信息安全科技有限公司 The key management system and method for chip card
CN106973070A (en) * 2017-05-17 2017-07-21 济南浪潮高新科技投资发展有限公司 A kind of big data calculates trusteeship service security certification system and method
CN107070657A (en) * 2016-01-21 2017-08-18 三星电子株式会社 Safety chip and application processor and its operating method
CN107078908A (en) * 2014-08-22 2017-08-18 诺基亚通信公司 Trust anchor in public key infrastructure updates
CN103684794B (en) * 2013-12-25 2017-08-25 华南理工大学 A kind of communication data encipher-decipher method based on the AES of DES, RSA, SHA 1
CN107104888A (en) * 2017-06-09 2017-08-29 成都轻车快马网络科技有限公司 A kind of safe instant communicating method
CN107395609A (en) * 2017-08-07 2017-11-24 成都汇智远景科技有限公司 Data ciphering method
CN107454077A (en) * 2017-08-01 2017-12-08 北京迪曼森科技有限公司 A kind of single-point logging method based on IKI ID authentications
CN107623692A (en) * 2017-09-29 2018-01-23 郑州云海信息技术有限公司 A kind of method and device of data check
CN108111314A (en) * 2018-01-19 2018-06-01 中链科技有限公司 The generation of digital certificate and method of calibration and equipment
CN108206739A (en) * 2016-12-16 2018-06-26 乐视汽车(北京)有限公司 Key generation method and device
CN108259486A (en) * 2018-01-10 2018-07-06 芯盾网安(北京)科技发展有限公司 End-to-end key exchange method based on certificate
CN108335015A (en) * 2017-12-30 2018-07-27 方正璞华软件(武汉)股份有限公司 A kind of cooperating manufacture network platform
CN108347330A (en) * 2017-01-24 2018-07-31 北京百度网讯科技有限公司 A kind of method and apparatus of secure communication
CN108521429A (en) * 2018-04-20 2018-09-11 黄绍进 A kind of the Internet, applications access method and device of anonymity
CN108574573A (en) * 2017-12-14 2018-09-25 成都卫士通信息产业股份有限公司 Method, encryption device and the virtual VPN service systems of cryptographic service are provided for virtual VPN
CN108599961A (en) * 2018-05-08 2018-09-28 济南浪潮高新科技投资发展有限公司 A kind of communication means, car-mounted terminal, automobile services platform and system
CN108650208A (en) * 2018-03-05 2018-10-12 西安理工大学 A kind of construction method of the cloud print service platform of personal document's safe transmission
CN108667605A (en) * 2018-04-25 2018-10-16 拉扎斯网络科技(上海)有限公司 Data encryption and decryption method and device
CN108683688A (en) * 2018-07-20 2018-10-19 中国建设银行股份有限公司浙江省分行 A method of information transmission security is realized based on Digital Envelope Technology
CN108683674A (en) * 2018-05-22 2018-10-19 深圳中泰智丰物联网科技有限公司 Verification method, device, terminal and the computer readable storage medium of door lock communication
CN108833387A (en) * 2018-06-01 2018-11-16 江苏中安联科信息技术有限公司 A kind of internet high security enterprise cloud platform
CN108881419A (en) * 2018-06-04 2018-11-23 温州大学 A kind of tool hierarchical relationship is in the private data processing method of cloud computing environment
CN109005031A (en) * 2018-08-10 2018-12-14 湖南中车时代通信信号有限公司 A kind of key management method for railway signal system
CN109118775A (en) * 2018-10-08 2019-01-01 北京理工大学 A kind of Traffic monitoring method and system of secret protection and wrong data packet filtering
CN109218015A (en) * 2017-07-05 2019-01-15 普天信息技术有限公司 A kind of multiselect group group SMS encryption transport method and device
CN109327456A (en) * 2018-11-06 2019-02-12 北京知道创宇信息技术有限公司 A kind of cluster method for authenticating, clustered node and the electronic equipment of decentralization
CN109450881A (en) * 2018-10-26 2019-03-08 天津海泰方圆科技有限公司 A kind of data transmission system, method and device
CN109508154A (en) * 2017-09-14 2019-03-22 北京立思辰计算机技术有限公司 A method of printer task is authenticated based on chip
CN109558721A (en) * 2017-09-27 2019-04-02 思杰系统有限公司 The Secure Single Sign-on and conditional access of client application
CN109600229A (en) * 2018-11-28 2019-04-09 董志忠 Cross-platform RSA Algorithm based on SSL standard
CN109660530A (en) * 2018-12-08 2019-04-19 公安部第三研究所 A kind of protecting information safety method based on hardware certificate
CN109687956A (en) * 2018-12-11 2019-04-26 北京数盾信息科技有限公司 A kind of unification provides key management and key computational service system to client
CN109981244A (en) * 2019-03-08 2019-07-05 西安电子科技大学 A kind of method of novel distributed cloud Encryption Algorithm
CN110213147A (en) * 2019-02-22 2019-09-06 企商在线(北京)网络股份有限公司 A kind of cloud network interoperability methods, device, storage medium and terminal device
CN110336776A (en) * 2019-04-28 2019-10-15 杭州电子科技大学 A kind of multi-point cooperative Verification System and method based on user images intelligent acquisition
CN110362568A (en) * 2019-06-03 2019-10-22 阿里巴巴集团控股有限公司 A kind of compression method, device and equipment for block chain type account book
CN110445782A (en) * 2019-08-06 2019-11-12 郑州信大捷安信息技术股份有限公司 A kind of multi-media safety broadcast control system and method
CN106789076B (en) * 2016-12-28 2020-01-14 Tcl集团股份有限公司 Interaction method and device for server and intelligent equipment
CN110765507A (en) * 2019-10-31 2020-02-07 重庆大学 Three-dimensional CAD (computer-aided design) modeling method, device and system based on cloud service technology
CN110855693A (en) * 2019-11-19 2020-02-28 武汉思普崚技术有限公司 Network authentication method and system based on CNN
CN110855561A (en) * 2019-12-07 2020-02-28 上海新微技术研发中心有限公司 Intelligent gateway of Internet of things
CN111064738A (en) * 2019-12-26 2020-04-24 山东方寸微电子科技有限公司 TLS (transport layer Security) secure communication method and system
CN111147332A (en) * 2019-12-29 2020-05-12 北京浪潮数据技术有限公司 Method, system and related device for determining uploading progress of cloud backup of storage system
CN111526156A (en) * 2020-04-30 2020-08-11 广州知弘科技有限公司 Big data based security cloud platform system
US10764062B2 (en) 2019-06-03 2020-09-01 Alibaba Group Holding Limited Blockchain ledger compression
CN111835506A (en) * 2019-04-18 2020-10-27 广州佳欣未来科技有限公司 Information safety digital encryption method based on one-time-use cipher book
CN111988289A (en) * 2020-08-04 2020-11-24 厦门理工学院 EPA industrial control network security test system and method
CN112019532A (en) * 2020-08-20 2020-12-01 王红根 Information management method based on mobile internet and biological authentication and cloud service platform
CN112491856A (en) * 2020-11-20 2021-03-12 福州大学 Safe and movable digital microfluidic biochip network system and control method
CN112702344A (en) * 2020-12-24 2021-04-23 国网河北省电力有限公司信息通信分公司 Communication encryption method based on multiple encryption modes
CN112948797A (en) * 2021-03-09 2021-06-11 北方实验室(沈阳)股份有限公司 Asymmetric key management system and method based on cooperative cryptographic algorithm
CN112994899A (en) * 2021-04-10 2021-06-18 北京国联易安信息技术有限公司 Safe mail receiving and sending method for mobile terminal
CN113098890A (en) * 2021-04-15 2021-07-09 深圳市骑换科技有限公司 Network security service guarantee method
CN113141396A (en) * 2021-03-31 2021-07-20 成都飞机工业(集团)有限责任公司 Supply chain cooperative system based on multiple networks
CN113169953A (en) * 2018-11-23 2021-07-23 上海诺基亚贝尔股份有限公司 Method and apparatus for authenticating a device or user
CN113242235A (en) * 2021-05-08 2021-08-10 卡斯柯信号有限公司 System and method for encrypting and authenticating railway signal secure communication protocol RSSP-I
CN113452660A (en) * 2020-03-27 2021-09-28 瑞昱半导体股份有限公司 Communication method of mesh network and cloud server, mesh network system and node device thereof
CN113591109A (en) * 2021-07-23 2021-11-02 上海瓶钵信息科技有限公司 Method and system for communication between trusted execution environment and cloud
CN113709109A (en) * 2021-07-27 2021-11-26 云南昆钢电子信息科技有限公司 Safety system and method based on cloud end and edge end data exchange
CN113766007A (en) * 2021-07-29 2021-12-07 中国电力科学研究院有限公司 Authentication front-end system and authentication method based on multi-source heterogeneous data analysis protocol
CN114415881A (en) * 2022-01-24 2022-04-29 东北大学 Meta-universe skiing system with real-time cloud-linked elements in ski field environment
CN114428947A (en) * 2021-12-16 2022-05-03 北京握奇数据股份有限公司 Method and system for filling equipment certificates of USBKey equipment in batch in production process
CN114553865A (en) * 2022-01-12 2022-05-27 中国电子科技集团公司第十研究所 Heterogeneous hybrid cloud system architecture design method
CN114615046A (en) * 2022-03-07 2022-06-10 中国大唐集团科学技术研究总院有限公司 Administrator double-factor authentication method based on national secret certificate
CN114785554A (en) * 2022-03-24 2022-07-22 福建师范大学 Trusted execution mixed trust multi-party computing system
CN114900314A (en) * 2022-04-27 2022-08-12 北京万集科技股份有限公司 Electronic anti-dismantling method and system, readable storage medium and OBU device
CN115022064A (en) * 2022-06-15 2022-09-06 北京安盟信息技术股份有限公司 Private work network encrypted access method and device
CN115580403A (en) * 2022-12-09 2023-01-06 深圳市永达电子信息股份有限公司 PKI-based computing node access control method
CN116048585A (en) * 2023-02-09 2023-05-02 国核自仪系统工程有限公司 Industrial control safety protection system and software updating method, device, equipment and medium thereof
CN116319109A (en) * 2023-05-23 2023-06-23 国网浙江省电力有限公司金华供电公司 Smart power grid operation information safety protection method and device
CN117408846A (en) * 2023-12-14 2024-01-16 陕西华海信息技术有限公司 School educational administration data processing system based on cloud computing
CN117744038A (en) * 2023-12-24 2024-03-22 中信出版集团股份有限公司 Copyright protection system and method for digital content
CN117914628A (en) * 2024-03-18 2024-04-19 三未信安科技股份有限公司 PIN code equipment authentication management method and device
CN118174967A (en) * 2024-05-14 2024-06-11 中国电信股份有限公司 Information verification method and related equipment
CN118473839A (en) * 2024-07-15 2024-08-09 深圳市连用科技有限公司 Security management method and system for file cloud system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005120007A1 (en) * 2004-05-31 2005-12-15 Telecom Italia S.P.A. Method and system for a secure connection in communication networks
CN101009562A (en) * 2007-02-01 2007-08-01 北京飞天诚信科技有限公司 Method and system for improving the security of the intelligent secret key device
CN101232373A (en) * 2007-01-26 2008-07-30 同济大学 Networking fabrication safety integrating system based on ASP mode

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005120007A1 (en) * 2004-05-31 2005-12-15 Telecom Italia S.P.A. Method and system for a secure connection in communication networks
CN101232373A (en) * 2007-01-26 2008-07-30 同济大学 Networking fabrication safety integrating system based on ASP mode
CN101009562A (en) * 2007-02-01 2007-08-01 北京飞天诚信科技有限公司 Method and system for improving the security of the intelligent secret key device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王路炯等: "ASP模式的网络化制造安全体系", 《中国机械工程》 *

Cited By (171)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103269326A (en) * 2012-12-22 2013-08-28 潘铁军 Safety equipment, multi-application system and safety method for ubiquitous networks
WO2014110976A1 (en) * 2013-01-16 2014-07-24 中兴通讯股份有限公司 D2d discovery application method, d2d discovery implementing method, and corresponding apparatus
CN104052713A (en) * 2013-03-11 2014-09-17 李华 Novel network trust guarantee service method and device
CN103237235A (en) * 2013-03-18 2013-08-07 中国科学院信息工程研究所 Method and system for realizing identity authentication on Cloud TV terminals
CN103237235B (en) * 2013-03-18 2016-01-20 中国科学院信息工程研究所 A kind of facing cloud television terminal authentication implementation method and system
CN103312691A (en) * 2013-04-19 2013-09-18 无锡成电科大科技发展有限公司 Method and system for authenticating and accessing cloud platform
CN103414559A (en) * 2013-05-20 2013-11-27 广州中长康达信息技术有限公司 Identity authentication method based on IBE-like system in cloud computing environment
CN103414559B (en) * 2013-05-20 2016-08-10 广州中长康达信息技术有限公司 A kind of identity identifying method of based on class IBE system under cloud computing environment
CN103607273B (en) * 2013-07-18 2016-12-28 焦点科技股份有限公司 A kind of data file encipher-decipher method controlled based on time limit
CN103607273A (en) * 2013-07-18 2014-02-26 焦点科技股份有限公司 Data file encryption and decryption method based on time limit control
CN103368973A (en) * 2013-07-25 2013-10-23 浪潮(北京)电子信息产业有限公司 Safety system for cloud operating system
CN103368973B (en) * 2013-07-25 2016-02-17 浪潮(北京)电子信息产业有限公司 A kind of cloud operating system security system
CN103401678A (en) * 2013-07-30 2013-11-20 成都卫士通信息产业股份有限公司 Method for ensuring data transmission safety of Internet of things
CN103457958A (en) * 2013-09-18 2013-12-18 浪潮电子信息产业股份有限公司 Cloud computing network server inner core safe access method
CN103490899A (en) * 2013-09-27 2014-01-01 浪潮齐鲁软件产业有限公司 Application cloud safety certification method based on third-party service
CN103701848B (en) * 2013-11-07 2016-08-31 江南大学 A kind of Internet of Things secure storage method of data based on cloud computing and system
CN104639516A (en) * 2013-11-13 2015-05-20 华为技术有限公司 Method, equipment and system for authenticating identities
CN104639516B (en) * 2013-11-13 2018-02-06 华为技术有限公司 Identity identifying method, equipment and system
CN103618610A (en) * 2013-12-06 2014-03-05 上海千贯节能科技有限公司 Information safety algorithm based on energy information gateway in smart power grid
CN103618610B (en) * 2013-12-06 2018-09-28 上海上塔软件开发有限公司 A kind of information security algorithm based on energy information gateway in intelligent grid
CN104717643A (en) * 2013-12-12 2015-06-17 北京大学 Mobile device safety communication platform
CN104717643B (en) * 2013-12-12 2019-05-21 北京大学 A kind of mobile device Secure Communication Environment
CN103684794B (en) * 2013-12-25 2017-08-25 华南理工大学 A kind of communication data encipher-decipher method based on the AES of DES, RSA, SHA 1
CN104753879A (en) * 2013-12-30 2015-07-01 中国银联股份有限公司 Method and system for authenticating cloud service provider through terminal and method and system for authenticating terminal through cloud service provider
CN104753879B (en) * 2013-12-30 2019-03-15 中国银联股份有限公司 Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider
CN103731756A (en) * 2014-01-02 2014-04-16 中国科学院信息工程研究所 Smart home remote security access control implementation method based on smart cloud television gateway
CN103731756B (en) * 2014-01-02 2016-09-07 中国科学院信息工程研究所 A kind of Smart Home remote secure access control method based on intelligent cloud television gateway
CN103905204A (en) * 2014-04-02 2014-07-02 天地融科技股份有限公司 Data transmission method and transmission system
CN103905204B (en) * 2014-04-02 2018-02-02 天地融科技股份有限公司 The transmission method and Transmission system of data
CN103905557A (en) * 2014-04-09 2014-07-02 曙光云计算技术有限公司 Data storage method and device used for cloud environment and downloading method and device
CN106464739B (en) * 2014-06-19 2019-09-17 微软技术许可有限责任公司 The method and system of the communication of media platform for protecting and enhancing
CN106464739A (en) * 2014-06-19 2017-02-22 微软技术许可有限责任公司 Securing communications with enhanced media platforms
CN107078908A (en) * 2014-08-22 2017-08-18 诺基亚通信公司 Trust anchor in public key infrastructure updates
CN105407072A (en) * 2014-09-05 2016-03-16 北京握奇智能科技有限公司 Method and system for achieving safety of Internet of Things, and interconnection equipment
CN104378351A (en) * 2014-10-16 2015-02-25 江苏博智软件科技有限公司 Internal network security protection method based on dynamic encryption host identity authentication
CN105635075A (en) * 2014-11-06 2016-06-01 中兴通讯股份有限公司 Method of registering cloud terminal, cloud terminal, cloud server and cloud system
WO2015184812A1 (en) * 2014-11-06 2015-12-10 中兴通讯股份有限公司 Method for logging in to cloud terminal, cloud terminal, cloud server and cloud system
CN104363233A (en) * 2014-11-20 2015-02-18 成都卫士通信息安全技术有限公司 Safety cross-domain communication method for application servers in VPN gateways
CN104486300A (en) * 2014-11-29 2015-04-01 中国航空工业集团公司第六三一研究所 Aviation exchange system and method based on virtual machine
CN104486300B (en) * 2014-11-29 2018-07-03 中国航空工业集团公司第六三一研究所 Aviation exchange system and method based on virtual machine
CN104393998A (en) * 2014-12-10 2015-03-04 郑鹏 Intelligent encryption method for computer information transmission
WO2016107320A1 (en) * 2014-12-30 2016-07-07 北京奇虎科技有限公司 Website security information loading method, and browser device
CN104639327A (en) * 2015-01-29 2015-05-20 杭州晟元芯片技术有限公司 Method for identifying and correlating equipment by digital certificate
CN104835038A (en) * 2015-03-30 2015-08-12 恒宝股份有限公司 Networking payment device and networking payment method
CN104881817A (en) * 2015-06-11 2015-09-02 沈阳富创精密设备有限公司 Implement method of technological data cloud platform in manufacturing industry
CN105430000A (en) * 2015-12-17 2016-03-23 北京华油信通科技有限公司 Cloud computing security management system
CN105516188A (en) * 2016-01-07 2016-04-20 浪潮集团有限公司 Data exchange method based on electronic authentication technology
CN105610847B (en) * 2016-01-08 2018-07-24 成都卫士通信息产业股份有限公司 A method of support more switching node electronic government documents safe transmissions to exchange
CN105610847A (en) * 2016-01-08 2016-05-25 成都卫士通信息产业股份有限公司 Method for supporting security transmission and exchange of electronic official documents of multiple exchange nodes
CN107070657A (en) * 2016-01-21 2017-08-18 三星电子株式会社 Safety chip and application processor and its operating method
CN107070657B (en) * 2016-01-21 2022-01-18 三星电子株式会社 Secure chip and application processor and operating method thereof
CN105656941A (en) * 2016-03-14 2016-06-08 美的集团股份有限公司 Identity authentication device and method
CN105847014A (en) * 2016-05-31 2016-08-10 浪潮集团有限公司 Realization method for applying e-signature service system to cloud-computing environment
CN106209807A (en) * 2016-07-04 2016-12-07 浪潮集团有限公司 A kind of cloud computing safety access control method based on domestic cryptographic algorithm
CN106385313A (en) * 2016-09-08 2017-02-08 四川长虹电器股份有限公司 Random cryptograph system based on grouping encryption algorithm and realization method thereof
CN106656955A (en) * 2016-09-26 2017-05-10 山东浪潮商用系统有限公司 Communication method and system and user terminal
CN106789060A (en) * 2016-11-18 2017-05-31 畅捷通信息技术股份有限公司 Data transmission method and device, data processing method and device, data transmission system
CN106453405A (en) * 2016-11-24 2017-02-22 济南浪潮高新科技投资发展有限公司 Security authentication method for fog node in cloud environment
CN106788988A (en) * 2016-11-28 2017-05-31 暨南大学 Voidable key polymerization encryption method under cloud environment
CN108206739A (en) * 2016-12-16 2018-06-26 乐视汽车(北京)有限公司 Key generation method and device
CN106789076B (en) * 2016-12-28 2020-01-14 Tcl集团股份有限公司 Interaction method and device for server and intelligent equipment
CN106817369A (en) * 2017-01-05 2017-06-09 深圳市证通电子股份有限公司 Data safety exchange method and system
CN108347330A (en) * 2017-01-24 2018-07-31 北京百度网讯科技有限公司 A kind of method and apparatus of secure communication
CN106953732B (en) * 2017-03-10 2020-02-07 南方城墙信息安全科技有限公司 Key management system and method for chip card
CN106953732A (en) * 2017-03-10 2017-07-14 南方城墙信息安全科技有限公司 The key management system and method for chip card
CN106973070A (en) * 2017-05-17 2017-07-21 济南浪潮高新科技投资发展有限公司 A kind of big data calculates trusteeship service security certification system and method
CN107104888B (en) * 2017-06-09 2020-10-16 四川楠水农牧科技有限公司 Safe instant messaging method
CN107104888A (en) * 2017-06-09 2017-08-29 成都轻车快马网络科技有限公司 A kind of safe instant communicating method
CN109218015A (en) * 2017-07-05 2019-01-15 普天信息技术有限公司 A kind of multiselect group group SMS encryption transport method and device
CN109218015B (en) * 2017-07-05 2021-08-06 普天信息技术有限公司 Multi-group selection short message encryption transmission method and device
CN107454077A (en) * 2017-08-01 2017-12-08 北京迪曼森科技有限公司 A kind of single-point logging method based on IKI ID authentications
CN107454077B (en) * 2017-08-01 2020-05-19 北京迪曼森科技有限公司 Single sign-on method based on IKI identification authentication
CN107395609B (en) * 2017-08-07 2020-08-28 蔷薇大树科技有限公司 Data encryption method
CN107395609A (en) * 2017-08-07 2017-11-24 成都汇智远景科技有限公司 Data ciphering method
CN109508154A (en) * 2017-09-14 2019-03-22 北京立思辰计算机技术有限公司 A method of printer task is authenticated based on chip
CN109558721B (en) * 2017-09-27 2023-08-08 思杰系统有限公司 Method and system for secure single sign-on and conditional access of client applications
CN109558721A (en) * 2017-09-27 2019-04-02 思杰系统有限公司 The Secure Single Sign-on and conditional access of client application
CN107623692A (en) * 2017-09-29 2018-01-23 郑州云海信息技术有限公司 A kind of method and device of data check
CN108574573B (en) * 2017-12-14 2021-07-23 成都卫士通信息产业股份有限公司 Method for providing password service for virtual VPN, password device and virtual VPN service system
CN108574573A (en) * 2017-12-14 2018-09-25 成都卫士通信息产业股份有限公司 Method, encryption device and the virtual VPN service systems of cryptographic service are provided for virtual VPN
CN108335015A (en) * 2017-12-30 2018-07-27 方正璞华软件(武汉)股份有限公司 A kind of cooperating manufacture network platform
CN108259486B (en) * 2018-01-10 2020-12-01 河南芯盾网安科技发展有限公司 End-to-end key exchange method based on certificate
CN108259486A (en) * 2018-01-10 2018-07-06 芯盾网安(北京)科技发展有限公司 End-to-end key exchange method based on certificate
CN108111314B (en) * 2018-01-19 2021-04-02 苏州朗润创新知识产权运营有限公司 Method and equipment for generating and verifying digital certificate
CN108111314A (en) * 2018-01-19 2018-06-01 中链科技有限公司 The generation of digital certificate and method of calibration and equipment
CN108650208A (en) * 2018-03-05 2018-10-12 西安理工大学 A kind of construction method of the cloud print service platform of personal document's safe transmission
CN108521429A (en) * 2018-04-20 2018-09-11 黄绍进 A kind of the Internet, applications access method and device of anonymity
CN108667605B (en) * 2018-04-25 2021-02-23 拉扎斯网络科技(上海)有限公司 Data encryption and decryption method and device
CN108667605A (en) * 2018-04-25 2018-10-16 拉扎斯网络科技(上海)有限公司 Data encryption and decryption method and device
CN108599961A (en) * 2018-05-08 2018-09-28 济南浪潮高新科技投资发展有限公司 A kind of communication means, car-mounted terminal, automobile services platform and system
CN108683674A (en) * 2018-05-22 2018-10-19 深圳中泰智丰物联网科技有限公司 Verification method, device, terminal and the computer readable storage medium of door lock communication
CN108833387A (en) * 2018-06-01 2018-11-16 江苏中安联科信息技术有限公司 A kind of internet high security enterprise cloud platform
CN108881419A (en) * 2018-06-04 2018-11-23 温州大学 A kind of tool hierarchical relationship is in the private data processing method of cloud computing environment
CN108683688B (en) * 2018-07-20 2024-02-06 中国建设银行股份有限公司浙江省分行 Method for realizing information transmission safety based on digital envelope technology
CN108683688A (en) * 2018-07-20 2018-10-19 中国建设银行股份有限公司浙江省分行 A method of information transmission security is realized based on Digital Envelope Technology
CN109005031A (en) * 2018-08-10 2018-12-14 湖南中车时代通信信号有限公司 A kind of key management method for railway signal system
CN109118775A (en) * 2018-10-08 2019-01-01 北京理工大学 A kind of Traffic monitoring method and system of secret protection and wrong data packet filtering
CN109450881A (en) * 2018-10-26 2019-03-08 天津海泰方圆科技有限公司 A kind of data transmission system, method and device
CN109327456A (en) * 2018-11-06 2019-02-12 北京知道创宇信息技术有限公司 A kind of cluster method for authenticating, clustered node and the electronic equipment of decentralization
CN113169953B (en) * 2018-11-23 2023-05-30 上海诺基亚贝尔股份有限公司 Method and apparatus for authenticating a device or user
CN113169953A (en) * 2018-11-23 2021-07-23 上海诺基亚贝尔股份有限公司 Method and apparatus for authenticating a device or user
CN109600229A (en) * 2018-11-28 2019-04-09 董志忠 Cross-platform RSA Algorithm based on SSL standard
CN109600229B (en) * 2018-11-28 2022-03-22 董志忠 SSL standard-based cross-platform RSA algorithm
CN109660530A (en) * 2018-12-08 2019-04-19 公安部第三研究所 A kind of protecting information safety method based on hardware certificate
CN109687956A (en) * 2018-12-11 2019-04-26 北京数盾信息科技有限公司 A kind of unification provides key management and key computational service system to client
CN110213147A (en) * 2019-02-22 2019-09-06 企商在线(北京)网络股份有限公司 A kind of cloud network interoperability methods, device, storage medium and terminal device
CN110213147B (en) * 2019-02-22 2021-09-03 企商在线(北京)网络股份有限公司 Cloud network intercommunication method and device, storage medium and terminal equipment
CN109981244B (en) * 2019-03-08 2021-10-01 西安电子科技大学 Method for realizing distributed cloud encryption algorithm
CN109981244A (en) * 2019-03-08 2019-07-05 西安电子科技大学 A kind of method of novel distributed cloud Encryption Algorithm
CN111835506A (en) * 2019-04-18 2020-10-27 广州佳欣未来科技有限公司 Information safety digital encryption method based on one-time-use cipher book
CN110336776B (en) * 2019-04-28 2021-09-28 杭州电子科技大学 Multi-point cooperative authentication system and method based on intelligent user image acquisition
CN110336776A (en) * 2019-04-28 2019-10-15 杭州电子科技大学 A kind of multi-point cooperative Verification System and method based on user images intelligent acquisition
US10958440B2 (en) 2019-06-03 2021-03-23 Advanced New Technologies Co., Ltd. Blockchain ledger compression
CN110362568A (en) * 2019-06-03 2019-10-22 阿里巴巴集团控股有限公司 A kind of compression method, device and equipment for block chain type account book
US10764062B2 (en) 2019-06-03 2020-09-01 Alibaba Group Holding Limited Blockchain ledger compression
CN110445782A (en) * 2019-08-06 2019-11-12 郑州信大捷安信息技术股份有限公司 A kind of multi-media safety broadcast control system and method
CN110765507A (en) * 2019-10-31 2020-02-07 重庆大学 Three-dimensional CAD (computer-aided design) modeling method, device and system based on cloud service technology
CN110855693A (en) * 2019-11-19 2020-02-28 武汉思普崚技术有限公司 Network authentication method and system based on CNN
CN110855561A (en) * 2019-12-07 2020-02-28 上海新微技术研发中心有限公司 Intelligent gateway of Internet of things
CN111064738A (en) * 2019-12-26 2020-04-24 山东方寸微电子科技有限公司 TLS (transport layer Security) secure communication method and system
CN111064738B (en) * 2019-12-26 2022-09-30 山东方寸微电子科技有限公司 TLS (transport layer Security) secure communication method and system
CN111147332A (en) * 2019-12-29 2020-05-12 北京浪潮数据技术有限公司 Method, system and related device for determining uploading progress of cloud backup of storage system
CN113452660A (en) * 2020-03-27 2021-09-28 瑞昱半导体股份有限公司 Communication method of mesh network and cloud server, mesh network system and node device thereof
CN113452660B (en) * 2020-03-27 2023-07-25 瑞昱半导体股份有限公司 Communication method of mesh network and cloud server, mesh network system and node device thereof
CN111526156A (en) * 2020-04-30 2020-08-11 广州知弘科技有限公司 Big data based security cloud platform system
CN111988289A (en) * 2020-08-04 2020-11-24 厦门理工学院 EPA industrial control network security test system and method
CN111988289B (en) * 2020-08-04 2021-07-23 厦门理工学院 EPA industrial control network security test system and method
CN112019532A (en) * 2020-08-20 2020-12-01 王红根 Information management method based on mobile internet and biological authentication and cloud service platform
CN112019532B (en) * 2020-08-20 2021-05-07 中铁云网信息科技有限公司 Information management method based on mobile internet and biological authentication and cloud service platform
CN112491856B (en) * 2020-11-20 2022-08-02 福州大学 Safe and movable digital microfluidic biochip network system and control method
CN112491856A (en) * 2020-11-20 2021-03-12 福州大学 Safe and movable digital microfluidic biochip network system and control method
CN112702344A (en) * 2020-12-24 2021-04-23 国网河北省电力有限公司信息通信分公司 Communication encryption method based on multiple encryption modes
CN112948797B (en) * 2021-03-09 2023-07-28 北方实验室(沈阳)股份有限公司 Asymmetric key management system and method based on collaborative cryptographic algorithm
CN112948797A (en) * 2021-03-09 2021-06-11 北方实验室(沈阳)股份有限公司 Asymmetric key management system and method based on cooperative cryptographic algorithm
CN113141396A (en) * 2021-03-31 2021-07-20 成都飞机工业(集团)有限责任公司 Supply chain cooperative system based on multiple networks
CN113141396B (en) * 2021-03-31 2022-07-15 成都飞机工业(集团)有限责任公司 Supply chain cooperative system based on multiple networks
CN112994899A (en) * 2021-04-10 2021-06-18 北京国联易安信息技术有限公司 Safe mail receiving and sending method for mobile terminal
CN113098890A (en) * 2021-04-15 2021-07-09 深圳市骑换科技有限公司 Network security service guarantee method
CN113242235A (en) * 2021-05-08 2021-08-10 卡斯柯信号有限公司 System and method for encrypting and authenticating railway signal secure communication protocol RSSP-I
CN113591109A (en) * 2021-07-23 2021-11-02 上海瓶钵信息科技有限公司 Method and system for communication between trusted execution environment and cloud
CN113591109B (en) * 2021-07-23 2023-05-02 上海瓶钵信息科技有限公司 Method and system for communication between trusted execution environment and cloud
CN113709109B (en) * 2021-07-27 2024-02-27 云南昆钢电子信息科技有限公司 Safety system and method based on cloud and edge data exchange
CN113709109A (en) * 2021-07-27 2021-11-26 云南昆钢电子信息科技有限公司 Safety system and method based on cloud end and edge end data exchange
CN113766007B (en) * 2021-07-29 2024-02-20 中国电力科学研究院有限公司 Authentication pre-system and authentication method based on multi-source heterogeneous data analysis protocol
CN113766007A (en) * 2021-07-29 2021-12-07 中国电力科学研究院有限公司 Authentication front-end system and authentication method based on multi-source heterogeneous data analysis protocol
CN114428947A (en) * 2021-12-16 2022-05-03 北京握奇数据股份有限公司 Method and system for filling equipment certificates of USBKey equipment in batch in production process
CN114553865A (en) * 2022-01-12 2022-05-27 中国电子科技集团公司第十研究所 Heterogeneous hybrid cloud system architecture design method
CN114553865B (en) * 2022-01-12 2023-05-12 中国电子科技集团公司第十研究所 Heterogeneous hybrid cloud system architecture design method
CN114415881A (en) * 2022-01-24 2022-04-29 东北大学 Meta-universe skiing system with real-time cloud-linked elements in ski field environment
CN114415881B (en) * 2022-01-24 2024-02-09 东北大学 Meta universe skiing system with real-time cloud linking of elements in skiing field environment
CN114615046B (en) * 2022-03-07 2024-04-30 中国大唐集团科学技术研究总院有限公司 Administrator double-factor authentication method based on national secret certificate
CN114615046A (en) * 2022-03-07 2022-06-10 中国大唐集团科学技术研究总院有限公司 Administrator double-factor authentication method based on national secret certificate
CN114785554B (en) * 2022-03-24 2023-05-05 福建师范大学 Mixed trust multiparty computing system capable of trusted execution
CN114785554A (en) * 2022-03-24 2022-07-22 福建师范大学 Trusted execution mixed trust multi-party computing system
CN114900314A (en) * 2022-04-27 2022-08-12 北京万集科技股份有限公司 Electronic anti-dismantling method and system, readable storage medium and OBU device
CN115022064A (en) * 2022-06-15 2022-09-06 北京安盟信息技术股份有限公司 Private work network encrypted access method and device
CN115580403A (en) * 2022-12-09 2023-01-06 深圳市永达电子信息股份有限公司 PKI-based computing node access control method
CN116048585A (en) * 2023-02-09 2023-05-02 国核自仪系统工程有限公司 Industrial control safety protection system and software updating method, device, equipment and medium thereof
CN116048585B (en) * 2023-02-09 2023-08-25 国核自仪系统工程有限公司 Industrial control safety protection system and software updating method, device, equipment and medium thereof
CN116319109B (en) * 2023-05-23 2023-08-08 国网浙江省电力有限公司金华供电公司 Smart power grid operation information safety protection method and device
CN116319109A (en) * 2023-05-23 2023-06-23 国网浙江省电力有限公司金华供电公司 Smart power grid operation information safety protection method and device
CN117408846B (en) * 2023-12-14 2024-03-01 陕西华海信息技术有限公司 School educational administration data processing system based on cloud computing
CN117408846A (en) * 2023-12-14 2024-01-16 陕西华海信息技术有限公司 School educational administration data processing system based on cloud computing
CN117744038B (en) * 2023-12-24 2024-06-11 中信出版集团股份有限公司 Copyright protection system and method for digital content
CN117744038A (en) * 2023-12-24 2024-03-22 中信出版集团股份有限公司 Copyright protection system and method for digital content
CN117914628A (en) * 2024-03-18 2024-04-19 三未信安科技股份有限公司 PIN code equipment authentication management method and device
CN117914628B (en) * 2024-03-18 2024-05-17 三未信安科技股份有限公司 PIN code equipment authentication management method and device
CN118174967A (en) * 2024-05-14 2024-06-11 中国电信股份有限公司 Information verification method and related equipment
CN118174967B (en) * 2024-05-14 2024-08-06 中国电信股份有限公司 Information verification method and related equipment
CN118473839A (en) * 2024-07-15 2024-08-09 深圳市连用科技有限公司 Security management method and system for file cloud system
CN118473839B (en) * 2024-07-15 2024-09-17 深圳市连用科技有限公司 Security management method and system for file cloud system

Similar Documents

Publication Publication Date Title
CN102710605A (en) Information security management and control method under cloud manufacturing environment
Seth et al. Practical security for disconnected nodes
US8082574B2 (en) Enforcing security groups in network of data processors
Oktian et al. BorderChain: Blockchain-based access control framework for the Internet of Things endpoint
JP2015503280A (en) A method and apparatus for securing an encryption key in an unsecured computer environment applied to securing and managing virtualization and cloud computing.
CN113411190B (en) Key deployment, data communication, key exchange and security reinforcement method and system
Obert et al. Recommendations for trust and encryption in DER interoperability standards
Chattaraj et al. On the design of blockchain-based access control scheme for software defined networks
Rizzardi et al. Analysis on functionalities and security features of Internet of Things related protocols
CN108632251A (en) Authentic authentication method based on cloud computing data service and its Encryption Algorithm
Cheng An architecture for the Internet Key Exchange protocol
Mao et al. BTAA: Blockchain and TEE-Assisted Authentication for IoT Systems
Zhang et al. NDN-MPS: supporting multiparty authentication over named data networking
CN102340487B (en) Integrity report transferring method and system among multiple trust domains
Ponomarev Attribute-based access control in service mesh
Parvin et al. Digital signature-based secure communication in cognitive radio networks
CN115835194B (en) NB-IOT terminal safety access system and access method
KR100970552B1 (en) Method for generating secure key using certificateless public key
CN113676330B (en) Digital certificate application system and method based on secondary secret key
Patra et al. Hierarchical identity based cryptography for end-to-end security in DTNs
CN112019553B (en) Data sharing method based on IBE/IBBE
Prabhu et al. Security in computer networks and distributed systems
JP2013236185A (en) Electronic signature proxy server, electronic signature proxy system, and electronic signature proxy method
Kraxberger et al. Trusted identity management for overlay networks
CN106651376A (en) Electronic commerce information security processing method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20121003