CN102821160A - System and method for multilevel data protection oriented to loose cloud nodes in cloud computing network environment - Google Patents

System and method for multilevel data protection oriented to loose cloud nodes in cloud computing network environment Download PDF

Info

Publication number
CN102821160A
CN102821160A CN201210304660XA CN201210304660A CN102821160A CN 102821160 A CN102821160 A CN 102821160A CN 201210304660X A CN201210304660X A CN 201210304660XA CN 201210304660 A CN201210304660 A CN 201210304660A CN 102821160 A CN102821160 A CN 102821160A
Authority
CN
China
Prior art keywords
cloud
node
task
service
assembly
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201210304660XA
Other languages
Chinese (zh)
Other versions
CN102821160B (en
Inventor
许晓鲁
钟冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHANGHAI HOSTCHN INFORMATION TECHNOLOGY Co Ltd
Original Assignee
SHANGHAI HOSTCHN INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHANGHAI HOSTCHN INFORMATION TECHNOLOGY Co Ltd filed Critical SHANGHAI HOSTCHN INFORMATION TECHNOLOGY Co Ltd
Priority to CN201210304660.XA priority Critical patent/CN102821160B/en
Publication of CN102821160A publication Critical patent/CN102821160A/en
Application granted granted Critical
Publication of CN102821160B publication Critical patent/CN102821160B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The invention relates to a system and method for the multilevel data protection oriented to loose cloud nodes in a cloud computing network environment. The method comprises the following steps: cloud node client software is installed on one server, a computing terminal or a large-scale loose cloud client so as to enable the server, the computing terminal or the large-scale loose cloud client to become a working node which can provide cloud node service ability; the working node downloads a plurality of corresponding cloud components so as to have a task processing ability corresponding to the cloud components; when the working node receives a task, the task is finished through the corresponding cloud components; and a task distribution side and the working node are in data communication through an asymmetric encryption algorithm. The system and the method have the advantages that the security and data isolation of task processing data are guaranteed in a collaborative task allocation and working mode of the cloud client, and the probability that the task processing data of the cloud client is embezzled and decrypted in a loose security network system is avoided.

Description

The System and method for of protecting towards loose cloud node multi-levels data under a kind of system for cloud computing environment
Technical field
The present invention relates to cloud service, particularly relate to the System and method for of protecting towards loose cloud node multi-levels data under a kind of system for cloud computing environment.
 
Background technology
Cloud computing is a kind of commercial computation model.It is distributed in calculation task on the resource pool of great amount of calculation mechanism one-tenth, makes various application systems can obtain computing power, memory space and information service as required.Provide the network of resource to be called as in " cloud ".Resource in " cloud " can infinite expanding In the view of the user, and can obtain at any time, uses as required, and expansion is at any time paid by using.
Someone has played individual analogy: this is like being the pattern that has turned to power plant's centrally connected power supply from ancient separate unit generator mode.It means that computing capability also can be used as a kind of commodity and circulates, and just as coal gas, water power, takes conveniently cost.Maximum difference is that it transmits through the Internet.
Cloud computing is the development of parallel computation (Parallel Computing), Distributed Calculation (Distributed Computing) and grid computing (Grid Computing), or perhaps the commerce of these computer science notions realizes.Cloud computing is the result that virtual (Virtualization), public calculating (Utility Computing), IaaS (infrastructure is promptly served), PaaS (platform is promptly served), SaaS notions such as (software are promptly served) are mixed evolution and risen to.
In 201110284016.6, disclose the implementation method of cloud computing security architecture, it is with gateway cloud computing platform to be divided into the foreground at cloud computing center and the backstage at cloud computing center, in the foreground at cloud computing center storage cloud user's clear text file; Cryptograph files the backstage at cloud computing center storage cloud user; Between the backstage at cloud user side and cloud computing center, set up encrypted tunnel, guarantee the cloud user, arrive the backstage at cloud computing center through encrypted tunnel safety, complete transmission program and data thereof; And in the running background program at cloud computing center; Again encrypted tunnel is passed through in program running " result ", safety, complete transmission are set up login log database and Operation Log database at the cloud security center in the client computer of cloud user side; Monitor the attack of outside hacker to cloud computing platform; Monitor the illegal operation of cloud computing platform from the internal control personnel, thereby, the safety system of cloud computing set up.This design mainly is the fail safe that is used to guarantee the cloud computing internal control.
In application number was 201110457140.8 patent, data security support method under the cloud computing environment that belongs to the cloud computing service field was disclosed.It may further comprise the steps: 1) thin cloud sends request to the service cloud, and the service cloud responds rapidly according to user's request dynamic-configuration resource; Thin cloud is made judgement according to this response to the service cloud; 2) architectural framework of disposing according to cloud computing will be served cloud and will be divided into privately owned cloud, community's cloud, public cloud and mixed cloud; 3) adopt the method that dynamically generates DES key combination rsa encryption that the data in the transmission course are encrypted.Beneficial effect of the present invention is: the safety that 1) ensures data under the cloud computing environment.2) stable terminal technology is had higher requirement.3) provided under the cloud computing environment and needed problem of considering successively and the main points that need perfect technology in the data security security mechanism and evaluation method.
This mode need be classified to the service cloud, do resource distribution again, after carry out safe transmission again, whole process is still relatively complicated.
 
Summary of the invention
First purpose of the present invention is to provide under a kind of system for cloud computing environment towards the system that loose cloud node multi-levels data is protected, to solve existing simple relatively and suitable technical problem towards loose cloud node security.
Compared with prior art, beneficial effect of the present invention is following:
The present invention discloses under a kind of system for cloud computing environment, in loose cloud client working node task processes, to the system and method for client data safety and insulation blocking.Native system is made up of administration module cloud client working node, cloud client Control Node, task processing module, data public key encryption module, data private key deciphering module, password generator, the public and private password of work child node.Cloud client Control Node realizes unified safe key generation, management and the data encrypting and deciphering to all subordinate working nodes; Unified safe key generates: it is right that different child nodes is generated different asymmetric public and private key, ensures the key uniqueness and the fail safe of different operating cloud node; Password generator: generate the unsymmetrical key satisfy task data needs level of security and protection level of confidentiality, like RSA etc.; The deciphering of data private key: the task data that antithetical phrase cloud client is returned (through public key encryption) is through the private key deciphering of key management, and the task private key through the distribution of father control centre comes enciphered data then, and the task data after encrypting is passed to father control centre.Cloud client working node is realized the work disposal to task, and the data result of processing is encrypted through the task PKI of cloud Control Node distribution, encrypts corresponding this working node is given in the back through Network Transmission Control Node.Native system and method have ensured that the fail safe of task deal with data and data isolation have solved the possibility that cloud client task deal with data is stolen under loose secure network system, crack under distribution of cloud client cotasking and mode of operation.
The present invention discloses a kind of under system for cloud computing environment and the idle situation of extensive loose cloud client; Assembly management, cloud node through unified cloud service component system downloads and installs the cloud assembly, issues cloud assembly, the management of cloud component version of reaching the standard grade new; The cloud functional unit of extensive different service ability can be provided, finally realize the personalization of the cloud service ability of loose cloud client, the system and method for selecting flexibly.
Native system can managing large scale provides the assembly of cloud service ability.Cloud client working node ability derives from the cloud assembly that the center downloads and installs in the assembly pipe, and the common cloud service capability component that provides has: the mailbox data migration, climb Web robot, 3D model rendering, Digital Media format conversion etc.Each cloud service capability component can provide certain type service function; The cloud node has only download can carry the ability to work assembly of operation; Just can accomplish the task of cloud client Control Node distribution; The cloud node can selectivity downloads and installs the cloud assembly of a plurality of suitable node capacity and Service Properties, can be when nodal community or Service Properties change, and adjustment unloading or download and install new cloud assembly flexibly at any time.Cloud assembly management center supports third party's platform or service provider's issue to satisfy the cloud assembly of node communications protocol and standard; Both satisfied the extensibility requirement of platform, also satisfied the flexibility that selection downloads and installs to the cloud service assembly of extensive cloud node simultaneously the cloud assembly.
 
The present invention discloses a kind of under system for cloud computing environment and the idle situation of extensive loose cloud client; Assembly management, cloud node through unified cloud service component system downloads and installs the cloud assembly, issues cloud assembly, the management of cloud component version of reaching the standard grade new; The cloud functional unit of extensive different service ability can be provided, finally realize the personalization of the cloud service ability of loose cloud client, the system and method for selecting flexibly.
Native system can managing large scale provides the assembly of cloud service ability.Cloud client working node ability derives from the cloud assembly that the center downloads and installs in the assembly pipe, and the common cloud service capability component that provides has: the mailbox data migration, climb Web robot, 3D model rendering, Digital Media format conversion etc.Each cloud service capability component can provide certain type service function; The cloud node has only download can carry the ability to work assembly of operation; Just can accomplish the task of cloud client Control Node distribution; The cloud node can selectivity downloads and installs the cloud assembly of a plurality of suitable node capacity and Service Properties, can be when nodal community or Service Properties change, and adjustment unloading or download and install new cloud assembly flexibly at any time.Cloud assembly management center supports third party's platform or service provider's issue to satisfy the cloud assembly of node communications protocol and standard; Both satisfied the extensibility requirement of platform, also satisfied the flexibility that selection downloads and installs to the cloud service assembly of extensive cloud node simultaneously the cloud assembly.
Native system can be accomplished by the different working node with a task through repeatedly decomposing, and those tasks is accomplished the result integrate, and realizes simple, convenient.
Description of drawings
Fig. 1 is towards the principle schematic of the system of loose cloud node multi-levels data protection under a kind of system for cloud computing environment;
Fig. 2 is towards loose cloud node new services platform under the specific embodiment of the invention system for cloud computing environment
The structural representation of system;
Fig. 3 is the flow chart that specific embodiment of the invention intelligence computation terminal adds the cloud service platform;
Fig. 4 is the flow chart that specific embodiment of the invention cloud service network task is handled;
Fig. 5 is a specific embodiment of the invention cloud joint system exemplary application scene structure sketch map.
Embodiment
Below in conjunction with accompanying drawing, specify the present invention.
Towards the method for loose cloud node multi-levels data protection, may further comprise the steps (as shown in Figure 1) under a kind of system for cloud computing environment:
A certain server, computing terminal or extensive loose cloud client are installed cloud node client software, to become the working node that cloud node service ability can be provided;
Working node is downloaded corresponding some cloud assemblies, makes it have this cloud assembly to ability that should be able to Processing tasks;
When working node receives a task, accomplish through the cloud assembly of correspondence;
Carry out data communication through rivest, shamir, adelman between task distribution side and the working node.
Task distribution side further comprises:
The public and private password of task node is to administrative unit: be used to manage the public key information of the public and private key of subordinate working node to information and superior node;
Key generator: be used to generate the public and private key of the working node that distributes this subtask, and the key of correspondence is saved to the public and private password of said task node to administrative unit;
Data private key decryption unit: be used for subordinate working node data encrypted through the corresponding private key that administrative unit obtains being deciphered acquisition task deal with data from the public and private password of said task node;
Task Dispatching Unit: be used for to its subordinate working node or subordinate cloud client service network distribution task;
Each working node further comprises:
Task processing unit: be used to handle the task that its upper level Control Node distributes;
Data public key encryption unit: be used for the good task result of encryption.
 
At first, main modular explanation:
Extensive cloud node service platform: it mainly provides the centralized management ability of all cloud assemblies, by assembly reach the standard grade, assembly rolls off the production line, version management, component capability assessment are formed.
Cloud client working node (the follow-up working node that abbreviates as): cloud node client software is installed, cloud node service ability is provided, the cloud assembly that can download cloud assembly management center or upper level Control Node provides provides cloud service task disposal ability.
Cloud client terminal Control Node (the follow-up Control Node that abbreviates as): the Control Node in the cloud node cooperation with service network; But provide the management of all sub-working node Component Galleries and download management, Component Gallery derives from the upper level Control Node and distributes the Component Gallery that gets off.
Contact carries out crucial noun explanation:
The cloud assembly:
But the system works module of service ability is provided; The cloud assembly need satisfy the collaborative communications protocol standard of cloud node; Manage concentratedly by cloud assembly central platform; Each ability to work assembly can independently be accomplished one or multinomial task on the cloud node, the different working capability component provides different functions, and a cloud node can be downloaded a plurality of ability to work assemblies that are fit to this node computing capability; Have only the cloud node that the ability to work assembly has been installed could receive the task of this type of Control Node issue, working node also can unload some ability to work assembly of cancellation at any time.
 
Cloud node client software:
Cloud node client software is the basic software that idle intelligent terminal (PC of family, smart mobile phone, intelligent TV set etc.) with computing capability adds cloud node service platform; Has only this cloud node client software of installation; Could add cloud node service platform; Cloud node client software realized the communicating by letter of cloud node and center service platform, with the communication for coordination of other working node or Control Node, cloud the component list confession node that cloud node client software automatic screening satisfies present node ability and resource service attribute downloads and installs.
 
Embodiment
 
Under a kind of system for cloud computing environment towards the system of loose cloud node new services platform; Extensive cloud node service centre's platform and at least one cloud client service subsystem; Said extensive cloud node service centre platform dynamically is connected with these a few cloud client service subsystems; Said cloud client service subsystem comprises a cloud client service network at least or is made up of plurality of parallel and/or level cloud client service network; Each cloud client service network further comprises some working nodes and Control Node, wherein:
Extensive cloud node service centre platform: connection status management, component capability management and the task management of the cloud client service subsystem that is used to the centralized management of all cloud assemblies to be provided and to carry out current connection;
Control Node: be used to provide management, the management of the component capability on this working node and derive from the upper level Control Node and distribute to get off the current cloud Component Gallery of downloading the cloud assembly to the working node of all present networks; And receive distributing of task; And task is decomposed the back accomplished by the working node of correspondence, and the task result after will accomplishing returns after integrating;
Working node: optional to adopting server, computing terminal and extensive loose cloud client; Dynamically be connected to Control Node; In order to cloud node client software to be installed cloud node service ability is provided; The different cloud assemblies that the Control Node of download cloud assembly management center or higher level's Control Node or present networks provides provide cloud service task disposal ability; Receive the cloud computing task and find corresponding cloud assembly to accomplish, and the result after will accomplishing is back to the Control Node of present networks, to be back to extensive cloud node service centre platform.
Specifically; Node service centre platform can connect a cloud client service subsystem; This cloud client service subsystem only has a cloud client service network, and this cloud client service network is made up of a Control Node and several working nodes, like Fig. 1; Towards the instance graph of the system of loose cloud node new services platform, comprise loose working node 2, Control Node 3 and extensive cloud node service centre platform 1 under a kind of system for cloud computing environment; Control Node is accepted or uploaded to said working node with data; Said Control Node is accepted data or upload extensive cloud node service centre platform; Said working node is the intelligence computation terminal, and it can be the PC of family, smart mobile phone, intelligent TV set etc.
Certainly; Node service centre platform can connect a plurality of cloud client service subsystems, and each cloud client service subsystem is made up of a plurality of cloud client service networks, and those cloud client service networks can be distinguished connected node service centre platform; Also those cloud client service networks with the level setting; Such as, some direct connected node service centre platform in the cloud client service network, other are connected to node service centre platform as sub-network.
Certainly above-mentioned network configuration is not to be emphasis of the present invention, and this system can adopt existing various forms of network configurations.
Server, computing terminal and extensive loose cloud client etc. can become working node as long as cloud node client software is installed.Under the online and cloud node client software open mode, this working node is effective node when this working node.Certainly working node also can unload cloud node client software, and like this, this server, computing terminal and extensive loose cloud client just can not become its effective working node.
Working node is installed the registration of node to Control Node of in fact finishing the work of cloud node client software; The identification information of acquisition to just answering; And local terminal comprised that the network information and the information that belongs to letter information gives Control Node; So that Control Node can know whether it is in effective status, and according to its network information with belong to letter information and judge that it can be by the assembly of dress etc., convenient its working node of control.
The different cloud assemblies that working node can be downloaded the Control Node of cloud assembly management center or higher level's Control Node or present networks to be provided provide cloud service task disposal ability, and when new cloud assembly, working node can be downloaded or upgrade.Cloud assembly may command working node is finished the work.
The cloud computing task that receives working node finds corresponding cloud assembly to accomplish, and the result after will accomplishing is back to the Control Node of present networks, to be back to extensive cloud node service centre platform.
Control Node is mainly accomplished the management of the working node of its present networks and is set up and the management of the mutual and task of cloud node service platform on a large scale.Its task management further comprises task resolving cell, node administration unit and Data Management Unit; Said task resolving cell is used for receiving of task is resolved into some; Said node administration unit needs the node of assigned tasks for selection; Said Data Management Unit is used to provides the unified management of task being accomplished data.
When Control Node is failure node (being non-effective node), can select one of which as Control Node in other working node in this network.
Extensive cloud node service centre platform further comprises:
On the assembly/and spool reason unit: be used to receive other independent software vendors or the new ability to work assembly of individual's issue; And to its test, function audit, data security checking after interior processing decision whether to its processing of reaching the standard grade; And receive the request of rolling off the production line of a certain assembly, and its request of rolling off the production line is handled;
Cloud assembly installation administration unit: be used for cloud assembly install request is handled: judge whether to meet safety condition, handle if meet then agree installation otherwise refuse;
Cloud client service management subsystem unit: manage all the cloud client service subsystems under this platform, the network information, current connection state information, current assembly capability state and the current task state of the Control Node of its network topology and correspondence;
The task management unit: be used for current executed or executed task are managed, the selection of node when comprising allocating task, and to the decomposition of task and the integrated management of merging.
Said extensive cloud node service centre platform also comprises: accounting management unit, assembly management unit, accounting management are realized the Control Node and the sub-working node of the task of finishing the work are unified accounting management, for the cloud node task of finishing the work provides the clearing foundation; The functional unit that said assembly management unit provides the cloud node to realize that ability to work needs is downloaded, and upgrades and version management.
Each Control Node also further comprises:
The public and private password of task node is to administrative unit: be used to manage the public key information of the public and private key of subordinate working node to information and superior node;
Key generator: be used to generate the public and private key of the working node that distributes this subtask, and the key of correspondence is saved to the public and private password of said task node to administrative unit;
Data public key encryption unit: be used for being back to last layer Control Node or extensive cloud node service centre platform through public key encryption task deal with data;
Data private key decryption unit: be used for subordinate working node data encrypted through the corresponding private key that administrative unit obtains being deciphered acquisition task deal with data from the public and private password of said task node;
Task Dispatching Unit: be used for to its subordinate working node or subordinate cloud client service network distribution task;
Each working node further comprises:
Task processing unit: be used to handle the task that its upper level Control Node distributes;
Data public key encryption unit: be used for the good task result of encryption.
Extensive cloud node service centre platform also comprises:
Security module: be used to receive the task deal with data after the encryption, and with it with corresponding private key deciphering.Security module can comprise that key generates part, the public and private password of task node to administrative section and data public key encryption part and decryption portion.Its realize function with above-mentioned be akin, at this with regard to explanation again.
Based on above-mentioned system, the present invention also provides under a kind of system for cloud computing environment towards the task Method Of Accomplishment of loose cloud node new services platform, may further comprise the steps:
(1) is provided with under the system for cloud computing environment towards loose cloud node new services platform: extensive cloud node service centre's platform and at least one cloud client service subsystem; Said extensive cloud node service centre platform dynamically is connected with these a few cloud client service subsystems; Said cloud client service subsystem comprises a cloud client service network or is made up of plurality of parallel and/or level cloud client service network that each client service network further comprises some working nodes and Control Node at least;
(2) when a certain server, computing terminal or extensive loose cloud client preformation are Control Node, cloud node client software are installed cloud node service ability is provided, to become working node;
(3) working node sends cloud assembly download request to the Control Node of cloud assembly management center or higher level's Control Node or present networks; Requested Party judges whether this working node meets this cloud assembly and download condition; If meet, then allow it to download corresponding cloud assembly, make its installation;
(4) cloud node service centre platform decomposes task on a large scale, and the PKI of task after will decomposing and correspondence is sent at least one cloud client service subsystem;
(5) Control Node in the cloud client service subsystem will receive task and the PKI after the decomposition, decompose once more, and the PKI of task after will decomposing and correspondence be issued to subordinate working node or the subordinate Control Node and the subordinate working node of local terminal;
(6) the corresponding cloud assembly of local terminal subordinate working node utilization is accomplished corresponding task, with returning task result behind the corresponding public key encryption;
(7) the upper level Control Node obtains the private key deciphering of the task result that returns with correspondence to return after corresponding data and the integration;
(8) repeating step (6) (7), until all task results are back to extensive cloud node service centre platform with corresponding public key encryption, said platform obtains corresponding data with corresponding private key deciphering.If be made up of level cloud client service network in the cloud client service subsystem, then task can repeatedly be decomposed by level, and the task result after the completion returns after can integrating according to decomposition path-ways.
This method also comprises and downloads and installs the cloud assembly, and below how explanation cloud node downloads and installs the interaction flow of cloud assembly from extensive cloud assembly center
(1) platform other independent developer of reception or developer submit the cloud service assembly of exploitation to, require the cloud service assembly to satisfy cloud node communications protocol and data security agreement;
(2) cloud assembly central platform is examined the cloud service capability component of being submitted to, and the integrality of evaluation function correctness, validity, data protocol, Service Properties configuration correctness are in interior related service ability and attribute inspection configuration;
(3) after cloud service assembly audit is passed through, and the capability component attribute is provided with and disposes;
(4) the corresponding cloud assembly of issue is reached the standard grade;
(5) push cloud assembly on-line message to all work online node or Control Node.
This method comprises also how working node installs the cloud assembly, and it also comprises:
(1) operation cloud node client software on the working node;
(2) cloud node client software can install and use or upgrade cloud the component list of version according to node Service Properties and joint behavior screening;
(3) working node is downloaded the cloud assembly;
(4) working node is installed the cloud assembly;
(5) working node has the service ability of new installation cloud assembly.
This method also comprises under the cloud assembly management system, the cloud service assembly data exchange process that rolls off the production line, and it is specially:
(1) platform receives other independent developer or developer and submits the application of cloud service assembly of reaching the standard grade of rolling off the production line to;
(2) cloud assembly central platform keeper is rolled off the production line to the cloud service capability component of being submitted to and is applied for examining, and assessment is rolled off the production line to the coverage of cloud node cooperative service system;
(3) if the assessment cloud assembly that allows to roll off the production line, otherwise the submit applications that the cancellation assembly rolls off the production line is informed the assembly applicant of rolling off the production line, and needs to submit to once more next time the application of rolling off the production line;
(4) the cloud assembly is rolled off the production line;
(5) through the node communications protocol with assembly roll off the production line message informing cloud working node and Control Node, cloud node task management system no longer receives the task application and the processing of corresponding this cloud service ability.
When a certain server, computing terminal or extensive loose cloud client preformation are Control Node, cloud node client software is installed, its Control Node to present networks is registered, and makes this working node that the identification information of corresponding cloud platform arranged; This working node comprises the Control Node of the information reporting of the network information and attribute information to present networks with this node, so that this working node of the convenient management of Control Node.
When this working node can remove stage makeup and costume local terminal cloud node client software or close cloud node client software, Control Node this working node from present networks is set to current non-effective node.
When if current Control Node becomes non-effective node; The Control Node of upper level or extensive cloud node service centre platform are specified or are selected that a certain effective node is a Control Node in this network; Perhaps other effective node competition in this network, wherein a certain effective node becomes Control Node.
In summary, a kind of cloud task Method Of Accomplishment may further comprise the steps:
A certain server, computing terminal or extensive loose cloud client are installed cloud node client software, to become the working node that cloud node service ability can be provided;
Working node is downloaded corresponding some cloud assemblies, makes it have this cloud assembly to ability that should be able to Processing tasks;
When working node receives a task, accomplish through the cloud assembly of correspondence.
Extensive cloud node service centre platform decomposes task, and the task after will decomposing is sent to the Control Node of cloud client service subsystem; Control Node is decomposed again task, accomplishes through the working node of present networks or lower floor's network, accomplishes through the back integration and is back to Control Node.
Cloud working node task data encryption flow
Process description:
1) task of cloud Control Node issue;
2) it is right that cloud Control Node password generator generates the corresponding public and private key of this task;
3) task and corresponding PKI are sent to the cloud working node;
4) the cloud working node receives task, and the task of finishing dealing with;
5) to the data of finishing the work according to the task public key encryption;
6) the cloud Control Node is returned in the data encrypted transmission.
 
Task data deciphering flow process
1) the cloud working node returns the deal with data of encrypting through the task corresponding private key;
2) the cloud Control Node receives the enciphered data of working node transmission;
3) the cloud Control Node is come the task of decryption data through the private key of the corresponding task of key management;
4) if task is to be initiated by this Control Node, task is finished dealing with, otherwise continues;
5) come enciphered data through the corresponding PKI of father's Control Node distributed tasks;
6) father's one-level cloud Control Node is returned in the data encrypted transmission.
 
In addition, the system towards loose cloud node new services platform can also be provided with multi-level cloud node work system under the system for cloud computing environment; Working node adds the cloud meshed network through node discovery agreement, selects the cloud Control Node of adding, and the cloud Control Node is constructed the cloud node work system of level topological structure through the cloud Control Node reception/feedback operation task of father's one-level.
Like Fig. 5; It is a cloud joint system exemplary application scene: cloud node service centre platform receives 10; The high load capacity Performance Calculation task that 000 minute animation model is played up; Service centre's platform is decomposed into three Control Node with task and accomplishes according to the task situation, is respectively cloud Control Node 1:3000 minute; Cloud Control Node 2:3000 minute; Cloud Control Node 3:4000 minute; After each cloud Control Node receives the task of cloud service center distribution, the task decomposition being passed to working node, is example with cloud Control Node 1:
Total amount: the animation model that needs to handle 3000 minutes is played up
Decompose:
Working node 1: can support higher scale Performance Calculation pressure, distribute 1000 minutes animation models to play up task;
2:10 working node of working node group, each working node supports 150 minutes animation models and plays up;
3:10 working node of working node group, each working node supports 50 minutes animation models and plays up;
The preferred embodiment of the present invention just is used for helping to set forth the present invention.Preferred embodiment does not have all details of detailed descriptionthe, does not limit this invention yet and is merely described embodiment.Obviously, according to the content of this specification, can do a lot of modifications and variation.These embodiment are chosen and specifically described to this specification, is in order to explain principle of the present invention and practical application better, thereby person skilled can be utilized the present invention well under making.The present invention only receives the restriction of claims and four corner and equivalent.

Claims (9)

  1. Under the system for cloud computing environment towards the system of loose cloud node multi-levels data protection; It is characterized in that; Said system for cloud computing comprises extensive cloud node service centre's platform and at least one cloud client service subsystem; Said cloud client service subsystem comprises a cloud client service network or is made up of plurality of parallel and/or level cloud client service network that each cloud client service network further comprises some working nodes and Control Node at least
    Each Control Node further comprises:
    The public and private password of task node is to administrative unit: be used to manage the public key information of the public and private key of subordinate working node to information and superior node;
    Key generator: be used to generate the public and private key of the working node that distributes this subtask, and the key of correspondence is saved to the public and private password of said task node to administrative unit;
    Data public key encryption unit: be used for being back to last layer Control Node or extensive cloud node service centre platform through public key encryption task deal with data;
    Data private key decryption unit: be used for subordinate working node data encrypted through the corresponding private key that administrative unit obtains being deciphered acquisition task deal with data from the public and private password of said task node;
    Task Dispatching Unit: be used for to its subordinate working node or subordinate cloud client service network distribution task;
    Each working node further comprises:
    Task processing unit: be used to handle the task that its upper level Control Node distributes;
    Data public key encryption unit: be used for the good task result of encryption.
  2. 2. the system of claim 1 is characterized in that, extensive cloud node service centre platform also comprises:
    Security module: be used to receive the task deal with data after the encryption, and with it with corresponding private key deciphering.
  3. 3. the system of claim 1 is characterized in that,
    Extensive cloud node service centre platform also comprises:
    Working cell: the connection status management of the cloud client service subsystem that it is used to the centralized management of all cloud assemblies to be provided and to carry out current connection, component capability management and task management;
    Control Node: be used to provide management, the management of the component capability on this working node and derive from the upper level Control Node and distribute to get off the current cloud Component Gallery of downloading the cloud assembly to the working node of all present networks; And receive distributing of task; And task is decomposed the back accomplished by the working node of correspondence, and the task result after will accomplishing returns after integrating;
    Working node: optional to adopting server, computing terminal and extensive loose cloud client; Dynamically be connected to Control Node; In order to cloud node client software to be installed cloud node service ability is provided; The different cloud assemblies that the Control Node of download cloud assembly management center or higher level's Control Node or present networks provides provide cloud service task disposal ability; Receive the cloud computing task and find corresponding cloud assembly to accomplish, and the result after will accomplishing is back to the Control Node of present networks, to be back to extensive cloud node service centre platform.
  4. 4. system as claimed in claim 3 is characterized in that, extensive cloud node service centre platform further comprises:
    On the assembly/and spool reason unit: be used to receive other independent software vendors or the new ability to work assembly of individual's issue; And to its test, function audit, data security checking after interior processing decision whether to its processing of reaching the standard grade; And receive the request of rolling off the production line of a certain assembly, and its request of rolling off the production line is handled;
    Cloud assembly installation administration unit: be used for cloud assembly install request is handled: judge whether to meet safety condition, handle if meet then agree installation otherwise refuse;
    Cloud client service management subsystem unit: manage all the cloud client service subsystems under this platform, the network information, current connection state information, current assembly capability state and the current task state of the Control Node of its network topology and correspondence;
    The task management unit: be used for current executed or executed task are managed, the selection of node when comprising allocating task, and to the decomposition of task and the integrated management of merging.
  5. 5. system according to claim 1 is characterized in that said Control Node further comprises task resolving cell, node administration unit and Data Management Unit; Said task resolving cell is used for receiving of task is resolved into some; Said node administration unit needs the node of assigned tasks for selection; Said Data Management Unit is used to provides the unified management of task being accomplished data.
  6. Under the system for cloud computing environment towards the guard method of loose cloud node multi-levels data, it is characterized in that, may further comprise the steps:
    (1) is provided with under the system for cloud computing environment towards loose cloud node new services platform: extensive cloud node service centre's platform and at least one cloud client service subsystem; Said extensive cloud node service centre platform dynamically is connected with these a few cloud client service subsystems; Said cloud client service subsystem comprises a cloud client service network or is made up of plurality of parallel and/or level cloud client service network that each client service network further comprises some working nodes and Control Node at least;
    (2) when a certain server, computing terminal or extensive loose cloud client preformation are Control Node, cloud node client software are installed cloud node service ability is provided, to become working node;
    (3) working node sends cloud assembly download request to the Control Node of cloud assembly management center or higher level's Control Node or present networks; Requested Party judges whether this working node meets this cloud assembly and download condition; If meet, then allow it to download corresponding cloud assembly, make its installation;
    (4) cloud node service centre platform decomposes task on a large scale, and the PKI of task after will decomposing and correspondence is sent at least one cloud client service subsystem;
    (5) Control Node in the cloud client service subsystem will receive task and the PKI after the decomposition, decompose once more, and the PKI of task after will decomposing and correspondence be issued to subordinate working node or the subordinate Control Node and the subordinate working node of local terminal;
    (6) the corresponding cloud assembly of local terminal subordinate working node utilization is accomplished corresponding task, with returning task result behind the corresponding public key encryption;
    (7) the upper level Control Node obtains the private key deciphering of the task result that returns with correspondence to return after corresponding data and the integration;
    (8) repeating step (6) (7), until all task results are back to extensive cloud node service centre platform with corresponding public key encryption, said platform obtains corresponding data with corresponding private key deciphering.
  7. 7. method as claimed in claim 7 is characterized in that, also comprises:
    Divide safe class with node, extensive cloud node service centre's platform and upper level Control Node are preserved its safe class directly under the node of subordinate;
    Extensive cloud node service centre's platform and upper level Control Node are before carrying out task distribution; Prejudge the corresponding Control Node of its task distribution or the safe class of subordinate working node; If the corresponding safe class of this task that it can not satisfy, then refusal issues task.
  8. 8. method as claimed in claim 7 is characterized in that, also comprises:
    (1) platform other independent developer of reception or developer submit the cloud service assembly of exploitation to, require the cloud service assembly to satisfy cloud node communications protocol and data security agreement;
    (2) cloud assembly central platform is examined the cloud service capability component of being submitted to, and the integrality of evaluation function correctness, validity, data protocol, Service Properties configuration correctness are in interior related service ability and attribute inspection configuration;
    (3) after cloud service assembly audit is passed through, and the capability component attribute is provided with and disposes;
    (4) the corresponding cloud assembly of issue is reached the standard grade;
    (5) push cloud assembly on-line message to all work online node or Control Node.
  9. Under the system for cloud computing environment towards the method for loose cloud node multi-levels data protection, it is characterized in that, may further comprise the steps:
    A certain server, computing terminal or extensive loose cloud client are installed cloud node client software, to become the working node that cloud node service ability can be provided;
    Working node is downloaded corresponding some cloud assemblies, makes it have this cloud assembly to ability that should be able to Processing tasks;
    When working node receives a task, accomplish through the cloud assembly of correspondence;
    Carry out data communication through rivest, shamir, adelman between task distribution side and the working node.
CN201210304660.XA 2012-08-24 2012-08-24 Towards the system of loose cloud node multi-levels data protection and method under a kind of system for cloud computing environment Expired - Fee Related CN102821160B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210304660.XA CN102821160B (en) 2012-08-24 2012-08-24 Towards the system of loose cloud node multi-levels data protection and method under a kind of system for cloud computing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210304660.XA CN102821160B (en) 2012-08-24 2012-08-24 Towards the system of loose cloud node multi-levels data protection and method under a kind of system for cloud computing environment

Publications (2)

Publication Number Publication Date
CN102821160A true CN102821160A (en) 2012-12-12
CN102821160B CN102821160B (en) 2016-06-01

Family

ID=47305012

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210304660.XA Expired - Fee Related CN102821160B (en) 2012-08-24 2012-08-24 Towards the system of loose cloud node multi-levels data protection and method under a kind of system for cloud computing environment

Country Status (1)

Country Link
CN (1) CN102821160B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051614A (en) * 2012-12-14 2013-04-17 无锡华御信息技术有限公司 Secure access and data transmission method for cloud platform
CN103309973A (en) * 2013-06-08 2013-09-18 上海交通大学 Method and system for inquiring verifiable outsourced data
CN104579788A (en) * 2015-01-21 2015-04-29 上海交通大学 Error positioning method for distributed dynamic routing network
CN104993926A (en) * 2015-06-30 2015-10-21 南方电网科学研究院有限责任公司 Hierarchical key management system and method based on cloud computing in smart power grid
CN107979584A (en) * 2016-11-22 2018-05-01 南京银链信息科技有限公司 Block chain information hierarchical sharing method and system
CN111090610A (en) * 2019-11-13 2020-05-01 罗应建 System for computing unit super-large cluster architecture
CN112416592A (en) * 2020-11-26 2021-02-26 张新利 Method for providing computing power of cloud server
CN112953897A (en) * 2021-01-26 2021-06-11 北京交通大学 Train control system edge security node implementation method based on cloud computing equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2234366A1 (en) * 2007-12-29 2010-09-29 China Iwncomm Co., Ltd. Authentication access method and authentication access system for wireless multi-hop network
CN101909066A (en) * 2010-08-24 2010-12-08 北京握奇数据系统有限公司 Method and nodes for controlling network security
CN102542367A (en) * 2010-12-10 2012-07-04 金蝶软件(中国)有限公司 Cloud computing network workflow processing method, device and system based on domain model

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2234366A1 (en) * 2007-12-29 2010-09-29 China Iwncomm Co., Ltd. Authentication access method and authentication access system for wireless multi-hop network
CN101909066A (en) * 2010-08-24 2010-12-08 北京握奇数据系统有限公司 Method and nodes for controlling network security
CN102542367A (en) * 2010-12-10 2012-07-04 金蝶软件(中国)有限公司 Cloud computing network workflow processing method, device and system based on domain model

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051614A (en) * 2012-12-14 2013-04-17 无锡华御信息技术有限公司 Secure access and data transmission method for cloud platform
CN103309973A (en) * 2013-06-08 2013-09-18 上海交通大学 Method and system for inquiring verifiable outsourced data
CN103309973B (en) * 2013-06-08 2016-08-10 上海交通大学 Can verify that the method and system of outsourcing data query
CN104579788B (en) * 2015-01-21 2017-10-20 上海交通大学 A kind of location of mistake method of distributed dynamic route network
CN104579788A (en) * 2015-01-21 2015-04-29 上海交通大学 Error positioning method for distributed dynamic routing network
CN104993926B (en) * 2015-06-30 2018-05-01 南方电网科学研究院有限责任公司 Hierarchical key management system and method based on cloud computing in smart power grid
CN104993926A (en) * 2015-06-30 2015-10-21 南方电网科学研究院有限责任公司 Hierarchical key management system and method based on cloud computing in smart power grid
CN107979584A (en) * 2016-11-22 2018-05-01 南京银链信息科技有限公司 Block chain information hierarchical sharing method and system
CN107979584B (en) * 2016-11-22 2019-08-13 南京银链信息科技有限公司 Block chain information hierarchical sharing method and system
CN111090610A (en) * 2019-11-13 2020-05-01 罗应建 System for computing unit super-large cluster architecture
CN112416592A (en) * 2020-11-26 2021-02-26 张新利 Method for providing computing power of cloud server
CN112953897A (en) * 2021-01-26 2021-06-11 北京交通大学 Train control system edge security node implementation method based on cloud computing equipment
CN112953897B (en) * 2021-01-26 2023-04-18 北京交通大学 Train control system edge security node implementation method based on cloud computing equipment

Also Published As

Publication number Publication date
CN102821160B (en) 2016-06-01

Similar Documents

Publication Publication Date Title
CN102821160A (en) System and method for multilevel data protection oriented to loose cloud nodes in cloud computing network environment
JP6877552B2 (en) A system with a group of electricity producers
Luo et al. Cloud-based information infrastructure for next-generation power grid: Conception, architecture, and applications
CN102821162B (en) Towards the system of loose cloud node serve platform under system for cloud computing environment
CN102947797B (en) The online service using directory feature extending transversely accesses and controls
CN110476313B (en) Method for operating a power transmission network
CN102801812A (en) Novel cloud service component management system and method in loose network environment
CN102035660B (en) Internet data center (IDC) network-based service processing method, equipment and system
CN105812488A (en) Cloud computing distributed service cluster system and method of using the system
CN105210327A (en) Providing devices as a service
CN110851278A (en) Distribution network automation master station mobile application service management method and system based on micro-service architecture
CN102045337A (en) Apparatus and methods for managing network resources
CN112702402A (en) System, method, device, processor and storage medium for realizing government affair information resource sharing and exchange based on block chain technology
CN102012989A (en) Threshold and key-based authorization method in software as a service (SaaS)
CN104168268A (en) Power grid object access control device capable of realizing safety configuration and access of power grid model data
CN109690491A (en) Execute remote command
CN113922957B (en) Virtual cloud wallet system based on privacy protection calculation
CN103379149A (en) Cloud service system providing function of processing files according to received commands
CN107302524A (en) A kind of ciphertext data-sharing systems under cloud computing environment
CN101594386B (en) Method and device for constructing reliable virtual organization based on distributed strategy verification
Aggarwal et al. Smart grid
CN114616807B (en) Method and system for managing and controlling a communication network
CN113541931A (en) Quantum communication virtual device creating method and related device
Wu et al. Attribute encryption based access control methods under airborne networks
CN113965426B (en) Access method, device and equipment of Internet of things equipment and computer readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160601

Termination date: 20210824

CF01 Termination of patent right due to non-payment of annual fee