CN103561021A - Method for realizing cloud storage system - Google Patents
Method for realizing cloud storage system Download PDFInfo
- Publication number
- CN103561021A CN103561021A CN201310530677.1A CN201310530677A CN103561021A CN 103561021 A CN103561021 A CN 103561021A CN 201310530677 A CN201310530677 A CN 201310530677A CN 103561021 A CN103561021 A CN 103561021A
- Authority
- CN
- China
- Prior art keywords
- user
- access terminal
- cloud storage
- memory device
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method for realizing a cloud storage system. The method for realizing the cloud storage system is applied through a storage device, an access terminal and a gatekeeper system, wherein the cloud storage system comprises the storage device, the access terminal and the gatekeeper. The method for realizing the cloud storage system comprises the steps that on the gatekeeper system, a user sets a device-level unique identification, an identity recognition code and an access control list for the storage device and the access terminal of the user; on the storage device and the access terminal of the user, the user respectively sets a device-level unique identification, an identity recognition code and an IP address of the gatekeeper which the storage device and the access terminal of the user depend on; the storage device manages the user-level access right or the file-level access right of the storage device according to setting conducted by the user; a device-level identification, access control and communication encryption are provided for the access terminal of the user through the gatekeeper system, wherein the device-level identification, access control and communication encryption are needed by the access to the storage device. According to the method for realizing the cloud storage system, the storage device is under the full control of the user, and the user does not need to worry about data leakage existing in an existing cloud storage framework.
Description
Technical field
The present invention relates to Internet of Things, the Internet and cloud computing technology field, relate in particular to a kind of cloud storage system implementation method.
Background technology
Now, cloud storage has become one of principal mode of cloud computing application.In actual cloud storage application system, communicating by letter and must encrypt between cloud storage system and terminal, to guarantee that the security protection of cloud computing can reach the needs of application.Existing cloud storage data safety mechanism has following shortcoming:
Although the communication encryption between 1 cloud storage system and terminal can be achieved by corresponding internet data encryption technology, if the data acquisition that is stored in high in the clouds is with expressly, there is the risk of leakage of data.
If 2 data are implemented to encrypt storage by high in the clouds, realize beyond the clouds active data retrieval, just need data deciphering to be become expressly beyond the clouds temporarily, there is equally leakage of data risk.
If 3 data by terminal encryption after, be transferred to high in the clouds and directly store, if high in the clouds does not obtain the key of terminal, cannot realize beyond the clouds data deciphering and data retrieval; If high in the clouds can obtain the key of terminal, in same position, there is the risk of divulging a secret in key and enciphered data equally.
Summary of the invention
For solving the problems of the technologies described above, the object of this invention is to provide a kind of cloud storage system implementation method.The method has realized: (1) user data is stored on memory device with form expressly, closes the system of keeping the mechanism such as identification, access control and communication encryption of the required facility level of accessing storage device are only provided for user's access terminal; (2) although close the encryption key that the system of keeping can obtain file transfer between memory device and access terminal, cannot touch the message of file encryption transmission; (3) although close the system of keeping, the private datas such as the identification of facility level of memory device and access terminal and access control can be obtained, the access rights of user class on memory device or file-level cannot be obtained; (4) overall process communicating between system is kept in the overall process of file transfer between memory device and access terminal, and memory device and access terminal and pass, can reach the safety standard that ITU-TX.500 suggestion requires; (5) the digital certificate based on PKI need to be installed in memory device and access terminal, only need to keep in pass a set of digital certificate based on PKI is installed in system.Break through a data security difficult problem for cloud storage, expanded the application form of cloud storage.
Object of the present invention realizes by following technical scheme:
An implementation method, described cloud storage system comprises that memory device, access terminal and pass keep system, concrete methods of realizing comprises:
In pass, keep in system unique identify label, identification password and Access Control List (ACL) that the memory device that user is oneself and access terminal arrange facility level;
User oneself memory device and access terminal on unique identify label, the identification password of facility level is set respectively and the IP address of system is kept in the pass that relies on;
Memory device is managed the user class of this equipment or the access rights of file-level according to arranging of user;
The access terminal that is user by the pass system of keeping provides identification, access control and the communication encryption of the required facility level of accessing storage device.
The placement location of above-mentioned memory device is specified arbitrarily by user, and is controlled completely by user; And user data is stored on memory device with form expressly; On memory device, realize the access control of user class or file-level; Pass is kept system the mechanism such as identification, access control and communication encryption of the required facility level of accessing storage device is only provided for user's access terminal.
Compared with prior art, one or more embodiment of the present invention can have the following advantages by tool:
A kind of identification of facility level of cloud storage system and access control are completed by the pass system of keeping, and have reduced the security protection expense of individual, family and other shared memory systems of enterprise-level; By pass, keep system, memory device can be placed on after any operator NAT device and user's NAT device after, make it to rely on the intrinsic IP Security preventing mechanism of NAT device, guarantee that memory device avoids all kinds of attacks from the Internet; Memory device is completely under the control in user oneself, eliminated the leakage of data that user exists current cloud storage architecture and worried; Although the pass system of keeping can obtain the encryption key of file transfer between memory device and access terminal, cannot touch the message of file encryption transmission, guaranteed the fail safe of transfer of data; Although the pass system of keeping can obtain the private datas such as the identification of facility level of memory device and access terminal and access control, cannot obtain the access rights of user class on memory device or file-level, guaranteed the fail safe of storage data.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, or understand by implementing the present invention.Object of the present invention and other advantages can be realized and be obtained by specifically noted structure in specification, claims and accompanying drawing.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification,, jointly for explaining the present invention, is not construed as limiting the invention with embodiments of the invention.In the accompanying drawings:
Fig. 1 is the structural representation of cloud storage system;
Fig. 2 is control and the transfer of data flow process figure of cloud storage system.
Embodiment
Easily understand, according to technical scheme of the present invention, do not changing under connotation of the present invention, one of ordinary skill in the art can propose a plurality of frame mode of the present invention and manufacture method.Therefore following embodiment and accompanying drawing are only illustrating of technical scheme of the present invention, and should not be considered as of the present invention all or be considered as restriction or the restriction of technical solution of the present invention.
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail.
Fig. 1 is the structure of cloud storage system, and memory device A, access terminal B and the pass system of keeping that this system comprises by cloud storage system complete; Described concrete methods of realizing comprises:
In pass, keep in system unique identify label, identification password and Access Control List (ACL) that the memory device that user is oneself and access terminal arrange respectively facility level;
User oneself memory device and access terminal on unique identify label, the identification password of facility level is set respectively and the IP address of system is kept in the pass that relies on;
Memory device is managed the user class of this equipment or the access rights of file-level according to arranging of user;
The access terminal that is user by the pass system of keeping provides identification, access control and the communication encryption of the required facility level of accessing storage device.
As shown in Figure 2, be control and the transfer of data flow process of cloud storage system, this flow process comprises:
B will comprise identification sign, the identification password of B, the access request message of the identification sign of A and communication key KB of B, through the encryption of public-key cryptography KP and RAS algorithm, sends to close and keeps in system;
Pass is kept system and is deciphered described access request message by private key KS and RAS algorithm, obtains the identification sign, the identification password of B of B, the identification sign of A and communication key KB;
If close keep system validation B identity and according to the Access Control List (ACL) judgement B of A, have the authority of access A, closing the system of keeping sends in the session of own current IP address at A to the pass system of keeping, after the access request of B, the communication key KA that provides with A are encrypted, send to A;
A receives and closes after that the system of keeping is sent, the access request from B, generates communication key KC, and after encrypting with described communication key KA, send to pass to keep system;
Pass is kept system and is deciphered the communication key KC from A with described communication key KA, and using the current IP address of A, communication key KC as access response message, with the communication key KB of B, encrypts, and sends to B;
B utilizes key K B deciphering from pass, to keep the access response message of system, obtains the key K C of the IP address of A and the use of communicating by letter with A;
B utilizes the IP address of A, sets up direct session with A, sets up the message content relating in session, can be encrypted with communication key KC.
At B and A, set up after session, A is by access privilege or the file access authority of session authentication B, and provides corresponding file access service to B.
Secret in store private key KS in system is kept in above-mentioned pass, in store from closing the same PKI KP that keeps system downloads on each access terminal, memory device.
Above-mentioned A is memory device; B is access terminal.
The symmetric encipherment algorithm that this enforcement provides can choice criteria algorithm, as cryptographic algorithm such as DES, 3DES, TDEA, Blowfish, RC5, IDEA, to realize Standard Encryption communication between any terminal; Also can select user-defined symmetric encipherment algorithm.
The wired or wireless access link of above-mentioned memory device and access terminal comprises WiFi, 4G/3G/2G, Ethernet etc.
Above-mentioned memory device and access terminal comprise the equipment such as sensor node, server, intelligent hand-held terminal, notebook computer, PC.
Although the disclosed execution mode of the present invention as above, the execution mode that described content just adopts for the ease of understanding the present invention, not in order to limit the present invention.Technical staff in any the technical field of the invention; do not departing under the prerequisite of the disclosed spirit and scope of the present invention; can do any modification and variation what implement in form and in details; but scope of patent protection of the present invention, still must be as the criterion with the scope that appending claims was defined.
Claims (5)
1. a cloud storage system implementation method, is characterized in that, described method is that the memory device, access terminal and the pass system of keeping that by cloud storage system, comprise complete; Described concrete methods of realizing comprises:
In pass, keep in system unique identify label, identification password and Access Control List (ACL) that the memory device that user is oneself and access terminal arrange facility level;
User oneself memory device and access terminal on unique identify label, the identification password of facility level is set respectively and the IP address of system is kept in the pass that relies on;
Memory device is managed the user class of this equipment or the access rights of file-level according to arranging of user;
The access terminal that is user by the pass system of keeping provides identification, access control and the communication encryption of the required facility level of accessing storage device.
2. cloud storage system implementation method according to claim 1, is characterized in that, described access terminal and memory device are set up after session, and memory device is by the user class of session authentication access terminal or the access rights of file-level.
3. cloud storage system implementation method according to claim 1, is characterized in that, described memory device is controlled by user oneself completely.
4. cloud storage system implementation method according to claim 1, is characterized in that, after described memory device and access terminal are positioned at identical or different operator NAT device and different user NAT device, the system of regularly keeping to described pass sends address flush message.
5. cloud storage system implementation method according to claim 1, is characterized in that, described cryptographic algorithm comprises DES, 3DES, DTEA, Blowfish, RC5, IDEA cryptographic algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310530677.1A CN103561021A (en) | 2013-11-01 | 2013-11-01 | Method for realizing cloud storage system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310530677.1A CN103561021A (en) | 2013-11-01 | 2013-11-01 | Method for realizing cloud storage system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103561021A true CN103561021A (en) | 2014-02-05 |
Family
ID=50015171
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310530677.1A Pending CN103561021A (en) | 2013-11-01 | 2013-11-01 | Method for realizing cloud storage system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103561021A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016110354A1 (en) * | 2015-01-07 | 2016-07-14 | Siemens Aktiengesellschaft | System for maintaining time-based access restrictions in a cloud environment |
| CN109639682A (en) * | 2018-12-14 | 2019-04-16 | 深圳市青葡萄科技有限公司 | Sharing files method |
| CN111343088A (en) * | 2020-02-21 | 2020-06-26 | 清华大学 | Message transmission method and device, terminal and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102014133A (en) * | 2010-11-26 | 2011-04-13 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
| CN102457555A (en) * | 2010-10-28 | 2012-05-16 | 中兴通讯股份有限公司 | Security system and method for distributed storage |
| CN102882972A (en) * | 2012-10-10 | 2013-01-16 | 全渝娟 | Universal gatekeeper system of mobile internet of things |
| CN103354637A (en) * | 2013-07-22 | 2013-10-16 | 全渝娟 | Internet of things terminal M2M communication encryption method |
-
2013
- 2013-11-01 CN CN201310530677.1A patent/CN103561021A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457555A (en) * | 2010-10-28 | 2012-05-16 | 中兴通讯股份有限公司 | Security system and method for distributed storage |
| CN102014133A (en) * | 2010-11-26 | 2011-04-13 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
| CN102882972A (en) * | 2012-10-10 | 2013-01-16 | 全渝娟 | Universal gatekeeper system of mobile internet of things |
| CN103354637A (en) * | 2013-07-22 | 2013-10-16 | 全渝娟 | Internet of things terminal M2M communication encryption method |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016110354A1 (en) * | 2015-01-07 | 2016-07-14 | Siemens Aktiengesellschaft | System for maintaining time-based access restrictions in a cloud environment |
| CN109639682A (en) * | 2018-12-14 | 2019-04-16 | 深圳市青葡萄科技有限公司 | Sharing files method |
| CN111343088A (en) * | 2020-02-21 | 2020-06-26 | 清华大学 | Message transmission method and device, terminal and storage medium |
| CN111343088B (en) * | 2020-02-21 | 2021-01-29 | 清华大学 | Message transmission method and device, terminal and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109559124B (en) | Cloud data security sharing method based on block chain | |
| EP3090520B1 (en) | System and method for securing machine-to-machine communications | |
| CN103179114B (en) | Data fine-grained access control method during a kind of cloud stores | |
| CN101296086B (en) | Method, system and device for access authentication | |
| CN103973736A (en) | Data sharing method and device | |
| US20130332724A1 (en) | User-Space Enabled Virtual Private Network | |
| CN105245328A (en) | User and file key generation and management method based on third party | |
| CN102624522A (en) | Key encryption method based on file attribution | |
| CN106027503A (en) | Cloud storage data encryption method based on TPM | |
| US10826875B1 (en) | System and method for securely communicating requests | |
| EP2899666B1 (en) | Policy-based secure communication with automatic key management for industrial control and automation systems | |
| US20220231840A1 (en) | Systems And Methods For Encrypted Content Management | |
| CN104539420B (en) | A kind of safety key managing method of general Intelligent hardware | |
| CN111030996A (en) | Method and device for accessing resources | |
| US20160323100A1 (en) | Key generation device, terminal device, and data signature and encryption method | |
| CN102739689A (en) | File data transmission device and method used for cloud storage system | |
| CN103226670B (en) | A kind of document access control system based on access control model | |
| CN104917787A (en) | File secure sharing method and system based on group key | |
| CN103731475A (en) | Data protection system | |
| CN106452770A (en) | Data encryption method and apparatus, data decryption method and apparatus, and system | |
| CN110708291A (en) | Data authorization access method, device, medium and electronic equipment in distributed network | |
| CN103354637B (en) | A kind of internet-of-things terminal M2M communication encrypting method | |
| CN103561021A (en) | Method for realizing cloud storage system | |
| CN104796411A (en) | Method for safely transmitting, storing and utilizing data in cloud and mobile terminal | |
| US10764260B2 (en) | Distributed processing of a product on the basis of centrally encrypted stored data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140205 |
|
| RJ01 | Rejection of invention patent application after publication |