CN103685291A - Data authorization certification system and method among enterprises based on cloud service - Google Patents
Data authorization certification system and method among enterprises based on cloud service Download PDFInfo
- Publication number
- CN103685291A CN103685291A CN201310708363.6A CN201310708363A CN103685291A CN 103685291 A CN103685291 A CN 103685291A CN 201310708363 A CN201310708363 A CN 201310708363A CN 103685291 A CN103685291 A CN 103685291A
- Authority
- CN
- China
- Prior art keywords
- enterprise
- cloud platform
- data
- service system
- cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a data authorization certification system and method among enterprises based on a cloud service. The data authorization certification system among the enterprises comprises a first enterprise cloud platform business system, a second enterprise cloud platform business system and a cloud data sharing service end. The first enterprise cloud platform business system is connected with the second enterprise cloud platform business system through the cloud data sharing service end. The system and method are suitable for data sharing among the enterprises based on the cloud service. The mode of data sharing, the content of shared data and the enterprises corresponding to the shared data are definite. Furthermore, the path of removing the data sharing business among the enterprises is provided by canceling the authorization certification.
Description
Technical field
The present invention relates to the authorization identifying technical field of transfer of data, relate in particular to a kind of data among enterprises authorization identifying system and method based on cloud service.
Background technology
Data sharing mode between enterprise mainly contains following a few class at present:
1) customize interface: by enterprise's open interface, other business system docking, this requires the both sides of enterprise to have information system.Need all development interfaces of both sides, affected by the development cost cycle.
2) enterprise development platform, docking enterprise is used on its platform: by own platform construction, meet enterprise's inside and outside user collaboration, according to business event demand, in enterprises platform, realize, then open interface is given outside enterprise customer.Outside enterprise will be used separately the other side's business system, as tackles a plurality of enterprises, all needs to use the system of the other side enterprise.
3) manual type is passed through mail, phone, and instant instrument etc. is linked up
In traditional approach, without carrying out authorization identifying to sharing data, only need to realize by artificial or modernization system interface.Thus, not only waste time and energy, inefficiency, and because needs manually operate, cause the confidence level of authorization identifying not high.
In view of this, prior art haves much room for improvement and improves.
Summary of the invention
In view of the deficiencies in the prior art, the object of the invention is to provide a kind of data among enterprises authorization identifying system and method based on cloud service, to sharing data, does not carry out the problem of authorization identifying while being intended to for existing enterprise's data interaction.
Technical scheme of the present invention is as follows:
A kind of data among enterprises authorization identifying system based on cloud service, for realizing the authorization identifying between the first enterprise and the second enterprise, wherein, described data among enterprises authorization identifying system comprises: first enterprise's cloud platform service system, second enterprise's cloud platform service system and cloud data sharing service end; Described first enterprise's cloud platform service system connects second enterprise's cloud platform service system by cloud data sharing service end;
Wherein, described first enterprise's cloud platform service system further comprises the first Certificate Authority initiation module, the first Certificate Authority auditing module, the first Certificate Authority sending module and the first Certificate Authority audit log module;
Described second enterprise's cloud platform service system further comprises the second Certificate Authority receiver module, the second Certificate Authority auditing module, the second Certificate Authority audit log module and the second Certificate Authority responder module;
Described cloud data sharing service end further comprises high in the clouds data reception module, Certificate Authority scheduler module, Certificate Authority buffer queue module and high in the clouds data transmission blocks;
The first Certificate Authority initiation module of first enterprise's cloud platform service system is initiated data grant authentication request according to the operational order of user's input, and by the first Certificate Authority auditing module, described authorization identifying request is examined, after completing audit, by the first Certificate Authority sending module and cloud data sharing service end, undertaken alternately, meanwhile, mutual audit log under the first Certificate Authority audit log module records;
Cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, and determines the corresponding second enterprise's cloud platform service system receiving, and obtains the authorization identifying mode of second enterprise's cloud platform service system; If second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, sends data; If second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system;
Second enterprise's cloud platform service system is according to the authorization identifying request of cloud data sharing service end, Automatically invoked the second Certificate Authority receiver module receives the data that cloud data sharing service end sends over and carries out data processing, again according to the management process of the inside of predefined the second enterprise to authorization identifying request examine, after completing audit, by the second Certificate Authority responder module, acknowledges requests is mail to cloud data sharing service end, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
The described data among enterprises authorization identifying system based on cloud service, wherein, described first enterprise's cloud platform service system is to be deployed in high in the clouds system that the first enterprise servers, the first enterprise rent or the operation system of third company's exploitation;
Wherein, the operation system of described third company exploitation is docked with cloud data sharing service end according to the open interface of cloud platform.
The described data among enterprises authorization identifying system based on cloud service, wherein, described second enterprise's cloud platform service system is to be deployed in high in the clouds system that the second enterprise servers, the second enterprise rent or the operation system of third company's exploitation;
Wherein, the operation system of described third company exploitation is docked with cloud data sharing service end according to the open interface of cloud platform.
The described data among enterprises authorization identifying system based on cloud service, wherein, described first enterprise's cloud platform service system also comprises that the first Certificate Authority replys receiver module, the acknowledges requests sending by cloud data sharing service end for receiving second enterprise's cloud platform service system.
The described data among enterprises authorization identifying system based on cloud service, wherein, also comprise cancellation authentication and authorization system, cancel Verification System acquiescence without the audit of the second enterprise, whether enterprise can set while cancelling audit when carrying out Certificate Authority binding needs the audit of the other side enterprise just to come into force, as set, need the audit of the other side enterprise just to come into force, cancel identifying procedure similar to data among enterprises authorization identifying flow process, difference is to carry out the mandate binding between enterprise after data among enterprises authorization identifying flow process completes audit; Cancel identifying procedure and examined the rear mandate binding of removing between enterprise; As without audit, described first enterprise's cloud platform service system also comprises: first cancels authorization identifying initiation module and first cancels Certificate Authority auditing module;
Described second enterprise's cloud platform service system also comprises: second cancels Certificate Authority receiver module;
First of first enterprise's cloud platform service system is cancelled authorization identifying initiation module and is initiated to cancel authorization identifying request according to the operational order of user's input, and by the first cancellation Certificate Authority auditing module to described cancellation authorization identifying request examine, complete after audit, first enterprise's cloud platform service system is cancelled the shared data binding with second enterprise's cloud platform service system, and judgement and cloud data sharing service end whether unimpeded, if the request of cancellation authorization identifying is sent to cloud data sharing service end, simultaneously, mutual audit log under the first Certificate Authority audit log module records,
Cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
Second enterprise's cloud platform service system is according to the cancellation authorization identifying request of cloud data sharing service end, Automatically invoked second is cancelled Certificate Authority receiver module save data, cancel the shared data binding with first enterprise's cloud platform service system, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
A data among enterprises authorization and authentication method based on cloud service, for realizing the authorization identifying between the first enterprise and the second enterprise, wherein, described data among enterprises authorization and authentication method comprises:
The first Certificate Authority initiation module of S1, first enterprise's cloud platform service system is initiated data grant authentication request according to the operational order of user's input, and by the first Certificate Authority auditing module, described authorization identifying request is examined, after completing audit, by the first Certificate Authority sending module and cloud data sharing service end, undertaken alternately, meanwhile, mutual audit log under the first Certificate Authority audit log module records;
S2, cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
S3, second enterprise's cloud platform service system are according to the authorization identifying request of cloud data sharing service end, Automatically invoked the second Certificate Authority receiver module receives the data that cloud data sharing service end sends over and carries out data processing, again according to the management process of the inside of predefined the second enterprise to authorization identifying request examine, after completing audit, by the second Certificate Authority responder module, acknowledges requests is mail to cloud data sharing service end, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
The described data among enterprises authorization and authentication method based on cloud service, wherein, also comprise cancellation authentication and authorization system, cancel Verification System acquiescence without the audit of the second enterprise, whether enterprise can set while cancelling audit when carrying out Certificate Authority binding needs the audit of the other side enterprise just to come into force, as set, need the audit of the other side enterprise just to come into force, cancel the data among enterprises authorization identifying flow process of the same description of identifying procedure; As without audit, also comprise step:
S4, first of first enterprise's cloud platform service system is cancelled authorization identifying initiation module and is initiated to cancel authorization identifying request according to the operational order of user's input, and by the first cancellation Certificate Authority auditing module to described cancellation authorization identifying request examine, complete after audit, first enterprise's cloud platform service system is cancelled the shared data binding with second enterprise's cloud platform service system, and judgement and cloud data sharing service end whether unimpeded, if the request of cancellation authorization identifying is sent to cloud data sharing service end, simultaneously, mutual audit log under the first Certificate Authority audit log module records,
S5, cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
S6, second enterprise's cloud platform service system are according to the cancellation authorization identifying request of cloud data sharing service end, Automatically invoked second is cancelled Certificate Authority receiver module save data, cancel the shared data binding with first enterprise's cloud platform service system, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
Beneficial effect:
The data among enterprises that data among enterprises authorization identifying system based on cloud service of the present invention and method are applicable to based on cloud service is shared.The clear and definite mode of data sharing, shares the content of data, shares enterprise corresponding to data.Further by cancelling authorization identifying, provide the approach of removing data among enterprises shared service.
Accompanying drawing explanation
Fig. 1 is the structured flowchart of the data among enterprises authorization identifying system based on cloud service of the present invention.
Fig. 2 is the structured flowchart that authorization identifying function is cancelled in the realization of the data among enterprises authorization identifying system based on cloud service of the present invention.
Fig. 3 is the flow chart of the data among enterprises authorization and authentication method based on cloud service of the present invention.
Fig. 4 cancels the flow chart of authorization identifying in the data among enterprises authorization and authentication method based on cloud service of the present invention.
Fig. 5 is the workflow diagram of first enterprise's cloud platform service system in the embodiment of the data among enterprises authorization and authentication method based on cloud service of the present invention.
Fig. 6 is that the embodiment medium cloud data sharing service end of the data among enterprises authorization and authentication method based on cloud service of the present invention is sent to the data of first enterprise's cloud platform service system the workflow diagram of second enterprise's cloud platform service system.
Embodiment
The invention provides a kind of data among enterprises authorization identifying system and method based on cloud service, for making object of the present invention, technical scheme and effect clearer, clear and definite, below the present invention is described in more detail.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
Refer to Fig. 1, it is the structured flowchart of the data among enterprises authorization identifying system based on cloud service of the present invention.As shown in the figure, described data among enterprises authorization identifying system comprises: first enterprise's cloud platform service system, second enterprise's cloud platform service system and cloud data sharing service end; Described first enterprise's cloud platform service system connects second enterprise's cloud platform service system by cloud data sharing service end;
Wherein, described first enterprise's cloud platform service system further comprises the first Certificate Authority initiation module, the first Certificate Authority auditing module, the first Certificate Authority sending module and the first Certificate Authority audit log module; Described second enterprise's cloud platform service system further comprises the second Certificate Authority receiver module, the second Certificate Authority auditing module, the second Certificate Authority audit log module and the second Certificate Authority responder module; Described cloud data sharing service end further comprises high in the clouds data reception module, Certificate Authority scheduler module, Certificate Authority buffer queue module and high in the clouds data transmission blocks.
Its workflow is as follows: the first Certificate Authority initiation module of first enterprise's cloud platform service system is initiated data grant authentication request according to the operational order of user's input, and by the first Certificate Authority auditing module, described authorization identifying request is examined, after completing audit, by the first Certificate Authority sending module and cloud data sharing service end, undertaken alternately, meanwhile, mutual audit log under the first Certificate Authority audit log module records;
Cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
Second enterprise's cloud platform service system is according to the authorization identifying request of cloud data sharing service end, Automatically invoked the second Certificate Authority receiver module receives the data that cloud data sharing service end sends over and carries out data processing, again according to the management process of the inside of predefined the second enterprise to authorization identifying request examine, after completing audit, by the second Certificate Authority responder module, acknowledges requests is mail to cloud data sharing service end, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
Further, in the described data among enterprises shared system based on cloud service, described first enterprise's cloud platform service system also comprises that the first Certificate Authority replys receiver module, the acknowledges requests sending by cloud data sharing service end for receiving second enterprise's cloud platform service system.
Further, as shown in Figure 2, the described data among enterprises authorization identifying system based on cloud service, wherein, also comprise cancellation authentication and authorization system, cancel Verification System acquiescence without the audit of the second enterprise, whether enterprise can set while cancelling audit when carrying out Certificate Authority binding needs the audit of the other side enterprise just to come into force, as set, need the audit of the other side enterprise just to come into force, cancel the data among enterprises authorization identifying flow process of the same description of identifying procedure; As without audit, described first enterprise's cloud platform service system also comprises: first cancels authorization identifying initiation module and first cancels Certificate Authority auditing module; Described second enterprise's cloud platform service system also comprises: second cancels Certificate Authority receiver module.
Workflow is as follows: first of first enterprise's cloud platform service system is cancelled authorization identifying initiation module and initiated to cancel authorization identifying request according to the operational order of user's input, and by the first cancellation Certificate Authority auditing module to described cancellation authorization identifying request examine, complete after audit, first enterprise's cloud platform service system is cancelled the shared data binding with second enterprise's cloud platform service system, and judgement and cloud data sharing service end whether unimpeded, if the request of cancellation authorization identifying is sent to cloud data sharing service end, simultaneously, mutual audit log under the first Certificate Authority audit log module records,
Cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
Second enterprise's cloud platform service system is according to the cancellation authorization identifying request of cloud data sharing service end, Automatically invoked second is cancelled Certificate Authority receiver module save data, cancel the shared data binding with first enterprise's cloud platform service system, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
The object of patent of the present invention is just the business datum between enterprise to share and carry out authorization identifying and cancel authorization identifying, and the data among enterprises being applicable to based on cloud service is shared.The mode of data sharing that data grant between enterprise authentication is clear and definite, shares the content of data, shares enterprise corresponding to data.Further, cancel authorization identifying the approach of removing data among enterprises shared service is provided.
The present invention also provides a kind of data among enterprises authorization and authentication method based on cloud service, and for realizing the authorization identifying between the first enterprise and the second enterprise, as shown in Figure 3, described data among enterprises authorization and authentication method comprises:
The first Certificate Authority initiation module of S1, first enterprise's cloud platform service system is initiated data grant authentication request according to the operational order of user's input, and by the first Certificate Authority auditing module, described authorization identifying request is examined, after completing audit, by the first Certificate Authority sending module and cloud data sharing service end, undertaken alternately, meanwhile, mutual audit log under the first Certificate Authority audit log module records;
S2, cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
S3, second enterprise's cloud platform service system are according to the authorization identifying request of cloud data sharing service end, Automatically invoked the second Certificate Authority receiver module receives the data that cloud data sharing service end sends over and carries out data processing, again according to the management process of the inside of predefined the second enterprise to authorization identifying request examine, after completing audit, by the second Certificate Authority responder module, acknowledges requests is mail to cloud data sharing service end, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
For above-mentioned steps, be described in detail respectively below.
Described step S1 is the workflow of first enterprise's cloud platform service system, and in the present embodiment, the course of work of described first enterprise's cloud platform service system as shown in Figure 5.For convenience of describing, with A enterprise cloud platform, represent first enterprise's cloud platform service system, with B enterprise cloud platform, represent second enterprise's cloud platform service system.The first Certificate Authority initiation module of first enterprise's cloud platform service system is initiated data grant authentication request according to the operational order of user's input, and by the first Certificate Authority auditing module, described authorization identifying request is examined, after completing audit, by the first Certificate Authority sending module and cloud data sharing service end, undertaken alternately, meanwhile, mutual audit log under the first Certificate Authority audit log module records.
Described step S2 is that cloud data sharing service end is sent to the data of first enterprise's cloud platform service system the workflow of second enterprise's cloud platform service system.As shown in Figure 6, its embodiment medium cloud data sharing service end of sharing method for the data among enterprises based on cloud service of the present invention is sent to the data of first enterprise's cloud platform service system the workflow diagram of second enterprise's cloud platform service system.Cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system.Further, when the shared scheduling mode of second enterprise's cloud platform service system is obstructed, deposit data in high in the clouds queue, until data sharing network when unimpeded, sends data to second enterprise's cloud platform service system.
Described step S3 is the work process flow of second enterprise's cloud platform service system.Specifically, second enterprise's cloud platform service system is according to the authorization identifying request of cloud data sharing service end, Automatically invoked the second Certificate Authority receiver module receives the data that cloud data sharing service end sends over and carries out data processing, again according to the management process of the inside of predefined the second enterprise to authorization identifying request examine, after completing audit, by the second Certificate Authority responder module, acknowledges requests is mail to cloud data sharing service end, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
Further, first enterprise's cloud platform service system and second enterprise's cloud platform service system are carried out the processing of business datum and mutual for the first enterprise and the second enterprise; It can be to be deployed on the first or second enterprise servers or high in the clouds system is rented by first, second enterprise.Also the operation system that third company develops, third party's system need to be docked with cloud data sharing service end according to the open interface of cloud platform.
Further, the data among enterprises authorization and authentication method based on cloud service as shown in Figure 4, wherein, also comprise cancellation authentication and authorization system, cancel Verification System acquiescence without the audit of the second enterprise, whether enterprise can set while cancelling audit when carrying out Certificate Authority binding needs the audit of the other side enterprise just to come into force, and needs the audit of the other side enterprise just to come into force as set, and cancels the data among enterprises authorization identifying flow process of the same description of identifying procedure; As without audit, also comprise step:
S4, first of first enterprise's cloud platform service system is cancelled authorization identifying initiation module and is initiated to cancel authorization identifying request according to the operational order of user's input, and by the first cancellation Certificate Authority auditing module to described cancellation authorization identifying request examine, complete after audit, first enterprise's cloud platform service system is cancelled the shared data binding with second enterprise's cloud platform service system, and judgement and cloud data sharing service end whether unimpeded, if the request of cancellation authorization identifying is sent to cloud data sharing service end, simultaneously, mutual audit log under the first Certificate Authority audit log module records,
S5, cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
S6, second enterprise's cloud platform service system are according to the cancellation authorization identifying request of cloud data sharing service end, Automatically invoked second is cancelled Certificate Authority receiver module save data, cancel the shared data binding with first enterprise's cloud platform service system, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
In sum, data among enterprises authorization identifying system and method based on cloud service disclosed by the invention, wherein, described data among enterprises authorization identifying system comprises: first enterprise's cloud platform service system, second enterprise's cloud platform service system and cloud data sharing service end; Described first enterprise's cloud platform service system connects second enterprise's cloud platform service system by cloud data sharing service end; Described first enterprise's cloud platform service system further comprises the first Certificate Authority initiation module, the first Certificate Authority auditing module, the first Certificate Authority sending module and the first Certificate Authority audit log module; Described second enterprise's cloud platform service system further comprises the second Certificate Authority receiver module, the second Certificate Authority auditing module, the second Certificate Authority audit log module and the second Certificate Authority responder module; Described cloud data sharing service end further comprises high in the clouds data reception module, Certificate Authority scheduler module, Certificate Authority buffer queue module and high in the clouds data transmission blocks.Its data among enterprises being applicable to based on cloud service is shared.The clear and definite mode of data sharing, shares the content of data, shares enterprise corresponding to data.Further by cancelling authorization identifying, provide the approach of removing data among enterprises shared service.
Should be understood that, application of the present invention is not limited to above-mentioned giving an example, and for those of ordinary skills, can be improved according to the above description or convert, and all these improvement and conversion all should belong to the protection range of claims of the present invention.
Claims (7)
1. the data among enterprises authorization identifying system based on cloud service, for realizing the authorization identifying between the first enterprise and the second enterprise, it is characterized in that, described data among enterprises authorization identifying system comprises: first enterprise's cloud platform service system, second enterprise's cloud platform service system and cloud data sharing service end; Described first enterprise's cloud platform service system connects second enterprise's cloud platform service system by cloud data sharing service end;
Wherein, described first enterprise's cloud platform service system further comprises the first Certificate Authority initiation module, the first Certificate Authority auditing module, the first Certificate Authority sending module and the first Certificate Authority audit log module;
Described second enterprise's cloud platform service system further comprises the second Certificate Authority receiver module, the second Certificate Authority auditing module, the second Certificate Authority audit log module and the second Certificate Authority responder module;
Described cloud data sharing service end further comprises high in the clouds data reception module, Certificate Authority scheduler module, Certificate Authority buffer queue module and high in the clouds data transmission blocks;
The first Certificate Authority initiation module of first enterprise's cloud platform service system is initiated data grant authentication request according to the operational order of user's input, and by the first Certificate Authority auditing module, described authorization identifying request is examined, after completing audit, by the first Certificate Authority sending module and cloud data sharing service end, undertaken alternately, meanwhile, mutual audit log under the first Certificate Authority audit log module records;
Cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
Second enterprise's cloud platform service system is according to the authorization identifying request of cloud data sharing service end, Automatically invoked the second Certificate Authority receiver module receives the data that cloud data sharing service end sends over and carries out data processing, again according to the management process of the inside of predefined the second enterprise to authorization identifying request examine, after completing audit, by the second Certificate Authority responder module, acknowledges requests is mail to cloud data sharing service end, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
2. the data among enterprises authorization identifying system based on cloud service according to claim 1, it is characterized in that, described first enterprise's cloud platform service system is to be deployed in high in the clouds system that the first enterprise servers, the first enterprise rent or the operation system of third company's exploitation;
Wherein, the operation system of described third company exploitation is docked with cloud data sharing service end according to the open interface of cloud platform.
3. the data among enterprises authorization identifying system based on cloud service according to claim 1, it is characterized in that, described second enterprise's cloud platform service system is to be deployed in high in the clouds system that the second enterprise servers, the second enterprise rent or the operation system of third company's exploitation;
Wherein, the operation system of described third company exploitation is docked with cloud data sharing service end according to the open interface of cloud platform.
4. the data among enterprises authorization identifying system based on cloud service according to claim 1, it is characterized in that, described first enterprise's cloud platform service system also comprises that the first Certificate Authority replys receiver module, the acknowledges requests sending by cloud data sharing service end for receiving second enterprise's cloud platform service system.
5. the data among enterprises authorization identifying system based on cloud service according to claim 1, it is characterized in that, also comprise cancellation authentication and authorization system, cancel Verification System acquiescence without the audit of the second enterprise, whether enterprise can set while cancelling audit when carrying out Certificate Authority binding needs the audit of the other side enterprise just to come into force, as set, need the audit of the other side enterprise just to come into force, cancel the data among enterprises authorization identifying flow process of the same description of identifying procedure; As without audit, described first enterprise's cloud platform service system also comprises: first cancels authorization identifying initiation module and first cancels Certificate Authority auditing module;
Described second enterprise's cloud platform service system also comprises: second cancels Certificate Authority receiver module;
First of first enterprise's cloud platform service system is cancelled authorization identifying initiation module and is initiated to cancel authorization identifying request according to the operational order of user's input, and by the first cancellation Certificate Authority auditing module to described cancellation authorization identifying request examine, complete after audit, first enterprise's cloud platform service system is cancelled the shared data binding with second enterprise's cloud platform service system, and judgement and cloud data sharing service end whether unimpeded, if the request of cancellation authorization identifying is sent to cloud data sharing service end, simultaneously, mutual audit log under the first Certificate Authority audit log module records,
Cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
Second enterprise's cloud platform service system is according to the cancellation authorization identifying request of cloud data sharing service end, Automatically invoked second is cancelled Certificate Authority receiver module save data, cancel the shared data binding with first enterprise's cloud platform service system, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
6. the data among enterprises authorization and authentication method based on cloud service, for realizing the authorization identifying between the first enterprise and the second enterprise, is characterized in that, described data among enterprises authorization and authentication method comprises:
The first Certificate Authority initiation module of S1, first enterprise's cloud platform service system is initiated data grant authentication request according to the operational order of user's input, and by the first Certificate Authority auditing module, described authorization identifying request is examined, after completing audit, by the first Certificate Authority sending module and cloud data sharing service end, undertaken alternately, meanwhile, mutual audit log under the first Certificate Authority audit log module records;
S2, cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
S3, second enterprise's cloud platform service system are according to the authorization identifying request of cloud data sharing service end, Automatically invoked the second Certificate Authority receiver module receives the data that cloud data sharing service end sends over and carries out data processing, again according to the management process of the inside of predefined the second enterprise to authorization identifying request examine, after completing audit, by the second Certificate Authority responder module, acknowledges requests is mail to cloud data sharing service end, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
7. the data among enterprises authorization and authentication method based on cloud service according to claim 6, is characterized in that, also comprises step:
S4, first of first enterprise's cloud platform service system is cancelled authorization identifying initiation module and is initiated to cancel authorization identifying request according to the operational order of user's input, and by the first cancellation Certificate Authority auditing module to described cancellation authorization identifying request examine, complete after audit, first enterprise's cloud platform service system is cancelled the shared data binding with second enterprise's cloud platform service system, and judgement and cloud data sharing service end whether unimpeded, if the request of cancellation authorization identifying is sent to cloud data sharing service end, simultaneously, mutual audit log under the first Certificate Authority audit log module records,
S5, cloud data sharing service end receives the data that first enterprise's cloud platform service system sends, determine the corresponding second enterprise's cloud platform service system receiving, and obtain the authorization identifying mode of second enterprise's cloud platform service system, if second enterprise's cloud platform service system is push-model, whether cloud data sharing service end detects the Certificate Authority mode of second enterprise's cloud platform service system unobstructed, if the data that first enterprise's cloud platform service system sent are sent to second enterprise's cloud platform service system, when network is obstructed, will send data buffer storage, and regularly whether Sampling network is unimpeded, when unimpeded, to the second enterprise, send data, if second enterprise's cloud platform service system is pull-mode, cloud data sharing service end is data cached, when second enterprise's cloud platform service system initiatively initiates to obtain detection request of data, sends data to second enterprise's cloud platform service system,
S6, second enterprise's cloud platform service system are according to the cancellation authorization identifying request of cloud data sharing service end, Automatically invoked second is cancelled Certificate Authority receiver module save data, cancel the shared data binding with first enterprise's cloud platform service system, meanwhile, mutual audit log under the second Certificate Authority audit log module records.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310708363.6A CN103685291B (en) | 2013-12-20 | 2013-12-20 | Data authorization certification system and method among enterprises based on cloud service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310708363.6A CN103685291B (en) | 2013-12-20 | 2013-12-20 | Data authorization certification system and method among enterprises based on cloud service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103685291A true CN103685291A (en) | 2014-03-26 |
| CN103685291B CN103685291B (en) | 2017-01-18 |
Family
ID=50321605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310708363.6A Expired - Fee Related CN103685291B (en) | 2013-12-20 | 2013-12-20 | Data authorization certification system and method among enterprises based on cloud service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103685291B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104065715A (en) * | 2014-06-18 | 2014-09-24 | 广东工业大学 | Method for resource sharing on basis of cloud platform and cloud platform |
| CN105913179A (en) * | 2016-04-08 | 2016-08-31 | 深圳市企企通科技有限公司 | Business connection system between enterprises based on cloud platform |
| CN108416678A (en) * | 2017-05-05 | 2018-08-17 | 平安科技(深圳)有限公司 | Multi-dimensional data account checking method and system |
| CN109547562A (en) * | 2018-12-13 | 2019-03-29 | 爱普(福建)科技有限公司 | A kind of data sharing method and system based on data sharing gateway |
| CN112347191A (en) * | 2020-11-13 | 2021-02-09 | 东莞中国科学院云计算产业技术创新与育成中心 | Method and device for sharing and exchanging data, computer equipment and storage medium |
| CN113438232A (en) * | 2021-06-24 | 2021-09-24 | 树根互联股份有限公司 | Method and device for determining data authorization form, electronic equipment and storage medium |
| CN113992381A (en) * | 2021-10-22 | 2022-01-28 | 北京天融信网络安全技术有限公司 | Authorization method, device, authorization platform and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1622519A (en) * | 2003-11-29 | 2005-06-01 | 鸿富锦精密工业(深圳)有限公司 | Information synchronous management system and method |
| CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
| US20130007845A1 (en) * | 2011-06-30 | 2013-01-03 | International Business Machines Corporation | Authentication and authorization methods for cloud computing security platform |
| CN103281368A (en) * | 2013-05-22 | 2013-09-04 | 河海大学 | Data sharing exchange model and method based on cloud computation |
-
2013
- 2013-12-20 CN CN201310708363.6A patent/CN103685291B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1622519A (en) * | 2003-11-29 | 2005-06-01 | 鸿富锦精密工业(深圳)有限公司 | Information synchronous management system and method |
| CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
| US20130007845A1 (en) * | 2011-06-30 | 2013-01-03 | International Business Machines Corporation | Authentication and authorization methods for cloud computing security platform |
| CN103281368A (en) * | 2013-05-22 | 2013-09-04 | 河海大学 | Data sharing exchange model and method based on cloud computation |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104065715A (en) * | 2014-06-18 | 2014-09-24 | 广东工业大学 | Method for resource sharing on basis of cloud platform and cloud platform |
| CN104065715B (en) * | 2014-06-18 | 2017-06-16 | 广东工业大学 | A kind of method and cloud platform of the resource-sharing based on cloud platform |
| CN105913179A (en) * | 2016-04-08 | 2016-08-31 | 深圳市企企通科技有限公司 | Business connection system between enterprises based on cloud platform |
| CN108416678A (en) * | 2017-05-05 | 2018-08-17 | 平安科技(深圳)有限公司 | Multi-dimensional data account checking method and system |
| CN109547562A (en) * | 2018-12-13 | 2019-03-29 | 爱普(福建)科技有限公司 | A kind of data sharing method and system based on data sharing gateway |
| CN112347191A (en) * | 2020-11-13 | 2021-02-09 | 东莞中国科学院云计算产业技术创新与育成中心 | Method and device for sharing and exchanging data, computer equipment and storage medium |
| CN113438232A (en) * | 2021-06-24 | 2021-09-24 | 树根互联股份有限公司 | Method and device for determining data authorization form, electronic equipment and storage medium |
| CN113438232B (en) * | 2021-06-24 | 2022-06-28 | 树根互联股份有限公司 | Method and device for determining data authorization form, electronic equipment and storage medium |
| CN113992381A (en) * | 2021-10-22 | 2022-01-28 | 北京天融信网络安全技术有限公司 | Authorization method, device, authorization platform and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103685291B (en) | 2017-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103685291A (en) | Data authorization certification system and method among enterprises based on cloud service | |
| CN103685533B (en) | Data sharing system and method among enterprises based on cloud service | |
| CN103685532B (en) | The safety guarantee system and method used during transmission of a kind of data among enterprises based on cloud service | |
| CN103412730A (en) | Intelligent terminal printing system based on cloud computing technology | |
| CN105025046A (en) | Cloud platform used for 3D printing, 3D printing system and method | |
| CN108243404A (en) | Ratification method, device and the equipment of phone number binding state | |
| CN101309261B (en) | Network datagram processing method, system and device | |
| CN102685018A (en) | Method and system for processing network instant messaging message and instant massaging equipment | |
| CN103839340A (en) | Method and system for synchronizing electronic purse information and over-the-air earmarking service platform | |
| CN102891832A (en) | ID (Identity) binding method and system | |
| CN105225045A (en) | A kind of movable attendance checking system based on user ID and fingerprint recognition and Work attendance method | |
| US20100174816A1 (en) | On-Demand Network Connection | |
| CN107612984B (en) | Big data platform based on internet | |
| CN109067669A (en) | Synchronization call method and application based on asynchronous interface | |
| CN110163784A (en) | A kind of fusion self-help serving system and method | |
| CN106487760B (en) | The interoperability methods and device of more system of account | |
| CN102355493B (en) | Data transmission system and data transmission method | |
| CN201878331U (en) | Mobile office device | |
| CN104410651A (en) | Enterprise information system architecture under mobile internet environment | |
| US9402178B2 (en) | Paid instant message system and method for authenticating identities using a mobile telephone network | |
| CN105550566B (en) | A kind of method of multiple users share soft ware authorization USB device | |
| CN103731362A (en) | Distant medical service seeking system with flow control module | |
| CN107566338A (en) | A kind of safety insert system and equipment based on local CAD cloud storages | |
| CN106992998A (en) | The safety implementation method and system of network link | |
| CN103024083A (en) | Software management system and method based on dynamic private cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170118 Termination date: 20181220 |