CN104022882A - Encryption authentication and encryption monitoring method applied to cloud computing - Google Patents

Encryption authentication and encryption monitoring method applied to cloud computing Download PDF

Info

Publication number
CN104022882A
CN104022882A CN201410266510.3A CN201410266510A CN104022882A CN 104022882 A CN104022882 A CN 104022882A CN 201410266510 A CN201410266510 A CN 201410266510A CN 104022882 A CN104022882 A CN 104022882A
Authority
CN
China
Prior art keywords
encrypting
authenticating
module
encryption
cloud computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410266510.3A
Other languages
Chinese (zh)
Inventor
李清石
张雁鹏
刘强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Group Co Ltd
Original Assignee
Inspur Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Group Co Ltd filed Critical Inspur Group Co Ltd
Priority to CN201410266510.3A priority Critical patent/CN104022882A/en
Publication of CN104022882A publication Critical patent/CN104022882A/en
Pending legal-status Critical Current

Links

Abstract

The invention discloses an encryption authentication and encryption monitoring method applied to cloud computing, and belongs to the technical field of server side administration program encryption. The method comprises the steps of compiling an encryption authentication module into an inner core in a driving mode, and providing an encryption authentication interface for an encryption monitoring module. Compared with the prior art, the encryption authentication and encryption monitoring method applied to cloud computing has the advantages that the safety of a sever administration unit program in the running process is achieved, the administration program is prevented from being stolen illegally, the working effectiveness of encryption authentication is monitored after a system is started, encryption authentication information is recorded into a system log, authentication failure information is fed back to a server administration terminal through an information reporting alarm mechanism, and positioning and correction of data center administrators are facilitated.

Description

A kind of method that is applied to the encrypting and authenticating of cloud computing and encrypts supervision
 
Technical field
The present invention relates to server end hypervisor encryption technology field, specifically a kind of method that is applied to the encrypting and authenticating of cloud computing and encrypts supervision.
Background technology
Cloud computing (cloud computing) is increase, use and the delivery mode of the related service based on the Internet, and being usually directed to is provided dynamically easily expansion and be often virtualized resource by the Internet.Cloud is a kind of metaphor saying of network, the Internet.Cloud computing is that the distributed computation ability of telescopic cheapness is provided by network.The mass data that cloud computing produces for Internet of Things provides good memory space, and makes real-time online be treated as possibility.Cloud computing is the core that realizes Internet of Things, uses cloud computing mode to make the real-time dynamic management of all kinds of article in Internet of Things and the intellectual analysis possibility that becomes.Cloud computing provides access to netwoks available, convenient, as required for Internet of Things, if there is no this instrument, the magnanimity information that Internet of Things produces cannot transmit, processes and apply.Cloud computing server is the important component part of cloud computing service, and being provides the service platform of integrated service ability towards all kinds of Internet users, and data can be managed concentratedly, allows all terminal uses share a main frame.Platform integration the large key element of traditional internet, applications three: calculating, storage, network, user oriented provides the Internet infrastructure service of publicization.
Technically, cloud computing utilizes system architecture technology that thousands of station servers are integrated exactly, for user provides flexibly resource, distribute and task scheduling ability, so cloud computing needs the carrying of data center, cloud computing is the calculating of a kind of data center.
In data center, settled a large amount of servers, these servers need to scientificlly and effectively be managed by the server management system being comprised of server admin unit and server admin terminal, server admin unit program plays an important role therein, has embodied the value of whole data center server management system.How the program on a large amount of server admins unit in the heart in protected data, prevents that server admin unit program from illegally being stolen is the major issue that cloud computing infrastructure layer need to solve.
Summary of the invention
Technical assignment of the present invention is to provide a kind of method that is applied to the encrypting and authenticating of cloud computing and encrypts supervision.
Technical assignment of the present invention is realized in the following manner, and the method is that encrypting and authenticating module is compiled into kernel with the form driving, and provides encrypting and authenticating interface to monitor module to encrypting.
Encryption and authentication method step is as follows:
(1) operating system nucleus on server admin unit B MC starts;
(2) while carrying out to encrypting and authenticating module in kernel start-up course, carry out one time encrypting and authenticating process;
(3) if authentication is passed through, kernel can continue to start, and carries out the managing process on BMC;
(4) if authentication is not passed through, kernel can not continue to start, and the managing process on BMC also cannot be carried out;
(5) after the normal startup of system, encrypting and authenticating module can encrypted supervision module regularly be called.
On described BMC, articulate an encryption chip.
Described encryption chip is DS28E01-100.
Encrypt and monitor that method step is as follows:
(1) after os starting, operation is encrypted and is monitored module;
(2) encrypt the work validity that supervision module is called encrypting and authenticating interface checking encrypting and authenticating module;
(3) encrypt and monitor that the execution result that module records encrypting and authenticating calls arrives system journal;
(4) encrypt and monitor that module records by LAN report and alarm information encrypting and authenticating failure;
(5) encrypt and monitor that module repeats said process from step 2 after certain time interval.
The method that a kind of encrypting and authenticating that is applied to cloud computing of the present invention and encrypting monitors compared to the prior art, the safety problem of settlement server administrative unit program in running, prevent that hypervisor from illegally being stolen, and start the rear work validity that monitors encrypting and authenticating in system, recording of encrypted authentication message is to system journal, authentification failure message is fed back to server management of terminal by information reporting alarming mechanism, be convenient to data center administrator location and correction problem.
Accompanying drawing explanation
Accompanying drawing 1 is a kind of schematic flow sheet that is applied to the encryption and authentication method of cloud computing.
Accompanying drawing 2 is a kind of schematic flow sheet that is applied to the encryption supervision method of cloud computing.
Embodiment
Embodiment 1:
At mainboard upper plate, carry a BMC, on BMC, articulate an encryption chip.After server admin unit powers on, BMC operating system nucleus starts, and carries out encrypting and authenticating process in start-up course one time, and concrete authentication method adopts random challenge-response mechanism.If authentication is passed through, kernel can continue startup, and carries out the managing process on BMC; If authentication is not passed through, kernel can not continue to start, and the managing process on BMC also cannot be carried out.After the normal startup of system, encrypting and authenticating module can encrypted supervision module regularly be called.
After os starting, operation is encrypted and is monitored module, encrypt supervision module and call the work validity of encrypting and authenticating interface checking encrypting and authenticating module, the execution result of recording of encrypted authentication call is to system journal, and encrypting and authenticating failure record is sent a warning message to server management of terminal by LAN, encrypt and monitor that module repeats above-mentioned encrypting and authenticating process after certain time interval.
Embodiment 2:
At mainboard upper plate, carry a BMC, on BMC, articulate DS28E01-100 encryption chip.After server admin unit powers on, BMC operating system nucleus starts, and carries out encrypting and authenticating process in start-up course one time, and concrete authentication method adopts random challenge-response mechanism.If authentication is passed through, kernel can continue startup, and carries out the managing process on BMC; If authentication is not passed through, kernel can not continue to start, and the managing process on BMC also cannot be carried out.After the normal startup of system, encrypting and authenticating module can encrypted supervision module regularly be called.
After os starting, operation is encrypted and is monitored module, encrypt supervision module and call the work validity of encrypting and authenticating interface checking encrypting and authenticating module, the execution result of recording of encrypted authentication call is to system journal, and encrypting and authenticating failure record is sent to SNMP Trap active reporting warning information to server management of terminal by LAN, encrypt and monitor that module repeats above-mentioned encrypting and authenticating process after certain time interval.
By embodiment above, described those skilled in the art can be easy to realize the present invention.But should be appreciated that the present invention is not limited to above-mentioned several embodiments.On the basis of disclosed execution mode, described those skilled in the art can the different technical characterictic of combination in any, thereby realizes different technical schemes.

Claims (5)

1. be applied to the encrypting and authenticating of cloud computing and encrypt the method monitoring, it is characterized in that encrypting and authenticating module to compile into kernel with the form driving, and providing encrypting and authenticating interface to monitor module to encrypting.
2. a kind of encrypting and authenticating that is applied to cloud computing according to claim 1 and encrypt the method monitoring, is characterized in that encryption and authentication method step is as follows:
(1) operating system nucleus on server admin unit B MC starts;
(2) while carrying out to encrypting and authenticating module in kernel start-up course, carry out one time encrypting and authenticating process;
(3) if authentication is passed through, kernel can continue to start, and carries out the managing process on BMC;
(4) if authentication is not passed through, kernel can not continue to start, and the managing process on BMC also cannot be carried out;
(5) after the normal startup of system, encrypting and authenticating module can encrypted supervision module regularly be called.
3. a kind of method that is applied to the encrypting and authenticating of cloud computing and encrypts supervision according to claim 2, is characterized in that articulating an encryption chip on described BMC.
4. a kind of method that is applied to the encrypting and authenticating of cloud computing and encrypts supervision according to claim 3, is characterized in that described encryption chip is DS28E01-100.
5. a kind of encrypting and authenticating that is applied to cloud computing according to claim 1 and encrypt the method monitoring, is characterized in that encrypting and monitors that method step is as follows:
(1) after os starting, operation is encrypted and is monitored module;
(2) encrypt the work validity that supervision module is called encrypting and authenticating interface checking encrypting and authenticating module;
(3) encrypt and monitor that the execution result that module records encrypting and authenticating calls arrives system journal;
(4) encrypt and monitor that module records by LAN report and alarm information encrypting and authenticating failure;
(5) encrypt and monitor that module repeats said process from step 2 after certain time interval.
CN201410266510.3A 2014-06-16 2014-06-16 Encryption authentication and encryption monitoring method applied to cloud computing Pending CN104022882A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410266510.3A CN104022882A (en) 2014-06-16 2014-06-16 Encryption authentication and encryption monitoring method applied to cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410266510.3A CN104022882A (en) 2014-06-16 2014-06-16 Encryption authentication and encryption monitoring method applied to cloud computing

Publications (1)

Publication Number Publication Date
CN104022882A true CN104022882A (en) 2014-09-03

Family

ID=51439466

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410266510.3A Pending CN104022882A (en) 2014-06-16 2014-06-16 Encryption authentication and encryption monitoring method applied to cloud computing

Country Status (1)

Country Link
CN (1) CN104022882A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104408364A (en) * 2014-12-01 2015-03-11 浪潮集团有限公司 Server management program protection method and system
CN104778383A (en) * 2015-04-17 2015-07-15 浪潮电子信息产业股份有限公司 Hardware encrypting method for blade server management daughter card based on homemade processor

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104408364A (en) * 2014-12-01 2015-03-11 浪潮集团有限公司 Server management program protection method and system
CN104778383A (en) * 2015-04-17 2015-07-15 浪潮电子信息产业股份有限公司 Hardware encrypting method for blade server management daughter card based on homemade processor

Similar Documents

Publication Publication Date Title
US10454916B2 (en) Systems and methods for implementing security
Tysowski et al. Hybrid attribute-and re-encryption-based key management for secure and scalable mobile applications in clouds
EP2495681B1 (en) Remote pre-boot authentication
JP5522307B2 (en) System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines
US20160087986A1 (en) Storage device security system
US20160119141A1 (en) Secure communication authentication method and system in distributed environment
US20130125114A1 (en) Computational asset identification without predetermined identifiers
CN105656864B (en) Key management system and management method based on TCM
US20080069341A1 (en) Methods and systems for strong encryption
US7856664B2 (en) Method, system and computer program for a secure backup license server in a license management system
CN105530266B (en) A kind of license passport management method, apparatus and system
US20150026767A1 (en) Systems and methods for implementing computer security
CN104969201A (en) Secure interface for invoking privileged operations
US20130290708A1 (en) Configuration protection for providing security to configuration files
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
CN101621377A (en) Trusted access method under virtual computing environment
CN104022882A (en) Encryption authentication and encryption monitoring method applied to cloud computing
Koufil et al. A credential renewal service for long-running jobs
CN112953930A (en) Cloud storage data processing method and device and computer system
WO2018162060A1 (en) Methods and devices for attesting an integrity of a virtual machine
CN105324779A (en) Host recovery using a secure store
CN111541785B (en) Block chain data processing method and device based on cloud computing
Ray et al. An approach for data privacy in hybrid cloud environment
CN105554127B (en) The private clound back mechanism of the safe cryptographic means of multi-layer data
EP3306509B1 (en) Vtpm-based method and system for virtual machine security and protection

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20140903