CN104935608A - Identity authentication method in cloud computing network - Google Patents

Identity authentication method in cloud computing network Download PDF

Info

Publication number
CN104935608A
CN104935608A CN201510395427.0A CN201510395427A CN104935608A CN 104935608 A CN104935608 A CN 104935608A CN 201510395427 A CN201510395427 A CN 201510395427A CN 104935608 A CN104935608 A CN 104935608A
Authority
CN
China
Prior art keywords
cloud platform
platform server
user
certification
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510395427.0A
Other languages
Chinese (zh)
Inventor
马泳宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Rui Feng Science And Technology Ltd
Original Assignee
Chengdu Rui Feng Science And Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Rui Feng Science And Technology Ltd filed Critical Chengdu Rui Feng Science And Technology Ltd
Priority to CN201510395427.0A priority Critical patent/CN104935608A/en
Publication of CN104935608A publication Critical patent/CN104935608A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The invention provides an identity authentication method in a cloud computing network. The method comprises the steps that: an authentication data set is generated, wherein the authentication data set comprises encrypted user attribute information and a secrecy policy; a cloud platform server obtains the authentication data set and is subjected to decryption to authenticate a user; if the authentication is successful, the cloud platform server deletes the user attribute information according to the secrecy policy and returns receiving information to an authentication module to allow the user to use the service. The invention provides the identity authentication method in the cloud computing network, so that the user and the server can authenticate one another, without a trusted third party and the method can prevent information leakage or tampering, without exposing privacy attribute information.

Description

Identity identifying method in a kind of system for cloud computing
Technical field
The present invention relates to cloud computing, the identity identifying method particularly in a kind of system for cloud computing.
Background technology
The but under cover various in a jumble account management problem in behind of data trade huge in cloud computing and various information service, makes digital identity become focus undoubtedly.In recent years because digital identity is revealed the invasion of privacy case caused and happened occasionally.In order to resource energy safe sharing between cloud, the legitimacy of cloud identity each other also becomes important focus naturally.Authentication, as the guard of information security, is the indispensable link of cloud security measure.
In order to realize general login, a lot of mechanism is also in the middle of exploitation and using.Some of them are the framework or agreement developed for secure exchange authentification of message between partner site and mandate, other are then built across website, application program and equipment, by the framework that identity and relation information combine together, but existing above framework constructs the great number cost of trust and may there is single point failure problem as the trusted third party of Identity Provider.
Summary of the invention
For solving the problem existing for above-mentioned prior art, the present invention proposes the identity identifying method in a kind of system for cloud computing, comprising:
Step one, generate verify data collection, described verify data collection comprises the customer attribute information after encryption and secrecy policy;
Step 2, cloud Platform Server obtains described verify data collection, performs decryption oprerations, carries out certification to user;
Step 3, if certification is passed through, deletes customer attribute information according to described secrecy policy, returns reception information to authentication module, allows user to use service.
Preferably, described step one, generate verify data collection, described verify data collection comprises the customer attribute information after encryption and secrecy policy, comprises further:
Attribute library in the authentication module of cloud platform collects attribute information corresponding to user according to the attribute declaration of cloud Platform Server request, then the encryption attribute private key that the key database of authentication module provides is utilized, call virtual machine and perform asymmetric encryption procedure, generate the customer attribute information of encryption, if cloud Platform Server does not send attribute request, then by all properties information encryption of user's permission, be sent to the certification performance element of authentication module, the corresponding secrecy policy of strategy execution unit selection of authentication module, described secrecy policy comprises Integrity Self Test, from deletion strategy, certification performance element is by the customer attribute information of encryption, secrecy policy, encryption attribute PKI, signing messages and virtual machine information five parts one of making a summary reinstate the PKI packing that cloud Platform Server provides, generate verify data collection, and be transferred to cloud Platform Server by escape way.
Preferably, described step 2, cloud Platform Server obtains described verify data collection, performs decryption oprerations, carries out certification, comprise further user:
After cloud Platform Server access authentication data set, the private key that input cloud Platform Server provides, virtual machine performs decryption oprerations, after successful decryption, verify data collection starts Integrity Self Test, the value calculated and the value be kept in secrecy policy are before contrasted, if meet, enables verify data collection.
Preferably, described step 3, if certification is passed through, deletes customer attribute information according to described secrecy policy, returns reception information to authentication module, allows user to use service, comprises further:
After the certification of cloud Platform Server to user is passed through, if cloud Platform Server does not check customer attribute information, customer attribute information is deleted immediately according to concrete secrecy policy, and signing messages is given the preservation of cloud Platform Server, cloud Platform Server returns reception information to authentication module, represents and allows to use service, when user asks this identical service again, cloud Platform Server only returns described signature, and authentication module certifying signature can represent this cloud Platform Server of certification; If cloud Platform Server needs the attribute information checking user, the private key that input cloud Platform Server provides is to virtual machine, decrypted user attribute information, by unnecessary information deletion in secrecy policy, cloud Platform Server is further certification after obtaining information, certification to authentication module, if do not passed through, then returns exclude information by rear sent-received message.
The present invention compared to existing technology, has the following advantages:
The present invention proposes the identity identifying method in a kind of system for cloud computing, do not need trusted third party, between user and server, carry out covert certification each other, do not need to expose private attribute information, prevent the leakage of information or distort.
Accompanying drawing explanation
Fig. 1 is the flow chart according to the identity identifying method in the system for cloud computing of the embodiment of the present invention.
Embodiment
Detailed description to one or more embodiment of the present invention is hereafter provided together with the accompanying drawing of the diagram principle of the invention.Describe the present invention in conjunction with such embodiment, but the invention is not restricted to any embodiment.Scope of the present invention is only defined by the claims, and the present invention contain many substitute, amendment and equivalent.Set forth many details in the following description to provide thorough understanding of the present invention.These details are provided for exemplary purposes, and also can realize the present invention according to claims without some in these details or all details.
An aspect of of the present present invention provides the identity identifying method in a kind of system for cloud computing.Fig. 1 is according to the identity identifying method flow chart in the system for cloud computing of the embodiment of the present invention.The present invention, by privately owned cloud identity verification scheme of hideing, can be embedded into as in the compact hardware such as smart card, carrys out request service after terminal use obtains the legal right to use by various mobile device.Terminal use does not worry oneself privacy of identities problem, reduces offered load simultaneously, overcomes network delay.
The role that cloud authentication space participates in comprises: privately owned cloud Platform Server, cloud terminal use and cloud platform authentication module.And cloud platform authentication module contains following six parts.
Virtual identity storehouse: virtual identity storehouse comprises signature key.Store the digital signature Sg virtual account VID of user being carried out to signature protection in signature key, Sg is sent in certification performance element and goes to set up verify data collection.After verification process terminates, cloud Platform Server will obtain and select to preserve Sg.When requested service next time, even if cloud Platform Server has the demand of authentication property, terminal use only need carry out metadata authentication with Sg as condition, and cloud Platform Server is followed the Sg contrast stored before just can complete the value that decrypted metadata obtains and be have authenticated.So namely, improve authentication efficiency and decrease the number of times exposing privacy information.
Attribute library: attribute library is used for the individual privacy attribute information of user to collect and the encryption attribute private key AKpr provided with key database encrypts, and generating ciphertext EAT preserves wherein, as: Email address, telephone number.In certification initialization procedure, EAT sends to certification performance element to pack and generates verify data collection by attribute library.In verification process, if cloud Platform Server needs the attribute information ATT checking user, then first use attribute encrypted public key AKpu deciphers and obtains attribute information.It should be noted that user can select to be supplied to all or part of individual privacy information of attribute library, instead of all properties had by attribute library automatic search user, give the more power of user like this to control the privacy of oneself.And due to the dynamic characteristic of cloud environment, user profile also may change, so when user thinks the service that please look for novelty, need to add new attribute information, at this moment can be upgraded or revise the attribute information of oneself by attribute library.
Certification performance element: the responsibility of certification performance element is that the metadata generating non-public certification describes token and verify data collection.First authentication phase first certification performance element can obtain the server token that cloud Platform Server sends, and whether the validity then calling the search algorithm descriptive metadata token in virtual machine carrys out certification cloud Platform Server legal.Then the metadata that certification performance element also can utilize the server ID and other security parameters etc. that obtain to generate oneself for user describes token UTKf, allows cloud Platform Server complete identity anonymous certification to user.Certification performance element is also responsible for generating the verify data collection needed for attribute certification.
Verify data collection is made up of five parts: the attribute information EAT of encryption, the virtual account Sg of signature, secrecy policy, encryption attribute PKI AKpu and the informative abstract (comprising the necessary run time version of verification process and algorithm) based on virtual machine.Include verify data collection in secrecy policy after arrival cloud Platform Server, a series of secrecy policies before and after enabling, implement these strategies by virtual machine, complete certification.With the public key encryption of cloud Platform Server after whole verify data collection packing, with the addition of again one security perimeter.
Strategy execution unit: include various secrecy policy and mechanism, as: Integrity Self Test, deletion certainly, life cycle, audit and daily record etc., the strategy that can also add according to user's application demand strengthen authentication security.Wherein Integrity Self Test strategy defines the integrality making regular check on self-data, guarantees that data are not maliciously tampered or destroy.When data set arrives cloud Platform Server, also can enable Integrity Self Test, successfully pass and just can enable authentication module afterwards.Two kinds of forms are then comprised from deleting mechanism:
When discovery threatens or the sign of malicious sabotage, certainly delete all data, in case privacy information is stolen or distort by virtual machine activation immediately.Or in verification process, for the attribute information that cloud Platform Server is not asked, be considered as unnecessary privacy information, this part information is eliminated, in case personal secrets problem.And life cycle management, formulate the generation of VID, configuration, managed and cancel recovery etc.Daily record and audit system then record the situation that authentication module runs, and obtain warning against danger or signalling trouble etc. in time, to describe or accident treatment.
Virtual machine: the virtual machine (comprising authentication module and cloud Platform Server end) in system is the container of a run time version, containing the system code of operating system with some bases, be loaded with encryption and decryption, inquiry scheduling algorithm and program simultaneously, implement secrecy policy for strengthening, and perform the task of other assemblies.Send to the verify data collection of cloud Platform Server and metadata database all can distribute virtual machine information summary, contain and perform attribute certification and the algorithm needed for anonymous authentication process and code, carried out whole verification process.
Key database: store the key for encryption and decryption attribute information, and the key that in certification, metadata ciphering process generates.
Two-way cloud authentication comprises two large mechanism: anonymous authentication and attribute certification.First these two machine-processed authentication details are introduced, whole identifying procedure under then analyzing concrete scene.
Attribute certification:
1) verify data collection generation phase
Attribute library collects attribute information corresponding to user according to the attribute declaration of cloud Platform Server request.Then the encryption attribute private key AKpr utilizing key database to provide, calls virtual machine and performs asymmetric encryption procedure, generate EAT.If cloud Platform Server does not send clear and definite attribute request, then by all properties information encryption that user allows, be sent to certification performance element.The corresponding secrecy policy of strategy execution unit selection, as: Integrity Self Test, from deletion strategy etc.The certification performance element PKI SKPu that five parts one reinstate cloud Platform Server and provide that EAT, secrecy policy, AKpu, Sg and virtual machine information made a summary packs, and generates verify data collection, and is transferred to cloud Platform Server by escape way.
2) stage enabled by verify data collection
After cloud Platform Server access authentication data set, the private key SKPr that input cloud Platform Server provides and decrypting process, virtual machine performs decryption oprerations.After successful decryption, verify data collection starts Integrity Self Test, the value calculated and the value be kept in secrecy policy is before contrasted, meets, enable verify data collection.If Integrity Self Test failure, then the complete deletion strategy of the strategy that enables self-defense, cuts off certification.
3) verify data collection authentication phase
After the certification of cloud Platform Server to user is passed through, if cloud Platform Server is without the need to checking customer attribute information, EAT is deleted immediately according to concrete secrecy policy, and give the preservation of cloud Platform Server using Sg as signature, cloud Platform Server returns reception information to authentication module, represents and allows to use service.When user asks this identical service again, cloud Platform Server only needs to return signature Sg, and authentication module certifying signature can represent this cloud Platform Server of certification.If cloud Platform Server needs to continue the attribute information checking user, input private key SKpr, to virtual machine, deciphers EAT.Can according to circumstances by unnecessary information deletion in secrecy policy.Cloud Platform Server is further certification after obtaining information.Certification by rear sent-received message to authentication module, if not by; return exclude information.
Anonymous authentication:
This programme, in the metadata encryption concept that two stages have used two kinds of introducing different above, first realizes cloud Platform Server and carries out anonymous authentication to user, then complete the legal identity of authentication module to cloud Platform Server authenticated user.
First stage: cloud Platform Server carries out certification to user
First cloud Platform Server generates pair of secret keys SPK, SMK; Then encrypted public key and the ID generating ciphertext SCT of oneself; Then using double secret key SPK, SMK and metadata describing function f as input item, generator data describe token.
After authentication module obtains token and SPK, SCT, virtual machine call search algorithm exports metadata and describes result Boolean.If be true, then represent that cloud Platform Server is asked server, carry out next step communication, otherwise user stop communication immediately, in case the security threat that fishing website or other false service devices bring.
Second stage: authentication module proves user identity to cloud Platform Server
In like manner, the parameter inputted during this stage encryption adds the attribute conditions I of cloud Platform Server statement.Difference is, when authentication module is after cloud Platform Server end is activated, cloud Platform Server will obtain ciphertext UCT and UCK, as two input parameters, call decrypting process and will be decrypted calculating.If obtain the ID value of user oneself, then show that the owner of authentication module is legal; If obtain null character (NUL), then refusal provides service.When user to certain cloud Platform Server again request service time, the ID using Sg alternative server in the ciphering process of second step can be selected.Like this, after cloud Platform Server deciphering UTKf, end value and the Sg preserved before being contrasted, if consistent, can decision request person be legal.
In addition, if terminal use is another privately owned cloud PC of request expanding resource, then ask the authentication overall process concrete steps of cloud service as follows:
Step1:PC is to cloud Platform Server request service.
Step2: cloud Platform Server is by metadata ciphering process, and using double secret key SPK, SMK and metadata describing function f as input item, generator data describe token, for certification.Cloud Platform Server, by server token, PKI SKpu, generates verify data collection and sends to PC together.
Step3:PC sends authentication module to after receiving verify data collection, and first certification performance element carries out metadata description, judges that whether cloud Platform Server is true supplier that PC asks.If metadata result of determination is true, enter next step; Be false, then return an exclude information, interrupt communication.
Step4: virtual identity storehouse is recorded to server ID in catalog directory.If this service is PC first time request, virtual identity storehouse can provide a virtual account VID, and digital signature; If this cloud Platform Server once requested mistake, virtual identity storehouse can find corresponding VID according to server ID and then sign and generate Sg in catalogue.Then server ID is sent to certification performance element.
Step5: after certification performance element receives server ID, the metadata ciphering process in virtual machine is utilized to process, generating ciphertext UCT and metadata describe token UTKf, to be stored in metadata database and to send to cloud Platform Server, to the identity of its certification PC.
Step6: after cloud Platform Server accepts metadata database, whether the result value is oneself ID value.If be worth equal, then illustrate that PC is legal, if now cloud Platform Server does not need extra attribute information checking, just directly can return approval information, allow PC Gains resources; Obtain other attribute informations if want, then return to authentication module request attribute authorization information.If be worth unequal, cloud Platform Server returns exclude information, and it is mutual to stop with requestor PC.
Step7: after authentication module receives attribute checking solicited message, start the certification based on verify data collection, generate verify data collection and send to cloud Platform Server.
Step8: the private key of cloud Platform Server first with oneself after obtaining verify data collection is deciphered.Enable after waiting for the Integrity Self Test successfully passing virtual machine execution.If could not enable, illustrate that verify data collection is destroyed, cloud Platform Server sends request again.
Step9: after enabling smoothly, cloud Platform Server will obtain Sg and the encryption attribute PKI AKpu of PC.Cloud Platform Server uses public-key and deciphers EAT, checking attribute information.
Step10: return reception information to authentication module after cloud Platform Server good authentication attribute information.Authentication failed returns exclude information.
Step11: authentication module sends reception information to PC.
Step12:PC brings into use service.
In sum, the present invention proposes the identity identifying method in a kind of system for cloud computing, do not need trusted third party, between user and server, carry out certification each other, do not need to expose private attribute information, prevent the leakage of information or distort.
Obviously, it should be appreciated by those skilled in the art, above-mentioned of the present invention each module or each step can realize with general computing system, they can concentrate on single computing system, or be distributed on network that multiple computing system forms, alternatively, they can realize with the executable program code of computing system, thus, they can be stored and be performed by computing system within the storage system.Like this, the present invention is not restricted to any specific hardware and software combination.
Should be understood that, above-mentioned embodiment of the present invention only for exemplary illustration or explain principle of the present invention, and is not construed as limiting the invention.Therefore, any amendment made when without departing from the spirit and scope of the present invention, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.In addition, claims of the present invention be intended to contain fall into claims scope and border or this scope and border equivalents in whole change and modification.

Claims (4)

1. the identity identifying method in system for cloud computing, carries out authentication for privately owned cloud to user, it is characterized in that, comprising:
Step one, generate verify data collection, described verify data collection comprises the customer attribute information after encryption and secrecy policy;
Step 2, cloud Platform Server obtains described verify data collection, performs decryption oprerations, carries out certification to user;
Step 3, if certification is passed through, deletes customer attribute information according to described secrecy policy, returns reception information to authentication module, allows user to use service.
2. method according to claim 1, is characterized in that, described step one, and generate verify data collection, described verify data collection comprises the customer attribute information after encryption and secrecy policy, comprises further:
Attribute library in the authentication module of cloud platform collects attribute information corresponding to user according to the attribute declaration of cloud Platform Server request, then the encryption attribute private key that the key database of authentication module provides is utilized, call virtual machine and perform asymmetric encryption procedure, generate the customer attribute information of encryption, if cloud Platform Server does not send attribute request, then by all properties information encryption of user's permission, be sent to the certification performance element of authentication module, the corresponding secrecy policy of strategy execution unit selection of authentication module, described secrecy policy comprises Integrity Self Test, from deletion strategy, certification performance element is by the customer attribute information of encryption, secrecy policy, encryption attribute PKI, signing messages and virtual machine information five parts one of making a summary reinstate the PKI packing that cloud Platform Server provides, generate verify data collection, and be transferred to cloud Platform Server by escape way.
3. method according to claim 2, is characterized in that, described step 2, and cloud Platform Server obtains described verify data collection, performs decryption oprerations, carries out certification, comprise further user:
After cloud Platform Server access authentication data set, the private key that input cloud Platform Server provides, virtual machine performs decryption oprerations, after successful decryption, verify data collection starts Integrity Self Test, the value calculated and the value be kept in secrecy policy are before contrasted, if meet, enables verify data collection.
4. method according to claim 3, is characterized in that, described step 3, if certification is passed through, deletes customer attribute information, return reception information to authentication module according to described secrecy policy, allows user to use service, comprises further:
After the certification of cloud Platform Server to user is passed through, if cloud Platform Server does not check customer attribute information, customer attribute information is deleted immediately according to concrete secrecy policy, and signing messages is given the preservation of cloud Platform Server, cloud Platform Server returns reception information to authentication module, represents and allows to use service, when user asks this identical service again, cloud Platform Server only returns described signature, and authentication module certifying signature can represent this cloud Platform Server of certification; If cloud Platform Server needs the attribute information checking user, the private key that input cloud Platform Server provides is to virtual machine, decrypted user attribute information, by unnecessary information deletion in secrecy policy, cloud Platform Server is further certification after obtaining information, certification to authentication module, if do not passed through, then returns exclude information by rear sent-received message.
CN201510395427.0A 2015-07-07 2015-07-07 Identity authentication method in cloud computing network Pending CN104935608A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510395427.0A CN104935608A (en) 2015-07-07 2015-07-07 Identity authentication method in cloud computing network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510395427.0A CN104935608A (en) 2015-07-07 2015-07-07 Identity authentication method in cloud computing network

Publications (1)

Publication Number Publication Date
CN104935608A true CN104935608A (en) 2015-09-23

Family

ID=54122580

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510395427.0A Pending CN104935608A (en) 2015-07-07 2015-07-07 Identity authentication method in cloud computing network

Country Status (1)

Country Link
CN (1) CN104935608A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322480A (en) * 2018-03-19 2018-07-24 武汉康慧然信息技术咨询有限公司 Information authentication method in smart home
CN108377249A (en) * 2018-03-20 2018-08-07 武汉康慧然信息技术咨询有限公司 Information authentication method in new-energy automobile based on technology of Internet of things
CN110705987A (en) * 2019-09-04 2020-01-17 华东江苏大数据交易中心股份有限公司 Transaction data validity judgment system
CN111490967A (en) * 2019-01-29 2020-08-04 中国科学院软件研究所 Unified identity authentication method and system for providing user-friendly strong authentication and anonymous authentication
CN115150117A (en) * 2021-03-30 2022-10-04 国际商业机器公司 Maintaining confidentiality in decentralized policies

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101034988A (en) * 2007-02-15 2007-09-12 张仁平 Network login authentication protection device and its using method
CN101901318A (en) * 2010-07-23 2010-12-01 北京工业大学 Trusted hardware equipment and using method thereof
CN103312691A (en) * 2013-04-19 2013-09-18 无锡成电科大科技发展有限公司 Method and system for authenticating and accessing cloud platform
US20140050317A1 (en) * 2012-08-16 2014-02-20 Digicert, Inc. Cloud Key Management System
CN104753879A (en) * 2013-12-30 2015-07-01 中国银联股份有限公司 Method and system for authenticating cloud service provider through terminal and method and system for authenticating terminal through cloud service provider

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101034988A (en) * 2007-02-15 2007-09-12 张仁平 Network login authentication protection device and its using method
CN101901318A (en) * 2010-07-23 2010-12-01 北京工业大学 Trusted hardware equipment and using method thereof
US20140050317A1 (en) * 2012-08-16 2014-02-20 Digicert, Inc. Cloud Key Management System
CN103312691A (en) * 2013-04-19 2013-09-18 无锡成电科大科技发展有限公司 Method and system for authenticating and accessing cloud platform
CN104753879A (en) * 2013-12-30 2015-07-01 中国银联股份有限公司 Method and system for authenticating cloud service provider through terminal and method and system for authenticating terminal through cloud service provider

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322480A (en) * 2018-03-19 2018-07-24 武汉康慧然信息技术咨询有限公司 Information authentication method in smart home
CN108322480B (en) * 2018-03-19 2020-11-20 王锐 Information authentication method in smart home
CN108377249A (en) * 2018-03-20 2018-08-07 武汉康慧然信息技术咨询有限公司 Information authentication method in new-energy automobile based on technology of Internet of things
CN108377249B (en) * 2018-03-20 2021-01-12 陈瑛昊 Information authentication method in new energy automobile based on Internet of things technology
CN111490967A (en) * 2019-01-29 2020-08-04 中国科学院软件研究所 Unified identity authentication method and system for providing user-friendly strong authentication and anonymous authentication
CN111490967B (en) * 2019-01-29 2022-02-25 中国科学院软件研究所 Unified identity authentication method and system for providing user-friendly strong authentication and anonymous authentication
CN110705987A (en) * 2019-09-04 2020-01-17 华东江苏大数据交易中心股份有限公司 Transaction data validity judgment system
CN115150117A (en) * 2021-03-30 2022-10-04 国际商业机器公司 Maintaining confidentiality in decentralized policies
US20220321335A1 (en) * 2021-03-30 2022-10-06 International Business Machines Corporation Maintaining confidentiality in decentralized policies
US11677549B2 (en) * 2021-03-30 2023-06-13 International Business Machines Corporation Maintaining confidentiality in decentralized policies

Similar Documents

Publication Publication Date Title
CN111191286B (en) HyperLegger Fabric block chain private data storage and access system and method thereof
Arora et al. Cloud security ecosystem for data security and privacy
CN103138939B (en) Based on the key access times management method of credible platform module under cloud memory module
US10250613B2 (en) Data access method based on cloud computing platform, and user terminal
Razaque et al. Privacy preserving model: a new scheme for auditing cloud stakeholders
CN105745661A (en) Policy-based trusted inspection of rights managed content
US20220014367A1 (en) Decentralized computing systems and methods for performing actions using stored private data
CN104935608A (en) Identity authentication method in cloud computing network
CN111523110A (en) Permission query configuration method and device based on chain codes
Vegesna Methodologies for Enhancing Data Integrity and Security in Distributed Cloud Computing with Techniques to Implement Security Solutions
Agarkhed et al. An efficient auditing scheme for data storage security in cloud
Neela et al. An improved RSA technique with efficient data integrity verification for outsourcing database in cloud
CN104935606A (en) Terminal login method in cloud computing network
CN104935607A (en) Login certification method in cloud computing network
Raisian et al. Security issues model on cloud computing: A case of Malaysia
Ashraf et al. A Survey on Data Security in Cloud Computing Using Blockchain: Challenges, Existing-State-Of-The-Art Methods, And Future Directions
Jabbar et al. Design and Implementation of Hybrid EC-RSA Security Algorithm Based on TPA for Cloud Storage
CN115048672A (en) Data auditing method and device based on block chain, processor and electronic equipment
CN111464543B (en) Teaching information safety protection system based on cloud platform
Hande et al. An analysis on data Accountability and Security in cloud
CN111125734B (en) Data processing method and system
CN114117471A (en) Confidential data management method, electronic device, storage medium, and program product
Gunjal et al. Multi authority access control mechanism for role based access control for data security in the cloud environment
Keerthana et al. Slicing, Tokenization, and Encryption Based Combinational Approach to Protect Data-at-Rest in Cloud Using TF-Sec Model
Sato The biggest problem of blockchains: key management

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150923