CN105554127B - The private clound back mechanism of the safe cryptographic means of multi-layer data - Google Patents
The private clound back mechanism of the safe cryptographic means of multi-layer data Download PDFInfo
- Publication number
- CN105554127B CN105554127B CN201510961350.9A CN201510961350A CN105554127B CN 105554127 B CN105554127 B CN 105554127B CN 201510961350 A CN201510961350 A CN 201510961350A CN 105554127 B CN105554127 B CN 105554127B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- backup
- user
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The present invention relates to technical field of data backup, the private clound back mechanism of especially a kind of safe cryptographic means of multi-layer data, the mechanism combines closely multi-layer security process and the backup procedure of cloud standby system, guarantees the data safety of cloud standby system using multi-layer security and piecemeal storage means.
Description
Technical field
The present invention relates to cloud computing and field of information security technology, the private of especially a kind of safe cryptographic means of multi-layer data
There is cloud back mechanism.
Background technique
A large amount of resource unified managements with network connection and scheduling can be constituted a resource pool and pressed to user by cloud computing
It needs to service, realizes effective storage and processing of big data.Cloud computing includes public cloud, private clound and three kinds of mixed cloud, wherein private
Cloud is to be used alone and build for a company or tissue, is capable of providing the data of more secret, higher safety and more
Good service quality.
Private clound backup is the concept to grow up on the basis of privately owned cloud computing, is by differences various in private clound
The storage equipment of type gathers collaborative work by application software, provides data backup memory and business access.By right
Some important data and data etc. are backed up, and can prevent server failure, improve working efficiency, reduce data maintenance and
The cost of management.Therefore, the storage of cloud standby system is some important data, needs to guarantee data security.
102882933 B of Chinese invention patent application CN authorizes a kind of encryption cloud storage system, including Cloud Server,
Client, data storage, detection management module, encrypting module and signature blocks, the data storage pass through encryption mould
Block and signature blocks are communicated with Cloud Server, are obtained to guarantee that the data of user are not identified by server, are guaranteed simultaneously
User can by client high-efficiency query search, addition, delete file and data.But the invention only encrypts and data
Simple combination, not with cloud backup operating process combine closely, the safety requirements being unable to satisfy in cloud standby system.
103414762 A of Chinese invention patent application CN discloses a kind of cloud backup method and device, described device include
Receiving module, generation module and processing module firstly generate and the use the method includes being directed to a plurality of operational order of user
The corresponding backup tasks queue in family, and then backup tasks corresponding with each operational order are sent into the queue, so that cloud
Back-up device only needs to access a database, and then each backup tasks is called to complete the backup operation to the memory space, from
And the access load of database is greatly reduced, improve the treatment effeciency of backup operation.But the invention is only simple to be supported
The encryption of data uploads and downloading, the safety requirements being unable to satisfy in cloud standby system.
Summary of the invention
In view of the above drawbacks of the prior art, the private clound for proposing a kind of safe cryptographic means of multi-layer data is standby by the present invention
Part mechanism.This system includes service interface, partitioned controllers and backup server composition;Wherein, the service interface is to user
Identity and permission verified and managed, and the backup request of user is analyzed, by Backup Data carry out piecemeal and plus
Close and partitioned controllers are communicated, and the partitioned controllers control several servers or backup node, and are responsible for backup number
According to the encryption of control information.In addition, can be in communication with each other between the partitioned controllers.
Further, the service interface include authentication module, purview certification module, encrypting module, deciphering module,
Task-decomposing module, cache module;Wherein, the authentication module includes authentication module and purview certification module, is prevented non-
Method user and illegal operation;The encrypting module is responsible for requesting the Backup Data of downloading to encrypt user;The decryption mould
Block is responsible for requesting the Backup Data uploaded to encrypt user;The cache module be responsible for user request upload or downloading
Backup Data is cached, and guarantees the continuity of data transmission.
Further, the partitioned controllers include encrypting module, deciphering module, communication module;Wherein, the encryption mould
Block encrypts the data of upload;The data of reading are decrypted in deciphering module;The communication module is responsible for connecing to service
Mouth report resource utilization power, and notified to server.
Further, the backup services node is responsible for backing up the Backup Data of encryption.
Further, the private clound standby system includes application layer, management level, virtual resource layer and physical resource layer four
Layer composition.Wherein, the application layer includes rights management, authentication, transmission data encryption etc.;The management level include data
Encryption, the backup of more duplicates, monitoring resource, control and interactive cooperation;The virtual resource layer piecemeal resource encryption and storage;It is described
Physical resource layer is responsible for specific storage and backup.
Further, after service interface in user Xiang Yun standby system application layer carries out data backup requests, data into
After row transmission encryption, cloud standby system is uploaded to.
Further, after the management level receive the order of application layer, data and its control information are carried out further
Encryption;
Further, the virtual resource layer further encrypts the data descended from management level.
After above-mentioned multi-layer security mechanism, for private clound data, transmission safety, the control information of data can be realized
Safety, storage safety etc., improve the safety of private clound Backup Data.
Detailed description of the invention
The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
Fig. 1 is system block diagram of the invention.
Fig. 2 is hierarchical system block diagram of the invention.
Fig. 3 is data hierarchy ciphering process schematic diagram.
In figure: 1 is user, and 2 be cloud backup services interface, and 3 be partitioned controllers, and 4 be backup services node;101 be to answer
With layer, 102 be management level, 103 for virtual resource once, 104 be physical resource layer.
Specific embodiment
As shown in Figure 1, the private clound back mechanism of the safe cryptographic means of multi-layer data of the invention includes cloud backup services
Interface 2, partitioned controllers 3, backup services node 4;Wherein, the cloud backup services interface 2 to the identity of user and permission into
Row verifying and management, and the backup request of user is analyzed, Backup Data is subjected to piecemeal and encryption and partitioned controllers
It is communicated, the partitioned controllers 3 control several servers or backup node, and are responsible for adding for Backup Data control information
It is close.In addition, can be in communication with each other between the partitioned controllers.
Further, the cloud backup services interface 2 includes authentication module, purview certification module, encrypting module, solution
Close module, Task-decomposing module, cache module;Wherein, the authentication module includes authentication module and purview certification module,
Prevent illegal user and illegal operation;The encrypting module is responsible for requesting the Backup Data of downloading to encrypt user;It is described
Deciphering module is responsible for requesting the Backup Data uploaded to encrypt user;The cache module be responsible for user request upload or
The Backup Data of downloading is cached, and guarantees the continuity of data transmission.
Further, the partitioned controllers 3 include encrypting module, deciphering module, communication module;Wherein, the encryption
Module encrypts the data of upload;The data of reading are decrypted in deciphering module;The communication module is responsible for service
Interface report resource utilization, and notified to server.
Further, the backup services node 4 is responsible for backing up the Backup Data of encryption.
As shown in Fig. 2, private clound standby system includes application layer 101, management level 102, virtual resource layer 103 and physics money
Active layer 104.Wherein, the application layer 101 includes rights management, authentication, transmission data encryption etc.;The management level 102
Including data encryption, the backup of more duplicates, monitoring resource, control and interactive cooperation;The 103 piecemeal resource encryption of virtual resource layer
And storage;The physical resource layer 104 is responsible for specific storage and backup.
As shown in figure 3, carrying out control information by transmission encryption when the data of user are uploaded from user terminal in management level and adding
Close and data encryption realizes block encryption storage in virtual resource layer, multi-layer security has been achieved, effective to guarantee backup number
According to safety.
Although specific embodiments of the present invention have been described above, those skilled in the art should be appreciated that this
It is merely illustrative of, various changes or modifications can be made to present embodiment, without departing from the principle and substance of the present invention,
Protection scope of the present invention is only limited by the claims that follow.
Claims (3)
1. a kind of private clound standby system of the safe cryptographic means of multi-layer data, it is characterised in that: the system comprises services to connect
Mouthful, partitioned controllers and backup server composition;Wherein,
The service interface is verified and is managed to the identity and permission of user, and is analyzed the backup request of user,
Backup Data is subjected to piecemeal and encryption and partitioned controllers communicate;
The partitioned controllers control several servers or backup node, and are responsible for the encryption of Backup Data control information;
The service interface include authentication module, purview certification module, encrypting module, deciphering module, Task-decomposing module,
Cache module;Wherein,
The authentication module includes authentication module and purview certification module, prevents illegal user and illegal operation;
The encrypting module is responsible for requesting the Backup Data of downloading to encrypt user;
The deciphering module is responsible for requesting the Backup Data uploaded to be decrypted user;
The cache module is responsible for requesting user to upload or the Backup Data of downloading caches, and guarantees the continuous of data transmission
Property;
The partitioned controllers include encrypting module, deciphering module, communication module;Wherein,
The encrypting module encrypts the data of upload;
The data of reading are decrypted in the deciphering module;
The communication module is responsible for service interface report resource utilization power, and notifies to server;
The safe cryptographic means of the multi-layer data, refer to:
When user data upload is to cloud standby system, data carry out transmission encryption;User encryption data and its control information exist
Management level are further encrypted;User encryption data after piecemeal are further encrypted in virtual resource layer.
2. the private clound standby system of the safe cryptographic means of multi-layer data according to claim 1, the partitioned controllers
Between can be in communication with each other.
3. the private clound standby system of the safe cryptographic means of multi-layer data according to claim 2, the backup node is negative
Duty backs up the Backup Data of encryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510961350.9A CN105554127B (en) | 2015-12-22 | 2015-12-22 | The private clound back mechanism of the safe cryptographic means of multi-layer data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510961350.9A CN105554127B (en) | 2015-12-22 | 2015-12-22 | The private clound back mechanism of the safe cryptographic means of multi-layer data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105554127A CN105554127A (en) | 2016-05-04 |
| CN105554127B true CN105554127B (en) | 2019-04-26 |
Family
ID=55833059
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510961350.9A Active CN105554127B (en) | 2015-12-22 | 2015-12-22 | The private clound back mechanism of the safe cryptographic means of multi-layer data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105554127B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106936819B (en) * | 2017-03-01 | 2019-11-01 | 无锡紫光存储系统有限公司 | Cloud storage subsystem and safe storage system |
| CN109214206A (en) * | 2018-08-01 | 2019-01-15 | 武汉普利商用机器有限公司 | cloud backup storage system and method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103379103A (en) * | 2012-04-24 | 2013-10-30 | 长春易申软件有限公司 | Linear encryption and decryption hardware implementation method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102148798A (en) * | 2010-02-04 | 2011-08-10 | 上海果壳电子有限公司 | Method for efficiently, parallelly and safely encrypting and decrypting high-capacity data packets |
| CN102014133B (en) * | 2010-11-26 | 2013-08-21 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
| CN102546181B (en) * | 2012-01-09 | 2014-12-17 | 西安电子科技大学 | Cloud storage encrypting and deciphering method based on secret key pool |
-
2015
- 2015-12-22 CN CN201510961350.9A patent/CN105554127B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103379103A (en) * | 2012-04-24 | 2013-10-30 | 长春易申软件有限公司 | Linear encryption and decryption hardware implementation method |
Non-Patent Citations (1)
| Title |
|---|
| 《支持多级隐私保护的云备份系统的研究与实现》;叶薇;《中国优秀硕士学位论文全文数据库-信息科技辑》;20141115(第11期);正文第12-13、23-24、36-38页,附图2-1,2-11 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105554127A (en) | 2016-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102685148B (en) | Method for realizing secure network backup system under cloud storage environment | |
| Tysowski et al. | Hybrid attribute-and re-encryption-based key management for secure and scalable mobile applications in clouds | |
| US9165158B2 (en) | Encryption key management using distributed storage of encryption-key fragments | |
| CN102761521B (en) | Cloud security storage and sharing service platform | |
| US8745384B2 (en) | Security management in a group based environment | |
| CN104917741B (en) | A kind of plain text document public network secure transmission system based on USBKEY | |
| CN107948156B (en) | Identity-based closed key management method and system | |
| CN104113595A (en) | Mixed cloud storage system and method based on safety grading | |
| CN104023085A (en) | Security cloud storage system based on increment synchronization | |
| CN105429752B (en) | The processing method and system of user key under a kind of cloud environment | |
| CN106330868A (en) | Encrypted storage key management system and method of high-speed network | |
| CN103530570A (en) | Electronic document safety management system and method | |
| CN103534976A (en) | Data security protection method, server, host, and system | |
| CN110162998B (en) | Identity encryption equivalence test method, device, system and medium based on user group | |
| CN104735087A (en) | Public key algorithm and SSL (security socket layer) protocol based method of optimizing security of multi-cluster Hadoop system | |
| CN113645195B (en) | Cloud medical record ciphertext access control system and method based on CP-ABE and SM4 | |
| CN201919030U (en) | System for storing and managing network files | |
| CN103973440A (en) | File cloud security management method and system based on CPK | |
| KR20120132708A (en) | Distributed access priviledge management apparatus and method in cloud computing environments | |
| Thilakanathan et al. | Secure multiparty data sharing in the cloud using hardware-based TPM devices | |
| CN105554127B (en) | The private clound back mechanism of the safe cryptographic means of multi-layer data | |
| CN109726584A (en) | Cloud database key management system | |
| CN112199431B (en) | Metadata-based data sharing method and data sharing system | |
| Katre et al. | Trusted third party for data security in cloud environment | |
| KR101862722B1 (en) | Cloud Data Management Method for Cloud Service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |