CN105959332A - Client server service method - Google Patents
Client server service method Download PDFInfo
- Publication number
- CN105959332A CN105959332A CN201610573776.1A CN201610573776A CN105959332A CN 105959332 A CN105959332 A CN 105959332A CN 201610573776 A CN201610573776 A CN 201610573776A CN 105959332 A CN105959332 A CN 105959332A
- Authority
- CN
- China
- Prior art keywords
- client
- service
- server
- information
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
Abstract
The invention provides a client server service method, which comprises client identity verification and client service, wherein the client identity verification comprises the following steps: 1) a client sends an identity mark of itself to a server; 2) the server receives the identity mark of the client, searches identity information of the corresponding client according to the mark, and carries out operation on the identity information of the client according to a first algorithm set and a second algorithm set to obtain first ciphertext information and second ciphertext information at the place of the server; and 3) the client carries out operation on the identity information of itself according to the first algorithm set and the second algorithm set to obtain first ciphertext information and second ciphertext information at the place of the client.
Description
Technical field
The present invention relates to server field, be specifically related to a kind of client-server method of servicing.
Background technology
Universal along with the development of information technology and the Internet, data are explosive growth, the most in recent years social networks
Fast development makes data sharp increase.The proposition of cloud computing technology and the process developing into data open new path.Cloud meter
Calculating platform and can provide a user with powerful calculating service, user only just can carry out calculating service request by Web browser, so
After upload data, finally by platform feedback data result.Client is general only at local runtime, and server can be visitor
How shared service beyond offer this locality, family, combine both the difficult problem becoming pendulum in face of people.
Summary of the invention
For the problems referred to above, the present invention provides a kind of client-server method of servicing.
The purpose of the present invention realizes by the following technical solutions:
A kind of client-server method of servicing, confirms and client service including client identity, wherein, client identity is tested
Card comprises the steps:
(1) user end to server sends the identity marks of himself;
(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the
One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server
First cipher-text information and the second cipher-text information;
(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point
Do not obtain the first cipher-text information at client and the second cipher-text information;
(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving
The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server
For legal, proceed the authentication of client;
(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving
The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor
Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.
Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client
Certification.
Preferably, described server keeps consistent with the identity information of client.
The invention have the benefit that
1, configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, and a large amount of services are difficult to
The problems such as management;
2, configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to understand concrete depositing
Storage facility information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost;
3, classification of service management module is set, by creating service catalogue, solves conventional retrieval rate low long with the time of consuming
Problem;
4, arrange service-seeking retrieval module, use vector index algorithm, improve retrieval accuracy, it is achieved that service name and
The retrieval that service function matches;
Data are encrypted by data safe processing layer and data service layer, carry by 5, configuration information safety service platform
High information security degree;
6, access safety control module is set in Platform deployment layer, substantially increases the safety of the big data management system of information security
Property.
Accompanying drawing explanation
The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limitation of the invention, for
Those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtains the attached of other according to the following drawings
Figure.
Fig. 1 is the client identity checking structural representation of the present invention.
Fig. 2 is the client service schematic diagram of the present invention.
Reference: platform interface layer-10;Platform management layer 20;Platform deployment layer 30;Data safe processing layer 40;Data
Service layer 50;Information storage module 21;Classification of service module 22;Service-seeking retrieval module 23;Access safety control module
31。
Detailed description of the invention
The invention will be further described with the following Examples.
Embodiment 1
See Fig. 1, Fig. 2, a kind of client-server method of servicing of the present embodiment, confirm and client including client identity
Service, wherein, client identity checking comprises the steps:
(1) user end to server sends the identity marks of himself;
(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the
One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server
First cipher-text information and the second cipher-text information;
(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point
Do not obtain the first cipher-text information at client and the second cipher-text information;
(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving
The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server
For legal, proceed the authentication of client;
(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving
The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor
Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.
Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client
Certification.
Preferably, described server keeps consistent with the identity information of client.
Preferably, client service includes that information sharing service platform builds and information security services platform construction, and described information is altogether
Enjoy service platform and include platform interface layer 10, platform management layer 20 and platform deployment tier 30, described information security services platform bag
Include data safe processing layer 40 and data service layer 50;
Described platform interface layer 10 passes through externally to provide unified interface, it is achieved user carries out the issue of data, inquires about and obtain;
Described platform management layer 20, is deposited including the information being sequentially connected with by the data after data safe processing resume module for management
Storage module 21, classification of service management module 22 and service query and search module 23:
(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage resource
Configuration storage resource is also coordinated in pond;
(2) classification of service management module 22, for classifying the service with similar features and forming service catalogue, uses
Algorithm be:
It is provided with services set F={f1,…,fn, m the attribute of each service in services set describes, then have fi=(fi1,…,fim),
fi∈Rm, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n;
Step1 determines cluster number k, randomly chooses k object { t1,…,tkAs cluster centre, then there is tj=(tj1,…,tjm),
tj∈Rm, wherein, j=1 ..., k;
Step2 is for each service fi, calculate its corresponding classification:
In formula, ciRepresent service fiThe class closest with k apoplexy due to endogenous wind, as the c meeting conditioniMore than one, then service fiThe most right
Should multiple classification;
Step3, for each cluster j, recalculates such cluster centre:
When the service contained in cluster j is all pertaining only to a class, then have:
When cluster j has service to belong simultaneously to w classification, then have:
In formula, { ci=j} represents the service corresponding to clustering j, { ci=jwExpression service is simultaneously corresponding to w cluster, wherein
2≤w≤k;
Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | tAfter j-tBefore j| |, tAfter jOnce gather after for
Class center, tBefore jFor a front cluster centre, according to actual application settings threshold value T, when meeting d < T, stop cluster;
Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, formed multistage on the basis of first class catalogue
Catalogue;
(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information inspection
Rope, the algorithm of employing is:
Step1 is for the service f in services setiIf comprising Feature Words C1,…,Cq, determine individual features word weights δ1,…,δq,tCqRepresent Feature Words CqAt service fiThe number of times of middle appearance, n is the service sum comprised in services set, nqTable
Show and services set comprises Feature Words CqService number, then service vector is represented by:
Step2 is for retrieval request AiIn comprise represent service Feature Words C1,…,Cs, and determine individual features word weights
σ1,…,σs,tCsRepresent Feature Words CsAt service fiThe number of times of middle appearance, maxtCsRepresent Feature Words Cs
The maximum of the number of times occurred in all services, n is the service sum comprised in services set, nsRepresent in services set and comprise feature
Word CsService number, then retrieval request vector is represented by:
Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, please to service and retrieval
The Feature Words not having in asking, its corresponding weights are 0, now haveAskWithEurope
Formula distance, provides services to user according to order from small to large;
Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver to service letter
Breath preserves, and provides client to use;
Described data safe processing layer 40, connecting platform interface layer and platform management level, for issuing user in platform interface layer
Data separate self-generating data set key encryption after carry out backing up and be uploaded to described platform management layer, extract simultaneously, upload
The metamessage of data, and be sent to after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts described data service layer,
It is sent to described data service layer after utilizing data set key described in master key encryption and described metamessage key;
Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safe processing layer
Encrypt the metamessage and key information uploaded, and provide data set to access support, and searching ciphertext sum by Platform deployment layer
According to service for checking credentials support.
Further, described Platform deployment layer 30 includes accessing safety control module 31, and described access safety control module 31 wraps
Include access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information and access control
Unit;Described data access authority control unit is for controlling the access rights of user, and described data access flow control unit is used
In the flow of control user accesses data, described data access transmission control unit is for being encrypted data transmission and recognizing safely
Card controls, and the behavior that described sensitive information access control unit is used for accessing sensitive information is monitored and is alerted, and
Operation for abnormal access limits.
Wherein, in described data access transmission control unit, for safety certification control, password is added including based on iris identification
Safety certification and safety certification based on fingerprint recognition encrypting key.
Wherein, described cloud information includes data set name, data set size and data set key word.
The present embodiment configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, takes in a large number
Business is difficult to the problems such as management;Configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to
Understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost;
Data are encrypted by data safe processing layer and data service layer, improve letter by configuration information safety service platform
Breath degree of safety;Access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security
Safety;Classification of service management module is set, by creating service catalogue, solves that conventional retrieval rate is low and the consuming time
Long problem, and service-seeking retrieval module is set, use vector index algorithm, improve retrieval accuracy, it is achieved that service
The retrieval that title and service function match, wherein the attribute number m value describing each service in services set is 4, retrieval standard
Really rate improves 0.4% relatively, and efficiency improves 0.5% relatively.
Embodiment 2
See Fig. 1, Fig. 2, a kind of client-server method of servicing of the present embodiment, confirm and client including client identity
Service, wherein, client identity checking comprises the steps:
(1) user end to server sends the identity marks of himself;
(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the
One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server
First cipher-text information and the second cipher-text information;
(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point
Do not obtain the first cipher-text information at client and the second cipher-text information;
(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving
The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server
For legal, proceed the authentication of client;
(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving
The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor
Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.
Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client
Certification.
Preferably, described server keeps consistent with the identity information of client.
Preferably, client service includes that information sharing service platform builds and information security services platform construction, and described information is altogether
Enjoy service platform and include platform interface layer 10, platform management layer 20 and platform deployment tier 30, described information security services platform bag
Include data safe processing layer 40 and data service layer 50;
Described platform interface layer 10 passes through externally to provide unified interface, it is achieved user carries out the issue of data, inquires about and obtain;
Described platform management layer 20, is deposited including the information being sequentially connected with by the data after data safe processing resume module for management
Storage module 21, classification of service management module 22 and service query and search module 23:
(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage resource
Configuration storage resource is also coordinated in pond;
(2) classification of service management module 22, for classifying the service with similar features and forming service catalogue, uses
Algorithm be:
It is provided with services set F={f1,…,fn, m the attribute of each service in services set describes, then have fi=(fi1,…,fim),
fi∈Rm, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n;
Step1 determines cluster number k, randomly chooses k object { t1,…,tkAs cluster centre, then there is tj=(tj1,…,tjm),
tj∈Rm, wherein, j=1 ..., k;
Step2 is for each service fi, calculate its corresponding classification:
In formula, ciRepresent service fiThe class closest with k apoplexy due to endogenous wind, as the c meeting conditioniMore than one, then service fiThe most right
Should multiple classification;
Step3, for each cluster j, recalculates such cluster centre:
When the service contained in cluster j is all pertaining only to a class, then have:
When cluster j has service to belong simultaneously to w classification, then have:
In formula, { ci=j} represents the service corresponding to clustering j, { ci=jwExpression service is simultaneously corresponding to w cluster, wherein
2≤w≤k;
Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | tAfter j-tBefore j| |, tAfter jOnce gather after for
Class center, tBefore jFor a front cluster centre, according to actual application settings threshold value T, when meeting d < T, stop cluster;
Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, formed multistage on the basis of first class catalogue
Catalogue;
(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information inspection
Rope, the algorithm of employing is:
Step1 is for the service f in services setiIf comprising Feature Words C1,…,Cq, determine individual features word weights δ1,…,δq,tCqRepresent Feature Words CqAt service fiThe number of times of middle appearance, n is the service sum comprised in services set, nqTable
Show and services set comprises Feature Words CqService number, then service vector is represented by:
Step2 is for retrieval request AiIn comprise represent service Feature Words C1,…,Cs, and determine individual features word weights
σ1,…,s,tCsRepresent Feature Words CsAt service fiThe number of times of middle appearance, maxtCsRepresent Feature Words Cs
The maximum of the number of times occurred in all services, n is the service sum comprised in services set, nsRepresent in services set and comprise feature
Word CsService number, then retrieval request vector is represented by:
Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, please to service and retrieval
The Feature Words not having in asking, its corresponding weights are 0, now haveAskWithEurope
Formula distance, provides services to user according to order from small to large;
Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver to service letter
Breath preserves, and provides client to use;
Described data safe processing layer 40, connecting platform interface layer and platform management level, for issuing user in platform interface layer
Data separate self-generating data set key encryption after carry out backing up and be uploaded to described platform management layer, extract simultaneously, upload
The metamessage of data, and be sent to after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts described data service layer,
It is sent to described data service layer after utilizing data set key described in master key encryption and described metamessage key;
Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safe processing layer
Encrypt the metamessage and key information uploaded, and provide data set to access support, and searching ciphertext sum by Platform deployment layer
According to service for checking credentials support.
Further, described Platform deployment layer 30 includes accessing safety control module 31, and described access safety control module 31 wraps
Include access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information and access control
Unit;Described data access authority control unit is for controlling the access rights of user, and described data access flow control unit is used
In the flow of control user accesses data, described data access transmission control unit is for being encrypted data transmission and recognizing safely
Card controls, and the behavior that described sensitive information access control unit is used for accessing sensitive information is monitored and is alerted, and
Operation for abnormal access limits.
Wherein, in described data access transmission control unit, for safety certification control, password is added including based on iris identification
Safety certification and safety certification based on fingerprint recognition encrypting key.
Wherein, described cloud information includes data set name, data set size and data set key word.
The present embodiment configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, takes in a large number
Business is difficult to the problems such as management;Configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to
Understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost;
Data are encrypted by data safe processing layer and data service layer, improve letter by configuration information safety service platform
Breath degree of safety;Access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security
Safety;Classification of service management module is set, by creating service catalogue, solves that conventional retrieval rate is low and the consuming time
Long problem, and service-seeking retrieval module is set, use vector index algorithm, improve retrieval accuracy, it is achieved that service
The retrieval that title and service function match, wherein the attribute number m value describing each service in services set is 5, retrieval standard
Really rate improves 0.45% relatively, and efficiency improves 0.4% relatively.
Embodiment 3
See Fig. 1, Fig. 2, a kind of client-server method of servicing of the present embodiment, confirm and client including client identity
Service, wherein, client identity checking comprises the steps:
(1) user end to server sends the identity marks of himself;
(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the
One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server
First cipher-text information and the second cipher-text information;
(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point
Do not obtain the first cipher-text information at client and the second cipher-text information;
(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving
The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server
For legal, proceed the authentication of client;
(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving
The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor
Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.
Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client
Certification.
Preferably, described server keeps consistent with the identity information of client.
Preferably, client service includes that information sharing service platform builds and information security services platform construction, and described information is altogether
Enjoy service platform and include platform interface layer 10, platform management layer 20 and platform deployment tier 30, described information security services platform bag
Include data safe processing layer 40 and data service layer 50;
Described platform interface layer 10 passes through externally to provide unified interface, it is achieved user carries out the issue of data, inquires about and obtain;
Described platform management layer 20, is deposited including the information being sequentially connected with by the data after data safe processing resume module for management
Storage module 21, classification of service management module 22 and service query and search module 23:
(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage resource
Configuration storage resource is also coordinated in pond;
(2) classification of service management module 22, for classifying the service with similar features and forming service catalogue, uses
Algorithm be:
It is provided with services set F={f1,…,fn, m the attribute of each service in services set describes, then have fi=(fi1,…,fim),
fi∈Rm, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n;
Step1 determines cluster number k, randomly chooses k object { t1,…,tkAs cluster centre, then there is tj=(tj1,…,tjm),
tj∈Rm, wherein, j=1 ..., k;
Step2 is for each service fi, calculate its corresponding classification:
In formula, ciRepresent service fiThe class closest with k apoplexy due to endogenous wind, as the c meeting conditioniMore than one, then service fiThe most right
Should multiple classification;
Step3, for each cluster j, recalculates such cluster centre:
When the service contained in cluster j is all pertaining only to a class, then have:
When cluster j has service to belong simultaneously to w classification, then have:
In formula, { ci=j} represents the service corresponding to clustering j, { ci=jwExpression service is simultaneously corresponding to w cluster, wherein
2≤w≤k;
Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | tAfter j-tBefore j‖, tAfter jOnce gather after for
Class center, tBefore jFor a front cluster centre, according to actual application settings threshold value T, when meeting d < T, stop cluster;
Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, formed multistage on the basis of first class catalogue
Catalogue;
(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information inspection
Rope, the algorithm of employing is:
Step1 is for the service f in services setiIf comprising Feature Words C1,…,Cq, determine individual features word weights δ1,…,δq,tCqRepresent Feature Words CqAt service fiThe number of times of middle appearance, n is the service sum comprised in services set, nqTable
Show and services set comprises Feature Words CqService number, then service vector is represented by:
Step2 is for retrieval request AiIn comprise represent service Feature Words C1,…,Cs, and determine individual features word weights
σ1,…,σs,tCsRepresent Feature Words CsAt service fiThe number of times of middle appearance, maxtCsRepresent Feature Words Cs
The maximum of the number of times occurred in all services, n is the service sum comprised in services set, nsRepresent in services set and comprise feature
Word CsService number, then retrieval request vector is represented by:
Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, please to service and retrieval
The Feature Words not having in asking, its corresponding weights are 0, now haveAskWithEurope
Formula distance, provides services to user according to order from small to large;
Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver to service letter
Breath preserves, and provides client to use;
Described data safe processing layer 40, connecting platform interface layer and platform management level, for issuing user in platform interface layer
Data separate self-generating data set key encryption after carry out backing up and be uploaded to described platform management layer, extract simultaneously, upload
The metamessage of data, and be sent to after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts described data service layer,
It is sent to described data service layer after utilizing data set key described in master key encryption and described metamessage key;
Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safe processing layer
Encrypt the metamessage and key information uploaded, and provide data set to access support, and searching ciphertext sum by Platform deployment layer
According to service for checking credentials support.
Further, described Platform deployment layer 30 includes accessing safety control module 31, and described access safety control module 31 wraps
Include access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information and access control
Unit;Described data access authority control unit is for controlling the access rights of user, and described data access flow control unit is used
In the flow of control user accesses data, described data access transmission control unit is for being encrypted data transmission and recognizing safely
Card controls, and the behavior that described sensitive information access control unit is used for accessing sensitive information is monitored and is alerted, and
Operation for abnormal access limits.
Wherein, in described data access transmission control unit, for safety certification control, password is added including based on iris identification
Safety certification and safety certification based on fingerprint recognition encrypting key.
Wherein, described cloud information includes data set name, data set size and data set key word.
The present embodiment configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, takes in a large number
Business is difficult to the problems such as management;Configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to
Understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost;
Data are encrypted by data safe processing layer and data service layer, improve letter by configuration information safety service platform
Breath degree of safety;Access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security
Safety;Classification of service management module is set, by creating service catalogue, solves that conventional retrieval rate is low and the consuming time
Long problem, and service-seeking retrieval module is set, use vector index algorithm, improve retrieval accuracy, it is achieved that service
The retrieval that title and service function match, wherein the attribute number m value describing each service in services set is 6, retrieval standard
Really rate improves 0.6% relatively, and efficiency improves 0.35% relatively.
Embodiment 4
See Fig. 1, Fig. 2, a kind of client-server method of servicing of the present embodiment, confirm and client including client identity
Service, wherein, client identity checking comprises the steps:
(1) user end to server sends the identity marks of himself;
(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the
One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server
First cipher-text information and the second cipher-text information;
(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point
Do not obtain the first cipher-text information at client and the second cipher-text information;
(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving
The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server
For legal, proceed the authentication of client;
(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving
The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor
Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.
Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client
Certification.
Preferably, described server keeps consistent with the identity information of client.
Preferably, client service includes that information sharing service platform builds and information security services platform construction, and described information is altogether
Enjoy service platform and include platform interface layer 10, platform management layer 20 and platform deployment tier 30, described information security services platform bag
Include data safe processing layer 40 and data service layer 50;
Described platform interface layer 10 passes through externally to provide unified interface, it is achieved user carries out the issue of data, inquires about and obtain;
Described platform management layer 20, is deposited including the information being sequentially connected with by the data after data safe processing resume module for management
Storage module 21, classification of service management module 22 and service query and search module 23:
(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage resource
Configuration storage resource is also coordinated in pond;
(2) classification of service management module 22, for classifying the service with similar features and forming service catalogue, uses
Algorithm be:
It is provided with services set F={f1,…,fn, m the attribute of each service in services set describes, then have fi=(fi1,…,fim),
fi∈Rm, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n;
Step1 determines cluster number k, randomly chooses k object { t1,…,tkAs cluster centre, then there is tj=(tj1,…,tjm),
tj∈Rm, wherein, j=1 ..., k;
Step2 is for each service fi, calculate its corresponding classification:
In formula, ciRepresent service fiThe class closest with k apoplexy due to endogenous wind, as the c meeting conditioniMore than one, then service fiThe most right
Should multiple classification;
Step3, for each cluster j, recalculates such cluster centre:
When the service contained in cluster j is all pertaining only to a class, then have:
When cluster j has service to belong simultaneously to w classification, then have:
In formula, { ci=j} represents the service corresponding to clustering j, { ci=jwExpression service is simultaneously corresponding to w cluster, wherein
2≤w≤k;
Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | tAfter j-tBefore j| |, tAfter jOnce gather after for
Class center, tBefore jFor a front cluster centre, according to actual application settings threshold value T, when meeting d < T, stop cluster;
Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, formed multistage on the basis of first class catalogue
Catalogue;
(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information inspection
Rope, the algorithm of employing is:
Step1 is for the service f in services setiIf comprising Feature Words C1,…,Cq, determine individual features word weights δ1,…,δq,tCqRepresent Feature Words CqAt service fiThe number of times of middle appearance, n is the service sum comprised in services set, nqTable
Show and services set comprises Feature Words CqService number, then service vector is represented by:
Step2 is for retrieval request AiIn comprise represent service Feature Words C1,…,Cs, and determine individual features word weights
σ1,…,σs,tCsRepresent Feature Words CsAt service fiThe number of times of middle appearance, maxtCsRepresent Feature Words Cs
The maximum of the number of times occurred in all services, n is the service sum comprised in services set, nsRepresent in services set and comprise feature
Word CsService number, then retrieval request vector is represented by:
Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, please to service and retrieval
The Feature Words not having in asking, its corresponding weights are 0, now haveAskWithEurope
Formula distance, provides services to user according to order from small to large;
Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver to service letter
Breath preserves, and provides client to use;
Described data safe processing layer 40, connecting platform interface layer and platform management level, for issuing user in platform interface layer
Data separate self-generating data set key encryption after carry out backing up and be uploaded to described platform management layer, extract simultaneously, upload
The metamessage of data, and be sent to after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts described data service layer,
It is sent to described data service layer after utilizing data set key described in master key encryption and described metamessage key;
Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safe processing layer
Encrypt the metamessage and key information uploaded, and provide data set to access support, and searching ciphertext sum by Platform deployment layer
According to service for checking credentials support.
Further, described Platform deployment layer 30 includes accessing safety control module 31, and described access safety control module 31 wraps
Include access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information and access control
Unit;Described data access authority control unit is for controlling the access rights of user, and described data access flow control unit is used
In the flow of control user accesses data, described data access transmission control unit is for being encrypted data transmission and recognizing safely
Card controls, and the behavior that described sensitive information access control unit is used for accessing sensitive information is monitored and is alerted, and
Operation for abnormal access limits.
Wherein, in described data access transmission control unit, for safety certification control, password is added including based on iris identification
Safety certification and safety certification based on fingerprint recognition encrypting key.
Wherein, described cloud information includes data set name, data set size and data set key word.
The present embodiment configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, takes in a large number
Business is difficult to the problems such as management;Configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to
Understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost;
Data are encrypted by data safe processing layer and data service layer, improve letter by configuration information safety service platform
Breath degree of safety;Access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security
Safety;Classification of service management module is set, by creating service catalogue, solves that conventional retrieval rate is low and the consuming time
Long problem, and service-seeking retrieval module is set, use vector index algorithm, improve retrieval accuracy, it is achieved that service
The retrieval that title and service function match, wherein the attribute number m value describing each service in services set is 7, retrieval standard
Really rate improves 0.7% relatively, and efficiency improves 0.32% relatively.
Embodiment 5
See Fig. 1, Fig. 2, a kind of client-server method of servicing of the present embodiment, confirm and client including client identity
Service, wherein, client identity checking comprises the steps:
(1) user end to server sends the identity marks of himself;
(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the
One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server
First cipher-text information and the second cipher-text information;
(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point
Do not obtain the first cipher-text information at client and the second cipher-text information;
(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving
The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server
For legal, proceed the authentication of client;
(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving
The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor
Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.
Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client
Certification.
Preferably, described server keeps consistent with the identity information of client.
Preferably, client service includes that information sharing service platform builds and information security services platform construction, and described information is altogether
Enjoy service platform and include platform interface layer 10, platform management layer 20 and platform deployment tier 30, described information security services platform bag
Include data safe processing layer 40 and data service layer 50;
Described platform interface layer 10 passes through externally to provide unified interface, it is achieved user carries out the issue of data, inquires about and obtain;
Described platform management layer 20, is deposited including the information being sequentially connected with by the data after data safe processing resume module for management
Storage module 21, classification of service management module 22 and service query and search module 23:
(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage resource
Configuration storage resource is also coordinated in pond;
(2) classification of service management module 22, for classifying the service with similar features and forming service catalogue, uses
Algorithm be:
It is provided with services set F={f1,…,fn, m the attribute of each service in services set describes, then have fi=(fi1,…,fim),
fi∈Rm, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n;
Step1 determines cluster number k, randomly chooses k object { t1,…,tkAs cluster centre, then there is tj=(tj1,…,tjm),
tj∈Rm, wherein, j=1 ..., k;
Step2 is for each service fi, calculate its corresponding classification:
In formula, ciRepresent service fiThe class closest with k apoplexy due to endogenous wind, as the c meeting conditioniMore than one, then service fiThe most right
Should multiple classification;
Step3, for each cluster j, recalculates such cluster centre:
When the service contained in cluster j is all pertaining only to a class, then have:
When cluster j has service to belong simultaneously to w classification, then have:
In formula, { ci=j} represents the service corresponding to clustering j, { ci=jwExpression service is simultaneously corresponding to w cluster, wherein
2≤w≤k;
Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | tAfter j-tBefore j‖, tAfter jOnce gather after for
Class center, tBefore jFor a front cluster centre, according to actual application settings threshold value T, when meeting d < T, stop cluster;
Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, formed multistage on the basis of first class catalogue
Catalogue;
(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information inspection
Rope, the algorithm of employing is:
Step1 is for the service f in services setiIf comprising Feature Words C1,…,Cq, determine individual features word weights δ1,…,δq,tCqRepresent Feature Words CqAt service fiThe number of times of middle appearance, n is the service sum comprised in services set, nqTable
Show and services set comprises Feature Words CqService number, then service vector is represented by:
Step2 is for retrieval request AiIn comprise represent service Feature Words C1,…,Cs, and determine individual features word weights
σ1,…,σs,tCsRepresent Feature Words CsAt service fiThe number of times of middle appearance, maxtCsRepresent Feature Words Cs
The maximum of the number of times occurred in all services, n is the service sum comprised in services set, nsRepresent in services set and comprise feature
Word CsService number, then retrieval request vector is represented by:
Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, please to service and retrieval
The Feature Words not having in asking, its corresponding weights are 0, now haveAskWithEurope
Formula distance, provides services to user according to order from small to large;
Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver to service letter
Breath preserves, and provides client to use;
Described data safe processing layer 40, connecting platform interface layer and platform management level, for issuing user in platform interface layer
Data separate self-generating data set key encryption after carry out backing up and be uploaded to described platform management layer, extract simultaneously, upload
The metamessage of data, and be sent to after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts described data service layer,
It is sent to described data service layer after utilizing data set key described in master key encryption and described metamessage key;
Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safe processing layer
Encrypt the metamessage and key information uploaded, and provide data set to access support, and searching ciphertext sum by Platform deployment layer
According to service for checking credentials support.
Further, described Platform deployment layer 30 includes accessing safety control module 31, and described access safety control module 31 wraps
Include access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information and access control
Unit;Described data access authority control unit is for controlling the access rights of user, and described data access flow control unit is used
In the flow of control user accesses data, described data access transmission control unit is for being encrypted data transmission and recognizing safely
Card controls, and the behavior that described sensitive information access control unit is used for accessing sensitive information is monitored and is alerted, and
Operation for abnormal access limits.
Wherein, in described data access transmission control unit, for safety certification control, password is added including based on iris identification
Safety certification and safety certification based on fingerprint recognition encrypting key.
Wherein, described cloud information includes data set name, data set size and data set key word.
The present embodiment configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, takes in a large number
Business is difficult to the problems such as management;Configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to
Understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost;
Data are encrypted by data safe processing layer and data service layer, improve letter by configuration information safety service platform
Breath degree of safety;Access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security
Safety;Classification of service management module is set, by creating service catalogue, solves that conventional retrieval rate is low and the consuming time
Long problem, and service-seeking retrieval module is set, use vector index algorithm, improve retrieval accuracy, it is achieved that service
The retrieval that title and service function match, wherein the attribute number m value describing each service in services set is 8, retrieval standard
Really rate improves 0.9% relatively, and efficiency improves 0.3% relatively.
Last it should be noted that, above example is only in order to illustrate technical scheme, rather than to scope
Restriction, although having made to explain to the present invention with reference to preferred embodiment, it will be understood by those within the art that,
Technical scheme can be modified or equivalent, without deviating from the spirit and scope of technical solution of the present invention.
Claims (3)
1. a client-server method of servicing, confirms and client service including client identity, wherein, and client identity
Checking comprises the steps:
(1) user end to server sends the identity marks of himself;
(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the
One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server
First cipher-text information and the second cipher-text information;
(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point
Do not obtain the first cipher-text information at client and the second cipher-text information;
(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving
The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server
For legal, proceed the authentication of client;
(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving
The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor
Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.
A kind of client-server method of servicing the most according to claim 1, described step (4) farther includes: if two
Person is different, then server is illegal, terminates the authentication of client.
A kind of client-server method of servicing the most according to claim 2, described server and the identity information of client
Keep consistent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610573776.1A CN105959332A (en) | 2016-07-20 | 2016-07-20 | Client server service method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610573776.1A CN105959332A (en) | 2016-07-20 | 2016-07-20 | Client server service method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105959332A true CN105959332A (en) | 2016-09-21 |
Family
ID=56900340
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610573776.1A Withdrawn CN105959332A (en) | 2016-07-20 | 2016-07-20 | Client server service method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105959332A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110191047A (en) * | 2019-05-31 | 2019-08-30 | 拉扎斯网络科技(上海)有限公司 | Conversational services method, apparatus, electronic equipment and computer readable storage medium |
-
2016
- 2016-07-20 CN CN201610573776.1A patent/CN105959332A/en not_active Withdrawn
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110191047A (en) * | 2019-05-31 | 2019-08-30 | 拉扎斯网络科技(上海)有限公司 | Conversational services method, apparatus, electronic equipment and computer readable storage medium |
CN110191047B (en) * | 2019-05-31 | 2021-07-30 | 拉扎斯网络科技(上海)有限公司 | Session service method, device, electronic equipment and computer-readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106209821B (en) | Information security big data management system based on credible cloud computing | |
US11429745B2 (en) | Data security hub | |
CN106230790A (en) | The method building information service platform based on cloud computing | |
US10491588B2 (en) | Local and remote access apparatus and system for password storage and management | |
CN106936771A (en) | A kind of secure cloud storage method and system based on graded encryption | |
US20120159590A1 (en) | Methods, systems, and computer program products for authenticating an identity of a user by generating a confidence indicator of the identity of the user based on a combination of multiple authentication techniques | |
CN108711051A (en) | A kind of intellectual property transaction shared platform and method based on block chain | |
US20090260072A1 (en) | Identity ownership migration | |
US20190141048A1 (en) | Blockchain identification system | |
KR20200105997A (en) | System and method for blockchain-based authentication | |
US20210099304A1 (en) | Composite identity authentication method and composite identity authentication system using same | |
JP2018523444A (en) | Versatile long string authentication key | |
WO2019205389A1 (en) | Electronic device, authentication method based on block chain, and program and computer storage medium | |
CN110855648A (en) | Early warning control method and device for network attack | |
CN102571874B (en) | On-line audit method and device in distributed system | |
CN113435505A (en) | Construction method and device for safe user portrait | |
US10778436B2 (en) | Active security token with security phantom for porting a password file | |
CN105959332A (en) | Client server service method | |
CN113010909A (en) | Data security classification method and device for scientific data sharing platform | |
CN113935070B (en) | Data processing method, device and equipment based on block chain and storage medium | |
CN106202520A (en) | A kind of device realizing information sharing | |
CN106294537A (en) | A kind of information sharing method of cloud computing platform | |
CN106161634A (en) | Use the data administrator of cloud storage | |
Mainali et al. | Privacy-enhancing context authentication from location-sensitive data | |
CN106227811A (en) | A kind of government portals information sharing service system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C04 | Withdrawal of patent application after publication (patent law 2001) | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20160921 |