CN105959332A - Client server service method - Google Patents

Abstract

The invention provides a client server service method, which comprises client identity verification and client service, wherein the client identity verification comprises the following steps: 1) a client sends an identity mark of itself to a server; 2) the server receives the identity mark of the client, searches identity information of the corresponding client according to the mark, and carries out operation on the identity information of the client according to a first algorithm set and a second algorithm set to obtain first ciphertext information and second ciphertext information at the place of the server; and 3) the client carries out operation on the identity information of itself according to the first algorithm set and the second algorithm set to obtain first ciphertext information and second ciphertext information at the place of the client.

Description

A kind of client-server method of servicing

Technical field

The present invention relates to server field, be specifically related to a kind of client-server method of servicing.

Background technology

Universal along with the development of information technology and the Internet, data are explosive growth, the most in recent years social networks Fast development makes data sharp increase.The proposition of cloud computing technology and the process developing into data open new path.Cloud meter Calculating platform and can provide a user with powerful calculating service, user only just can carry out calculating service request by Web browser, so After upload data, finally by platform feedback data result.Client is general only at local runtime, and server can be visitor How shared service beyond offer this locality, family, combine both the difficult problem becoming pendulum in face of people.

Summary of the invention

For the problems referred to above, the present invention provides a kind of client-server method of servicing.

The purpose of the present invention realizes by the following technical solutions:

A kind of client-server method of servicing, confirms and client service including client identity, wherein, client identity is tested Card comprises the steps:

(1) user end to server sends the identity marks of himself；

(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server First cipher-text information and the second cipher-text information；

(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point Do not obtain the first cipher-text information at client and the second cipher-text information；

(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server For legal, proceed the authentication of client；

(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.

Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client Certification.

Preferably, described server keeps consistent with the identity information of client.

The invention have the benefit that

1, configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, and a large amount of services are difficult to The problems such as management；

2, configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to understand concrete depositing Storage facility information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost；

3, classification of service management module is set, by creating service catalogue, solves conventional retrieval rate low long with the time of consuming Problem；

4, arrange service-seeking retrieval module, use vector index algorithm, improve retrieval accuracy, it is achieved that service name and The retrieval that service function matches；

Data are encrypted by data safe processing layer and data service layer, carry by 5, configuration information safety service platform High information security degree；

6, access safety control module is set in Platform deployment layer, substantially increases the safety of the big data management system of information security Property.

Accompanying drawing explanation

The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limitation of the invention, for Those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtains the attached of other according to the following drawings Figure.

Fig. 1 is the client identity checking structural representation of the present invention.

Fig. 2 is the client service schematic diagram of the present invention.

Reference: platform interface layer-10；Platform management layer 20；Platform deployment layer 30；Data safe processing layer 40；Data Service layer 50；Information storage module 21；Classification of service module 22；Service-seeking retrieval module 23；Access safety control module 31。

Detailed description of the invention

The invention will be further described with the following Examples.

Embodiment 1

See Fig. 1, Fig. 2, a kind of client-server method of servicing of the present embodiment, confirm and client including client identity Service, wherein, client identity checking comprises the steps:

(1) user end to server sends the identity marks of himself；

(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server First cipher-text information and the second cipher-text information；

(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point Do not obtain the first cipher-text information at client and the second cipher-text information；

(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server For legal, proceed the authentication of client；

(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.

Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client Certification.

Preferably, described server keeps consistent with the identity information of client.

Preferably, client service includes that information sharing service platform builds and information security services platform construction, and described information is altogether Enjoy service platform and include platform interface layer 10, platform management layer 20 and platform deployment tier 30, described information security services platform bag Include data safe processing layer 40 and data service layer 50；

Described platform interface layer 10 passes through externally to provide unified interface, it is achieved user carries out the issue of data, inquires about and obtain；

Described platform management layer 20, is deposited including the information being sequentially connected with by the data after data safe processing resume module for management Storage module 21, classification of service management module 22 and service query and search module 23:

(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage resource Configuration storage resource is also coordinated in pond；

(2) classification of service management module 22, for classifying the service with similar features and forming service catalogue, uses Algorithm be:

It is provided with services set F={f₁,…,f_n, m the attribute of each service in services set describes, then have f_i=(f_i1,…,f_im), f_i∈R^m, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n；

Step1 determines cluster number k, randomly chooses k object { t₁,…,t_kAs cluster centre, then there is t_j=(t_j1,…,t_jm), t_j∈R^m, wherein, j=1 ..., k；

Step2 is for each service f_i, calculate its corresponding classification:

$c_i=\arg \underset{j}{max}\frac{{\Σ}_{l=1}^m(f_{il}\×t_{jl})}{\sqrt{{\Σ}_{l=1}^m{f}_{il}^2}\×\sqrt{{\Σ}_{l=1}^m{t}_{il}^2}}$

In formula, c_iRepresent service f_iThe class closest with k apoplexy due to endogenous wind, as the c meeting condition_iMore than one, then service f_iThe most right Should multiple classification；

Step3, for each cluster j, recalculates such cluster centre:

When the service contained in cluster j is all pertaining only to a class, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

When cluster j has service to belong simultaneously to w classification, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i-{\Σ}_{i=1}^n\frac{w-1}{w}\{c_i=j_w\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

In formula, { c_i=j} represents the service corresponding to clustering j, { c_i=j_wExpression service is simultaneously corresponding to w cluster, wherein 2≤w≤k；

Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | t_{After j}-t_{Before j}| |, t_{After j}Once gather after for Class center, t_{Before j}For a front cluster centre, according to actual application settings threshold value T, when meeting d ＜ T, stop cluster；

Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, formed multistage on the basis of first class catalogue Catalogue；

(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information inspection Rope, the algorithm of employing is:

Step1 is for the service f in services set_iIf comprising Feature Words C₁,…,C_q, determine individual features word weights δ₁,…,δ_q,tC_qRepresent Feature Words C_qAt service f_iThe number of times of middle appearance, n is the service sum comprised in services set, n_qTable Show and services set comprises Feature Words C_qService number, then service vector is represented by:

$\stackrel{\→}{f_i}=({\mathrm{\δ}}_1,...,{\mathrm{\δ}}_q)$

Step2 is for retrieval request A_iIn comprise represent service Feature Words C₁,…,C_s, and determine individual features word weights σ₁,…,σ_s,tC_sRepresent Feature Words C_sAt service f_iThe number of times of middle appearance, maxtC_sRepresent Feature Words C_s The maximum of the number of times occurred in all services, n is the service sum comprised in services set, n_sRepresent in services set and comprise feature Word C_sService number, then retrieval request vector is represented by:

$\stackrel{\→}{A_i}=({\mathrm{\σ}}_1,...,{\mathrm{\σ}}_s)$

Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, please to service and retrieval The Feature Words not having in asking, its corresponding weights are 0, now haveAskWithEurope Formula distance, provides services to user according to order from small to large；

Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver to service letter Breath preserves, and provides client to use；

Described data safe processing layer 40, connecting platform interface layer and platform management level, for issuing user in platform interface layer Data separate self-generating data set key encryption after carry out backing up and be uploaded to described platform management layer, extract simultaneously, upload The metamessage of data, and be sent to after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts described data service layer, It is sent to described data service layer after utilizing data set key described in master key encryption and described metamessage key；

Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safe processing layer Encrypt the metamessage and key information uploaded, and provide data set to access support, and searching ciphertext sum by Platform deployment layer According to service for checking credentials support.

Further, described Platform deployment layer 30 includes accessing safety control module 31, and described access safety control module 31 wraps Include access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information and access control Unit；Described data access authority control unit is for controlling the access rights of user, and described data access flow control unit is used In the flow of control user accesses data, described data access transmission control unit is for being encrypted data transmission and recognizing safely Card controls, and the behavior that described sensitive information access control unit is used for accessing sensitive information is monitored and is alerted, and Operation for abnormal access limits.

Wherein, in described data access transmission control unit, for safety certification control, password is added including based on iris identification Safety certification and safety certification based on fingerprint recognition encrypting key.

Wherein, described cloud information includes data set name, data set size and data set key word.

The present embodiment configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, takes in a large number Business is difficult to the problems such as management；Configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to Understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost； Data are encrypted by data safe processing layer and data service layer, improve letter by configuration information safety service platform Breath degree of safety；Access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security Safety；Classification of service management module is set, by creating service catalogue, solves that conventional retrieval rate is low and the consuming time Long problem, and service-seeking retrieval module is set, use vector index algorithm, improve retrieval accuracy, it is achieved that service The retrieval that title and service function match, wherein the attribute number m value describing each service in services set is 4, retrieval standard Really rate improves 0.4% relatively, and efficiency improves 0.5% relatively.

Embodiment 2

See Fig. 1, Fig. 2, a kind of client-server method of servicing of the present embodiment, confirm and client including client identity Service, wherein, client identity checking comprises the steps:

(1) user end to server sends the identity marks of himself；

(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server First cipher-text information and the second cipher-text information；

(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point Do not obtain the first cipher-text information at client and the second cipher-text information；

(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server For legal, proceed the authentication of client；

(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.

Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client Certification.

Preferably, described server keeps consistent with the identity information of client.

Preferably, client service includes that information sharing service platform builds and information security services platform construction, and described information is altogether Enjoy service platform and include platform interface layer 10, platform management layer 20 and platform deployment tier 30, described information security services platform bag Include data safe processing layer 40 and data service layer 50；

Described platform interface layer 10 passes through externally to provide unified interface, it is achieved user carries out the issue of data, inquires about and obtain；

Described platform management layer 20, is deposited including the information being sequentially connected with by the data after data safe processing resume module for management Storage module 21, classification of service management module 22 and service query and search module 23:

(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage resource Configuration storage resource is also coordinated in pond；

(2) classification of service management module 22, for classifying the service with similar features and forming service catalogue, uses Algorithm be:

It is provided with services set F={f₁,…,f_n, m the attribute of each service in services set describes, then have f_i=(f_i1,…,f_im), f_i∈R^m, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n；

Step1 determines cluster number k, randomly chooses k object { t₁,…,t_kAs cluster centre, then there is t_j=(t_j1,…,t_jm), t_j∈R^m, wherein, j=1 ..., k；

Step2 is for each service f_i, calculate its corresponding classification:

$c_i=\arg \underset{j}{max}\frac{{\Σ}_{l=1}^m(f_{il}\×t_{jl})}{\sqrt{{\Σ}_{l=1}^m{f}_{il}^2}\×\sqrt{{\Σ}_{l=1}^m{t}_{il}^2}}$

In formula, c_iRepresent service f_iThe class closest with k apoplexy due to endogenous wind, as the c meeting condition_iMore than one, then service f_iThe most right Should multiple classification；

Step3, for each cluster j, recalculates such cluster centre:

When the service contained in cluster j is all pertaining only to a class, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

When cluster j has service to belong simultaneously to w classification, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i-{\Σ}_{i=1}^n\frac{w-1}{w}\{c_i=j_w\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

In formula, { c_i=j} represents the service corresponding to clustering j, { c_i=j_wExpression service is simultaneously corresponding to w cluster, wherein 2≤w≤k；

Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | t_{After j}-t_{Before j}| |, t_{After j}Once gather after for Class center, t_{Before j}For a front cluster centre, according to actual application settings threshold value T, when meeting d ＜ T, stop cluster；

Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, formed multistage on the basis of first class catalogue Catalogue；

(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information inspection Rope, the algorithm of employing is:

Step1 is for the service f in services set_iIf comprising Feature Words C₁,…,C_q, determine individual features word weights δ₁,…,δ_q,tC_qRepresent Feature Words C_qAt service f_iThe number of times of middle appearance, n is the service sum comprised in services set, n_qTable Show and services set comprises Feature Words C_qService number, then service vector is represented by:

$\stackrel{\→}{f_i}=({\mathrm{\δ}}_1,...,{\mathrm{\δ}}_q)$

Step2 is for retrieval request A_iIn comprise represent service Feature Words C₁,…,C_s, and determine individual features word weights σ₁,…,_s,tC_sRepresent Feature Words C_sAt service f_iThe number of times of middle appearance, maxtC_sRepresent Feature Words C_s The maximum of the number of times occurred in all services, n is the service sum comprised in services set, n_sRepresent in services set and comprise feature Word C_sService number, then retrieval request vector is represented by:

$\stackrel{\→}{A_i}=({\mathrm{\σ}}_1,...,{\mathrm{\σ}}_s)$

Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, please to service and retrieval The Feature Words not having in asking, its corresponding weights are 0, now haveAskWithEurope Formula distance, provides services to user according to order from small to large；

Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver to service letter Breath preserves, and provides client to use；

Described data safe processing layer 40, connecting platform interface layer and platform management level, for issuing user in platform interface layer Data separate self-generating data set key encryption after carry out backing up and be uploaded to described platform management layer, extract simultaneously, upload The metamessage of data, and be sent to after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts described data service layer, It is sent to described data service layer after utilizing data set key described in master key encryption and described metamessage key；

Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safe processing layer Encrypt the metamessage and key information uploaded, and provide data set to access support, and searching ciphertext sum by Platform deployment layer According to service for checking credentials support.

Further, described Platform deployment layer 30 includes accessing safety control module 31, and described access safety control module 31 wraps Include access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information and access control Unit；Described data access authority control unit is for controlling the access rights of user, and described data access flow control unit is used In the flow of control user accesses data, described data access transmission control unit is for being encrypted data transmission and recognizing safely Card controls, and the behavior that described sensitive information access control unit is used for accessing sensitive information is monitored and is alerted, and Operation for abnormal access limits.

Wherein, in described data access transmission control unit, for safety certification control, password is added including based on iris identification Safety certification and safety certification based on fingerprint recognition encrypting key.

Wherein, described cloud information includes data set name, data set size and data set key word.

The present embodiment configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, takes in a large number Business is difficult to the problems such as management；Configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to Understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost； Data are encrypted by data safe processing layer and data service layer, improve letter by configuration information safety service platform Breath degree of safety；Access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security Safety；Classification of service management module is set, by creating service catalogue, solves that conventional retrieval rate is low and the consuming time Long problem, and service-seeking retrieval module is set, use vector index algorithm, improve retrieval accuracy, it is achieved that service The retrieval that title and service function match, wherein the attribute number m value describing each service in services set is 5, retrieval standard Really rate improves 0.45% relatively, and efficiency improves 0.4% relatively.

Embodiment 3

See Fig. 1, Fig. 2, a kind of client-server method of servicing of the present embodiment, confirm and client including client identity Service, wherein, client identity checking comprises the steps:

(1) user end to server sends the identity marks of himself；

(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server First cipher-text information and the second cipher-text information；

(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point Do not obtain the first cipher-text information at client and the second cipher-text information；

(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server For legal, proceed the authentication of client；

(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.

Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client Certification.

Preferably, described server keeps consistent with the identity information of client.

Preferably, client service includes that information sharing service platform builds and information security services platform construction, and described information is altogether Enjoy service platform and include platform interface layer 10, platform management layer 20 and platform deployment tier 30, described information security services platform bag Include data safe processing layer 40 and data service layer 50；

Described platform interface layer 10 passes through externally to provide unified interface, it is achieved user carries out the issue of data, inquires about and obtain；

Described platform management layer 20, is deposited including the information being sequentially connected with by the data after data safe processing resume module for management Storage module 21, classification of service management module 22 and service query and search module 23:

(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage resource Configuration storage resource is also coordinated in pond；

(2) classification of service management module 22, for classifying the service with similar features and forming service catalogue, uses Algorithm be:

It is provided with services set F={f₁,…,f_n, m the attribute of each service in services set describes, then have f_i=(f_i1,…,f_im), f_i∈R^m, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n；

Step1 determines cluster number k, randomly chooses k object { t₁,…,t_kAs cluster centre, then there is t_j=(t_j1,…,t_jm), t_j∈R^m, wherein, j=1 ..., k；

Step2 is for each service f_i, calculate its corresponding classification:

$c_i=\arg \underset{j}{max}\frac{{\Σ}_{l=1}^m(f_{il}\×t_{jl})}{\sqrt{{\Σ}_{l=1}^m{f}_{il}^2}\×\sqrt{{\Σ}_{l=1}^m{t}_{il}^2}}$

In formula, c_iRepresent service f_iThe class closest with k apoplexy due to endogenous wind, as the c meeting condition_iMore than one, then service f_iThe most right Should multiple classification；

Step3, for each cluster j, recalculates such cluster centre:

When the service contained in cluster j is all pertaining only to a class, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

When cluster j has service to belong simultaneously to w classification, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i-{\Σ}_{i=1}^n\frac{w-1}{w}\{c_i=j_w\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

In formula, { c_i=j} represents the service corresponding to clustering j, { c_i=j_wExpression service is simultaneously corresponding to w cluster, wherein 2≤w≤k；

Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | t_{After j}-t_{Before j}‖, t_{After j}Once gather after for Class center, t_{Before j}For a front cluster centre, according to actual application settings threshold value T, when meeting d ＜ T, stop cluster；

Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, formed multistage on the basis of first class catalogue Catalogue；

(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information inspection Rope, the algorithm of employing is:

Step1 is for the service f in services set_iIf comprising Feature Words C₁,…,C_q, determine individual features word weights δ₁,…,δ_q,tC_qRepresent Feature Words C_qAt service f_iThe number of times of middle appearance, n is the service sum comprised in services set, n_qTable Show and services set comprises Feature Words C_qService number, then service vector is represented by:

$\stackrel{\→}{f_i}=({\mathrm{\δ}}_1,...,{\mathrm{\δ}}_q)$

Step2 is for retrieval request A_iIn comprise represent service Feature Words C₁,…,C_s, and determine individual features word weights σ₁,…,σ_s,tC_sRepresent Feature Words C_sAt service f_iThe number of times of middle appearance, maxtC_sRepresent Feature Words C_s The maximum of the number of times occurred in all services, n is the service sum comprised in services set, n_sRepresent in services set and comprise feature Word C_sService number, then retrieval request vector is represented by:

$\stackrel{\→}{A_i}=({\mathrm{\σ}}_1,...,{\mathrm{\σ}}_s)$

Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, please to service and retrieval The Feature Words not having in asking, its corresponding weights are 0, now haveAskWithEurope Formula distance, provides services to user according to order from small to large；

Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver to service letter Breath preserves, and provides client to use；

Described data safe processing layer 40, connecting platform interface layer and platform management level, for issuing user in platform interface layer Data separate self-generating data set key encryption after carry out backing up and be uploaded to described platform management layer, extract simultaneously, upload The metamessage of data, and be sent to after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts described data service layer, It is sent to described data service layer after utilizing data set key described in master key encryption and described metamessage key；

Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safe processing layer Encrypt the metamessage and key information uploaded, and provide data set to access support, and searching ciphertext sum by Platform deployment layer According to service for checking credentials support.

Further, described Platform deployment layer 30 includes accessing safety control module 31, and described access safety control module 31 wraps Include access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information and access control Unit；Described data access authority control unit is for controlling the access rights of user, and described data access flow control unit is used In the flow of control user accesses data, described data access transmission control unit is for being encrypted data transmission and recognizing safely Card controls, and the behavior that described sensitive information access control unit is used for accessing sensitive information is monitored and is alerted, and Operation for abnormal access limits.

Wherein, in described data access transmission control unit, for safety certification control, password is added including based on iris identification Safety certification and safety certification based on fingerprint recognition encrypting key.

Wherein, described cloud information includes data set name, data set size and data set key word.

The present embodiment configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, takes in a large number Business is difficult to the problems such as management；Configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to Understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost； Data are encrypted by data safe processing layer and data service layer, improve letter by configuration information safety service platform Breath degree of safety；Access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security Safety；Classification of service management module is set, by creating service catalogue, solves that conventional retrieval rate is low and the consuming time Long problem, and service-seeking retrieval module is set, use vector index algorithm, improve retrieval accuracy, it is achieved that service The retrieval that title and service function match, wherein the attribute number m value describing each service in services set is 6, retrieval standard Really rate improves 0.6% relatively, and efficiency improves 0.35% relatively.

Embodiment 4

See Fig. 1, Fig. 2, a kind of client-server method of servicing of the present embodiment, confirm and client including client identity Service, wherein, client identity checking comprises the steps:

(1) user end to server sends the identity marks of himself；

(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server First cipher-text information and the second cipher-text information；

(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point Do not obtain the first cipher-text information at client and the second cipher-text information；

(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server For legal, proceed the authentication of client；

(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.

Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client Certification.

Preferably, described server keeps consistent with the identity information of client.

Preferably, client service includes that information sharing service platform builds and information security services platform construction, and described information is altogether Enjoy service platform and include platform interface layer 10, platform management layer 20 and platform deployment tier 30, described information security services platform bag Include data safe processing layer 40 and data service layer 50；

Described platform interface layer 10 passes through externally to provide unified interface, it is achieved user carries out the issue of data, inquires about and obtain；

Described platform management layer 20, is deposited including the information being sequentially connected with by the data after data safe processing resume module for management Storage module 21, classification of service management module 22 and service query and search module 23:

(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage resource Configuration storage resource is also coordinated in pond；

(2) classification of service management module 22, for classifying the service with similar features and forming service catalogue, uses Algorithm be:

It is provided with services set F={f₁,…,f_n, m the attribute of each service in services set describes, then have f_i=(f_i1,…,f_im), f_i∈R^m, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n；

Step1 determines cluster number k, randomly chooses k object { t₁,…,t_kAs cluster centre, then there is t_j=(t_j1,…,t_jm), t_j∈R^m, wherein, j=1 ..., k；

Step2 is for each service f_i, calculate its corresponding classification:

$c_i=\arg \underset{j}{max}\frac{{\Σ}_{l=1}^m(f_{il}\×t_{jl})}{\sqrt{{\Σ}_{l=1}^m{f}_{il}^2}\×\sqrt{{\Σ}_{l=1}^m{t}_{il}^2}}$

In formula, c_iRepresent service f_iThe class closest with k apoplexy due to endogenous wind, as the c meeting condition_iMore than one, then service f_iThe most right Should multiple classification；

Step3, for each cluster j, recalculates such cluster centre:

When the service contained in cluster j is all pertaining only to a class, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

When cluster j has service to belong simultaneously to w classification, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i-{\Σ}_{i=1}^n\frac{w-1}{w}\{c_i=j_w\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

In formula, { c_i=j} represents the service corresponding to clustering j, { c_i=j_wExpression service is simultaneously corresponding to w cluster, wherein 2≤w≤k；

Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | t_{After j}-t_{Before j}| |, t_{After j}Once gather after for Class center, t_{Before j}For a front cluster centre, according to actual application settings threshold value T, when meeting d ＜ T, stop cluster；

Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, formed multistage on the basis of first class catalogue Catalogue；

(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information inspection Rope, the algorithm of employing is:

Step1 is for the service f in services set_iIf comprising Feature Words C₁,…,C_q, determine individual features word weights δ₁,…,δ_q,tC_qRepresent Feature Words C_qAt service f_iThe number of times of middle appearance, n is the service sum comprised in services set, n_qTable Show and services set comprises Feature Words C_qService number, then service vector is represented by:

$\stackrel{\→}{f_i}=({\mathrm{\δ}}_1,...,{\mathrm{\δ}}_q)$

Step2 is for retrieval request A_iIn comprise represent service Feature Words C₁,…,C_s, and determine individual features word weights σ₁,…,σ_s,tC_sRepresent Feature Words C_sAt service f_iThe number of times of middle appearance, maxtC_sRepresent Feature Words C_s The maximum of the number of times occurred in all services, n is the service sum comprised in services set, n_sRepresent in services set and comprise feature Word C_sService number, then retrieval request vector is represented by:

$\stackrel{\→}{A_i}=({\mathrm{\σ}}_1,...,{\mathrm{\σ}}_s)$

Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, please to service and retrieval The Feature Words not having in asking, its corresponding weights are 0, now haveAskWithEurope Formula distance, provides services to user according to order from small to large；

Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver to service letter Breath preserves, and provides client to use；

Described data safe processing layer 40, connecting platform interface layer and platform management level, for issuing user in platform interface layer Data separate self-generating data set key encryption after carry out backing up and be uploaded to described platform management layer, extract simultaneously, upload The metamessage of data, and be sent to after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts described data service layer, It is sent to described data service layer after utilizing data set key described in master key encryption and described metamessage key；

Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safe processing layer Encrypt the metamessage and key information uploaded, and provide data set to access support, and searching ciphertext sum by Platform deployment layer According to service for checking credentials support.

Further, described Platform deployment layer 30 includes accessing safety control module 31, and described access safety control module 31 wraps Include access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information and access control Unit；Described data access authority control unit is for controlling the access rights of user, and described data access flow control unit is used In the flow of control user accesses data, described data access transmission control unit is for being encrypted data transmission and recognizing safely Card controls, and the behavior that described sensitive information access control unit is used for accessing sensitive information is monitored and is alerted, and Operation for abnormal access limits.

Wherein, in described data access transmission control unit, for safety certification control, password is added including based on iris identification Safety certification and safety certification based on fingerprint recognition encrypting key.

Wherein, described cloud information includes data set name, data set size and data set key word.

The present embodiment configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, takes in a large number Business is difficult to the problems such as management；Configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to Understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost； Data are encrypted by data safe processing layer and data service layer, improve letter by configuration information safety service platform Breath degree of safety；Access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security Safety；Classification of service management module is set, by creating service catalogue, solves that conventional retrieval rate is low and the consuming time Long problem, and service-seeking retrieval module is set, use vector index algorithm, improve retrieval accuracy, it is achieved that service The retrieval that title and service function match, wherein the attribute number m value describing each service in services set is 7, retrieval standard Really rate improves 0.7% relatively, and efficiency improves 0.32% relatively.

Embodiment 5

See Fig. 1, Fig. 2, a kind of client-server method of servicing of the present embodiment, confirm and client including client identity Service, wherein, client identity checking comprises the steps:

(1) user end to server sends the identity marks of himself；

(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server First cipher-text information and the second cipher-text information；

(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point Do not obtain the first cipher-text information at client and the second cipher-text information；

(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server For legal, proceed the authentication of client；

(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.

Preferably, described step (4) farther includes: if the two is different, then server is illegal, terminates the identity of client Certification.

Preferably, described server keeps consistent with the identity information of client.

Preferably, client service includes that information sharing service platform builds and information security services platform construction, and described information is altogether Enjoy service platform and include platform interface layer 10, platform management layer 20 and platform deployment tier 30, described information security services platform bag Include data safe processing layer 40 and data service layer 50；

Described platform interface layer 10 passes through externally to provide unified interface, it is achieved user carries out the issue of data, inquires about and obtain；

Described platform management layer 20, is deposited including the information being sequentially connected with by the data after data safe processing resume module for management Storage module 21, classification of service management module 22 and service query and search module 23:

(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage resource Configuration storage resource is also coordinated in pond；

(2) classification of service management module 22, for classifying the service with similar features and forming service catalogue, uses Algorithm be:

It is provided with services set F={f₁,…,f_n, m the attribute of each service in services set describes, then have f_i=(f_i1,…,f_im), f_i∈R^m, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n；

Step1 determines cluster number k, randomly chooses k object { t₁,…,t_kAs cluster centre, then there is t_j=(t_j1,…,t_jm), t_j∈R^m, wherein, j=1 ..., k；

Step2 is for each service f_i, calculate its corresponding classification:

$c_i=\arg \underset{j}{max}\frac{{\Σ}_{l=1}^m(f_{il}\×t_{jl})}{\sqrt{{\Σ}_{l=1}^m{f}_{il}^2}\×\sqrt{{\Σ}_{l=1}^m{t}_{il}^2}}$

In formula, c_iRepresent service f_iThe class closest with k apoplexy due to endogenous wind, as the c meeting condition_iMore than one, then service f_iThe most right Should multiple classification；

Step3, for each cluster j, recalculates such cluster centre:

When the service contained in cluster j is all pertaining only to a class, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

When cluster j has service to belong simultaneously to w classification, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i-{\Σ}_{i=1}^n\frac{w-1}{w}\{c_i=j_w\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

In formula, { c_i=j} represents the service corresponding to clustering j, { c_i=j_wExpression service is simultaneously corresponding to w cluster, wherein 2≤w≤k；

Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | t_{After j}-t_{Before j}‖, t_{After j}Once gather after for Class center, t_{Before j}For a front cluster centre, according to actual application settings threshold value T, when meeting d ＜ T, stop cluster；

Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, formed multistage on the basis of first class catalogue Catalogue；

(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information inspection Rope, the algorithm of employing is:

Step1 is for the service f in services set_iIf comprising Feature Words C₁,…,C_q, determine individual features word weights δ₁,…,δ_q,tC_qRepresent Feature Words C_qAt service f_iThe number of times of middle appearance, n is the service sum comprised in services set, n_qTable Show and services set comprises Feature Words C_qService number, then service vector is represented by:

$\stackrel{\→}{f_i}=({\mathrm{\δ}}_1,...,{\mathrm{\δ}}_q)$

Step2 is for retrieval request A_iIn comprise represent service Feature Words C₁,…,C_s, and determine individual features word weights σ₁,…,σ_s,tC_sRepresent Feature Words C_sAt service f_iThe number of times of middle appearance, maxtC_sRepresent Feature Words C_s The maximum of the number of times occurred in all services, n is the service sum comprised in services set, n_sRepresent in services set and comprise feature Word C_sService number, then retrieval request vector is represented by:

$\stackrel{\→}{A_i}=({\mathrm{\σ}}_1,...,{\mathrm{\σ}}_s)$

Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, please to service and retrieval The Feature Words not having in asking, its corresponding weights are 0, now haveAskWithEurope Formula distance, provides services to user according to order from small to large；

Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver to service letter Breath preserves, and provides client to use；

Described data safe processing layer 40, connecting platform interface layer and platform management level, for issuing user in platform interface layer Data separate self-generating data set key encryption after carry out backing up and be uploaded to described platform management layer, extract simultaneously, upload The metamessage of data, and be sent to after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts described data service layer, It is sent to described data service layer after utilizing data set key described in master key encryption and described metamessage key；

Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safe processing layer Encrypt the metamessage and key information uploaded, and provide data set to access support, and searching ciphertext sum by Platform deployment layer According to service for checking credentials support.

Further, described Platform deployment layer 30 includes accessing safety control module 31, and described access safety control module 31 wraps Include access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information and access control Unit；Described data access authority control unit is for controlling the access rights of user, and described data access flow control unit is used In the flow of control user accesses data, described data access transmission control unit is for being encrypted data transmission and recognizing safely Card controls, and the behavior that described sensitive information access control unit is used for accessing sensitive information is monitored and is alerted, and Operation for abnormal access limits.

Wherein, in described data access transmission control unit, for safety certification control, password is added including based on iris identification Safety certification and safety certification based on fingerprint recognition encrypting key.

Wherein, described cloud information includes data set name, data set size and data set key word.

The present embodiment configuration information sharing service platform, efficiently solves the pressure concentration that centralized service management causes, takes in a large number Business is difficult to the problems such as management；Configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to Understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost； Data are encrypted by data safe processing layer and data service layer, improve letter by configuration information safety service platform Breath degree of safety；Access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security Safety；Classification of service management module is set, by creating service catalogue, solves that conventional retrieval rate is low and the consuming time Long problem, and service-seeking retrieval module is set, use vector index algorithm, improve retrieval accuracy, it is achieved that service The retrieval that title and service function match, wherein the attribute number m value describing each service in services set is 8, retrieval standard Really rate improves 0.9% relatively, and efficiency improves 0.3% relatively.

Last it should be noted that, above example is only in order to illustrate technical scheme, rather than to scope Restriction, although having made to explain to the present invention with reference to preferred embodiment, it will be understood by those within the art that, Technical scheme can be modified or equivalent, without deviating from the spirit and scope of technical solution of the present invention.

Claims (3)

1. a client-server method of servicing, confirms and client service including client identity, wherein, and client identity Checking comprises the steps:

(1) user end to server sends the identity marks of himself；

(2) server receives the identity marks of client, inquires about the identity information of corresponding client according to this labelling, and according to the One algorithm group and the second algorithm group carry out computing to the identity information of this client respectively, respectively obtain at server First cipher-text information and the second cipher-text information；

(3) client carries out computing to the identity information of himself respectively according to the first algorithm group and the second algorithm group, point Do not obtain the first cipher-text information at client and the second cipher-text information；

(4) the first cipher-text information generated at server is sent to client by server, raw at the client server to receiving The first cipher-text information at the first cipher-text information become client with itself compares, if the two is identical, then and server For legal, proceed the authentication of client；

(5) the second cipher-text information generated at client is sent to server by client, raw at the server client to receiving The second cipher-text information at the second cipher-text information and server become compares, if the two is identical, then server thinks this visitor Family end is legitimate client, if the two is different, then it is assumed that this client is illegitimate client.

A kind of client-server method of servicing the most according to claim 1, described step (4) farther includes: if two Person is different, then server is illegal, terminates the authentication of client.

A kind of client-server method of servicing the most according to claim 2, described server and the identity information of client Keep consistent.