CN106161654A - A kind of cloud educational system - Google Patents
A kind of cloud educational system Download PDFInfo
- Publication number
- CN106161654A CN106161654A CN201610782493.8A CN201610782493A CN106161654A CN 106161654 A CN106161654 A CN 106161654A CN 201610782493 A CN201610782493 A CN 201610782493A CN 106161654 A CN106161654 A CN 106161654A
- Authority
- CN
- China
- Prior art keywords
- data
- education
- cloud
- terminal
- services center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention provides a kind of cloud educational system, including cloud education services center, customer mobile terminal and education terminal, described cloud education services center is used for storing education resource data, the more newly requested education terminal more newly requested to initiation data of data according to education terminal issues education resource data, request of data of uploading according to customer mobile terminal uploads the customer mobile terminal offer memory space of request of data to initiation, and manages the education terminal being attached thereto;Described customer mobile terminal provides interface service for uploading education resource data for user's Xiang Yun education services center;Described education terminal is more newly requested for initiating data to cloud education services center, and receives the education resource data that cloud education services center issues.The present invention by education resource data store in cloud education services center, more new education terminal by the way of instant request, to reach to save manpower, and can infinitely expand the memory capacity of education resource data.
Description
Technical field
The present invention relates to communication and Internet technical field, be specifically related to a kind of cloud educational system.
Background technology
In correlation technique, educational resource is many to be come by traditional paper, multimedia CD or independent multimedia terminal
Realize, although numerous in variety, but papery and disc medium can only periodically deliver content update by manpower, and
Then cannot upgrade in independent multimedia terminal.Thus, teaching resource updates the most delayed, if desired has rich in natural resources, its
The cost needed is the most high.
Summary of the invention
For solving the problems referred to above, it is desirable to provide a kind of cloud educational system.
The purpose of the present invention realizes by the following technical solutions:
Provide a kind of cloud educational system, including cloud education services center, customer mobile terminal and education terminal, described use
Family mobile terminal, education terminal are connected with described cloud education services center to center communications respectively;Described cloud education services center is used for depositing
Storage education resource data, issues religion according to the data of education terminal are more newly requested to the education terminal initiating data more newly requested
Educate with resource data, carry according to the customer mobile terminal that request of data uploads request of data to initiation of uploading of customer mobile terminal
For memory space, and manage the education terminal being attached thereto;Described customer mobile terminal is for in user's Xiang Yun education services
Do missionary work to educate in the heart and provide interface service with resource data;Described education terminal updates for initiating data to cloud education services center
Request, and receive the education resource data that cloud education services center issues.
The invention have the benefit that education resource data can be uploaded to cloud education services by customer mobile terminal at any time
Center, enriches the data in the minds of in cloud education services;In education sector, in the content update mode of innovation, education is used
Resource data store in cloud education services center, more new education terminal by the way of instant request, to reach to save manpower, and
And the unlimited memory capacity expanding education resource data, thus solve above-mentioned technical problem.
Accompanying drawing explanation
The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limit to the present invention
System, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain according to the following drawings
Other accompanying drawing.
Fig. 1 is present configuration connection diagram.
Fig. 2 is the structural representation of data safety management system of the present invention.
Reference:
Cloud education services center 1, customer mobile terminal 2, education terminal 3, data safety management system 4, data, services system
System 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43, security management center 44.
Detailed description of the invention
The invention will be further described with the following Examples.
Application scenarios 1
See Fig. 1, Fig. 2, the cloud educational system of an embodiment of this application scene, including cloud education services center 1, use
Family mobile terminal 2 and education terminal 3, described customer mobile terminal 2, education terminal 3 are led to described cloud education services center 1 respectively
Letter connects;Described cloud education services center 1 is used for storing education resource data, and the data according to education terminal 3 are more newly requested
Issuing education resource data to the education terminal 3 initiating data more newly requested, the data of uploading according to customer mobile terminal 2 please
Ask and upload the customer mobile terminal 2 of request of data to initiation memory space is provided, and manage the education terminal 3 being attached thereto;Institute
State customer mobile terminal 2 and provide interface service for uploading education resource data for user's Xiang Yun education services center 1;Described
Education terminal 3 is more newly requested for initiating data to cloud education services center 1, and receives the religion that cloud education services center 1 issues
Educate and use resource data.
Education resource data can be uploaded to cloud education services by the customer mobile terminal 2 of the above embodiment of the present invention at any time
Center 1, the data in abundant cloud education services center 1;In education sector, in the content update mode of innovation, will education
By resource data store in cloud education services center 1, more new education terminal 3 by the way of instant request, to reach to save people
Power, and infinitely expand the memory capacity of education resource data, thus solve above-mentioned technical problem.
Preferably, described cloud education services center 1 includes:
More newly requested receiver module, the data initiated to cloud education services center 1 for receiving education terminal 3 update please
Ask;
Parsing module, is used for resolving described data more newly requested, obtains the education resource data that education terminal 3 needs;
Memory module, is used for storing education resource data and cloud terminal management data;
Sending module, for issuing the education resource data of needs to education terminal 3.
This preferred embodiment achieves cloud education services center 1 and is updated the education resource data of education terminal 3
Function.
Preferably, described cloud education services center 1 also includes managing module, is used for being attached thereto by control command management
Education terminal 3;Described sending module is also used for sending management control command.
This preferred embodiment achieves the function of cloud education services center 1 management education terminal 3.
Preferably, described cloud educational system also includes the data safety for managing the data in cloud education services center 1
Management system 4;Described data safety management system 4 includes that data service system 40, data pretreatment 41, cloud storage add solution
Close system 42, control system 43 and security management center 44;Described data service system 40 is used for being responsible for education resource data
Storage with cloud terminal management data, back up and inquire about;Described data pretreatment 41 is for carrying out the data that need to maintain secrecy
Pretreatment;Described cloud storage encrypting and deciphering system 42 is used for the data to maintaining secrecy of the access control safety strategy according to optimization and carries out
Encryption or deciphering;The education resource data store that described control system 43 is used for uploading is to corresponding storage device;Described
Security management center 44 is for carrying out unified monitoring management to each security of system.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, described responsible education resource data and the storage of cloud terminal management data, back up and inquire about, including:
(1) data form is changed, set up and be applicable to the form that non-relational database carries out storing;
(2) split data into basic data and expert data, use the strategy of centralized and distributed combination that data are entered
Row storage, during storage, all data all back up;The strategy of described centralized and distributed combination includes: for higher than presetting
The basic data of frequency uses centralised storage, is safeguarded, for the professional number less than predeterminated frequency by control data corporation is unified
According to using distributed storage, safeguard respectively at each expert data center;
(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue
Rope;Input key word at search engine, data are carried out precise search;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined
Consider, not only data are encrypted, the host-host protocol of data are encrypted simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace
Full policy optimization unit, described data partitioning unit for being divided into the data acquisition system of multiple mutual exclusion to the data that need to maintain secrecy;Institute
State data pick-up unit for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, by each data
First data cell in set sequentially extracts, and preserves as small block data, Qi Zhongsuo together with described ordering rule
State and there is not any association between the data cell two-by-two that mutual exclusion represents in data acquisition system;Described access control safety policy optimization
Unit generates the access control safety plan of system for access control safety policy optimization method based on fine granularity division of resources
Omit, including:
(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described
Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number
According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class
Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described by the education resource data store uploaded to corresponding storage device, including:
(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out
Encryption;
(2) cloud storing in cloud service center after remaining information data being encrypted by cloud storage encrypting and deciphering system 42 is deposited
Storage module;Wherein, after cloud storage module receives data, cloud is saved in memory node after these data are carried out completeness check
In.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and
Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty
Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency;
Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety
Store after strategy to cloud storage module, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology
The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud from depositing
Storage manager illegally steals, distorts the private data of user, improves the security performance of the information data storing that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described data to maintaining secrecy are encrypted or decipher, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
CKUAID=(∝AID,βAID)
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage module are carried out data to add
Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext
CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:
DK=IK | | AK
B, utilize data key DK that the data that need to store cloud storage module are carried out data encryption, after obtaining ciphertext CT,
Utilize attribute PKI that AK is encrypted, generate attribute key ciphertext CTA, utilize identity public key that IK is encrypted, generate identity key close
Literary composition CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close
Key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CKUAIDWith attribute private key CKAID
Decryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconstruct data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data
Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously;To the data of cloud storage module need to be stored, respectively
Structure the encryption and decryption key of identity-based, attribute encryption and decryption key, merge composition data encryption key and be encrypted these data,
Thus the user only meeting identity and attribute double condition can decipher, and greatly improves data safety management system 4 simultaneously
Security performance.
In this application scenarios, update cycle T takes 6, and the safety of data safety management system 4 improves 12% relatively.
Application scenarios 2
See Fig. 1, Fig. 2, the cloud educational system of an embodiment of this application scene, including cloud education services center 1, use
Family mobile terminal 2 and education terminal 3, described customer mobile terminal 2, education terminal 3 are led to described cloud education services center 1 respectively
Letter connects;Described cloud education services center 1 is used for storing education resource data, and the data according to education terminal 3 are more newly requested
Issuing education resource data to the education terminal 3 initiating data more newly requested, the data of uploading according to customer mobile terminal 2 please
Ask and upload the customer mobile terminal 2 of request of data to initiation memory space is provided, and manage the education terminal 3 being attached thereto;Institute
State customer mobile terminal 2 and provide interface service for uploading education resource data for user's Xiang Yun education services center 1;Described
Education terminal 3 is more newly requested for initiating data to cloud education services center 1, and receives the religion that cloud education services center 1 issues
Educate and use resource data.
Education resource data can be uploaded to cloud education services by the customer mobile terminal 2 of the above embodiment of the present invention at any time
Center 1, the data in abundant cloud education services center 1;In education sector, in the content update mode of innovation, will education
By resource data store in cloud education services center 1, more new education terminal 3 by the way of instant request, to reach to save people
Power, and infinitely expand the memory capacity of education resource data, thus solve above-mentioned technical problem.
Preferably, described cloud education services center 1 includes:
More newly requested receiver module, the data initiated to cloud education services center 1 for receiving education terminal 3 update please
Ask;
Parsing module, is used for resolving described data more newly requested, obtains the education resource data that education terminal 3 needs;
Memory module, is used for storing education resource data and cloud terminal management data;
Sending module, for issuing the education resource data of needs to education terminal 3.
This preferred embodiment achieves cloud education services center 1 and is updated the education resource data of education terminal 3
Function.
Preferably, described cloud education services center 1 also includes managing module, is used for being attached thereto by control command management
Education terminal 3;Described sending module is also used for sending management control command.
This preferred embodiment achieves the function of cloud education services center 1 management education terminal 3.
Preferably, described cloud educational system also includes the data safety for managing the data in cloud education services center 1
Management system 4;Described data safety management system 4 includes that data service system 40, data pretreatment 41, cloud storage add solution
Close system 42, control system 43 and security management center 44;Described data service system 40 is used for being responsible for education resource data
Storage with cloud terminal management data, back up and inquire about;Described data pretreatment 41 is for carrying out the data that need to maintain secrecy
Pretreatment;Described cloud storage encrypting and deciphering system 42 is used for the data to maintaining secrecy of the access control safety strategy according to optimization and carries out
Encryption or deciphering;The education resource data store that described control system 43 is used for uploading is to corresponding storage device;Described
Security management center 44 is for carrying out unified monitoring management to each security of system.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, described responsible education resource data and the storage of cloud terminal management data, back up and inquire about, including:
(1) data form is changed, set up and be applicable to the form that non-relational database carries out storing;
(2) split data into basic data and expert data, use the strategy of centralized and distributed combination that data are entered
Row storage, during storage, all data all back up;The strategy of described centralized and distributed combination includes: for higher than presetting
The basic data of frequency uses centralised storage, is safeguarded, for the professional number less than predeterminated frequency by control data corporation is unified
According to using distributed storage, safeguard respectively at each expert data center;
(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue
Rope;Input key word at search engine, data are carried out precise search;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined
Consider, not only data are encrypted, the host-host protocol of data are encrypted simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace
Full policy optimization unit, described data partitioning unit for being divided into the data acquisition system of multiple mutual exclusion to the data that need to maintain secrecy;Institute
State data pick-up unit for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, by each data
First data cell in set sequentially extracts, and preserves as small block data, Qi Zhongsuo together with described ordering rule
State and there is not any association between the data cell two-by-two that mutual exclusion represents in data acquisition system;Described access control safety policy optimization
Unit generates the access control safety plan of system for access control safety policy optimization method based on fine granularity division of resources
Omit, including:
(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described
Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number
According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class
Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described by the education resource data store uploaded to corresponding storage device, including:
(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out
Encryption;
(2) cloud storing in cloud service center after remaining information data being encrypted by cloud storage encrypting and deciphering system 42 is deposited
Storage module;Wherein, after cloud storage module receives data, cloud is saved in memory node after these data are carried out completeness check
In.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and
Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty
Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency;
Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety
Store after strategy to cloud storage module, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology
The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud from depositing
Storage manager illegally steals, distorts the private data of user, improves the security performance of the information data storing that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described data to maintaining secrecy are encrypted or decipher, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
CKUAID=(∝AID,βAID)
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage module are carried out data to add
Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext
CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:
DK=IK | | AK
B, utilize data key DK that the data that need to store cloud storage module are carried out data encryption, after obtaining ciphertext CT,
Utilize attribute PKI that AK is encrypted, generate attribute key ciphertext CTA, utilize identity public key that IK is encrypted, generate identity key close
Literary composition CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close
Key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CKUAIDWith attribute private key CKAID
Decryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconstruct data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data
Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously;To the data of cloud storage module need to be stored, respectively
Structure the encryption and decryption key of identity-based, attribute encryption and decryption key, merge composition data encryption key and be encrypted these data,
Thus the user only meeting identity and attribute double condition can decipher, and greatly improves data safety management system 4 simultaneously
Security performance.
In this application scenarios, update cycle T takes 7, and the safety of data safety management system 4 improves 11% relatively.
Application scenarios 3
See Fig. 1, Fig. 2, the cloud educational system of an embodiment of this application scene, including cloud education services center 1, use
Family mobile terminal 2 and education terminal 3, described customer mobile terminal 2, education terminal 3 are led to described cloud education services center 1 respectively
Letter connects;Described cloud education services center 1 is used for storing education resource data, and the data according to education terminal 3 are more newly requested
Issuing education resource data to the education terminal 3 initiating data more newly requested, the data of uploading according to customer mobile terminal 2 please
Ask and upload the customer mobile terminal 2 of request of data to initiation memory space is provided, and manage the education terminal 3 being attached thereto;Institute
State customer mobile terminal 2 and provide interface service for uploading education resource data for user's Xiang Yun education services center 1;Described
Education terminal 3 is more newly requested for initiating data to cloud education services center 1, and receives the religion that cloud education services center 1 issues
Educate and use resource data.
Education resource data can be uploaded to cloud education services by the customer mobile terminal 2 of the above embodiment of the present invention at any time
Center 1, the data in abundant cloud education services center 1;In education sector, in the content update mode of innovation, will education
By resource data store in cloud education services center 1, more new education terminal 3 by the way of instant request, to reach to save people
Power, and infinitely expand the memory capacity of education resource data, thus solve above-mentioned technical problem.
Preferably, described cloud education services center 1 includes:
More newly requested receiver module, the data initiated to cloud education services center 1 for receiving education terminal 3 update please
Ask;
Parsing module, is used for resolving described data more newly requested, obtains the education resource data that education terminal 3 needs;
Memory module, is used for storing education resource data and cloud terminal management data;
Sending module, for issuing the education resource data of needs to education terminal 3.
This preferred embodiment achieves cloud education services center 1 and is updated the education resource data of education terminal 3
Function.
Preferably, described cloud education services center 1 also includes managing module, is used for being attached thereto by control command management
Education terminal 3;Described sending module is also used for sending management control command.
This preferred embodiment achieves the function of cloud education services center 1 management education terminal 3.
Preferably, described cloud educational system also includes the data safety for managing the data in cloud education services center 1
Management system 4;Described data safety management system 4 includes that data service system 40, data pretreatment 41, cloud storage add solution
Close system 42, control system 43 and security management center 44;Described data service system 40 is used for being responsible for education resource data
Storage with cloud terminal management data, back up and inquire about;Described data pretreatment 41 is for carrying out the data that need to maintain secrecy
Pretreatment;Described cloud storage encrypting and deciphering system 42 is used for the data to maintaining secrecy of the access control safety strategy according to optimization and carries out
Encryption or deciphering;The education resource data store that described control system 43 is used for uploading is to corresponding storage device;Described
Security management center 44 is for carrying out unified monitoring management to each security of system.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, described responsible education resource data and the storage of cloud terminal management data, back up and inquire about, including:
(1) data form is changed, set up and be applicable to the form that non-relational database carries out storing;
(2) split data into basic data and expert data, use the strategy of centralized and distributed combination that data are entered
Row storage, during storage, all data all back up;The strategy of described centralized and distributed combination includes: for higher than presetting
The basic data of frequency uses centralised storage, is safeguarded, for the professional number less than predeterminated frequency by control data corporation is unified
According to using distributed storage, safeguard respectively at each expert data center;
(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue
Rope;Input key word at search engine, data are carried out precise search;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined
Consider, not only data are encrypted, the host-host protocol of data are encrypted simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace
Full policy optimization unit, described data partitioning unit for being divided into the data acquisition system of multiple mutual exclusion to the data that need to maintain secrecy;Institute
State data pick-up unit for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, by each data
First data cell in set sequentially extracts, and preserves as small block data, Qi Zhongsuo together with described ordering rule
State and there is not any association between the data cell two-by-two that mutual exclusion represents in data acquisition system;Described access control safety policy optimization
Unit generates the access control safety plan of system for access control safety policy optimization method based on fine granularity division of resources
Omit, including:
(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described
Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number
According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class
Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described by the education resource data store uploaded to corresponding storage device, including:
(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out
Encryption;
(2) cloud storing in cloud service center after remaining information data being encrypted by cloud storage encrypting and deciphering system 42 is deposited
Storage module;Wherein, after cloud storage module receives data, cloud is saved in memory node after these data are carried out completeness check
In.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and
Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty
Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency;
Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety
Store after strategy to cloud storage module, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology
The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud from depositing
Storage manager illegally steals, distorts the private data of user, improves the security performance of the information data storing that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described data to maintaining secrecy are encrypted or decipher, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
CKUAID=(∝AID,βAID)
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage module are carried out data to add
Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext
CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:
DK=IK | | AK
B, utilize data key DK that the data that need to store cloud storage module are carried out data encryption, after obtaining ciphertext CT,
Utilize attribute PKI that AK is encrypted, generate attribute key ciphertext CTA, utilize identity public key that IK is encrypted, generate identity key close
Literary composition CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close
Key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CKUAIDWith attribute private key CKAID
Decryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconstruct data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data
Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously;To the data of cloud storage module need to be stored, respectively
Structure the encryption and decryption key of identity-based, attribute encryption and decryption key, merge composition data encryption key and be encrypted these data,
Thus the user only meeting identity and attribute double condition can decipher, and greatly improves data safety management system 4 simultaneously
Security performance.
In this application scenarios, update cycle T takes 8, and the safety of data safety management system 4 improves 10% relatively.
Application scenarios 4
See Fig. 1, Fig. 2, the cloud educational system of an embodiment of this application scene, including cloud education services center 1, use
Family mobile terminal 2 and education terminal 3, described customer mobile terminal 2, education terminal 3 are led to described cloud education services center 1 respectively
Letter connects;Described cloud education services center 1 is used for storing education resource data, and the data according to education terminal 3 are more newly requested
Issuing education resource data to the education terminal 3 initiating data more newly requested, the data of uploading according to customer mobile terminal 2 please
Ask and upload the customer mobile terminal 2 of request of data to initiation memory space is provided, and manage the education terminal 3 being attached thereto;Institute
State customer mobile terminal 2 and provide interface service for uploading education resource data for user's Xiang Yun education services center 1;Described
Education terminal 3 is more newly requested for initiating data to cloud education services center 1, and receives the religion that cloud education services center 1 issues
Educate and use resource data.
Education resource data can be uploaded to cloud education services by the customer mobile terminal 2 of the above embodiment of the present invention at any time
Center 1, the data in abundant cloud education services center 1;In education sector, in the content update mode of innovation, will education
By resource data store in cloud education services center 1, more new education terminal 3 by the way of instant request, to reach to save people
Power, and infinitely expand the memory capacity of education resource data, thus solve above-mentioned technical problem.
Preferably, described cloud education services center 1 includes:
More newly requested receiver module, the data initiated to cloud education services center 1 for receiving education terminal 3 update please
Ask;
Parsing module, is used for resolving described data more newly requested, obtains the education resource data that education terminal 3 needs;
Memory module, is used for storing education resource data and cloud terminal management data;
Sending module, for issuing the education resource data of needs to education terminal 3.
This preferred embodiment achieves cloud education services center 1 and is updated the education resource data of education terminal 3
Function.
Preferably, described cloud education services center 1 also includes managing module, is used for being attached thereto by control command management
Education terminal 3;Described sending module is also used for sending management control command.
This preferred embodiment achieves the function of cloud education services center 1 management education terminal 3.
Preferably, described cloud educational system also includes the data safety for managing the data in cloud education services center 1
Management system 4;Described data safety management system 4 includes that data service system 40, data pretreatment 41, cloud storage add solution
Close system 42, control system 43 and security management center 44;Described data service system 40 is used for being responsible for education resource data
Storage with cloud terminal management data, back up and inquire about;Described data pretreatment 41 is for carrying out the data that need to maintain secrecy
Pretreatment;Described cloud storage encrypting and deciphering system 42 is used for the data to maintaining secrecy of the access control safety strategy according to optimization and carries out
Encryption or deciphering;The education resource data store that described control system 43 is used for uploading is to corresponding storage device;Described
Security management center 44 is for carrying out unified monitoring management to each security of system.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, described responsible education resource data and the storage of cloud terminal management data, back up and inquire about, including:
(1) data form is changed, set up and be applicable to the form that non-relational database carries out storing;
(2) split data into basic data and expert data, use the strategy of centralized and distributed combination that data are entered
Row storage, during storage, all data all back up;The strategy of described centralized and distributed combination includes: for higher than presetting
The basic data of frequency uses centralised storage, is safeguarded, for the professional number less than predeterminated frequency by control data corporation is unified
According to using distributed storage, safeguard respectively at each expert data center;
(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue
Rope;Input key word at search engine, data are carried out precise search;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined
Consider, not only data are encrypted, the host-host protocol of data are encrypted simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace
Full policy optimization unit, described data partitioning unit for being divided into the data acquisition system of multiple mutual exclusion to the data that need to maintain secrecy;Institute
State data pick-up unit for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, by each data
First data cell in set sequentially extracts, and preserves as small block data, Qi Zhongsuo together with described ordering rule
State and there is not any association between the data cell two-by-two that mutual exclusion represents in data acquisition system;Described access control safety policy optimization
Unit generates the access control safety plan of system for access control safety policy optimization method based on fine granularity division of resources
Omit, including:
(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described
Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number
According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class
Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described by the education resource data store uploaded to corresponding storage device, including:
(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out
Encryption;
(2) cloud storing in cloud service center after remaining information data being encrypted by cloud storage encrypting and deciphering system 42 is deposited
Storage module;Wherein, after cloud storage module receives data, cloud is saved in memory node after these data are carried out completeness check
In.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and
Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty
Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency;
Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety
Store after strategy to cloud storage module, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology
The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud from depositing
Storage manager illegally steals, distorts the private data of user, improves the security performance of the information data storing that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described data to maintaining secrecy are encrypted or decipher, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
CKUAID=(∝AID,βAID)
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage module are carried out data to add
Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext
CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:
DK=IK | | AK
B, utilize data key DK that the data that need to store cloud storage module are carried out data encryption, after obtaining ciphertext CT,
Utilize attribute PKI that AK is encrypted, generate attribute key ciphertext CTA, utilize identity public key that IK is encrypted, generate identity key close
Literary composition CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close
Key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CKUAIDWith attribute private key CKAID
Decryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconstruct data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data
Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously;To the data of cloud storage module need to be stored, respectively
Structure the encryption and decryption key of identity-based, attribute encryption and decryption key, merge composition data encryption key and be encrypted these data,
Thus the user only meeting identity and attribute double condition can decipher, and greatly improves data safety management system 4 simultaneously
Security performance.
In this application scenarios, update cycle T takes 9, and the safety of data safety management system 4 improves 9% relatively.
Application scenarios 5
See Fig. 1, Fig. 2, the cloud educational system of an embodiment of this application scene, including cloud education services center 1, use
Family mobile terminal 2 and education terminal 3, described customer mobile terminal 2, education terminal 3 are led to described cloud education services center 1 respectively
Letter connects;Described cloud education services center 1 is used for storing education resource data, and the data according to education terminal 3 are more newly requested
Issuing education resource data to the education terminal 3 initiating data more newly requested, the data of uploading according to customer mobile terminal 2 please
Ask and upload the customer mobile terminal 2 of request of data to initiation memory space is provided, and manage the education terminal 3 being attached thereto;Institute
State customer mobile terminal 2 and provide interface service for uploading education resource data for user's Xiang Yun education services center 1;Described
Education terminal 3 is more newly requested for initiating data to cloud education services center 1, and receives the religion that cloud education services center 1 issues
Educate and use resource data.
Education resource data can be uploaded to cloud education services by the customer mobile terminal 2 of the above embodiment of the present invention at any time
Center 1, the data in abundant cloud education services center 1;In education sector, in the content update mode of innovation, will education
By resource data store in cloud education services center 1, more new education terminal 3 by the way of instant request, to reach to save people
Power, and infinitely expand the memory capacity of education resource data, thus solve above-mentioned technical problem.
Preferably, described cloud education services center 1 includes:
More newly requested receiver module, the data initiated to cloud education services center 1 for receiving education terminal 3 update please
Ask;
Parsing module, is used for resolving described data more newly requested, obtains the education resource data that education terminal 3 needs;
Memory module, is used for storing education resource data and cloud terminal management data;
Sending module, for issuing the education resource data of needs to education terminal 3.
This preferred embodiment achieves cloud education services center 1 and is updated the education resource data of education terminal 3
Function.
Preferably, described cloud education services center 1 also includes managing module, is used for being attached thereto by control command management
Education terminal 3;Described sending module is also used for sending management control command.
This preferred embodiment achieves the function of cloud education services center 1 management education terminal 3.
Preferably, described cloud educational system also includes the data safety for managing the data in cloud education services center 1
Management system 4;Described data safety management system 4 includes that data service system 40, data pretreatment 41, cloud storage add solution
Close system 42, control system 43 and security management center 44;Described data service system 40 is used for being responsible for education resource data
Storage with cloud terminal management data, back up and inquire about;Described data pretreatment 41 is for carrying out the data that need to maintain secrecy
Pretreatment;Described cloud storage encrypting and deciphering system 42 is used for the data to maintaining secrecy of the access control safety strategy according to optimization and carries out
Encryption or deciphering;The education resource data store that described control system 43 is used for uploading is to corresponding storage device;Described
Security management center 44 is for carrying out unified monitoring management to each security of system.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, described responsible education resource data and the storage of cloud terminal management data, back up and inquire about, including:
(1) data form is changed, set up and be applicable to the form that non-relational database carries out storing;
(2) split data into basic data and expert data, use the strategy of centralized and distributed combination that data are entered
Row storage, during storage, all data all back up;The strategy of described centralized and distributed combination includes: for higher than presetting
The basic data of frequency uses centralised storage, is safeguarded, for the professional number less than predeterminated frequency by control data corporation is unified
According to using distributed storage, safeguard respectively at each expert data center;
(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue
Rope;Input key word at search engine, data are carried out precise search;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined
Consider, not only data are encrypted, the host-host protocol of data are encrypted simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace
Full policy optimization unit, described data partitioning unit for being divided into the data acquisition system of multiple mutual exclusion to the data that need to maintain secrecy;Institute
State data pick-up unit for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, by each data
First data cell in set sequentially extracts, and preserves as small block data, Qi Zhongsuo together with described ordering rule
State and there is not any association between the data cell two-by-two that mutual exclusion represents in data acquisition system;Described access control safety policy optimization
Unit generates the access control safety plan of system for access control safety policy optimization method based on fine granularity division of resources
Omit, including:
(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described
Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number
According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class
Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described by the education resource data store uploaded to corresponding storage device, including:
(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out
Encryption;
(2) cloud storing in cloud service center after remaining information data being encrypted by cloud storage encrypting and deciphering system 42 is deposited
Storage module;Wherein, after cloud storage module receives data, cloud is saved in memory node after these data are carried out completeness check
In.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and
Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty
Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency;
Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety
Store after strategy to cloud storage module, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology
The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud from depositing
Storage manager illegally steals, distorts the private data of user, improves the security performance of the information data storing that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described data to maintaining secrecy are encrypted or decipher, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
CKUAID=(∝AID,βAID)
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage module are carried out data to add
Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext
CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:
DK=IK | | AK
B, utilize data key DK that the data that need to store cloud storage module are carried out data encryption, after obtaining ciphertext CT,
Utilize attribute PKI that AK is encrypted, generate attribute key ciphertext CTA, utilize identity public key that IK is encrypted, generate identity key close
Literary composition CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close
Key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CKUAIDWith attribute private key CKAID
Decryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconstruct data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data
Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously;To the data of cloud storage module need to be stored, respectively
Structure the encryption and decryption key of identity-based, attribute encryption and decryption key, merge composition data encryption key and be encrypted these data,
Thus the user only meeting identity and attribute double condition can decipher, and greatly improves data safety management system 4 simultaneously
Security performance.
In this application scenarios, update cycle T takes 10, and the safety of data safety management system 4 improves 8% relatively.
Last it should be noted that, above example is only in order to illustrate technical scheme, rather than the present invention is protected
Protecting the restriction of scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should
Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention
Matter and scope.
Claims (3)
1. a cloud educational system, it is characterised in that include cloud education services center, customer mobile terminal and education terminal, institute
State customer mobile terminal, education terminal is connected with described cloud education services center to center communications respectively;Described cloud education services center is used
Store education resource data, more newly requested to initiating under the education terminal that data are more newly requested according to the data of education terminal
Send out education resource data, move end according to the user that request of data uploads request of data to initiation that uploads of customer mobile terminal
End provides memory space, and manages the education terminal being attached thereto;Described customer mobile terminal is for taking for user Xiang Yun education
Business center is uploaded education resource data and is provided interface service;Described education terminal for initiating data to cloud education services center
More newly requested, and receive the education resource data that cloud education services center issues.
A kind of cloud educational system the most according to claim 1, it is characterised in that described cloud education services center includes:
More newly requested receiver module, more newly requested for receiving the education data initiated to cloud education services center of terminal;
Parsing module, is used for resolving described data more newly requested, obtains the education resource data that education terminal needs;
Memory module, is used for storing education resource data and cloud terminal management data;
Sending module, for issuing the education resource data of needs to education terminal.
A kind of cloud educational system the most according to claim 2, it is characterised in that described cloud education services center also includes pipe
Reason module, is used for managing, by control command, the education terminal being attached thereto;Described sending module is also used for sending management control
Order.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610782493.8A CN106161654A (en) | 2016-08-30 | 2016-08-30 | A kind of cloud educational system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610782493.8A CN106161654A (en) | 2016-08-30 | 2016-08-30 | A kind of cloud educational system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106161654A true CN106161654A (en) | 2016-11-23 |
Family
ID=57345295
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610782493.8A Pending CN106161654A (en) | 2016-08-30 | 2016-08-30 | A kind of cloud educational system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106161654A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483499A (en) * | 2017-09-23 | 2017-12-15 | 张仁平 | A kind of high in the clouds multi-user service management system |
CN111464543A (en) * | 2020-04-01 | 2020-07-28 | 杭州云梯科技有限公司 | Teaching information safety protection system based on cloud platform |
CN111865871A (en) * | 2019-04-24 | 2020-10-30 | 南通兴客信息技术有限公司 | Conference record sharing method, electronic conference terminal and storage device |
CN111862704A (en) * | 2019-04-24 | 2020-10-30 | 南通兴客信息技术有限公司 | Education method, electronic education terminal and device with storage function |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101339591A (en) * | 2008-08-29 | 2009-01-07 | 中国科学院软件研究所 | XACML policy rule checking method |
KR20110025615A (en) * | 2009-09-04 | 2011-03-10 | 경원대학교 산학협력단 | Method and system for providing interface of learning management system |
CN102207955A (en) * | 2008-06-05 | 2011-10-05 | 国际商业机器公司 | Context-based security policy evaluation using weighted search trees |
CN102281314A (en) * | 2011-01-30 | 2011-12-14 | 程旭 | Realization method and apparatus for high-efficient and safe data cloud storage system |
CN102542858A (en) * | 2011-12-28 | 2012-07-04 | 深圳市新为软件有限公司 | Course playing method and system |
CN103685186A (en) * | 2012-09-14 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | Cloud education system, cloud education terminal, cloud server and educational resource data interaction method |
CN103824242A (en) * | 2014-03-24 | 2014-05-28 | 北京梦坊国际教育科技有限公司 | Comprehensive service processing system for educational resources |
CN104537589A (en) * | 2014-12-19 | 2015-04-22 | 上海电机学院 | Education cloud platform and implementation method thereof |
CN105047033A (en) * | 2015-08-28 | 2015-11-11 | 华中师范大学 | Classroom cloud and education cloud collaborative teaching interaction system and method |
-
2016
- 2016-08-30 CN CN201610782493.8A patent/CN106161654A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102207955A (en) * | 2008-06-05 | 2011-10-05 | 国际商业机器公司 | Context-based security policy evaluation using weighted search trees |
CN101339591A (en) * | 2008-08-29 | 2009-01-07 | 中国科学院软件研究所 | XACML policy rule checking method |
KR20110025615A (en) * | 2009-09-04 | 2011-03-10 | 경원대학교 산학협력단 | Method and system for providing interface of learning management system |
CN102281314A (en) * | 2011-01-30 | 2011-12-14 | 程旭 | Realization method and apparatus for high-efficient and safe data cloud storage system |
CN102542858A (en) * | 2011-12-28 | 2012-07-04 | 深圳市新为软件有限公司 | Course playing method and system |
CN103685186A (en) * | 2012-09-14 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | Cloud education system, cloud education terminal, cloud server and educational resource data interaction method |
CN103824242A (en) * | 2014-03-24 | 2014-05-28 | 北京梦坊国际教育科技有限公司 | Comprehensive service processing system for educational resources |
CN104537589A (en) * | 2014-12-19 | 2015-04-22 | 上海电机学院 | Education cloud platform and implementation method thereof |
CN105047033A (en) * | 2015-08-28 | 2015-11-11 | 华中师范大学 | Classroom cloud and education cloud collaborative teaching interaction system and method |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483499A (en) * | 2017-09-23 | 2017-12-15 | 张仁平 | A kind of high in the clouds multi-user service management system |
CN107483499B (en) * | 2017-09-23 | 2020-04-21 | 上海臻客信息技术服务有限公司 | Cloud multi-user service management system |
CN111865871A (en) * | 2019-04-24 | 2020-10-30 | 南通兴客信息技术有限公司 | Conference record sharing method, electronic conference terminal and storage device |
CN111862704A (en) * | 2019-04-24 | 2020-10-30 | 南通兴客信息技术有限公司 | Education method, electronic education terminal and device with storage function |
CN111464543A (en) * | 2020-04-01 | 2020-07-28 | 杭州云梯科技有限公司 | Teaching information safety protection system based on cloud platform |
CN111464543B (en) * | 2020-04-01 | 2022-05-03 | 杭州云梯科技有限公司 | Teaching information safety protection system based on cloud platform |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106203146B (en) | Big data safety management system | |
CN106127075B (en) | Encryption method can search for based on secret protection under a kind of cloud storage environment | |
CN102761521B (en) | Cloud security storage and sharing service platform | |
US20100325732A1 (en) | Managing Keys for Encrypted Shared Documents | |
CN113961535A (en) | Data trusted storage sharing system and method based on block chain | |
US20140281520A1 (en) | Secure cloud data sharing | |
CN104023085A (en) | Security cloud storage system based on increment synchronization | |
CN102685148A (en) | Method for realizing secure network backup system under cloud storage environment | |
CN105516117A (en) | Cloud computing based power data security storage method | |
CN106326666A (en) | Health record information management service system | |
KR101285281B1 (en) | Security system and its security method for self-organization storage | |
CN106161654A (en) | A kind of cloud educational system | |
CN106356066A (en) | Speech recognition system based on cloud computing | |
CN115859362A (en) | Data storage system, method, device and medium based on block chain side chain | |
CN113127927B (en) | Attribute reconstruction encryption method and system for license chain data sharing and supervision | |
GB2599043A (en) | Encrypted knowledge graph | |
CN106254510A (en) | The Internet financial resources integrates shared system | |
CN106131224A (en) | A kind of data transmission system | |
CN109214198A (en) | A kind of secure cloud document system encrypting search | |
CN107332840A (en) | Authority intelligent management system and its method | |
CN106230856A (en) | A kind of System of Industrial Device Controls based on Internet of Things | |
Tian et al. | A trusted control model of cloud storage | |
CN106355328A (en) | Statement data management system | |
Jegadeeswari et al. | A Neural Data Security Model: Ensure high confidentiality and security in cloud datastorage environment | |
Suneetha et al. | Data security model using artificial neural networks and database fragmentation in cloud environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161123 |