CN106230790A - The method building information service platform based on cloud computing - Google Patents
The method building information service platform based on cloud computing Download PDFInfo
- Publication number
- CN106230790A CN106230790A CN201610579975.3A CN201610579975A CN106230790A CN 106230790 A CN106230790 A CN 106230790A CN 201610579975 A CN201610579975 A CN 201610579975A CN 106230790 A CN106230790 A CN 106230790A
- Authority
- CN
- China
- Prior art keywords
- key
- service
- data
- cloud computing
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The method that the present invention builds information service platform based on cloud computing, it is characterized in that, securely achieve including cloud computing and platform construction, cloud computing securely achieves employing following methods: use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use smart card as the hardware device of client encryption system, in the chip of smart card, symmetric cryptographic algorithm is used to set up client encryption system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity authentication protocol, digital signature protocol, signature verification agreement, enciphering/deciphering agreement.
Description
Technical field
The present invention relates to field of cloud computer technology, the method being specifically related to build information service platform based on cloud computing.
Background technology
Along with the development of information technology and popularizing of the Internet, data are explosive growth, the most social
The fast development of network makes data sharp increase.The proposition of cloud computing technology and the process developing into data open new road
Footpath.Cloud computing platform can provide a user with powerful calculating service, and user only just can carry out by Web browser calculating service
Application, then uploads data, finally by platform feedback data result.Information service platform uses biography this locality to look into mostly at present
The method ask and calculate, it is impossible to meet information service demand.
Summary of the invention
For the problems referred to above, the present invention provides the method building information service platform based on cloud computing.
The purpose of the present invention realizes by the following technical solutions:
The method building information service platform based on cloud computing, is characterized in that, securely achieve including cloud computing and platform
Building, cloud computing securely achieves employing following methods:
Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence
Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add
Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association
View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end
Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment
The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close
Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association
Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center,
Storage total user key " base " ciphertext.
Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance
Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client
Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system
System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client
It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files
Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in
The working area that network application server user is corresponding,
Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry
Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with
Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as
Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching
Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.
The invention have the benefit that
1, information sharing service platform based on cloud computing is set, efficiently solves centralized service and manage the pressure caused
Concentrating, a large amount of services are difficult to the problems such as management;
2, configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to understand tool
The storing device information of body, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost;
3, arrange classification of service management module, by create service catalogue, solve conventional retrieval rate low and expend
The problem of time length;
4, service-seeking retrieval module is set, uses vector index algorithm, improve retrieval accuracy, it is achieved that Service name
Claim the retrieval matched with service function;
Data are encrypted place by data safe processing layer and data service layer by 5, configuration information safety service platform
Reason, improves information security degree;
6, access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security
Safety.
Accompanying drawing explanation
The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limit to the present invention
System, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain according to the following drawings
Other accompanying drawing.
Fig. 1 is the structure connection diagram of the present invention.
Reference: platform interface layer-10;Platform management layer 20;Platform deployment layer 30;Data safe processing layer 40;Number
According to service layer 50;Information storage module 21;Classification of service module 22;Service-seeking retrieval module 23;Access safety control module
31。
Detailed description of the invention
The invention will be further described with the following Examples.
Embodiment 1
See Fig. 1, the method building information service platform based on cloud computing of the present embodiment, it is characterized in that, including cloud meter
Calculation securely achieves and platform construction, and cloud computing securely achieves employing following methods:
Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence
Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add
Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association
View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end
Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment
The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close
Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association
Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center,
Storage total user key " base " ciphertext.
Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance
Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client
Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system
System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client
It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files
Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in
The working area that network application server user is corresponding,
Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry
Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with
Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as
Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching
Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.
Preferably, platform construction includes that information sharing service platform builds and information security services platform construction, described letter
Breath sharing service platform includes platform interface layer 10, platform management layer 20 and platform deployment tier 30, and described information security services is put down
Platform includes data safe processing layer 40 and data service layer 50;
Described platform interface layer 10 is by externally providing unified interface, it is achieved user carry out the issue of data, inquiry and
Obtain;
Described platform management layer 20 is for managing by the data after data safe processing resume module, including be sequentially connected with
Information storage module 21, classification of service management module 22 and service query and search module 23:
(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage
Resource pool also coordinates configuration storage resource;
(2) classification of service management module 22, for the service with similar features being classified and forming service catalogue,
The algorithm used is:
It is provided with services set F={f1,…,fn, m the attribute of each service in services set describes, then have fi=
(fi1,…,fim), fi∈Rm, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n;
Step1 determines cluster number k, randomly chooses k object { t1,…,tkAs cluster centre, then there is tj=
(tj1,…,tjm), tj∈Rm, wherein, j=1 ..., k;
Step2 is for each service fi, calculate its corresponding classification:
In formula, ciRepresent service fiThe class closest with k apoplexy due to endogenous wind, as the c meeting conditioniMore than one, then service fi
The most corresponding multiple classification;
Step3, for each cluster j, recalculates such cluster centre:
When the service contained in cluster j is all pertaining only to a class, then have:
When cluster j has service to belong simultaneously to w classification, then have:
In formula, { ci=j} represents the service corresponding to clustering j, { ci=jwExpression service is simultaneously corresponding to w cluster, its
In 2≤w≤k;
Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | tAfter j-tBefore j| |, tAfter jAfter for once
Cluster centre, tBefore jFor a front cluster centre, according to actual application settings threshold value T, when meeting d < T, stop cluster;
Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, shape on the basis of first class catalogue
Become multistage catalogue;
(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information
Retrieval, the algorithm of employing is:
Step1 is for the service f in services setiIf comprising Feature Words C1,…,Cq, determine individual features word weights
δ1,…,δq,tCqRepresent Feature Words CqAt service fiThe number of times of middle appearance, n is the clothes comprised in services set
Business sum, nqRepresent in services set and comprise Feature Words CqService number, then service vector is represented by:
Step2 is for retrieval request AiIn comprise represent service Feature Words C1,…,Cs, and determine individual features word weights
σ1,…,σs,tCsRepresent Feature Words CsAt service fiThe number of times of middle appearance, maxtCsRepresent Feature Words Cs
The maximum of the number of times occurred in all services, n is the service sum comprised in services set, nsRepresent in services set and comprise spy
Levy word CsService number, then retrieval request vector is represented by:
Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, to service and inspection
The Feature Words not having in rope request, its corresponding weights are 0, now haveAsk
WithEuclidean distance, provides services to user according to order from small to large;
Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver pair
Information on services preserves, and provides client to use;
Described data safe processing layer 40, connecting platform interface layer and platform management level, for using in platform interface layer
Carry out backing up and be uploaded to described platform management layer after the data set key encryption of the data separate self-generating that family is issued, carry simultaneously
Take, upload the metamessage of data, and be sent to described number after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts
According to service layer, utilize data set key described in master key encryption and described metamessage key after be sent to described data service layer;
Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safety
Process metamessage and key information that layer encryption is uploaded, and provide data set access to support by Platform deployment layer, and ciphertext
Retrieval and the data service for checking credentials are supported.
Further, described Platform deployment layer 30 includes accessing safety control module 31, described access safety control module
31 include that access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information are visited
Ask control unit;Described data access authority control unit is for controlling the access rights of user, described data access flow control
Unit processed is for controlling the flow of user accesses data, and described data access transmission control unit is for adding data transmission
Close and safety certification controls, and described sensitive information access control unit is for being monitored the behavior accessing sensitive information and give
With alarm, and the operation for abnormal access limits.
Wherein, in described data access transmission control unit, for safety certification control, mouth is added including based on iris identification
The safety certification of order and safety certification based on fingerprint recognition encrypting key.
Wherein, described cloud information includes data set name, data set size and data set key word.
The present embodiment arranges information sharing service platform based on cloud computing, efficiently solves centralized service management and causes
Pressure concentrate, a large amount of services are difficult to the problems such as management;Configuration information memory module, after it uses cloud storage system to be encrypted
The storage of data, it is not necessary to understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, save
Time cost and carrying cost;Configuration information safety service platform, by data safe processing layer and data service layer to data
It is encrypted, improves information security degree;Access safety control module is set in Platform deployment layer, substantially increases letter
The safety of the big data management system of breath safety;Classification of service management module is set, by creating service catalogue, solves in the past
The low problem with consuming time length of retrieval rate, and service-seeking retrieval module is set, use vector index algorithm, improve
Retrieval accuracy, it is achieved that the retrieval that service name and service function match, wherein describes each service in services set
Attribute number m value is 4, and retrieval rate improves 0.4% relatively, and efficiency improves 0.5% relatively.
Embodiment 2
See Fig. 1, the method building information service platform based on cloud computing of the present embodiment, it is characterized in that, including cloud meter
Calculation securely achieves and platform construction, and cloud computing securely achieves employing following methods:
Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence
Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add
Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association
View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end
Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment
The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close
Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association
Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center,
Storage total user key " base " ciphertext.
Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance
Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client
Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system
System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client
It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files
Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in
The working area that network application server user is corresponding,
Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry
Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with
Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as
Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching
Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.
Preferably, platform construction includes that information sharing service platform builds and information security services platform construction, described letter
Breath sharing service platform includes platform interface layer 10, platform management layer 20 and platform deployment tier 30, and described information security services is put down
Platform includes data safe processing layer 40 and data service layer 50;
Described platform interface layer 10 is by externally providing unified interface, it is achieved user carry out the issue of data, inquiry and
Obtain;
Described platform management layer 20 is for managing by the data after data safe processing resume module, including be sequentially connected with
Information storage module 21, classification of service management module 22 and service query and search module 23:
(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage
Resource pool also coordinates configuration storage resource;
(2) classification of service management module 22, for the service with similar features being classified and forming service catalogue,
The algorithm used is:
It is provided with services set F={f1,…,fn, m the attribute of each service in services set describes, then have fi=
(fi1,…,fim), fi∈Rm, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n;
Step1 determines cluster number k, randomly chooses k object { t1,…,tkAs cluster centre, then there is tj=
(tj1,…,tjm), tj∈Rm, wherein, j=1 ..., k;
Step2 is for each service fi, calculate its corresponding classification:
In formula, ciRepresent service fiThe class closest with k apoplexy due to endogenous wind, as the c meeting conditioniMore than one, then service fi
The most corresponding multiple classification;
Step3, for each cluster j, recalculates such cluster centre:
When the service contained in cluster j is all pertaining only to a class, then have:
When cluster j has service to belong simultaneously to w classification, then have:
In formula, { ci=j} represents the service corresponding to clustering j, { ci=jwExpression service is simultaneously corresponding to w cluster, its
In 2≤w≤k;
Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | tAfter j-tBefore j| |, tAfter jAfter for once
Cluster centre, tBefore jFor a front cluster centre, according to actual application settings threshold value T, when meeting d < T, stop cluster;
Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, shape on the basis of first class catalogue
Become multistage catalogue;
(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information
Retrieval, the algorithm of employing is:
Step1 is for the service f in services setiIf comprising Feature Words C1,…,Cq, determine individual features word weights
δ1,…,δq,tCqRepresent Feature Words CqAt service fiThe number of times of middle appearance, n is the clothes comprised in services set
Business sum, nqRepresent in services set and comprise Feature Words CqService number, then service vector is represented by:
Step2 is for retrieval request AiIn comprise represent service Feature Words C1,…,Cs, and determine individual features word weights
σ1,…,σs,tCsRepresent Feature Words CsAt service fiThe number of times of middle appearance, maxtCsRepresent Feature Words Cs
The maximum of the number of times occurred in all services, n is the service sum comprised in services set, nsRepresent in services set and comprise spy
Levy word CsService number, then retrieval request vector is represented by:
Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, to service and inspection
The Feature Words not having in rope request, its corresponding weights are 0, now haveAsk
WithEuclidean distance, provides services to user according to order from small to large;
Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver pair
Information on services preserves, and provides client to use;
Described data safe processing layer 40, connecting platform interface layer and platform management level, for using in platform interface layer
Carry out backing up and be uploaded to described platform management layer after the data set key encryption of the data separate self-generating that family is issued, carry simultaneously
Take, upload the metamessage of data, and be sent to described number after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts
According to service layer, utilize data set key described in master key encryption and described metamessage key after be sent to described data service layer;
Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safety
Process metamessage and key information that layer encryption is uploaded, and provide data set access to support by Platform deployment layer, and ciphertext
Retrieval and the data service for checking credentials are supported.
Further, described Platform deployment layer 30 includes accessing safety control module 31, described access safety control module
31 include that access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information are visited
Ask control unit;Described data access authority control unit is for controlling the access rights of user, described data access flow control
Unit processed is for controlling the flow of user accesses data, and described data access transmission control unit is for adding data transmission
Close and safety certification controls, and described sensitive information access control unit is for being monitored the behavior accessing sensitive information and give
With alarm, and the operation for abnormal access limits.
Wherein, in described data access transmission control unit, for safety certification control, mouth is added including based on iris identification
The safety certification of order and safety certification based on fingerprint recognition encrypting key.
Wherein, described cloud information includes data set name, data set size and data set key word.
The present embodiment arranges information sharing service platform based on cloud computing, efficiently solves centralized service management and causes
Pressure concentrate, a large amount of services are difficult to the problems such as management;Configuration information memory module, after it uses cloud storage system to be encrypted
The storage of data, it is not necessary to understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, save
Time cost and carrying cost;Configuration information safety service platform, by data safe processing layer and data service layer to data
It is encrypted, improves information security degree;Access safety control module is set in Platform deployment layer, substantially increases letter
The safety of the big data management system of breath safety;Classification of service management module is set, by creating service catalogue, solves in the past
The low problem with consuming time length of retrieval rate, and service-seeking retrieval module is set, use vector index algorithm, improve
Retrieval accuracy, it is achieved that the retrieval that service name and service function match, wherein describes each service in services set
Attribute number m value is 5, and retrieval rate improves 0.45% relatively, and efficiency improves 0.4% relatively.
Embodiment 3
See Fig. 1, the method building information service platform based on cloud computing of the present embodiment, it is characterized in that, including cloud meter
Calculation securely achieves and platform construction, and cloud computing securely achieves employing following methods:
Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence
Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add
Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association
View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end
Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment
The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close
Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association
Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center,
Storage total user key " base " ciphertext.
Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance
Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client
Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system
System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client
It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files
Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in
The working area that network application server user is corresponding,
Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry
Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with
Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as
Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching
Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.
Preferably, platform construction includes that information sharing service platform builds and information security services platform construction, described letter
Breath sharing service platform includes platform interface layer 10, platform management layer 20 and platform deployment tier 30, and described information security services is put down
Platform includes data safe processing layer 40 and data service layer 50;
Described platform interface layer 10 is by externally providing unified interface, it is achieved user carry out the issue of data, inquiry and
Obtain;
Described platform management layer 20 is for managing by the data after data safe processing resume module, including be sequentially connected with
Information storage module 21, classification of service management module 22 and service query and search module 23:
(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage
Resource pool also coordinates configuration storage resource;
(2) classification of service management module 22, for the service with similar features being classified and forming service catalogue,
The algorithm used is:
It is provided with services set F={f1,…,fn, m the attribute of each service in services set describes, then have fi=
(fi1,…,fim), fi∈Rm, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n;
Step1 determines cluster number k, randomly chooses k object { t1,…,tkAs cluster centre, then there is tj=
(tj1,…,tjm), tj∈Rm, wherein, j=1 ..., k;
Step2 is for each service fi, calculate its corresponding classification:
In formula, ciRepresent service fiThe class closest with k apoplexy due to endogenous wind, as the c meeting conditioniMore than one, then service fi
The most corresponding multiple classification;
Step3, for each cluster j, recalculates such cluster centre:
When the service contained in cluster j is all pertaining only to a class, then have:
When cluster j has service to belong simultaneously to w classification, then have:
In formula, { ci=j} represents the service corresponding to clustering j, { ci=jwExpression service is simultaneously corresponding to w cluster, its
In 2≤w≤k;
Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | tAfter j-tBefore j| |, tAfter jAfter for once
Cluster centre, tBefore jFor a front cluster centre, according to actual application settings threshold value T, when meeting d < T, stop cluster;
Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, shape on the basis of first class catalogue
Become multistage catalogue;
(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information
Retrieval, the algorithm of employing is:
Step1 is for the service f in services setiIf comprising Feature Words C1,…,Cq, determine individual features word weights
δ1,…,δq,tCqRepresent Feature Words CqAt service fiThe number of times of middle appearance, n is the clothes comprised in services set
Business sum, nqRepresent in services set and comprise Feature Words CqService number, then service vector is represented by:
Step2 is for retrieval request AiIn comprise represent service Feature Words C1,…,Cs, and determine individual features word weights
σ1,…,σs,tCsRepresent Feature Words CsAt service fiThe number of times of middle appearance, maxtCsRepresent Feature Words Cs
The maximum of the number of times occurred in all services, n is the service sum comprised in services set, nsRepresent in services set and comprise spy
Levy word CsService number, then retrieval request vector is represented by:
Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, to service and inspection
The Feature Words not having in rope request, its corresponding weights are 0, now haveAsk
WithEuclidean distance, provides services to user according to order from small to large;
Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver pair
Information on services preserves, and provides client to use;
Described data safe processing layer 40, connecting platform interface layer and platform management level, for using in platform interface layer
Carry out backing up and be uploaded to described platform management layer after the data set key encryption of the data separate self-generating that family is issued, carry simultaneously
Take, upload the metamessage of data, and be sent to described number after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts
According to service layer, utilize data set key described in master key encryption and described metamessage key after be sent to described data service layer;
Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safety
Process metamessage and key information that layer encryption is uploaded, and provide data set access to support by Platform deployment layer, and ciphertext
Retrieval and the data service for checking credentials are supported.
Further, described Platform deployment layer 30 includes accessing safety control module 31, described access safety control module
31 include that access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information are visited
Ask control unit;Described data access authority control unit is for controlling the access rights of user, described data access flow control
Unit processed is for controlling the flow of user accesses data, and described data access transmission control unit is for adding data transmission
Close and safety certification controls, and described sensitive information access control unit is for being monitored the behavior accessing sensitive information and give
With alarm, and the operation for abnormal access limits.
Wherein, in described data access transmission control unit, for safety certification control, mouth is added including based on iris identification
The safety certification of order and safety certification based on fingerprint recognition encrypting key.
Wherein, described cloud information includes data set name, data set size and data set key word.
The present embodiment arranges information sharing service platform based on cloud computing, efficiently solves centralized service management and causes
Pressure concentrate, a large amount of services are difficult to the problems such as management;Configuration information memory module, after it uses cloud storage system to be encrypted
The storage of data, it is not necessary to understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, save
Time cost and carrying cost;Configuration information safety service platform, by data safe processing layer and data service layer to data
It is encrypted, improves information security degree;Access safety control module is set in Platform deployment layer, substantially increases letter
The safety of the big data management system of breath safety;Classification of service management module is set, by creating service catalogue, solves in the past
The low problem with consuming time length of retrieval rate, and service-seeking retrieval module is set, use vector index algorithm, improve
Retrieval accuracy, it is achieved that the retrieval that service name and service function match, wherein describes each service in services set
Attribute number m value is 6, and retrieval rate improves 0.6% relatively, and efficiency improves 0.35% relatively.
Embodiment 4
See Fig. 1, the method building information service platform based on cloud computing of the present embodiment, it is characterized in that, including cloud meter
Calculation securely achieves and platform construction, and cloud computing securely achieves employing following methods:
Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence
Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add
Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association
View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end
Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment
The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close
Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association
Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center,
Storage total user key " base " ciphertext.
Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance
Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client
Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system
System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client
It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files
Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in
The working area that network application server user is corresponding,
Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry
Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with
Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as
Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching
Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.
Preferably, platform construction includes that information sharing service platform builds and information security services platform construction, described letter
Breath sharing service platform includes platform interface layer 10, platform management layer 20 and platform deployment tier 30, and described information security services is put down
Platform includes data safe processing layer 40 and data service layer 50;
Described platform interface layer 10 is by externally providing unified interface, it is achieved user carry out the issue of data, inquiry and
Obtain;
Described platform management layer 20 is for managing by the data after data safe processing resume module, including be sequentially connected with
Information storage module 21, classification of service management module 22 and service query and search module 23:
(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage
Resource pool also coordinates configuration storage resource;
(2) classification of service management module 22, for the service with similar features being classified and forming service catalogue,
The algorithm used is:
It is provided with services set F={f1,…,fn, m the attribute of each service in services set describes, then have fi=
(fi1,…,fim), fi∈Rm, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n;
Step1 determines cluster number k, randomly chooses k object { t1,…,tkAs cluster centre, then there is tj=
(tj1,…,tjm), tj∈Rm, wherein, j=1 ..., k;
Step2 is for each service fi, calculate its corresponding classification:
In formula, ciRepresent service fiThe class closest with k apoplexy due to endogenous wind, as the c meeting conditioniMore than one, then service fi
The most corresponding multiple classification;
Step3, for each cluster j, recalculates such cluster centre:
When the service contained in cluster j is all pertaining only to a class, then have:
When cluster j has service to belong simultaneously to w classification, then have:
In formula, { ci=j} represents the service corresponding to clustering j, { ci=jwExpression service is simultaneously corresponding to w cluster, its
In 2≤w≤k;
Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | tAfter j-tBefore j| |, tAfter jAfter for once
Cluster centre, tBefore jFor a front cluster centre, according to actual application settings threshold value T, when meeting d < T, stop cluster;
Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, shape on the basis of first class catalogue
Become multistage catalogue;
(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information
Retrieval, the algorithm of employing is:
Step1 is for the service f in services setiIf comprising Feature Words C1,…,Cq, determine individual features word weights
δ1,…,δq,tCqRepresent Feature Words CqAt service fiThe number of times of middle appearance, n is the clothes comprised in services set
Business sum, nqRepresent in services set and comprise Feature Words CqService number, then service vector is represented by:
Step2 is for retrieval request AiIn comprise represent service Feature Words C1,…,Cs, and determine individual features word weights
σ1,…,σs,tCsRepresent Feature Words CsAt service fiThe number of times of middle appearance, maxtCsRepresent Feature Words Cs
The maximum of the number of times occurred in all services, n is the service sum comprised in services set, nsRepresent in services set and comprise spy
Levy word CsService number, then retrieval request vector is represented by:
Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, to service and inspection
The Feature Words not having in rope request, its corresponding weights are 0, now haveAsk
WithEuclidean distance, provides services to user according to order from small to large;
Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver pair
Information on services preserves, and provides client to use;
Described data safe processing layer 40, connecting platform interface layer and platform management level, for using in platform interface layer
Carry out backing up and be uploaded to described platform management layer after the data set key encryption of the data separate self-generating that family is issued, carry simultaneously
Take, upload the metamessage of data, and be sent to described number after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts
According to service layer, utilize data set key described in master key encryption and described metamessage key after be sent to described data service layer;
Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safety
Process metamessage and key information that layer encryption is uploaded, and provide data set access to support by Platform deployment layer, and ciphertext
Retrieval and the data service for checking credentials are supported.
Further, described Platform deployment layer 30 includes accessing safety control module 31, described access safety control module
31 include that access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information are visited
Ask control unit;Described data access authority control unit is for controlling the access rights of user, described data access flow control
Unit processed is for controlling the flow of user accesses data, and described data access transmission control unit is for adding data transmission
Close and safety certification controls, and described sensitive information access control unit is for being monitored the behavior accessing sensitive information and give
With alarm, and the operation for abnormal access limits.
Wherein, in described data access transmission control unit, for safety certification control, mouth is added including based on iris identification
The safety certification of order and safety certification based on fingerprint recognition encrypting key.
Wherein, described cloud information includes data set name, data set size and data set key word.
The present embodiment arranges information sharing service platform based on cloud computing, efficiently solves centralized service management and causes
Pressure concentrate, a large amount of services are difficult to the problems such as management;Configuration information memory module, after it uses cloud storage system to be encrypted
The storage of data, it is not necessary to understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, save
Time cost and carrying cost;Configuration information safety service platform, by data safe processing layer and data service layer to data
It is encrypted, improves information security degree;Access safety control module is set in Platform deployment layer, substantially increases letter
The safety of the big data management system of breath safety;Classification of service management module is set, by creating service catalogue, solves in the past
The low problem with consuming time length of retrieval rate, and service-seeking retrieval module is set, use vector index algorithm, improve
Retrieval accuracy, it is achieved that the retrieval that service name and service function match, wherein describes each service in services set
Attribute number m value is 7, and retrieval rate improves 0.7% relatively, and efficiency improves 0.32% relatively.
Embodiment 5
See Fig. 1, the method building information service platform based on cloud computing of the present embodiment, it is characterized in that, including cloud meter
Calculation securely achieves and platform construction, and cloud computing securely achieves employing following methods:
Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence
Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add
Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association
View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end
Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment
The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close
Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association
Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center,
Storage total user key " base " ciphertext.
Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance
Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client
Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system
System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client
It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files
Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in
The working area that network application server user is corresponding,
Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry
Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with
Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as
Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching
Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.
Preferably, platform construction includes that information sharing service platform builds and information security services platform construction, described letter
Breath sharing service platform includes platform interface layer 10, platform management layer 20 and platform deployment tier 30, and described information security services is put down
Platform includes data safe processing layer 40 and data service layer 50;
Described platform interface layer 10 is by externally providing unified interface, it is achieved user carry out the issue of data, inquiry and
Obtain;
Described platform management layer 20 is for managing by the data after data safe processing resume module, including be sequentially connected with
Information storage module 21, classification of service management module 22 and service query and search module 23:
(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage
Resource pool also coordinates configuration storage resource;
(2) classification of service management module 22, for the service with similar features being classified and forming service catalogue,
The algorithm used is:
It is provided with services set F={f1,…,fn, m the attribute of each service in services set describes, then have fi=
(fi1,…,fim), fi∈Rm, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n;
Step1 determines cluster number k, randomly chooses k object { t1,…,tkAs cluster centre, then there is tj=
(tj1,…,tjm), tj∈Rm, wherein, j=1 ..., k;
Step2 is for each service fi, calculate its corresponding classification:
In formula, ciRepresent service fiThe class closest with k apoplexy due to endogenous wind, as the c meeting conditioniMore than one, then service fi
The most corresponding multiple classification;
Step3, for each cluster j, recalculates such cluster centre:
When the service contained in cluster j is all pertaining only to a class, then have:
When cluster j has service to belong simultaneously to w classification, then have:
In formula, { ci=j} represents the service corresponding to clustering j, { ci=jwExpression service is simultaneously corresponding to w cluster, its
In 2≤w≤k;
Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | tAfter j-tBefore j| |, tAfter jAfter for once
Cluster centre, tBefore jFor a front cluster centre, according to actual application settings threshold value T, when meeting d < T, stop cluster;
Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, shape on the basis of first class catalogue
Become multistage catalogue;
(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information
Retrieval, the algorithm of employing is:
Step1 is for the service f in services setiIf comprising Feature Words C1,…,Cq, determine individual features word weights
δ1,…,δq,tCqRepresent Feature Words CqAt service fiThe number of times of middle appearance, n is the clothes comprised in services set
Business sum, nqRepresent in services set and comprise Feature Words CqService number, then service vector is represented by:
Step2 is for retrieval request AiIn comprise represent service Feature Words C1,…,Cs, and determine individual features word weights
σ1,…,σs,tCsRepresent Feature Words CsAt service fiThe number of times of middle appearance, maxtCsRepresent Feature Words Cs
The maximum of the number of times occurred in all services, n is the service sum comprised in services set, nsRepresent in services set and comprise spy
Levy word CsService number, then retrieval request vector is represented by:
Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, to service and inspection
The Feature Words not having in rope request, its corresponding weights are 0, now haveAsk
WithEuclidean distance, provides services to user according to order from small to large;
Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver pair
Information on services preserves, and provides client to use;
Described data safe processing layer 40, connecting platform interface layer and platform management level, for using in platform interface layer
Carry out backing up and be uploaded to described platform management layer after the data set key encryption of the data separate self-generating that family is issued, carry simultaneously
Take, upload the metamessage of data, and be sent to described number after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts
According to service layer, utilize data set key described in master key encryption and described metamessage key after be sent to described data service layer;
Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safety
Process metamessage and key information that layer encryption is uploaded, and provide data set access to support by Platform deployment layer, and ciphertext
Retrieval and the data service for checking credentials are supported.
Further, described Platform deployment layer 30 includes accessing safety control module 31, described access safety control module
31 include that access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information are visited
Ask control unit;Described data access authority control unit is for controlling the access rights of user, described data access flow control
Unit processed is for controlling the flow of user accesses data, and described data access transmission control unit is for adding data transmission
Close and safety certification controls, and described sensitive information access control unit is for being monitored the behavior accessing sensitive information and give
With alarm, and the operation for abnormal access limits.
Wherein, in described data access transmission control unit, for safety certification control, mouth is added including based on iris identification
The safety certification of order and safety certification based on fingerprint recognition encrypting key.
Wherein, described cloud information includes data set name, data set size and data set key word.
The present embodiment arranges information sharing service platform based on cloud computing, efficiently solves centralized service management and causes
Pressure concentrate, a large amount of services are difficult to the problems such as management;Configuration information memory module, after it uses cloud storage system to be encrypted
The storage of data, it is not necessary to understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, save
Time cost and carrying cost;Configuration information safety service platform, by data safe processing layer and data service layer to data
It is encrypted, improves information security degree;Access safety control module is set in Platform deployment layer, substantially increases letter
The safety of the big data management system of breath safety;Classification of service management module is set, by creating service catalogue, solves in the past
The low problem with consuming time length of retrieval rate, and service-seeking retrieval module is set, use vector index algorithm, improve
Retrieval accuracy, it is achieved that the retrieval that service name and service function match, wherein describes each service in services set
Attribute number m value is 8, and retrieval rate improves 0.9% relatively, and efficiency improves 0.3% relatively.
Last it should be noted that, above example is only in order to illustrate technical scheme, rather than the present invention is protected
Protecting the restriction of scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should
Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention
Matter and scope.
Claims (3)
1. the method building information service platform based on cloud computing, is characterized in that, securely achieve and platform structure including cloud computing
Building, cloud computing securely achieves employing following methods:
Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use smart card to make
For the hardware device of client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and encrypt system
System, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity authentication protocol,
Digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, authentication center at network application server end
It is made up of insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment, makes in authentication center
Setting up authentication center's end encryption system with symmetric cryptographic algorithm, in encrypted card or encryption equipment chip, write symmetric cryptography is calculated
Method, digest algorithm, one group storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification agreement and
Enciphering/deciphering agreement, and the key " base " of super manager, in server key " base " lane database of authentication center, storage
Total user key " base " ciphertext.
The method building information service platform based on cloud computing the most according to claim 1, is characterized in that, total user is close
Key " base " is used the storage key K in encrypted card or encryption equipment chip to be encrypted to ciphertext, in network application server in advance
Setting up the Rights Management System of user, share out the work district for user, user uses smart card in client, passes through intelligent card chip
In identity authentication protocol logging in network application server, and according to Rights Management System, the network application server of entrance is used
The working area that family is corresponding, user uses smart card in client, is digitally signed by the file of client, re-encrypts into close
Literary composition, be submitted to the working area that network application server user is corresponding by digital signature with cryptograph files, and authentication center is to delivering to
Cryptograph files is decrypted and data integrity validation, leaves legal clear text file in network application server user corresponding
Working area.
The method building information service platform based on cloud computing the most according to claim 2, is characterized in that, authentication is assisted
View, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetric cryptographic algorithm and combination key technology to build
Vertical, combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group of random number, form a group key " base "
Table in element choose, the element selected is merged into one group of symmetric key, as enciphering/deciphering key, certification key or
Signature key, thus, it is achieved under non-cloud computing environment, the user identity between client and network application server end is recognized
Card, data integrity authentication and Data Encryption Transmission.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610579975.3A CN106230790A (en) | 2016-07-20 | 2016-07-20 | The method building information service platform based on cloud computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610579975.3A CN106230790A (en) | 2016-07-20 | 2016-07-20 | The method building information service platform based on cloud computing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106230790A true CN106230790A (en) | 2016-12-14 |
Family
ID=57531163
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610579975.3A Withdrawn CN106230790A (en) | 2016-07-20 | 2016-07-20 | The method building information service platform based on cloud computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106230790A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107145395A (en) * | 2017-07-04 | 2017-09-08 | 北京百度网讯科技有限公司 | Method and apparatus for handling task |
CN108390758A (en) * | 2018-04-04 | 2018-08-10 | 广州赛姆科技资讯股份有限公司 | User password processing method, device and internal control safety monitor system |
CN108764892A (en) * | 2018-05-29 | 2018-11-06 | 广东通莞科技股份有限公司 | A kind of encryption system of mobile payment platform |
CN108809888A (en) * | 2017-04-26 | 2018-11-13 | 北京握奇智能科技有限公司 | A kind of secure network construction method and system based on security module |
CN109886031A (en) * | 2019-02-01 | 2019-06-14 | 温州大学 | A kind of smart city security assurance information system |
CN112866386A (en) * | 2021-01-19 | 2021-05-28 | 青岛越超传媒有限公司 | Data storage data construction method based on cloud computing |
-
2016
- 2016-07-20 CN CN201610579975.3A patent/CN106230790A/en not_active Withdrawn
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108809888A (en) * | 2017-04-26 | 2018-11-13 | 北京握奇智能科技有限公司 | A kind of secure network construction method and system based on security module |
CN107145395A (en) * | 2017-07-04 | 2017-09-08 | 北京百度网讯科技有限公司 | Method and apparatus for handling task |
CN107145395B (en) * | 2017-07-04 | 2020-12-08 | 北京百度网讯科技有限公司 | Method and device for processing task |
CN108390758A (en) * | 2018-04-04 | 2018-08-10 | 广州赛姆科技资讯股份有限公司 | User password processing method, device and internal control safety monitor system |
CN108764892A (en) * | 2018-05-29 | 2018-11-06 | 广东通莞科技股份有限公司 | A kind of encryption system of mobile payment platform |
CN109886031A (en) * | 2019-02-01 | 2019-06-14 | 温州大学 | A kind of smart city security assurance information system |
CN109886031B (en) * | 2019-02-01 | 2022-08-23 | 温州大学 | Smart city information safety guarantee system |
CN112866386A (en) * | 2021-01-19 | 2021-05-28 | 青岛越超传媒有限公司 | Data storage data construction method based on cloud computing |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200374126A1 (en) | Method for storing an object on a plurality of storage nodes | |
CN106230790A (en) | The method building information service platform based on cloud computing | |
TWI694350B (en) | Information supervision method and device based on blockchain | |
JP6514831B1 (en) | Method and system for verifying ownership of digital assets using distributed hash tables and peer-to-peer distributed ledgers | |
CN109074579B (en) | Method and system for protecting computer software using distributed hash table and blockchain | |
CN106209821B (en) | Information security big data management system based on credible cloud computing | |
CN108985100B (en) | Block chain-based element security certification method, device, equipment and medium | |
US8997198B1 (en) | Techniques for securing a centralized metadata distributed filesystem | |
CN106776904B (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
CN111988147B (en) | Combined signature and signature verification method, system and storage medium | |
WO2018032374A1 (en) | Encrypted storage system for block chain and method using same | |
CN109361517A (en) | A kind of virtualization cloud cipher machine system and its implementation based on cloud computing | |
JP2022523595A (en) | Methods, program products, storage media, and systems for splitting and restoring keys | |
CN104468615A (en) | Data sharing based file access and permission change control method | |
EP3507701B1 (en) | Method and apparatus for restoring access to digital assets | |
CN110046996A (en) | The generation method and device of block chain transaction | |
CN106936771A (en) | A kind of secure cloud storage method and system based on graded encryption | |
JP2007280393A (en) | Device and method for controlling computer login | |
CN113302610A (en) | Trusted platform based on block chain | |
CN103595535A (en) | Cloud key of cloud computing identity authentication system | |
CN108512861A (en) | A kind of authentication method and device, computer readable storage medium of cloud platform | |
CN106161634A (en) | Use the data administrator of cloud storage | |
CN105959332A (en) | Client server service method | |
CN106294537A (en) | A kind of information sharing method of cloud computing platform | |
CN106202520A (en) | A kind of device realizing information sharing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C04 | Withdrawal of patent application after publication (patent law 2001) | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20161214 |