CN106230790A - The method building information service platform based on cloud computing - Google Patents

Abstract

The method that the present invention builds information service platform based on cloud computing, it is characterized in that, securely achieve including cloud computing and platform construction, cloud computing securely achieves employing following methods: use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use smart card as the hardware device of client encryption system, in the chip of smart card, symmetric cryptographic algorithm is used to set up client encryption system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity authentication protocol, digital signature protocol, signature verification agreement, enciphering/deciphering agreement.

Description

The method building information service platform based on cloud computing

Technical field

The present invention relates to field of cloud computer technology, the method being specifically related to build information service platform based on cloud computing.

Background technology

Along with the development of information technology and popularizing of the Internet, data are explosive growth, the most social The fast development of network makes data sharp increase.The proposition of cloud computing technology and the process developing into data open new road Footpath.Cloud computing platform can provide a user with powerful calculating service, and user only just can carry out by Web browser calculating service Application, then uploads data, finally by platform feedback data result.Information service platform uses biography this locality to look into mostly at present The method ask and calculate, it is impossible to meet information service demand.

Summary of the invention

For the problems referred to above, the present invention provides the method building information service platform based on cloud computing.

The purpose of the present invention realizes by the following technical solutions:

The method building information service platform based on cloud computing, is characterized in that, securely achieve including cloud computing and platform Building, cloud computing securely achieves employing following methods:

Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center, Storage total user key " base " ciphertext.

Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in The working area that network application server user is corresponding,

Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.

The invention have the benefit that

1, information sharing service platform based on cloud computing is set, efficiently solves centralized service and manage the pressure caused Concentrating, a large amount of services are difficult to the problems such as management；

2, configuration information memory module, it uses cloud storage system to be encrypted the storage of rear data, it is not necessary to understand tool The storing device information of body, it is not necessary to consider the problem such as data backup and redundancy, saved time cost and carrying cost；

3, arrange classification of service management module, by create service catalogue, solve conventional retrieval rate low and expend The problem of time length；

4, service-seeking retrieval module is set, uses vector index algorithm, improve retrieval accuracy, it is achieved that Service name Claim the retrieval matched with service function；

Data are encrypted place by data safe processing layer and data service layer by 5, configuration information safety service platform Reason, improves information security degree；

6, access safety control module is set in Platform deployment layer, substantially increases the big data management system of information security Safety.

Accompanying drawing explanation

The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limit to the present invention System, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain according to the following drawings Other accompanying drawing.

Fig. 1 is the structure connection diagram of the present invention.

Reference: platform interface layer-10；Platform management layer 20；Platform deployment layer 30；Data safe processing layer 40；Number According to service layer 50；Information storage module 21；Classification of service module 22；Service-seeking retrieval module 23；Access safety control module 31。

Detailed description of the invention

The invention will be further described with the following Examples.

Embodiment 1

See Fig. 1, the method building information service platform based on cloud computing of the present embodiment, it is characterized in that, including cloud meter Calculation securely achieves and platform construction, and cloud computing securely achieves employing following methods:

Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center, Storage total user key " base " ciphertext.

Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in The working area that network application server user is corresponding,

Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.

Preferably, platform construction includes that information sharing service platform builds and information security services platform construction, described letter Breath sharing service platform includes platform interface layer 10, platform management layer 20 and platform deployment tier 30, and described information security services is put down Platform includes data safe processing layer 40 and data service layer 50；

Described platform interface layer 10 is by externally providing unified interface, it is achieved user carry out the issue of data, inquiry and Obtain；

Described platform management layer 20 is for managing by the data after data safe processing resume module, including be sequentially connected with Information storage module 21, classification of service management module 22 and service query and search module 23:

(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage Resource pool also coordinates configuration storage resource；

(2) classification of service management module 22, for the service with similar features being classified and forming service catalogue, The algorithm used is:

It is provided with services set F={f₁,…,f_n, m the attribute of each service in services set describes, then have f_i= (f_i1,…,f_im), f_i∈R^m, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n；

Step1 determines cluster number k, randomly chooses k object { t₁,…,t_kAs cluster centre, then there is t_j= (t_j1,…,t_jm), t_j∈R^m, wherein, j=1 ..., k；

Step2 is for each service f_i, calculate its corresponding classification:

$c_i=\arg \underset{j}{max}\frac{{\mathrm{\Σ}}_{l=1}^m(f_{il}\×t_{jl})}{\sqrt{{\mathrm{\Σ}}_{l=1}^m{f}_{il}^2}\×\sqrt{{\mathrm{\Σ}}_{l=1}^m{t}_{il}^2}}$

In formula, c_iRepresent service f_iThe class closest with k apoplexy due to endogenous wind, as the c meeting condition_iMore than one, then service f_i The most corresponding multiple classification；

Step3, for each cluster j, recalculates such cluster centre:

When the service contained in cluster j is all pertaining only to a class, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

When cluster j has service to belong simultaneously to w classification, then have:

$t_j:=\frac{{\mathrm{\Σ}}_{i=1}^{n}1\{c_i=j\}{f}_i-{\mathrm{\Σ}}_{i=1}^n\frac{w-1}{w}\{c_i=j_w\}{f}_i}{{\mathrm{\Σ}}_{i=1}^{n}1\{c_i=j\}}$

In formula, { c_i=j} represents the service corresponding to clustering j, { c_i=j_wExpression service is simultaneously corresponding to w cluster, its In 2≤w≤k；

Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | t_{After j}-t_{Before j}| |, t_{After j}After for once Cluster centre, t_{Before j}For a front cluster centre, according to actual application settings threshold value T, when meeting d ＜ T, stop cluster；

Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, shape on the basis of first class catalogue Become multistage catalogue；

(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information Retrieval, the algorithm of employing is:

Step1 is for the service f in services set_iIf comprising Feature Words C₁,…,C_q, determine individual features word weights δ₁,…,δ_q,tC_qRepresent Feature Words C_qAt service f_iThe number of times of middle appearance, n is the clothes comprised in services set Business sum, n_qRepresent in services set and comprise Feature Words C_qService number, then service vector is represented by:

$\stackrel{\→}{f_i}=({\mathrm{\δ}}_1,...,{\mathrm{\δ}}_q)$

Step2 is for retrieval request A_iIn comprise represent service Feature Words C₁,…,C_s, and determine individual features word weights σ₁,…,σ_s,tC_sRepresent Feature Words C_sAt service f_iThe number of times of middle appearance, maxtC_sRepresent Feature Words C_s The maximum of the number of times occurred in all services, n is the service sum comprised in services set, n_sRepresent in services set and comprise spy Levy word C_sService number, then retrieval request vector is represented by:

$\stackrel{\→}{A_i}=({\mathrm{\σ}}_1,...,{\mathrm{\σ}}_s)$

Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, to service and inspection The Feature Words not having in rope request, its corresponding weights are 0, now haveAsk WithEuclidean distance, provides services to user according to order from small to large；

Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver pair Information on services preserves, and provides client to use；

Described data safe processing layer 40, connecting platform interface layer and platform management level, for using in platform interface layer Carry out backing up and be uploaded to described platform management layer after the data set key encryption of the data separate self-generating that family is issued, carry simultaneously Take, upload the metamessage of data, and be sent to described number after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts According to service layer, utilize data set key described in master key encryption and described metamessage key after be sent to described data service layer；

Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safety Process metamessage and key information that layer encryption is uploaded, and provide data set access to support by Platform deployment layer, and ciphertext Retrieval and the data service for checking credentials are supported.

Further, described Platform deployment layer 30 includes accessing safety control module 31, described access safety control module 31 include that access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information are visited Ask control unit；Described data access authority control unit is for controlling the access rights of user, described data access flow control Unit processed is for controlling the flow of user accesses data, and described data access transmission control unit is for adding data transmission Close and safety certification controls, and described sensitive information access control unit is for being monitored the behavior accessing sensitive information and give With alarm, and the operation for abnormal access limits.

Wherein, in described data access transmission control unit, for safety certification control, mouth is added including based on iris identification The safety certification of order and safety certification based on fingerprint recognition encrypting key.

Wherein, described cloud information includes data set name, data set size and data set key word.

The present embodiment arranges information sharing service platform based on cloud computing, efficiently solves centralized service management and causes Pressure concentrate, a large amount of services are difficult to the problems such as management；Configuration information memory module, after it uses cloud storage system to be encrypted The storage of data, it is not necessary to understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, save Time cost and carrying cost；Configuration information safety service platform, by data safe processing layer and data service layer to data It is encrypted, improves information security degree；Access safety control module is set in Platform deployment layer, substantially increases letter The safety of the big data management system of breath safety；Classification of service management module is set, by creating service catalogue, solves in the past The low problem with consuming time length of retrieval rate, and service-seeking retrieval module is set, use vector index algorithm, improve Retrieval accuracy, it is achieved that the retrieval that service name and service function match, wherein describes each service in services set Attribute number m value is 4, and retrieval rate improves 0.4% relatively, and efficiency improves 0.5% relatively.

Embodiment 2

See Fig. 1, the method building information service platform based on cloud computing of the present embodiment, it is characterized in that, including cloud meter Calculation securely achieves and platform construction, and cloud computing securely achieves employing following methods:

Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center, Storage total user key " base " ciphertext.

Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in The working area that network application server user is corresponding,

Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.

Preferably, platform construction includes that information sharing service platform builds and information security services platform construction, described letter Breath sharing service platform includes platform interface layer 10, platform management layer 20 and platform deployment tier 30, and described information security services is put down Platform includes data safe processing layer 40 and data service layer 50；

Described platform interface layer 10 is by externally providing unified interface, it is achieved user carry out the issue of data, inquiry and Obtain；

Described platform management layer 20 is for managing by the data after data safe processing resume module, including be sequentially connected with Information storage module 21, classification of service management module 22 and service query and search module 23:

(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage Resource pool also coordinates configuration storage resource；

(2) classification of service management module 22, for the service with similar features being classified and forming service catalogue, The algorithm used is:

It is provided with services set F={f₁,…,f_n, m the attribute of each service in services set describes, then have f_i= (f_i1,…,f_im), f_i∈R^m, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n；

Step1 determines cluster number k, randomly chooses k object { t₁,…,t_kAs cluster centre, then there is t_j= (t_j1,…,t_jm), t_j∈R^m, wherein, j=1 ..., k；

Step2 is for each service f_i, calculate its corresponding classification:

$c_i=\arg \underset{j}{max}\frac{{\mathrm{\Σ}}_{l=1}^m(f_{il}\×t_{jl})}{\sqrt{{\mathrm{\Σ}}_{l=1}^m{f}_{il}^2}\×\sqrt{{\mathrm{\Σ}}_{l=1}^m{t}_{il}^2}}$

In formula, c_iRepresent service f_iThe class closest with k apoplexy due to endogenous wind, as the c meeting condition_iMore than one, then service f_i The most corresponding multiple classification；

Step3, for each cluster j, recalculates such cluster centre:

When the service contained in cluster j is all pertaining only to a class, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

When cluster j has service to belong simultaneously to w classification, then have:

$t_j:=\frac{{\mathrm{\Σ}}_{i=1}^{n}1\{c_i=j\}{f}_i-{\mathrm{\Σ}}_{i=1}^n\frac{w-1}{w}\{c_i=j_w\}{f}_i}{{\mathrm{\Σ}}_{i=1}^{n}1\{c_i=j\}}$

In formula, { c_i=j} represents the service corresponding to clustering j, { c_i=j_wExpression service is simultaneously corresponding to w cluster, its In 2≤w≤k；

Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | t_{After j}-t_{Before j}| |, t_{After j}After for once Cluster centre, t_{Before j}For a front cluster centre, according to actual application settings threshold value T, when meeting d ＜ T, stop cluster；

Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, shape on the basis of first class catalogue Become multistage catalogue；

(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information Retrieval, the algorithm of employing is:

Step1 is for the service f in services set_iIf comprising Feature Words C₁,…,C_q, determine individual features word weights δ₁,…,δ_q,tC_qRepresent Feature Words C_qAt service f_iThe number of times of middle appearance, n is the clothes comprised in services set Business sum, n_qRepresent in services set and comprise Feature Words C_qService number, then service vector is represented by:

$\stackrel{\→}{f_i}=({\mathrm{\δ}}_1,...,{\mathrm{\δ}}_q)$

Step2 is for retrieval request A_iIn comprise represent service Feature Words C₁,…,C_s, and determine individual features word weights σ₁,…,σ_s,tC_sRepresent Feature Words C_sAt service f_iThe number of times of middle appearance, maxtC_sRepresent Feature Words C_s The maximum of the number of times occurred in all services, n is the service sum comprised in services set, n_sRepresent in services set and comprise spy Levy word C_sService number, then retrieval request vector is represented by:

$\stackrel{\→}{A_i}=({\mathrm{\σ}}_1,...,{\mathrm{\σ}}_s)$

Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, to service and inspection The Feature Words not having in rope request, its corresponding weights are 0, now haveAsk WithEuclidean distance, provides services to user according to order from small to large；

Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver pair Information on services preserves, and provides client to use；

Described data safe processing layer 40, connecting platform interface layer and platform management level, for using in platform interface layer Carry out backing up and be uploaded to described platform management layer after the data set key encryption of the data separate self-generating that family is issued, carry simultaneously Take, upload the metamessage of data, and be sent to described number after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts According to service layer, utilize data set key described in master key encryption and described metamessage key after be sent to described data service layer；

Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safety Process metamessage and key information that layer encryption is uploaded, and provide data set access to support by Platform deployment layer, and ciphertext Retrieval and the data service for checking credentials are supported.

Further, described Platform deployment layer 30 includes accessing safety control module 31, described access safety control module 31 include that access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information are visited Ask control unit；Described data access authority control unit is for controlling the access rights of user, described data access flow control Unit processed is for controlling the flow of user accesses data, and described data access transmission control unit is for adding data transmission Close and safety certification controls, and described sensitive information access control unit is for being monitored the behavior accessing sensitive information and give With alarm, and the operation for abnormal access limits.

Wherein, in described data access transmission control unit, for safety certification control, mouth is added including based on iris identification The safety certification of order and safety certification based on fingerprint recognition encrypting key.

Wherein, described cloud information includes data set name, data set size and data set key word.

The present embodiment arranges information sharing service platform based on cloud computing, efficiently solves centralized service management and causes Pressure concentrate, a large amount of services are difficult to the problems such as management；Configuration information memory module, after it uses cloud storage system to be encrypted The storage of data, it is not necessary to understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, save Time cost and carrying cost；Configuration information safety service platform, by data safe processing layer and data service layer to data It is encrypted, improves information security degree；Access safety control module is set in Platform deployment layer, substantially increases letter The safety of the big data management system of breath safety；Classification of service management module is set, by creating service catalogue, solves in the past The low problem with consuming time length of retrieval rate, and service-seeking retrieval module is set, use vector index algorithm, improve Retrieval accuracy, it is achieved that the retrieval that service name and service function match, wherein describes each service in services set Attribute number m value is 5, and retrieval rate improves 0.45% relatively, and efficiency improves 0.4% relatively.

Embodiment 3

See Fig. 1, the method building information service platform based on cloud computing of the present embodiment, it is characterized in that, including cloud meter Calculation securely achieves and platform construction, and cloud computing securely achieves employing following methods:

Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center, Storage total user key " base " ciphertext.

Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in The working area that network application server user is corresponding,

Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.

Preferably, platform construction includes that information sharing service platform builds and information security services platform construction, described letter Breath sharing service platform includes platform interface layer 10, platform management layer 20 and platform deployment tier 30, and described information security services is put down Platform includes data safe processing layer 40 and data service layer 50；

Described platform interface layer 10 is by externally providing unified interface, it is achieved user carry out the issue of data, inquiry and Obtain；

Described platform management layer 20 is for managing by the data after data safe processing resume module, including be sequentially connected with Information storage module 21, classification of service management module 22 and service query and search module 23:

(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage Resource pool also coordinates configuration storage resource；

(2) classification of service management module 22, for the service with similar features being classified and forming service catalogue, The algorithm used is:

It is provided with services set F={f₁,…,f_n, m the attribute of each service in services set describes, then have f_i= (f_i1,…,f_im), f_i∈R^m, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n；

Step1 determines cluster number k, randomly chooses k object { t₁,…,t_kAs cluster centre, then there is t_j= (t_j1,…,t_jm), t_j∈R^m, wherein, j=1 ..., k；

Step2 is for each service f_i, calculate its corresponding classification:

$c_i=\arg \underset{j}{max}\frac{{\mathrm{\Σ}}_{l=1}^m(f_{il}\×t_{jl})}{\sqrt{{\mathrm{\Σ}}_{l=1}^m{f}_{il}^2}\×\sqrt{{\mathrm{\Σ}}_{l=1}^m{t}_{il}^2}}$

In formula, c_iRepresent service f_iThe class closest with k apoplexy due to endogenous wind, as the c meeting condition_iMore than one, then service f_i The most corresponding multiple classification；

Step3, for each cluster j, recalculates such cluster centre:

When the service contained in cluster j is all pertaining only to a class, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

When cluster j has service to belong simultaneously to w classification, then have:

$t_j:=\frac{{\mathrm{\Σ}}_{i=1}^{n}1\{c_i=j\}{f}_i-{\mathrm{\Σ}}_{i=1}^n\frac{w-1}{w}\{c_i=j_w\}{f}_i}{{\mathrm{\Σ}}_{i=1}^{n}1\{c_i=j\}}$

In formula, { c_i=j} represents the service corresponding to clustering j, { c_i=j_wExpression service is simultaneously corresponding to w cluster, its In 2≤w≤k；

Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | t_{After j}-t_{Before j}| |, t_{After j}After for once Cluster centre, t_{Before j}For a front cluster centre, according to actual application settings threshold value T, when meeting d ＜ T, stop cluster；

Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, shape on the basis of first class catalogue Become multistage catalogue；

(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information Retrieval, the algorithm of employing is:

Step1 is for the service f in services set_iIf comprising Feature Words C₁,…,C_q, determine individual features word weights δ₁,…,δ_q,tC_qRepresent Feature Words C_qAt service f_iThe number of times of middle appearance, n is the clothes comprised in services set Business sum, n_qRepresent in services set and comprise Feature Words C_qService number, then service vector is represented by:

$\stackrel{\→}{f_i}=({\mathrm{\δ}}_1,...,{\mathrm{\δ}}_q)$

Step2 is for retrieval request A_iIn comprise represent service Feature Words C₁,…,C_s, and determine individual features word weights σ₁,…,σ_s,tC_sRepresent Feature Words C_sAt service f_iThe number of times of middle appearance, maxtC_sRepresent Feature Words C_s The maximum of the number of times occurred in all services, n is the service sum comprised in services set, n_sRepresent in services set and comprise spy Levy word C_sService number, then retrieval request vector is represented by:

$\stackrel{\→}{A_i}=({\mathrm{\σ}}_1,...,{\mathrm{\σ}}_s)$

Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, to service and inspection The Feature Words not having in rope request, its corresponding weights are 0, now haveAsk WithEuclidean distance, provides services to user according to order from small to large；

Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver pair Information on services preserves, and provides client to use；

Described data safe processing layer 40, connecting platform interface layer and platform management level, for using in platform interface layer Carry out backing up and be uploaded to described platform management layer after the data set key encryption of the data separate self-generating that family is issued, carry simultaneously Take, upload the metamessage of data, and be sent to described number after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts According to service layer, utilize data set key described in master key encryption and described metamessage key after be sent to described data service layer；

Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safety Process metamessage and key information that layer encryption is uploaded, and provide data set access to support by Platform deployment layer, and ciphertext Retrieval and the data service for checking credentials are supported.

Further, described Platform deployment layer 30 includes accessing safety control module 31, described access safety control module 31 include that access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information are visited Ask control unit；Described data access authority control unit is for controlling the access rights of user, described data access flow control Unit processed is for controlling the flow of user accesses data, and described data access transmission control unit is for adding data transmission Close and safety certification controls, and described sensitive information access control unit is for being monitored the behavior accessing sensitive information and give With alarm, and the operation for abnormal access limits.

Wherein, in described data access transmission control unit, for safety certification control, mouth is added including based on iris identification The safety certification of order and safety certification based on fingerprint recognition encrypting key.

Wherein, described cloud information includes data set name, data set size and data set key word.

The present embodiment arranges information sharing service platform based on cloud computing, efficiently solves centralized service management and causes Pressure concentrate, a large amount of services are difficult to the problems such as management；Configuration information memory module, after it uses cloud storage system to be encrypted The storage of data, it is not necessary to understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, save Time cost and carrying cost；Configuration information safety service platform, by data safe processing layer and data service layer to data It is encrypted, improves information security degree；Access safety control module is set in Platform deployment layer, substantially increases letter The safety of the big data management system of breath safety；Classification of service management module is set, by creating service catalogue, solves in the past The low problem with consuming time length of retrieval rate, and service-seeking retrieval module is set, use vector index algorithm, improve Retrieval accuracy, it is achieved that the retrieval that service name and service function match, wherein describes each service in services set Attribute number m value is 6, and retrieval rate improves 0.6% relatively, and efficiency improves 0.35% relatively.

Embodiment 4

See Fig. 1, the method building information service platform based on cloud computing of the present embodiment, it is characterized in that, including cloud meter Calculation securely achieves and platform construction, and cloud computing securely achieves employing following methods:

Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center, Storage total user key " base " ciphertext.

Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in The working area that network application server user is corresponding,

Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.

Preferably, platform construction includes that information sharing service platform builds and information security services platform construction, described letter Breath sharing service platform includes platform interface layer 10, platform management layer 20 and platform deployment tier 30, and described information security services is put down Platform includes data safe processing layer 40 and data service layer 50；

Described platform interface layer 10 is by externally providing unified interface, it is achieved user carry out the issue of data, inquiry and Obtain；

Described platform management layer 20 is for managing by the data after data safe processing resume module, including be sequentially connected with Information storage module 21, classification of service management module 22 and service query and search module 23:

(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage Resource pool also coordinates configuration storage resource；

(2) classification of service management module 22, for the service with similar features being classified and forming service catalogue, The algorithm used is:

It is provided with services set F={f₁,…,f_n, m the attribute of each service in services set describes, then have f_i= (f_i1,…,f_im), f_i∈R^m, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n；

Step1 determines cluster number k, randomly chooses k object { t₁,…,t_kAs cluster centre, then there is t_j= (t_j1,…,t_jm), t_j∈R^m, wherein, j=1 ..., k；

Step2 is for each service f_i, calculate its corresponding classification:

$c_i=\arg \underset{j}{max}\frac{{\mathrm{\Σ}}_{l=1}^m(f_{il}\×t_{jl})}{\sqrt{{\mathrm{\Σ}}_{l=1}^m{f}_{il}^2}\×\sqrt{{\mathrm{\Σ}}_{l=1}^m{t}_{il}^2}}$

In formula, c_iRepresent service f_iThe class closest with k apoplexy due to endogenous wind, as the c meeting condition_iMore than one, then service f_i The most corresponding multiple classification；

Step3, for each cluster j, recalculates such cluster centre:

When the service contained in cluster j is all pertaining only to a class, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

When cluster j has service to belong simultaneously to w classification, then have:

$t_j:=\frac{{\mathrm{\Σ}}_{i=1}^{n}1\{c_i=j\}{f}_i-{\mathrm{\Σ}}_{i=1}^n\frac{w-1}{w}\{c_i=j_w\}{f}_i}{{\mathrm{\Σ}}_{i=1}^{n}1\{c_i=j\}}$

In formula, { c_i=j} represents the service corresponding to clustering j, { c_i=j_wExpression service is simultaneously corresponding to w cluster, its In 2≤w≤k；

Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | t_{After j}-t_{Before j}| |, t_{After j}After for once Cluster centre, t_{Before j}For a front cluster centre, according to actual application settings threshold value T, when meeting d ＜ T, stop cluster；

Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, shape on the basis of first class catalogue Become multistage catalogue；

(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information Retrieval, the algorithm of employing is:

Step1 is for the service f in services set_iIf comprising Feature Words C₁,…,C_q, determine individual features word weights δ₁,…,δ_q,tC_qRepresent Feature Words C_qAt service f_iThe number of times of middle appearance, n is the clothes comprised in services set Business sum, n_qRepresent in services set and comprise Feature Words C_qService number, then service vector is represented by:

$\stackrel{\→}{f_i}=({\mathrm{\δ}}_1,...,{\mathrm{\δ}}_q)$

Step2 is for retrieval request A_iIn comprise represent service Feature Words C₁,…,C_s, and determine individual features word weights σ₁,…,σ_s,tC_sRepresent Feature Words C_sAt service f_iThe number of times of middle appearance, maxtC_sRepresent Feature Words C_s The maximum of the number of times occurred in all services, n is the service sum comprised in services set, n_sRepresent in services set and comprise spy Levy word C_sService number, then retrieval request vector is represented by:

$\stackrel{\→}{A_i}=({\mathrm{\σ}}_1,...,{\mathrm{\σ}}_s)$

Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, to service and inspection The Feature Words not having in rope request, its corresponding weights are 0, now haveAsk WithEuclidean distance, provides services to user according to order from small to large；

Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver pair Information on services preserves, and provides client to use；

Described data safe processing layer 40, connecting platform interface layer and platform management level, for using in platform interface layer Carry out backing up and be uploaded to described platform management layer after the data set key encryption of the data separate self-generating that family is issued, carry simultaneously Take, upload the metamessage of data, and be sent to described number after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts According to service layer, utilize data set key described in master key encryption and described metamessage key after be sent to described data service layer；

Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safety Process metamessage and key information that layer encryption is uploaded, and provide data set access to support by Platform deployment layer, and ciphertext Retrieval and the data service for checking credentials are supported.

Further, described Platform deployment layer 30 includes accessing safety control module 31, described access safety control module 31 include that access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information are visited Ask control unit；Described data access authority control unit is for controlling the access rights of user, described data access flow control Unit processed is for controlling the flow of user accesses data, and described data access transmission control unit is for adding data transmission Close and safety certification controls, and described sensitive information access control unit is for being monitored the behavior accessing sensitive information and give With alarm, and the operation for abnormal access limits.

Wherein, in described data access transmission control unit, for safety certification control, mouth is added including based on iris identification The safety certification of order and safety certification based on fingerprint recognition encrypting key.

Wherein, described cloud information includes data set name, data set size and data set key word.

The present embodiment arranges information sharing service platform based on cloud computing, efficiently solves centralized service management and causes Pressure concentrate, a large amount of services are difficult to the problems such as management；Configuration information memory module, after it uses cloud storage system to be encrypted The storage of data, it is not necessary to understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, save Time cost and carrying cost；Configuration information safety service platform, by data safe processing layer and data service layer to data It is encrypted, improves information security degree；Access safety control module is set in Platform deployment layer, substantially increases letter The safety of the big data management system of breath safety；Classification of service management module is set, by creating service catalogue, solves in the past The low problem with consuming time length of retrieval rate, and service-seeking retrieval module is set, use vector index algorithm, improve Retrieval accuracy, it is achieved that the retrieval that service name and service function match, wherein describes each service in services set Attribute number m value is 7, and retrieval rate improves 0.7% relatively, and efficiency improves 0.32% relatively.

Embodiment 5

See Fig. 1, the method building information service platform based on cloud computing of the present embodiment, it is characterized in that, including cloud meter Calculation securely achieves and platform construction, and cloud computing securely achieves employing following methods:

Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use intelligence Block the hardware device as client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and add Close system, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity certification association View, digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, certification at network application server end Center is made up of, in certification insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment The heart uses symmetric cryptographic algorithm to set up authentication center's end encryption system, and in encrypted card or encryption equipment chip, write is symmetrical close Code algorithm, digest algorithm, one group of storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification association Negotiation enciphering/deciphering agreement, and the key " base " of super manager, at server key " base " lane database of authentication center, Storage total user key " base " ciphertext.

Preferably, total user key " base " is used the storage key K in encrypted card or encryption equipment chip to encrypt in advance Becoming ciphertext, set up the Rights Management System of user in network application server, share out the work district for user, user is in client Use smart card, by the identity authentication protocol logging in network application server in intelligent card chip, and according to rights management system System, the working area that the network application server user of entrance is corresponding, user uses smart card in client, by the file of client It is digitally signed, re-encrypts into ciphertext, digital signature is submitted to network application server user corresponding with cryptograph files Working area, the cryptograph files delivered to is decrypted and data integrity validation by authentication center, legal clear text file is left in The working area that network application server user is corresponding,

Preferably, identity authentication protocol, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetry Cryptographic algorithm and combination key technology are set up, and combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group with Machine number, in the table form a group key " base ", element is chosen, and the element selected is merged into one group of symmetric key, as Enciphering/deciphering key, certification key or signature key, thus, it is achieved under non-cloud computing environment, client and network english teaching Authenticating user identification, data integrity authentication and Data Encryption Transmission between device end.

Preferably, platform construction includes that information sharing service platform builds and information security services platform construction, described letter Breath sharing service platform includes platform interface layer 10, platform management layer 20 and platform deployment tier 30, and described information security services is put down Platform includes data safe processing layer 40 and data service layer 50；

Described platform interface layer 10 is by externally providing unified interface, it is achieved user carry out the issue of data, inquiry and Obtain；

Described platform management layer 20 is for managing by the data after data safe processing resume module, including be sequentially connected with Information storage module 21, classification of service management module 22 and service query and search module 23:

(1) information storage module 21, it uses cloud storage system to be encrypted the storage of rear data, forms virtual storage Resource pool also coordinates configuration storage resource；

(2) classification of service management module 22, for the service with similar features being classified and forming service catalogue, The algorithm used is:

It is provided with services set F={f₁,…,f_n, m the attribute of each service in services set describes, then have f_i= (f_i1,…,f_im), f_i∈R^m, wherein, R represents real number, and the span of m is [4,8], i=1 ..., n；

Step1 determines cluster number k, randomly chooses k object { t₁,…,t_kAs cluster centre, then there is t_j= (t_j1,…,t_jm), t_j∈R^m, wherein, j=1 ..., k；

Step2 is for each service f_i, calculate its corresponding classification:

$c_i=\arg \underset{j}{max}\frac{{\mathrm{\Σ}}_{l=1}^m(f_{il}\×t_{jl})}{\sqrt{{\mathrm{\Σ}}_{l=1}^m{f}_{il}^2}\×\sqrt{{\mathrm{\Σ}}_{l=1}^m{t}_{il}^2}}$

In formula, c_iRepresent service f_iThe class closest with k apoplexy due to endogenous wind, as the c meeting condition_iMore than one, then service f_i The most corresponding multiple classification；

Step3, for each cluster j, recalculates such cluster centre:

When the service contained in cluster j is all pertaining only to a class, then have:

$t_j:=\frac{{\Σ}_{i=1}^{n}1\{c_i=j\}{f}_i}{{\Σ}_{i=1}^{n}1\{c_i=j\}}$

When cluster j has service to belong simultaneously to w classification, then have:

$t_j:=\frac{{\mathrm{\Σ}}_{i=1}^{n}1\{c_i=j\}{f}_i-{\mathrm{\Σ}}_{i=1}^n\frac{w-1}{w}\{c_i=j_w\}{f}_i}{{\mathrm{\Σ}}_{i=1}^{n}1\{c_i=j\}}$

In formula, { c_i=j} represents the service corresponding to clustering j, { c_i=j_wExpression service is simultaneously corresponding to w cluster, its In 2≤w≤k；

Step4 repeats step2 and step3, front and back distance d=of twice cluster centre | | t_{After j}-t_{Before j}| |, t_{After j}After for once Cluster centre, t_{Before j}For a front cluster centre, according to actual application settings threshold value T, when meeting d ＜ T, stop cluster；

Utilize above-mentioned algorithm, in service class, continue cluster can refine classification of service, shape on the basis of first class catalogue Become multistage catalogue；

(3) service-seeking retrieval module 23, for being exactly found the information of needs in magnanimity information, thus completes information Retrieval, the algorithm of employing is:

Step1 is for the service f in services set_iIf comprising Feature Words C₁,…,C_q, determine individual features word weights δ₁,…,δ_q,tC_qRepresent Feature Words C_qAt service f_iThe number of times of middle appearance, n is the clothes comprised in services set Business sum, n_qRepresent in services set and comprise Feature Words C_qService number, then service vector is represented by:

$\stackrel{\→}{f_i}=({\mathrm{\δ}}_1,...,{\mathrm{\δ}}_q)$

Step2 is for retrieval request A_iIn comprise represent service Feature Words C₁,…,C_s, and determine individual features word weights σ₁,…,σ_s,tC_sRepresent Feature Words C_sAt service f_iThe number of times of middle appearance, maxtC_sRepresent Feature Words C_s The maximum of the number of times occurred in all services, n is the service sum comprised in services set, n_sRepresent in services set and comprise spy Levy word C_sService number, then retrieval request vector is represented by:

$\stackrel{\→}{A_i}=({\mathrm{\σ}}_1,...,{\mathrm{\σ}}_s)$

Step3 determines feature word space Feature Words number d, will service and retrieval request vector standardization, to service and inspection The Feature Words not having in rope request, its corresponding weights are 0, now haveAsk WithEuclidean distance, provides services to user according to order from small to large；

Described Platform deployment layer 30 is used for setting up service management center, on-premise network server, uses the webserver pair Information on services preserves, and provides client to use；

Described data safe processing layer 40, connecting platform interface layer and platform management level, for using in platform interface layer Carry out backing up and be uploaded to described platform management layer after the data set key encryption of the data separate self-generating that family is issued, carry simultaneously Take, upload the metamessage of data, and be sent to described number after utilizing the metamessage encryption that the metamessage double secret key of self-generating extracts According to service layer, utilize data set key described in master key encryption and described metamessage key after be sent to described data service layer；

Described data service layer 50, connects data safe processing layer and platform deployment tier, is used for storing described data safety Process metamessage and key information that layer encryption is uploaded, and provide data set access to support by Platform deployment layer, and ciphertext Retrieval and the data service for checking credentials are supported.

Further, described Platform deployment layer 30 includes accessing safety control module 31, described access safety control module 31 include that access privilege control unit, data access flow control unit, data access transmission control unit and sensitive information are visited Ask control unit；Described data access authority control unit is for controlling the access rights of user, described data access flow control Unit processed is for controlling the flow of user accesses data, and described data access transmission control unit is for adding data transmission Close and safety certification controls, and described sensitive information access control unit is for being monitored the behavior accessing sensitive information and give With alarm, and the operation for abnormal access limits.

Wherein, in described data access transmission control unit, for safety certification control, mouth is added including based on iris identification The safety certification of order and safety certification based on fingerprint recognition encrypting key.

Wherein, described cloud information includes data set name, data set size and data set key word.

The present embodiment arranges information sharing service platform based on cloud computing, efficiently solves centralized service management and causes Pressure concentrate, a large amount of services are difficult to the problems such as management；Configuration information memory module, after it uses cloud storage system to be encrypted The storage of data, it is not necessary to understand concrete storing device information, it is not necessary to consider the problem such as data backup and redundancy, save Time cost and carrying cost；Configuration information safety service platform, by data safe processing layer and data service layer to data It is encrypted, improves information security degree；Access safety control module is set in Platform deployment layer, substantially increases letter The safety of the big data management system of breath safety；Classification of service management module is set, by creating service catalogue, solves in the past The low problem with consuming time length of retrieval rate, and service-seeking retrieval module is set, use vector index algorithm, improve Retrieval accuracy, it is achieved that the retrieval that service name and service function match, wherein describes each service in services set Attribute number m value is 8, and retrieval rate improves 0.9% relatively, and efficiency improves 0.3% relatively.

Last it should be noted that, above example is only in order to illustrate technical scheme, rather than the present invention is protected Protecting the restriction of scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention Matter and scope.

Claims (3)

1. the method building information service platform based on cloud computing, is characterized in that, securely achieve and platform structure including cloud computing Building, cloud computing securely achieves employing following methods:

Use chip hardware equipment, symmetric cryptographic algorithm and combination key technology, under non-cloud computing environment, use smart card to make For the hardware device of client encryption system, in the chip of smart card, use symmetric cryptographic algorithm to set up client and encrypt system System, and write symmetric cryptographic algorithm, digest algorithm, combination key generating algorithm, key " base ", client identity authentication protocol, Digital signature protocol, signature verification agreement, enciphering/deciphering agreement, set up authentication center, authentication center at network application server end It is made up of insertion polylith encrypted card in multiple servers, every station server or access multiple stage encryption equipment equipment, makes in authentication center Setting up authentication center's end encryption system with symmetric cryptographic algorithm, in encrypted card or encryption equipment chip, write symmetric cryptography is calculated Method, digest algorithm, one group storage key K, authentication center's end identity authentication protocol, digital signature protocol, signature verification agreement and Enciphering/deciphering agreement, and the key " base " of super manager, in server key " base " lane database of authentication center, storage Total user key " base " ciphertext.

The method building information service platform based on cloud computing the most according to claim 1, is characterized in that, total user is close Key " base " is used the storage key K in encrypted card or encryption equipment chip to be encrypted to ciphertext, in network application server in advance Setting up the Rights Management System of user, share out the work district for user, user uses smart card in client, passes through intelligent card chip In identity authentication protocol logging in network application server, and according to Rights Management System, the network application server of entrance is used The working area that family is corresponding, user uses smart card in client, is digitally signed by the file of client, re-encrypts into close Literary composition, be submitted to the working area that network application server user is corresponding by digital signature with cryptograph files, and authentication center is to delivering to Cryptograph files is decrypted and data integrity validation, leaves legal clear text file in network application server user corresponding Working area.

The method building information service platform based on cloud computing the most according to claim 2, is characterized in that, authentication is assisted View, digital signature protocol, signature verification agreement and enciphering/deciphering agreement, all use symmetric cryptographic algorithm and combination key technology to build Vertical, combination key technology is to use a kind of combination key generating algorithm, it may be assumed that by one group of random number, form a group key " base " Table in element choose, the element selected is merged into one group of symmetric key, as enciphering/deciphering key, certification key or Signature key, thus, it is achieved under non-cloud computing environment, the user identity between client and network application server end is recognized Card, data integrity authentication and Data Encryption Transmission.