CN106356066A - Speech recognition system based on cloud computing - Google Patents
Speech recognition system based on cloud computing Download PDFInfo
- Publication number
- CN106356066A CN106356066A CN201610772047.9A CN201610772047A CN106356066A CN 106356066 A CN106356066 A CN 106356066A CN 201610772047 A CN201610772047 A CN 201610772047A CN 106356066 A CN106356066 A CN 106356066A
- Authority
- CN
- China
- Prior art keywords
- data
- speech
- speech recognition
- cloud
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G10—MUSICAL INSTRUMENTS; ACOUSTICS
- G10L—SPEECH ANALYSIS OR SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING; SPEECH OR AUDIO CODING OR DECODING
- G10L15/00—Speech recognition
- G10L15/28—Constructional details of speech recognition systems
- G10L15/30—Distributed recognition, e.g. in client-server systems, for mobile phones or network applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Acoustics & Sound (AREA)
- Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Multimedia (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Computational Linguistics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a speech recognition system based on cloud computing. The speech recognition system comprises a speech input module, a load balancing control module, a speech recognition platform and a speech cloud database, wherein the speech input module is used for inputting to-be-recognized speech data and transmitting the speech data to the load balancing control module; the speech recognition platform comprises multiple speech recognition servers, and the load balancing control module is used for dynamically allocating speech recognition tasks to idle speech recognition servers for recognition according to load of the speech recognition servers; the speech cloud database is used for storing a speech library template of a hidden Markov model, and the speech recognition servers quickly compare the to-be-recognized speech data with data in the speech cloud database and return recognition results to users. With the adoption of the speech recognition system, the problems of low recognition rate, slow access response and the like of speech recognition systems can be effectively solved, the comparison running time is prolonged, and the adaptability is wide.
Description
Technical field
The present invention relates to technical field of voice recognition is and in particular to a kind of speech recognition system based on cloud computing.
Background technology
In correlation technique, speech recognition technology can be only applied to limited scope, this is because, due to hardware device, number
According to the restriction of the factors such as amount of storage, region, once data increase is increased by a lot of run times, remote speech identification is difficult to real
Now the suitability of therefore speech recognition technology is very narrow.
Content of the invention
For solving the above problems, the present invention is intended to provide a kind of speech recognition system based on cloud computing.
The purpose of the present invention employs the following technical solutions to realize:
Provide a kind of speech recognition system based on cloud computing, including voice input module, load balancing control module,
Speech recognition platforms, speech cloud data base, voice input module is connected with load balancing control module, load balancing control module
It is connected with speech recognition platforms, speech recognition platforms are connected with speech cloud data base;Described voice input module is used for input to be needed
Speech data to be identified, and speech data is sent to described load balancing control module;Described speech recognition platforms include
Multiple speech recognition servers, described load balancing control module is used for speech recognition according to the load of speech recognition server
Task dynamically distributes are identified to idle speech recognition server;Described speech cloud data base is used for storing hidden Ma Erke
The voice library template of husband's model, the speech data needing identification is entered by speech recognition server with the data in speech cloud data base
Row is quick to be compared, and is that user returns recognition result in time.
The invention has the benefit that can the discrimination that exists of the speech recognition system in effectively solving correlation technique low,
The problems such as storage and the access response that causes of computing resource anxiety are slow, not only increases contrast run time, and the suitability is wide,
Thus solving above-mentioned technical problem.
Brief description
Using accompanying drawing, the invention will be further described, but the embodiment in accompanying drawing does not constitute any limit to the present invention
System, for those of ordinary skill in the art, on the premise of not paying creative work, can also obtain according to the following drawings
Other accompanying drawings.
Fig. 1 is present configuration connection diagram.
Fig. 2 is the structural representation of data safety management system of the present invention.
Reference:
Voice input module 1, load balancing control module 2, speech recognition platforms 3, data safety management system 4, voice
Cloud data base 5, data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43, safety
Administrative center 44.
Specific embodiment
The invention will be further described with the following Examples.
Application scenarios 1
Referring to Fig. 1, Fig. 2, the speech recognition system based on cloud computing of an embodiment of this application scene, including voice
Input module 1, load balancing control module 2, speech recognition platforms 3, speech cloud data base 5, voice input module 1 is with load all
Weighing apparatus control module 2 connects, and load balancing control module 2 is connected with speech recognition platforms 3, speech recognition platforms 3 and speech cloud number
Connect according to storehouse 5;Described voice input module 1 is used for input needs the speech data of identification, and speech data is sent to described
Load balancing control module 2;Described speech recognition platforms 3 include multiple speech recognition servers, and described load balancing controls mould
Block 2 is for the load according to speech recognition server by voice recognition tasks dynamically distributes to idle speech recognition server
It is identified;Described speech cloud data base 5 is used for storing the voice library template of HMM, and speech recognition server will
The speech data needing identification is quickly compared with the data in speech cloud data base 5, is that user returns identification knot in time
Really.、
Preferably, described speech recognition platforms 3 include at least two voices knowledges that can separately provide speech identifying function
Other server.
The above embodiment of the present invention can the discrimination that exists of the speech recognition system in effectively solving correlation technique be low, storage
The problems such as slow with the access response that computing resource anxiety causes, not only increase contrast run time, and the suitability is wide, thus
Solve above-mentioned technical problem.
Preferably, connected with the pattern that cloud net connects between speech recognition server.
Connected with the pattern that cloud net connects between this preferred embodiment speech recognition server, improve speech-recognition services
The access response speed of device.
Preferably, the described speech recognition system based on cloud computing is also included for carrying out safety management to speech data
Data safety management system 4;Described data safety management system 4 includes data service system 40, data pretreatment 41, cloud
Storage encrypting and deciphering system 42, control system 43 and security management center 44;Described data service system 40 is used for being responsible for voice number
According to storage management, backup and inquire about;The speech data that described data pretreatment 41 is used for need maintain secrecy carries out pretreatment;
Described cloud storage encrypting and deciphering system 42 is used for the speech data that need maintain secrecy being carried out add according to the access control safety strategy optimizing
Close or deciphering;Described control system 43 is used for storing speech data to corresponding storage device;Described security management center 44
For unified monitoring management is carried out safely to each system.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, storage, backup and the inquiry of described responsible speech data, comprising:
(1) data form is changed, set up and be applied to the form that non-relational database is stored;
(2) basic data and expert data are splitted data into, the strategy using centralized and distributed combination enters to data
Row storage, during storage, all data are all backed up;The strategy inclusion of described centralized and distributed combination: for higher than default
The basic data of frequency adopts centralised storage, adopts distributed storage for the expert data less than predeterminated frequency;
(3) set up corresponding data retrievad algorithm, data is carried out with quick-searching, described data retrievad algorithm adopts catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, according to catalogue, data is tentatively examined
Rope;Input key word in search engine, precise search is carried out to data;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data and key word.
This preferred embodiment adopts the searching algorithm that catalogue retrieval and search engine combine, and can fast and accurately obtain
Data.
Preferably, described unified monitoring management is carried out safely to each system, comprising:
(1) it is directed to data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take corresponding safety protection technique, is equipped with related safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is carried out with comprehensive examining
Consider, not only data is encrypted, the host-host protocol of data is encrypted simultaneously;
(3) set up virus and wooden horse defense mechanism, regularly update virus base and upgrading fire wall, the update cycle is t, and t takes
It is worth for 6-10 days, the abnormal data detecting will be analyzed, and send early warning.
This preferred embodiment achieves the unified monitoring management to each system safety.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and access control peace
Full policy optimization unit, described data partitioning unit is used for the speech data of need secrecy is divided into the data set of multiple mutual exclusions
Close;Described data pick-up unit is used for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, will be every
First data cell in individual data acquisition system sequentially extracts, and preserves as small block data together with described ordering rule,
There is not any association between the data cell two-by-two that wherein said mutual exclusion represents in data acquisition system;Described access control safety plan
Slightly optimize the access control that unit is used for the access control safety policy optimization method generation system based on fine granularity division of resources
Security strategy, comprising:
(1) data acquisition system based on the mutual exclusion after data pick-up cell processing, builds hierarchical data table structure, described
Hierarchical data tree construction is three layer data tree constructions, and it includes service layer, logical layer and physical layer, and described service layer is and number
According to the related root vertex of dispatch service, described logical layer is the data of association in access control safety strategy, described physical layer
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) access control safety of the data for different safety class is formulated based on access control markup language xacml
Strategy, the rule with data association in access control safety strategy is projected to the data cell in the data acquisition system of described mutual exclusion
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the enterprising line discipline of the data cell in the data acquisition system of each described mutual exclusion optimization, to delete distribution every
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimizing.
Preferably, described by data storage to corresponding storage device, comprising:
(1) small block data is stored to local storage, and using user-defined encryption technology, small block data is carried out
Encryption;
(2) store in described cloud storage module 3 after remaining data being encrypted by cloud storage encrypting and deciphering system 42;Its
In, after cloud storage module 3 receives data, cloud carries out to this data being saved in memory node after completeness check.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first carries out data to the speech data of need secrecy and divides
Cut data extraction to process, then the rule refinement controlling in security strategy that conducts interviews, it is possible to reduce the physics of data storage is deposited
Storage space, reduces the expense of storage, and eliminates the conflict in access control safety strategy and redundancy, improves access control decision effect
Rate;Extraction partial data is processed by data pick-up and stores in local storage, remainder data arranges corresponding access control
Store after security strategy to cloud storage module 3, solve traditional cloud storage data-privacy based on simple encryption technology and protect
The larger overhead of ratio that barrier mechanism is brought in actual process operation data and loaded down with trivial details, can effectively prevent malicious user
Or cloud storage manager illegally steals, distorts the private data of user, improve the safety of the speech data storage that need to maintain secrecy
Energy.
Preferably, described cloud storage encrypting and deciphering system 42 main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described speech data to need secrecy is encrypted or deciphers, comprising:
(1) credible tripartite is user and attribute mechanism is respectively allocated User Identity uaid and attribute authority identity mark
Aid, comprising:
A, initialized, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distribution uaid simultaneously Generates Certificate for it:
Meanwhile, announce the authentication parameter of validated userWherein, cuaid∈zp;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key gkuaidWith identity private key ckuaid, described attribute encryption and decryption key include belong to
Property public key gkaidWith attribute private key ckaid:
ckuaid=(∝aid,βaid)
Wherein, asaidThe community set that can distribute for single attribute mechanism, gkxFor the public key of attribute x, bxFor attribute x's
Version number, ∝aidFor the private key parameter of attribute mechanism, βaidFor attribute undated parameter, asuaid,aidIt is the identity according to attribute mechanism
The community set of distribution, the parameter that γ randomly chooses for attribute mechanism, γ, ∝aid,βaid∈zp;
(3) cloud storage encrypting and deciphering system 42 carries out data encryption using data key to speech data, obtains ciphertext ct, so
After be utilized respectively identity public key and attribute public key to data key encrypt, generate identity key ciphertext ctuWith attribute key ciphertext
cta, comprising:
Character string ik of a, at random two regular lengths of generation, ak, merge and generate data key dk:
Dk=ik | | ak
B, carry out data encryption using the data that data key dk stores cloud storage module 3 to need, after obtaining ciphertext ct,
Using attribute public key, ak is encrypted, generate attribute key ciphertext cta, using identity public key, ik is encrypted, generates identity key close
Civilian ctu;
(4) carry out acting on behalf of re-encryption, when receiving the request of data of user, cloud is close by identity using acting on behalf of re-encrypted private key
Key ciphertext ctuIt is converted into the ciphertext that specified user can decipher, wherein said re-encrypted private key of acting on behalf of uses itself by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key ckuaidWith attribute private key ckaid
Decryption identity key ciphertext ctuWith attribute key ciphertext cta, then reconstruct data key, decrypting ciphertext ct;
(6) carry out the renewal of attribute and identity key.
This preferred embodiment passes through to arrange cloud storage encrypting and deciphering system 42, is capable of the fine granularity to eurypalynous data
Access control and secret protection, resist user and the collusion of attribute mechanism simultaneously;Speech data to need secrecy, constructs respectively and is based on
The encryption and decryption key of identity, attribute encryption and decryption key, merge composition data encryption key and this data are encrypted, thus only
Meet identity simultaneously and the user of attribute double condition can decipher, greatly improve the safety of data safety management system 4
Energy.
In this application scenarios, update cycle t takes 6, and the safety of system improves 12% relatively.
Application scenarios 2
Referring to Fig. 1, Fig. 2, the speech recognition system based on cloud computing of an embodiment of this application scene, including voice
Input module 1, load balancing control module 2, speech recognition platforms 3, speech cloud data base 5, voice input module 1 is with load all
Weighing apparatus control module 2 connects, and load balancing control module 2 is connected with speech recognition platforms 3, speech recognition platforms 3 and speech cloud number
Connect according to storehouse 5;Described voice input module 1 is used for input needs the speech data of identification, and speech data is sent to described
Load balancing control module 2;Described speech recognition platforms 3 include multiple speech recognition servers, and described load balancing controls mould
Block 2 is for the load according to speech recognition server by voice recognition tasks dynamically distributes to idle speech recognition server
It is identified;Described speech cloud data base 5 is used for storing the voice library template of HMM, and speech recognition server will
The speech data needing identification is quickly compared with the data in speech cloud data base 5, is that user returns identification knot in time
Really.、
Preferably, described speech recognition platforms 3 include at least two voices knowledges that can separately provide speech identifying function
Other server.
The above embodiment of the present invention can the discrimination that exists of the speech recognition system in effectively solving correlation technique be low, storage
The problems such as slow with the access response that computing resource anxiety causes, not only increase contrast run time, and the suitability is wide, thus
Solve above-mentioned technical problem.
Preferably, connected with the pattern that cloud net connects between speech recognition server.
Connected with the pattern that cloud net connects between this preferred embodiment speech recognition server, improve speech-recognition services
The access response speed of device.
Preferably, the described speech recognition system based on cloud computing is also included for carrying out safety management to speech data
Data safety management system 4;Described data safety management system 4 includes data service system 40, data pretreatment 41, cloud
Storage encrypting and deciphering system 42, control system 43 and security management center 44;Described data service system 40 is used for being responsible for voice number
According to storage management, backup and inquire about;The speech data that described data pretreatment 41 is used for need maintain secrecy carries out pretreatment;
Described cloud storage encrypting and deciphering system 42 is used for the speech data that need maintain secrecy being carried out add according to the access control safety strategy optimizing
Close or deciphering;Described control system 43 is used for storing speech data to corresponding storage device;Described security management center 44
For unified monitoring management is carried out safely to each system.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, storage, backup and the inquiry of described responsible speech data, comprising:
(1) data form is changed, set up and be applied to the form that non-relational database is stored;
(2) basic data and expert data are splitted data into, the strategy using centralized and distributed combination enters to data
Row storage, during storage, all data are all backed up;The strategy inclusion of described centralized and distributed combination: for higher than default
The basic data of frequency adopts centralised storage, adopts distributed storage for the expert data less than predeterminated frequency;
(3) set up corresponding data retrievad algorithm, data is carried out with quick-searching, described data retrievad algorithm adopts catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, according to catalogue, data is tentatively examined
Rope;Input key word in search engine, precise search is carried out to data;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data and key word.
This preferred embodiment adopts the searching algorithm that catalogue retrieval and search engine combine, and can fast and accurately obtain
Data.
Preferably, described unified monitoring management is carried out safely to each system, comprising:
(1) it is directed to data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take corresponding safety protection technique, is equipped with related safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is carried out with comprehensive examining
Consider, not only data is encrypted, the host-host protocol of data is encrypted simultaneously;
(3) set up virus and wooden horse defense mechanism, regularly update virus base and upgrading fire wall, the update cycle is t, and t takes
It is worth for 6-10 days, the abnormal data detecting will be analyzed, and send early warning.
This preferred embodiment achieves the unified monitoring management to each system safety.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and access control peace
Full policy optimization unit, described data partitioning unit is used for the speech data of need secrecy is divided into the data set of multiple mutual exclusions
Close;Described data pick-up unit is used for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, will be every
First data cell in individual data acquisition system sequentially extracts, and preserves as small block data together with described ordering rule,
There is not any association between the data cell two-by-two that wherein said mutual exclusion represents in data acquisition system;Described access control safety plan
Slightly optimize the access control that unit is used for the access control safety policy optimization method generation system based on fine granularity division of resources
Security strategy, comprising:
(1) data acquisition system based on the mutual exclusion after data pick-up cell processing, builds hierarchical data table structure, described
Hierarchical data tree construction is three layer data tree constructions, and it includes service layer, logical layer and physical layer, and described service layer is and number
According to the related root vertex of dispatch service, described logical layer is the data of association in access control safety strategy, described physical layer
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) access control safety of the data for different safety class is formulated based on access control markup language xacml
Strategy, the rule with data association in access control safety strategy is projected to the data cell in the data acquisition system of described mutual exclusion
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the enterprising line discipline of the data cell in the data acquisition system of each described mutual exclusion optimization, to delete distribution every
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimizing.
Preferably, described by data storage to corresponding storage device, comprising:
(1) small block data is stored to local storage, and using user-defined encryption technology, small block data is carried out
Encryption;
(2) store in described cloud storage module 3 after remaining data being encrypted by cloud storage encrypting and deciphering system 42;Its
In, after cloud storage module 3 receives data, cloud carries out to this data being saved in memory node after completeness check.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first carries out data to the speech data of need secrecy and divides
Cut data extraction to process, then the rule refinement controlling in security strategy that conducts interviews, it is possible to reduce the physics of data storage is deposited
Storage space, reduces the expense of storage, and eliminates the conflict in access control safety strategy and redundancy, improves access control decision effect
Rate;Extraction partial data is processed by data pick-up and stores in local storage, remainder data arranges corresponding access control
Store after security strategy to cloud storage module 3, solve traditional cloud storage data-privacy based on simple encryption technology and protect
The larger overhead of ratio that barrier mechanism is brought in actual process operation data and loaded down with trivial details, can effectively prevent malicious user
Or cloud storage manager illegally steals, distorts the private data of user, improve the safety of the speech data storage that need to maintain secrecy
Energy.
Preferably, described cloud storage encrypting and deciphering system 42 main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described speech data to need secrecy is encrypted or deciphers, comprising:
(1) credible tripartite is user and attribute mechanism is respectively allocated User Identity uaid and attribute authority identity mark
Aid, comprising:
A, initialized, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distribution uaid simultaneously Generates Certificate for it:
Meanwhile, announce the authentication parameter of validated userWherein, cuaid∈zp;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key gkuaidWith identity private key ckuaid, described attribute encryption and decryption key include belong to
Property public key gkaidWith attribute private key ckaid:
ckuaid=(∝aid,βaid)
Wherein, asaidThe community set that can distribute for single attribute mechanism, gkxFor the public key of attribute x, bxFor attribute x's
Version number, ∝aidFor the private key parameter of attribute mechanism, βaidFor attribute undated parameter, asuaid,aidIt is the identity according to attribute mechanism
The community set of distribution, the parameter that γ randomly chooses for attribute mechanism, γ, ∝aid,βaid∈zp;
(3) cloud storage encrypting and deciphering system 42 carries out data encryption using data key to speech data, obtains ciphertext ct, so
After be utilized respectively identity public key and attribute public key to data key encrypt, generate identity key ciphertext ctuWith attribute key ciphertext
cta, comprising:
Character string ik of a, at random two regular lengths of generation, ak, merge and generate data key dk:
Dk=ik | | ak
B, carry out data encryption using the data that data key dk stores cloud storage module 3 to need, after obtaining ciphertext ct,
Using attribute public key, ak is encrypted, generate attribute key ciphertext cta, using identity public key, ik is encrypted, generates identity key close
Civilian ctu;
(4) carry out acting on behalf of re-encryption, when receiving the request of data of user, cloud is close by identity using acting on behalf of re-encrypted private key
Key ciphertext ctuIt is converted into the ciphertext that specified user can decipher, wherein said re-encrypted private key of acting on behalf of uses itself by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key ckuaidWith attribute private key ckaid
Decryption identity key ciphertext ctuWith attribute key ciphertext cta, then reconstruct data key, decrypting ciphertext ct;
(6) carry out the renewal of attribute and identity key.
This preferred embodiment passes through to arrange cloud storage encrypting and deciphering system 42, is capable of the fine granularity to eurypalynous data
Access control and secret protection, resist user and the collusion of attribute mechanism simultaneously;Speech data to need secrecy, constructs respectively and is based on
The encryption and decryption key of identity, attribute encryption and decryption key, merge composition data encryption key and this data are encrypted, thus only
Meet identity simultaneously and the user of attribute double condition can decipher, greatly improve the safety of data safety management system 4
Energy.
In this application scenarios, update cycle t takes 7, and the safety of system improves 11% relatively.
Application scenarios 3
Referring to Fig. 1, Fig. 2, the speech recognition system based on cloud computing of an embodiment of this application scene, including voice
Input module 1, load balancing control module 2, speech recognition platforms 3, speech cloud data base 5, voice input module 1 is with load all
Weighing apparatus control module 2 connects, and load balancing control module 2 is connected with speech recognition platforms 3, speech recognition platforms 3 and speech cloud number
Connect according to storehouse 5;Described voice input module 1 is used for input needs the speech data of identification, and speech data is sent to described
Load balancing control module 2;Described speech recognition platforms 3 include multiple speech recognition servers, and described load balancing controls mould
Block 2 is for the load according to speech recognition server by voice recognition tasks dynamically distributes to idle speech recognition server
It is identified;Described speech cloud data base 5 is used for storing the voice library template of HMM, and speech recognition server will
The speech data needing identification is quickly compared with the data in speech cloud data base 5, is that user returns identification knot in time
Really.、
Preferably, described speech recognition platforms 3 include at least two voices knowledges that can separately provide speech identifying function
Other server.
The above embodiment of the present invention can the discrimination that exists of the speech recognition system in effectively solving correlation technique be low, storage
The problems such as slow with the access response that computing resource anxiety causes, not only increase contrast run time, and the suitability is wide, thus
Solve above-mentioned technical problem.
Preferably, connected with the pattern that cloud net connects between speech recognition server.
Connected with the pattern that cloud net connects between this preferred embodiment speech recognition server, improve speech-recognition services
The access response speed of device.
Preferably, the described speech recognition system based on cloud computing is also included for carrying out safety management to speech data
Data safety management system 4;Described data safety management system 4 includes data service system 40, data pretreatment 41, cloud
Storage encrypting and deciphering system 42, control system 43 and security management center 44;Described data service system 40 is used for being responsible for voice number
According to storage management, backup and inquire about;The speech data that described data pretreatment 41 is used for need maintain secrecy carries out pretreatment;
Described cloud storage encrypting and deciphering system 42 is used for the speech data that need maintain secrecy being carried out add according to the access control safety strategy optimizing
Close or deciphering;Described control system 43 is used for storing speech data to corresponding storage device;Described security management center 44
For unified monitoring management is carried out safely to each system.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, storage, backup and the inquiry of described responsible speech data, comprising:
(1) data form is changed, set up and be applied to the form that non-relational database is stored;
(2) basic data and expert data are splitted data into, the strategy using centralized and distributed combination enters to data
Row storage, during storage, all data are all backed up;The strategy inclusion of described centralized and distributed combination: for higher than default
The basic data of frequency adopts centralised storage, adopts distributed storage for the expert data less than predeterminated frequency;
(3) set up corresponding data retrievad algorithm, data is carried out with quick-searching, described data retrievad algorithm adopts catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, according to catalogue, data is tentatively examined
Rope;Input key word in search engine, precise search is carried out to data;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data and key word.
This preferred embodiment adopts the searching algorithm that catalogue retrieval and search engine combine, and can fast and accurately obtain
Data.
Preferably, described unified monitoring management is carried out safely to each system, comprising:
(1) it is directed to data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take corresponding safety protection technique, is equipped with related safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is carried out with comprehensive examining
Consider, not only data is encrypted, the host-host protocol of data is encrypted simultaneously;
(3) set up virus and wooden horse defense mechanism, regularly update virus base and upgrading fire wall, the update cycle is t, and t takes
It is worth for 6-10 days, the abnormal data detecting will be analyzed, and send early warning.
This preferred embodiment achieves the unified monitoring management to each system safety.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and access control peace
Full policy optimization unit, described data partitioning unit is used for the speech data of need secrecy is divided into the data set of multiple mutual exclusions
Close;Described data pick-up unit is used for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, will be every
First data cell in individual data acquisition system sequentially extracts, and preserves as small block data together with described ordering rule,
There is not any association between the data cell two-by-two that wherein said mutual exclusion represents in data acquisition system;Described access control safety plan
Slightly optimize the access control that unit is used for the access control safety policy optimization method generation system based on fine granularity division of resources
Security strategy, comprising:
(1) data acquisition system based on the mutual exclusion after data pick-up cell processing, builds hierarchical data table structure, described
Hierarchical data tree construction is three layer data tree constructions, and it includes service layer, logical layer and physical layer, and described service layer is and number
According to the related root vertex of dispatch service, described logical layer is the data of association in access control safety strategy, described physical layer
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) access control safety of the data for different safety class is formulated based on access control markup language xacml
Strategy, the rule with data association in access control safety strategy is projected to the data cell in the data acquisition system of described mutual exclusion
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the enterprising line discipline of the data cell in the data acquisition system of each described mutual exclusion optimization, to delete distribution every
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimizing.
Preferably, described by data storage to corresponding storage device, comprising:
(1) small block data is stored to local storage, and using user-defined encryption technology, small block data is carried out
Encryption;
(2) store in described cloud storage module 3 after remaining data being encrypted by cloud storage encrypting and deciphering system 42;Its
In, after cloud storage module 3 receives data, cloud carries out to this data being saved in memory node after completeness check.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first carries out data to the speech data of need secrecy and divides
Cut data extraction to process, then the rule refinement controlling in security strategy that conducts interviews, it is possible to reduce the physics of data storage is deposited
Storage space, reduces the expense of storage, and eliminates the conflict in access control safety strategy and redundancy, improves access control decision effect
Rate;Extraction partial data is processed by data pick-up and stores in local storage, remainder data arranges corresponding access control
Store after security strategy to cloud storage module 3, solve traditional cloud storage data-privacy based on simple encryption technology and protect
The larger overhead of ratio that barrier mechanism is brought in actual process operation data and loaded down with trivial details, can effectively prevent malicious user
Or cloud storage manager illegally steals, distorts the private data of user, improve the safety of the speech data storage that need to maintain secrecy
Energy.
Preferably, described cloud storage encrypting and deciphering system 42 main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described speech data to need secrecy is encrypted or deciphers, comprising:
(1) credible tripartite is user and attribute mechanism is respectively allocated User Identity uaid and attribute authority identity mark
Aid, comprising:
A, initialized, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distribution uaid simultaneously Generates Certificate for it:
Meanwhile, announce the authentication parameter of validated userWherein, cuaid∈zp;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key gkuaidWith identity private key ckuaid, described attribute encryption and decryption key include belong to
Property public key gkaidWith attribute private key ckaid:
ckuaid=(∝aid,βaid)
Wherein, asaidThe community set that can distribute for single attribute mechanism, gkxFor the public key of attribute x, bxFor attribute x's
Version number, ∝aidFor the private key parameter of attribute mechanism, βaidFor attribute undated parameter, asuaid,aidIt is the identity according to attribute mechanism
The community set of distribution, the parameter that γ randomly chooses for attribute mechanism, γ, ∝aid,βaid∈zp;
(3) cloud storage encrypting and deciphering system 42 carries out data encryption using data key to speech data, obtains ciphertext ct, so
After be utilized respectively identity public key and attribute public key to data key encrypt, generate identity key ciphertext ctuWith attribute key ciphertext
cta, comprising:
Character string ik of a, at random two regular lengths of generation, ak, merge and generate data key dk:
Dk=ik | | ak
B, carry out data encryption using the data that data key dk stores cloud storage module 3 to need, after obtaining ciphertext ct,
Using attribute public key, ak is encrypted, generate attribute key ciphertext cta, using identity public key, ik is encrypted, generates identity key close
Civilian ctu;
(4) carry out acting on behalf of re-encryption, when receiving the request of data of user, cloud is close by identity using acting on behalf of re-encrypted private key
Key ciphertext ctuIt is converted into the ciphertext that specified user can decipher, wherein said re-encrypted private key of acting on behalf of uses itself by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key ckuaidWith attribute private key ckaid
Decryption identity key ciphertext ctuWith attribute key ciphertext cta, then reconstruct data key, decrypting ciphertext ct;
(6) carry out the renewal of attribute and identity key.
This preferred embodiment passes through to arrange cloud storage encrypting and deciphering system 42, is capable of the fine granularity to eurypalynous data
Access control and secret protection, resist user and the collusion of attribute mechanism simultaneously;Speech data to need secrecy, constructs respectively and is based on
The encryption and decryption key of identity, attribute encryption and decryption key, merge composition data encryption key and this data are encrypted, thus only
Meet identity simultaneously and the user of attribute double condition can decipher, greatly improve the safety of data safety management system 4
Energy.
In this application scenarios, update cycle t takes 8, and the safety of system improves 10% relatively.
Application scenarios 4
Referring to Fig. 1, Fig. 2, the speech recognition system based on cloud computing of an embodiment of this application scene, including voice
Input module 1, load balancing control module 2, speech recognition platforms 3, speech cloud data base 5, voice input module 1 is with load all
Weighing apparatus control module 2 connects, and load balancing control module 2 is connected with speech recognition platforms 3, speech recognition platforms 3 and speech cloud number
Connect according to storehouse 5;Described voice input module 1 is used for input needs the speech data of identification, and speech data is sent to described
Load balancing control module 2;Described speech recognition platforms 3 include multiple speech recognition servers, and described load balancing controls mould
Block 2 is for the load according to speech recognition server by voice recognition tasks dynamically distributes to idle speech recognition server
It is identified;Described speech cloud data base 5 is used for storing the voice library template of HMM, and speech recognition server will
The speech data needing identification is quickly compared with the data in speech cloud data base 5, is that user returns identification knot in time
Really.、
Preferably, described speech recognition platforms 3 include at least two voices knowledges that can separately provide speech identifying function
Other server.
The above embodiment of the present invention can the discrimination that exists of the speech recognition system in effectively solving correlation technique be low, storage
The problems such as slow with the access response that computing resource anxiety causes, not only increase contrast run time, and the suitability is wide, thus
Solve above-mentioned technical problem.
Preferably, connected with the pattern that cloud net connects between speech recognition server.
Connected with the pattern that cloud net connects between this preferred embodiment speech recognition server, improve speech-recognition services
The access response speed of device.
Preferably, the described speech recognition system based on cloud computing is also included for carrying out safety management to speech data
Data safety management system 4;Described data safety management system 4 includes data service system 40, data pretreatment 41, cloud
Storage encrypting and deciphering system 42, control system 43 and security management center 44;Described data service system 40 is used for being responsible for voice number
According to storage management, backup and inquire about;The speech data that described data pretreatment 41 is used for need maintain secrecy carries out pretreatment;
Described cloud storage encrypting and deciphering system 42 is used for the speech data that need maintain secrecy being carried out add according to the access control safety strategy optimizing
Close or deciphering;Described control system 43 is used for storing speech data to corresponding storage device;Described security management center 44
For unified monitoring management is carried out safely to each system.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, storage, backup and the inquiry of described responsible speech data, comprising:
(1) data form is changed, set up and be applied to the form that non-relational database is stored;
(2) basic data and expert data are splitted data into, the strategy using centralized and distributed combination enters to data
Row storage, during storage, all data are all backed up;The strategy inclusion of described centralized and distributed combination: for higher than default
The basic data of frequency adopts centralised storage, adopts distributed storage for the expert data less than predeterminated frequency;
(3) set up corresponding data retrievad algorithm, data is carried out with quick-searching, described data retrievad algorithm adopts catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, according to catalogue, data is tentatively examined
Rope;Input key word in search engine, precise search is carried out to data;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data and key word.
This preferred embodiment adopts the searching algorithm that catalogue retrieval and search engine combine, and can fast and accurately obtain
Data.
Preferably, described unified monitoring management is carried out safely to each system, comprising:
(1) it is directed to data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take corresponding safety protection technique, is equipped with related safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is carried out with comprehensive examining
Consider, not only data is encrypted, the host-host protocol of data is encrypted simultaneously;
(3) set up virus and wooden horse defense mechanism, regularly update virus base and upgrading fire wall, the update cycle is t, and t takes
It is worth for 6-10 days, the abnormal data detecting will be analyzed, and send early warning.
This preferred embodiment achieves the unified monitoring management to each system safety.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and access control peace
Full policy optimization unit, described data partitioning unit is used for the speech data of need secrecy is divided into the data set of multiple mutual exclusions
Close;Described data pick-up unit is used for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, will be every
First data cell in individual data acquisition system sequentially extracts, and preserves as small block data together with described ordering rule,
There is not any association between the data cell two-by-two that wherein said mutual exclusion represents in data acquisition system;Described access control safety plan
Slightly optimize the access control that unit is used for the access control safety policy optimization method generation system based on fine granularity division of resources
Security strategy, comprising:
(1) data acquisition system based on the mutual exclusion after data pick-up cell processing, builds hierarchical data table structure, described
Hierarchical data tree construction is three layer data tree constructions, and it includes service layer, logical layer and physical layer, and described service layer is and number
According to the related root vertex of dispatch service, described logical layer is the data of association in access control safety strategy, described physical layer
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) access control safety of the data for different safety class is formulated based on access control markup language xacml
Strategy, the rule with data association in access control safety strategy is projected to the data cell in the data acquisition system of described mutual exclusion
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the enterprising line discipline of the data cell in the data acquisition system of each described mutual exclusion optimization, to delete distribution every
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimizing.
Preferably, described by data storage to corresponding storage device, comprising:
(1) small block data is stored to local storage, and using user-defined encryption technology, small block data is carried out
Encryption;
(2) store in described cloud storage module 3 after remaining data being encrypted by cloud storage encrypting and deciphering system 42;Its
In, after cloud storage module 3 receives data, cloud carries out to this data being saved in memory node after completeness check.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first carries out data to the speech data of need secrecy and divides
Cut data extraction to process, then the rule refinement controlling in security strategy that conducts interviews, it is possible to reduce the physics of data storage is deposited
Storage space, reduces the expense of storage, and eliminates the conflict in access control safety strategy and redundancy, improves access control decision effect
Rate;Extraction partial data is processed by data pick-up and stores in local storage, remainder data arranges corresponding access control
Store after security strategy to cloud storage module 3, solve traditional cloud storage data-privacy based on simple encryption technology and protect
The larger overhead of ratio that barrier mechanism is brought in actual process operation data and loaded down with trivial details, can effectively prevent malicious user
Or cloud storage manager illegally steals, distorts the private data of user, improve the safety of the speech data storage that need to maintain secrecy
Energy.
Preferably, described cloud storage encrypting and deciphering system 42 main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described speech data to need secrecy is encrypted or deciphers, comprising:
(1) credible tripartite is user and attribute mechanism is respectively allocated User Identity uaid and attribute authority identity mark
Aid, comprising:
A, initialized, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distribution uaid simultaneously Generates Certificate for it:
Meanwhile, announce the authentication parameter of validated userWherein, cuaid∈zp;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key gkuaidWith identity private key ckuaid, described attribute encryption and decryption key include belong to
Property public key gkaidWith attribute private key ckaid:
ckuaid=(∝aid,βaid)
Wherein, asaidThe community set that can distribute for single attribute mechanism, gkxFor the public key of attribute x, bxFor attribute x's
Version number, ∝aidFor the private key parameter of attribute mechanism, βaidFor attribute undated parameter, asuaid,aidIt is the identity according to attribute mechanism
The community set of distribution, the parameter that γ randomly chooses for attribute mechanism, γ, ∝aid,βaid∈zp;
(3) cloud storage encrypting and deciphering system 42 carries out data encryption using data key to speech data, obtains ciphertext ct, so
After be utilized respectively identity public key and attribute public key to data key encrypt, generate identity key ciphertext ctuWith attribute key ciphertext
cta, comprising:
Character string ik of a, at random two regular lengths of generation, ak, merge and generate data key dk:
Dk=ik | | ak
B, carry out data encryption using the data that data key dk stores cloud storage module 3 to need, after obtaining ciphertext ct,
Using attribute public key, ak is encrypted, generate attribute key ciphertext cta, using identity public key, ik is encrypted, generates identity key close
Civilian ctu;
(4) carry out acting on behalf of re-encryption, when receiving the request of data of user, cloud is close by identity using acting on behalf of re-encrypted private key
Key ciphertext ctuIt is converted into the ciphertext that specified user can decipher, wherein said re-encrypted private key of acting on behalf of uses itself by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key ckuaidWith attribute private key ckaid
Decryption identity key ciphertext ctuWith attribute key ciphertext cta, then reconstruct data key, decrypting ciphertext ct;
(6) carry out the renewal of attribute and identity key.
This preferred embodiment passes through to arrange cloud storage encrypting and deciphering system 42, is capable of the fine granularity to eurypalynous data
Access control and secret protection, resist user and the collusion of attribute mechanism simultaneously;Speech data to need secrecy, constructs respectively and is based on
The encryption and decryption key of identity, attribute encryption and decryption key, merge composition data encryption key and this data are encrypted, thus only
Meet identity simultaneously and the user of attribute double condition can decipher, greatly improve the safety of data safety management system 4
Energy.
In this application scenarios, update cycle t takes 9, and the safety of system improves 9% relatively.
Application scenarios 5
Referring to Fig. 1, Fig. 2, the speech recognition system based on cloud computing of an embodiment of this application scene, including voice
Input module 1, load balancing control module 2, speech recognition platforms 3, speech cloud data base 5, voice input module 1 is with load all
Weighing apparatus control module 2 connects, and load balancing control module 2 is connected with speech recognition platforms 3, speech recognition platforms 3 and speech cloud number
Connect according to storehouse 5;Described voice input module 1 is used for input needs the speech data of identification, and speech data is sent to described
Load balancing control module 2;Described speech recognition platforms 3 include multiple speech recognition servers, and described load balancing controls mould
Block 2 is for the load according to speech recognition server by voice recognition tasks dynamically distributes to idle speech recognition server
It is identified;Described speech cloud data base 5 is used for storing the voice library template of HMM, and speech recognition server will
The speech data needing identification is quickly compared with the data in speech cloud data base 5, is that user returns identification knot in time
Really.、
Preferably, described speech recognition platforms 3 include at least two voices knowledges that can separately provide speech identifying function
Other server.
The above embodiment of the present invention can the discrimination that exists of the speech recognition system in effectively solving correlation technique be low, storage
The problems such as slow with the access response that computing resource anxiety causes, not only increase contrast run time, and the suitability is wide, thus
Solve above-mentioned technical problem.
Preferably, connected with the pattern that cloud net connects between speech recognition server.
Connected with the pattern that cloud net connects between this preferred embodiment speech recognition server, improve speech-recognition services
The access response speed of device.
Preferably, the described speech recognition system based on cloud computing is also included for carrying out safety management to speech data
Data safety management system 4;Described data safety management system 4 includes data service system 40, data pretreatment 41, cloud
Storage encrypting and deciphering system 42, control system 43 and security management center 44;Described data service system 40 is used for being responsible for voice number
According to storage management, backup and inquire about;The speech data that described data pretreatment 41 is used for need maintain secrecy carries out pretreatment;
Described cloud storage encrypting and deciphering system 42 is used for the speech data that need maintain secrecy being carried out add according to the access control safety strategy optimizing
Close or deciphering;Described control system 43 is used for storing speech data to corresponding storage device;Described security management center 44
For unified monitoring management is carried out safely to each system.
This preferred embodiment constructs the system structure of data safety management system 4.
Preferably, storage, backup and the inquiry of described responsible speech data, comprising:
(1) data form is changed, set up and be applied to the form that non-relational database is stored;
(2) basic data and expert data are splitted data into, the strategy using centralized and distributed combination enters to data
Row storage, during storage, all data are all backed up;The strategy inclusion of described centralized and distributed combination: for higher than default
The basic data of frequency adopts centralised storage, adopts distributed storage for the expert data less than predeterminated frequency;
(3) set up corresponding data retrievad algorithm, data is carried out with quick-searching, described data retrievad algorithm adopts catalogue
The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, according to catalogue, data is tentatively examined
Rope;Input key word in search engine, precise search is carried out to data;Search engine finds the number of coupling according to certain mode
According to, and be ranked up feeding back to user according to the matching degree of data and key word.
This preferred embodiment adopts the searching algorithm that catalogue retrieval and search engine combine, and can fast and accurately obtain
Data.
Preferably, described unified monitoring management is carried out safely to each system, comprising:
(1) it is directed to data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43
Different security protections requires to take corresponding safety protection technique, is equipped with related safety protection equipment, forms complete peace
Full protection system;
(2) set up effective Data Security, the safety in data storage, transmission, access process is carried out with comprehensive examining
Consider, not only data is encrypted, the host-host protocol of data is encrypted simultaneously;
(3) set up virus and wooden horse defense mechanism, regularly update virus base and upgrading fire wall, the update cycle is t, and t takes
It is worth for 6-10 days, the abnormal data detecting will be analyzed, and send early warning.
This preferred embodiment achieves the unified monitoring management to each system safety.
Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and access control peace
Full policy optimization unit, described data partitioning unit is used for the speech data of need secrecy is divided into the data set of multiple mutual exclusions
Close;Described data pick-up unit is used for the data acquisition system of described mutual exclusion is ranked up according to self-defining ordering rule, will be every
First data cell in individual data acquisition system sequentially extracts, and preserves as small block data together with described ordering rule,
There is not any association between the data cell two-by-two that wherein said mutual exclusion represents in data acquisition system;Described access control safety plan
Slightly optimize the access control that unit is used for the access control safety policy optimization method generation system based on fine granularity division of resources
Security strategy, comprising:
(1) data acquisition system based on the mutual exclusion after data pick-up cell processing, builds hierarchical data table structure, described
Hierarchical data tree construction is three layer data tree constructions, and it includes service layer, logical layer and physical layer, and described service layer is and number
According to the related root vertex of dispatch service, described logical layer is the data of association in access control safety strategy, described physical layer
Comprise the data cell in the data acquisition system of all mutual exclusions;
(2) access control safety of the data for different safety class is formulated based on access control markup language xacml
Strategy, the rule with data association in access control safety strategy is projected to the data cell in the data acquisition system of described mutual exclusion
On, thus the rule in access control safety strategy is refine to data dimension;
(3) the enterprising line discipline of the data cell in the data acquisition system of each described mutual exclusion optimization, to delete distribution every
The conflict of the rule in individual data cell and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimizing.
Preferably, described by data storage to corresponding storage device, comprising:
(1) small block data is stored to local storage, and using user-defined encryption technology, small block data is carried out
Encryption;
(2) store in described cloud storage module 3 after remaining data being encrypted by cloud storage encrypting and deciphering system 42;Its
In, after cloud storage module 3 receives data, cloud carries out to this data being saved in memory node after completeness check.
Above-mentioned two preferred embodiment arranges data pretreatment 41, first carries out data to the speech data of need secrecy and divides
Cut data extraction to process, then the rule refinement controlling in security strategy that conducts interviews, it is possible to reduce the physics of data storage is deposited
Storage space, reduces the expense of storage, and eliminates the conflict in access control safety strategy and redundancy, improves access control decision effect
Rate;Extraction partial data is processed by data pick-up and stores in local storage, remainder data arranges corresponding access control
Store after security strategy to cloud storage module 3, solve traditional cloud storage data-privacy based on simple encryption technology and protect
The larger overhead of ratio that barrier mechanism is brought in actual process operation data and loaded down with trivial details, can effectively prevent malicious user
Or cloud storage manager illegally steals, distorts the private data of user, improve the safety of the speech data storage that need to maintain secrecy
Energy.
Preferably, described cloud storage encrypting and deciphering system 42 main by data owner, attribute mechanism, cloud, credible tripartite, use
Five, family entity is constituted, and the described speech data to need secrecy is encrypted or deciphers, comprising:
(1) credible tripartite is user and attribute mechanism is respectively allocated User Identity uaid and attribute authority identity mark
Aid, comprising:
A, initialized, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distribution uaid simultaneously Generates Certificate for it:
Meanwhile, announce the authentication parameter of validated userWherein, cuaid∈zp;
C, generate identity key pair for data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key gkuaidWith identity private key ckuaid, described attribute encryption and decryption key include belong to
Property public key gkaidWith attribute private key ckaid:
ckuaid=(∝aid,βaid)
Wherein, asaidThe community set that can distribute for single attribute mechanism, gkxFor the public key of attribute x, bxFor attribute x's
Version number, ∝aidFor the private key parameter of attribute mechanism, βaidFor attribute undated parameter, asuaid,aidIt is the identity according to attribute mechanism
The community set of distribution, the parameter that γ randomly chooses for attribute mechanism, γ, ∝aid,βaid∈zp;
(3) cloud storage encrypting and deciphering system 42 carries out data encryption using data key to speech data, obtains ciphertext ct, so
After be utilized respectively identity public key and attribute public key to data key encrypt, generate identity key ciphertext ctuWith attribute key ciphertext
cta, comprising:
Character string ik of a, at random two regular lengths of generation, ak, merge and generate data key dk:
Dk=ik | | ak
B, carry out data encryption using the data that data key dk stores cloud storage module 3 to need, after obtaining ciphertext ct,
Using attribute public key, ak is encrypted, generate attribute key ciphertext cta, using identity public key, ik is encrypted, generates identity key close
Civilian ctu;
(4) carry out acting on behalf of re-encryption, when receiving the request of data of user, cloud is close by identity using acting on behalf of re-encrypted private key
Key ciphertext ctuIt is converted into the ciphertext that specified user can decipher, wherein said re-encrypted private key of acting on behalf of uses itself by data owner
Private key and identity public key calculate and generate;
(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key ckuaidWith attribute private key ckaid
Decryption identity key ciphertext ctuWith attribute key ciphertext cta, then reconstruct data key, decrypting ciphertext ct;
(6) carry out the renewal of attribute and identity key.
This preferred embodiment passes through to arrange cloud storage encrypting and deciphering system 42, is capable of the fine granularity to eurypalynous data
Access control and secret protection, resist user and the collusion of attribute mechanism simultaneously;Speech data to need secrecy, constructs respectively and is based on
The encryption and decryption key of identity, attribute encryption and decryption key, merge composition data encryption key and this data are encrypted, thus only
Meet identity simultaneously and the user of attribute double condition can decipher, greatly improve the safety of data safety management system 4
Energy.
In this application scenarios, update cycle t takes 10, and the safety of system improves 8% relatively.
Finally it should be noted that above example is only in order to illustrating technical scheme, rather than the present invention is protected
The restriction of shield scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should
Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention
Matter and scope.
Claims (3)
1. a kind of speech recognition system based on cloud computing is it is characterised in that include voice input module, load balancing controls mould
Block, speech recognition platforms, speech cloud data base, voice input module is connected with load balancing control module, and load balancing controls
Module is connected with speech recognition platforms, and speech recognition platforms are connected with speech cloud data base;Described voice input module is used for defeated
Enter to need the speech data of identification, and speech data is sent to described load balancing control module;Described speech recognition platforms
Including multiple speech recognition servers, described load balancing control module is used for load according to speech recognition server by voice
Identification mission dynamically distributes are identified to idle speech recognition server;Described speech cloud data base is used for storing hidden horse
The voice library template of Er Kefu model, the number in speech data and speech cloud data base that speech recognition server will need to identify
According to quickly being compared, it is that user returns recognition result in time.
2. a kind of speech recognition system based on cloud computing according to claim 1 is it is characterised in that described speech recognition
Platform includes at least two speech recognition servers that can separately provide speech identifying function.
3. a kind of speech recognition system based on cloud computing according to claim 2 is it is characterised in that speech-recognition services
Connected with the pattern that cloud net connects between device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610772047.9A CN106356066A (en) | 2016-08-30 | 2016-08-30 | Speech recognition system based on cloud computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610772047.9A CN106356066A (en) | 2016-08-30 | 2016-08-30 | Speech recognition system based on cloud computing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106356066A true CN106356066A (en) | 2017-01-25 |
Family
ID=57857438
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610772047.9A Pending CN106356066A (en) | 2016-08-30 | 2016-08-30 | Speech recognition system based on cloud computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106356066A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110289016A (en) * | 2019-06-20 | 2019-09-27 | 深圳追一科技有限公司 | A kind of voice quality detecting method, device and electronic equipment based on actual conversation |
CN110958125A (en) * | 2018-09-26 | 2020-04-03 | 珠海格力电器股份有限公司 | Control method and device for household electrical appliance |
CN111081253A (en) * | 2019-12-25 | 2020-04-28 | 沈阳先进医疗设备技术孵化中心有限公司 | Voice processing method, device and system |
CN112269468A (en) * | 2020-10-23 | 2021-01-26 | 深圳市恒必达电子科技有限公司 | Bluetooth and 2.4G, WIFI connection-based human-computer interaction intelligent glasses, method and platform for acquiring cloud information |
CN112466283A (en) * | 2020-10-30 | 2021-03-09 | 北京仿真中心 | Collaborative software voice recognition system |
CN113301042A (en) * | 2021-05-20 | 2021-08-24 | 南开大学 | Load balancing private data sharing method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6119087A (en) * | 1998-03-13 | 2000-09-12 | Nuance Communications | System architecture for and method of voice processing |
CN103179122A (en) * | 2013-03-22 | 2013-06-26 | 马博 | Telcom phone phishing-resistant method and system based on discrimination and identification content analysis |
CN103325371A (en) * | 2013-06-05 | 2013-09-25 | 杭州网豆数字技术有限公司 | Voice recognition system and method based on cloud |
CN104505089A (en) * | 2014-12-17 | 2015-04-08 | 福建网龙计算机网络信息技术有限公司 | Method and equipment for oral error correction |
-
2016
- 2016-08-30 CN CN201610772047.9A patent/CN106356066A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6119087A (en) * | 1998-03-13 | 2000-09-12 | Nuance Communications | System architecture for and method of voice processing |
CN103179122A (en) * | 2013-03-22 | 2013-06-26 | 马博 | Telcom phone phishing-resistant method and system based on discrimination and identification content analysis |
CN103325371A (en) * | 2013-06-05 | 2013-09-25 | 杭州网豆数字技术有限公司 | Voice recognition system and method based on cloud |
CN104505089A (en) * | 2014-12-17 | 2015-04-08 | 福建网龙计算机网络信息技术有限公司 | Method and equipment for oral error correction |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110958125A (en) * | 2018-09-26 | 2020-04-03 | 珠海格力电器股份有限公司 | Control method and device for household electrical appliance |
CN110289016A (en) * | 2019-06-20 | 2019-09-27 | 深圳追一科技有限公司 | A kind of voice quality detecting method, device and electronic equipment based on actual conversation |
CN111081253A (en) * | 2019-12-25 | 2020-04-28 | 沈阳先进医疗设备技术孵化中心有限公司 | Voice processing method, device and system |
CN112269468A (en) * | 2020-10-23 | 2021-01-26 | 深圳市恒必达电子科技有限公司 | Bluetooth and 2.4G, WIFI connection-based human-computer interaction intelligent glasses, method and platform for acquiring cloud information |
CN112466283A (en) * | 2020-10-30 | 2021-03-09 | 北京仿真中心 | Collaborative software voice recognition system |
CN112466283B (en) * | 2020-10-30 | 2023-12-01 | 北京仿真中心 | Cooperative software voice recognition system |
CN113301042A (en) * | 2021-05-20 | 2021-08-24 | 南开大学 | Load balancing private data sharing method |
CN113301042B (en) * | 2021-05-20 | 2022-06-17 | 南开大学 | Load balancing private data sharing method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108830601B (en) | Smart city information safe use method and system based on block chain | |
CN109033855B (en) | Data transmission method and device based on block chain and storage medium | |
CN106203146B (en) | Big data safety management system | |
CN106356066A (en) | Speech recognition system based on cloud computing | |
Dev et al. | An approach to protect the privacy of cloud data from data mining based attacks | |
CN106936771A (en) | A kind of secure cloud storage method and system based on graded encryption | |
CN106326666A (en) | Health record information management service system | |
CN106131225A (en) | The security system accessed for medical treatment case information | |
CN102143159A (en) | Database key management method in DAS (database-as-a-service) model | |
CN110413652A (en) | A kind of big data privacy search method based on edge calculations | |
CN108021677A (en) | The control method of cloud computing distributed search engine | |
CN106372874A (en) | Internet of things mobile finance payment system based on cloud platform | |
CN106161654A (en) | A kind of cloud educational system | |
CN106254510A (en) | The Internet financial resources integrates shared system | |
CN115865461A (en) | Method and system for distributing data in high-performance computing cluster | |
CN106131224A (en) | A kind of data transmission system | |
CN100452026C (en) | Data once writing method and database safety management method based on the same method | |
KR102258064B1 (en) | System and method for providing hybrid blockchain based aircraft control service | |
CN106230856A (en) | A kind of System of Industrial Device Controls based on Internet of Things | |
Galushka et al. | System of end-to-end symmetric database encryption | |
CN114500103A (en) | Internet of things privacy data segmentation and encryption method and block chain system | |
CN106355328A (en) | Statement data management system | |
Shahin et al. | Big data platform privacy and security, a review | |
Raja et al. | An enhanced study on cloud data services using security technologies | |
Sude et al. | Authenticated CRF based improved ranked multi-keyword search for multi-owner model in cloud computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170125 |
|
RJ01 | Rejection of invention patent application after publication |