Specific embodiment
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing
Exemplary embodiment it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here
Limited.On the contrary, these embodiments are provided to be able to be best understood from the disclosure, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
Embodiments provide a kind of data access method, can apply to client, as shown in figure 1, described side
Method includes:
101st, when needing to access the private data being stored in Cloud Server, client sends to security server and accesses
Request.
Wherein, carry the authentication information of described user in described access request, further, so that described peace
Full server carries out subscriber authentication according to described authentication information, if described user passes through authentication, obtains institute
State private data corresponding with described user in Cloud Server, described private data is the generation being pre-configured with by described client
Data after reason gateway device encryption.
Described security server is one or more of public network server server, and each security server is used for
Forward the data processing request that the client in fixed area sends to Cloud Server, or forward Cloud Server to return to client
The data processing response returned, and each security server is owned by domain name and ip (internet protocol, the net of oneself
The agreement of interconnection between network) address is main and standby relation mutually between security server, specifically, security server can be
Cloudkeeper server, i.e. ck server.
Described private data can be the private data within business unit, the private data of scientific research achievement, individual
Private data of accounts information etc., is specifically as follows the data of document form.User can be comprised in described authentication information
The user account information logging in and encrypted message etc..Described proxy gateway equipment can be for carrying out gateway encryption, inquiry peace
The equipment of data cube computation is set up in full server ip address, specifically can be pre-configured with user.
For the embodiment of the present invention, client can carry out to private data adding by the proxy gateway equipment being pre-configured with
Close, specifically with being encrypted to private data using modes such as predetermined encryption algorithm or replacement data, private data can be carried out
Encryption, then the private data after encryption is saved in Cloud Server again.For example, private data is cba character string, by this private
Ciphertext data carries out data replacement and obtains!# $ character string.
It should be noted that for the embodiment of the present invention, encryption key can be saved in locally configured proxy gateway
In equipment, to be decrypted to this private data, it is possible to achieve only passing through locally configured proxy gateway equipment could be right
This private data is decrypted, and cannot decipher this private data by other clients, and then ensure that the peace of this private data
Quan Xing.
In embodiments of the present invention, when needing to access the private data being stored in Cloud Server, client can be passed through
Hold and send http (hypertext transfer protocol, HTTP) access request to security server, should
Account and the encrypted message of user is carried, security server carries out identity according to this account and encrypted message to user in request
Checking, if by checking, acquire private data corresponding with this user in Cloud Server.
102nd, the private data of security server transmission is received by proxy gateway equipment and be decrypted, after being deciphered
Private data.
It should be noted that the number after the proxy gateway equipment encryption being pre-configured with for client due to this private data
According to directly to the private data after client return encryption, client cannot be carried out accordingly deciphering, and can cause user's None- identified
This private data, therefore, it can first to be sent to the proxy gateway equipment that client is pre-configured with and is decrypted, then act on behalf of net by this
Pass equipment returns to client, and then the private data after user can be made to browse deciphering.
A kind of data access method provided in an embodiment of the present invention, does not effectively guard against measure phase with current Cloud Server
Than, private data to be uploaded can be encrypted by embodiment of the present invention client in advance, is uploaded to Cloud Server afterwards again,
Ensure that the user's private data storing in Cloud Server is encryption data, improve the safety of private data, reduce user
The potential safety hazard of privacy leakage, when need access Cloud Server in storage private data when, security server can according to
Family authentication information carries out authentication, if by checking, obtains corresponding private data and by under proxy gateway equipment
Issue this client, by proxy gateway equipment, it can be decrypted, so that the number after this deciphering of client output display
According to, and then facilitating user to carry out browsing data, data access process safety is higher.
Embodiments provide another kind of data access method, can apply to client, as shown in Fig. 2 described
Method includes:
201st, by proxy gateway equipment, private data to be uploaded is encrypted.
Specifically, step 201 specifically may include that by described proxy gateway equipment, and private data to be uploaded is entered
Row data is replaced.Wherein, proxy gateway equipment can for gateway encryption can be carried out, number is set up in query safe server ip address
According to the equipment connecting, specifically can be pre-configured with by user.
Further, in order to realize this private data is decrypted, during private data is encrypted, also
May include that the data of described private data is replaced corresponding relation is saved in preset memory locations, described default storage position
The data preserving different private datas in putting replaces corresponding relation.Described preset memory locations can be carried out according to the actual requirements
Configuration, for example, preset memory locations can be the data base being pre-configured with, data list etc..
For example, private data is 123 character strings, this private data is carried out data replacement and obtains $-* character string, by " 1 "
<>" $ ", " 2 "<>"-", " 3 "<>" * " these data are replaced corresponding relation and are saved in preset memory locations, so that real
Now corresponding decryption oprerations are carried out to this private data.
It should be noted that during being encrypted to private data by proxy gateway equipment, by by secret
The data of data is replaced corresponding relation and is saved in preset memory locations, and this preset memory locations is available for proxy gateway equipment to be carried out
Call acquisition, to be decrypted to this private data, it is possible to achieve only by locally configured proxy gateway equipment ability
This private data is decrypted, this private data be cannot be carried out decipher by other clients, and then ensure that this secret
The safety of data.
202nd, the private data after encryption is sent to Cloud Server by security server to be stored.
Specifically, step 202 specifically may include that and for the private data after replacing to be sent to cloud clothes by security server
Business device is stored.For example, client can be by the data cube computation passage pre-building, after user totem information and encryption
Private data be sent to security server, security server, according to user totem information, determines this user in Cloud Server
Private data after encrypting is sent in Cloud Server accordingly by the positional information of the memory space of distribution according to this positional information
Memory space stored.
203rd, when needing to access the private data being stored in Cloud Server, client sends to security server and accesses
Request.
Wherein, carry the authentication information of described user in described access request, further, so that described peace
Full server carries out subscriber authentication according to described authentication information, if described user passes through authentication, obtains institute
State private data corresponding with described user in Cloud Server, described private data is the generation being pre-configured with by described client
Data after reason gateway device encryption.
For example, when needing to access the private data being stored in Cloud Server, can be by client to security service
Device sends http access request, and the such as network address of security server is 123.456.com, and user logs on safety clothes by this network address
Business device in and further input account and password obtain Cloud Server in store private data, security server is according to this account
With encrypted message, authentication is carried out to user, if by checking, acquiring secret corresponding with this user in Cloud Server
Data.
204th, the private data of security server transmission is received by proxy gateway equipment and be decrypted, after being deciphered
Private data.
Specifically, step 204 specifically may include that the described security server of reception is sent to institute using data cube computation passage
State the private data of proxy gateway equipment, described private data is the number after the deciphering receiving by described proxy gateway equipment
According to.Described data cube computation passage can be the data cube computation passage pre-building between security server and proxy gateway equipment,
If it should be noted that this data cube computation passage is closed, security server can return to the private of client encryption
Ciphertext data is so that user cannot browse real private data, it is desirable, therefore, to assure that this data cube computation passage is in unlatching shape
State, specifically can keep long connection status, pass through this data cube computation channel reception by locally configured proxy gateway equipment and encrypt
Private data, more accordingly deciphered by proxy gateway equipment, the private data after deciphering be returned to local client, with
Just user browses the private data after deciphering.
When the private data receiving in described proxy gateway equipment interconnection is decrypted, according in described preset memory locations
The data of the private data preserving replaces corresponding relation, carries out data replacement to the described private data receiving, is deciphered
Private data afterwards.For example, the private data of encryption is $-* character string, according to " 1 "<>" $ ", " 2 "<>"-", " 3 "<>
The data of " * " replaces corresponding relation, this private data is replaced with 123 character strings, the private data after being deciphered, so that right
Private data after this deciphering carries out output display, and then facilitates user to carry out browsing data.
The application scenarios of method provided in an embodiment of the present invention can be as follows, but not limited to this, for example, as Fig. 3 institute
Show, under conditions of having pre-build data cube computation passage, when user 1 needs to upload data in Cloud Server, can be by
Data is issued proxy gateway equipment by route and is encrypted, then through routeing the data is activation encrypted to security server, pacifies
Full server sends the data to Cloud Server and is stored, i.e. flow process shown in figure label 1-5;And work as user 1 and need to visit
When asking this data, access request can be sent to security server, security server is according to the corresponding data of acquisition request, and warp
Route is sent to proxy gateway equipment and is decrypted, and end user 1 client receives the data after deciphering, so that user is carried out
Browse, i.e. flow process shown in figure label 6-10.And user 2 need access user 1 upload data when, can directly access cloud clothes
Business device finds corresponding data, but the data obtaining is the data of encryption, and user 2 browses less than real data, therefore, whole
Individual flow process ensure that the data safety of user 1, does not result in the privacy leakage of user 1.
Another kind data access method provided in an embodiment of the present invention, does not effectively guard against measure with current Cloud Server
Compare, private data to be uploaded can be encrypted by embodiment of the present invention client in advance, be uploaded to cloud service afterwards again
Device, it is ensured that the user's private data storing in Cloud Server is encryption data, improves the safety of private data, reduces use
The potential safety hazard of family privacy leakage, when needing to access the private data of storage in Cloud Server, security server can basis
Subscriber authentication information carries out authentication, if by checking, obtains corresponding private data and passes through proxy gateway equipment
It is handed down to this client, by proxy gateway equipment, it can be decrypted, so that after this deciphering of client output display
Data, and then facilitate user to carry out browsing data, data access process safety is higher.
Embodiments provide another data access method, can apply to security server, as shown in figure 4,
Methods described includes:
401st, security server receives the access request that client sends.
Wherein, carry the authentication information of described user in described access request, can in described authentication information
To comprise user account information and encrypted message of User logs in etc..Described access request is that described security server is needing to visit
Ask and send during the private data being stored in Cloud Server.This private data is after preset proxy gateway equipment is encrypted
Data.
Before step 401, can also include: by the transmission of described client after described proxy gateway equipment is encrypted
Private data be sent to Cloud Server and stored.Specifically, set what described client sent by described proxy gateway
It is sent to Cloud Server for the private data carrying out after data replacement to be stored.
For example, client carries out data replacement by preset proxy gateway equipment to private data to be uploaded, and will replace
Private data after changing and user totem information are sent to security server, and security server determines according to this user totem information
The positional information of the memory space that this user distributes in Cloud Server, then according to this positional information by replace after secret number
Stored according to being sent in Cloud Server corresponding memory space.
402nd, subscriber authentication is carried out according to authentication information.
For example, preserve the presets list in security server, preserve different user account information in this table and correspond to respectively
Encrypted message, authentication is carried out according to this presets list and the user account that receives and password.
If 403 users pass through authentication, obtain private data corresponding with user in Cloud Server.
Wherein, described private data is the data after the proxy gateway equipment encryption being pre-configured with by described client.
Described proxy gateway equipment can for gateway encryption can be carried out, setting of data cube computation is set up in query safe server ip address
Standby.
In embodiments of the present invention, the different memory spaces in Cloud Server can be corresponded to respectively without user, that is, each
User can have one's own memory space, and security server can determine this user in Cloud Server by ID
The positional information of the memory space of distribution, and private data corresponding with user in Cloud Server is obtained according to this positional information.
404th, the private data getting is sent to client by preset proxy gateway equipment.
Further, so that described client obtains the described secret after described preset proxy gateway equipment is deciphered
Data.
Before step 404, can also include: detect that described security server is current and whether there is and described proxy gateway
Data cube computation passage between equipment, if not existing, security server directly can return the private data getting to client,
The data being encryption due to this private data, so that user cannot browse real private data it is therefore desirable to keep peace
Full connection status long between server and proxy gateway equipment, and then ensure that data cube computation passage is opening.
Specifically, if step 404 specifically may include that presence, utilize described data cube computation passage, by the institute getting
State private data and described client is sent to by described preset proxy gateway equipment.
For example, it is possible to send registration request beforehand through to security server, security server is taken according in registration request
The log-on message of band, configures corresponding domain-name information, specially http://abc.123.456.cn, the domain name of security server
For http: // 123.456.cn, user can be logged in by this domain name, by local dns (domain name
System, domain name analysis system) name server parses to the domain name of User logs in, obtains the corresponding net of security server
Pass information, by proxy gateway equipment query security server corresponding public network dns name server, obtains and this gateway information
Corresponding ip address, sets up local data cube computation passage and security server between it is possible to keep length according to this ip address
Connection status.
When needing to access this private data being stored in Cloud Server, http can be inputted by client: //
123.456.cn network address logs in security server, and input account and password obtain the secret storing in Cloud Server further
Data, security server carries out authentication according to this account and encrypted message to user, if passing through authentication, acquires
Private data corresponding with this user in Cloud Server, private data is sent to generation by the data cube computation passage of above-mentioned foundation
Reason gateway device, proxy gateway equipment is decrypted to it and the private data after deciphering is sent to client, so that user
Browse the private data after deciphering.
Another data access method provided in an embodiment of the present invention, does not effectively guard against measure with current Cloud Server
Compare, the private data after encryption to be uploaded can be sent to Cloud Server and be deposited by embodiment of the present invention security server
Storage, it is ensured that the user's private data storing in Cloud Server is encryption data, improves the safety of private data, reduces use
The potential safety hazard of family privacy leakage, when needing to access the private data of storage in Cloud Server, security server can basis
Subscriber authentication information carries out authentication, if by checking, obtains corresponding private data and passes through proxy gateway equipment
It is handed down to this client, by proxy gateway equipment, it can be decrypted, so that after this deciphering of client output display
Data, and then facilitate user to carry out browsing data, data access process safety is higher.
Further, implementing as Fig. 1 methods described, embodiments provides a kind of client, such as Fig. 5
Shown, described client includes: transmitting element 51, receiving unit 52, decryption unit 53.
Described transmitting element 51, can be used for when needs access the private data being stored in Cloud Server, to safety
Server sends access request, carries the authentication information of user in described access request.
Further, so that described security server carries out subscriber authentication according to described authentication information, if
Described user passes through authentication, then obtain private data corresponding with described user in described Cloud Server, described secret number
According to the data after the proxy gateway equipment encryption for being pre-configured with by described client.
Described receiving unit 52, can be used for receiving, by described proxy gateway equipment, the institute that described security server sends
State private data.
Described decryption unit 53, can be used for by described proxy gateway equipment, described private data being decrypted.
Further, in order to export the described private data after deciphering.
It should be noted that other of each functional unit involved by a kind of client provided in an embodiment of the present invention are accordingly retouched
State, may be referred to the corresponding description in Fig. 1, will not be described here.
A kind of client provided in an embodiment of the present invention, do not effectively guard against measure with current Cloud Server compared with, this
Private data to be uploaded can be encrypted by inventive embodiments client in advance, be uploaded to Cloud Server more afterwards it is ensured that
In Cloud Server, user's private data of storage is encryption data, improves the safety of private data, reduces privacy of user
The potential safety hazard revealed, when needing to access the private data of storage in Cloud Server, security server can be according to user's body
Part checking information carries out authentication, if by checking, obtains corresponding private data and is simultaneously handed down to by proxy gateway equipment
This client, can be decrypted to it by proxy gateway equipment, so that the data after this deciphering of client output display, enter
And facilitating user to carry out browsing data, data access process safety is higher.
Further, implementing as Fig. 2 methods described, embodiments provides another kind of client, such as
Shown in Fig. 6, described client includes: transmitting element 61, receiving unit 62, decryption unit 63.
Described transmitting element 61, can be used for when needs access the private data being stored in Cloud Server, to safety
Server sends access request, carries the authentication information of user in described access request.
Further, so that described security server carries out subscriber authentication according to described authentication information, if
Described user passes through authentication, then obtain private data corresponding with described user in described Cloud Server, described secret number
According to the data after the proxy gateway equipment encryption for being pre-configured with by described client.
Described receiving unit 62, can be used for receiving, by described proxy gateway equipment, the institute that described security server sends
State private data.
Described decryption unit 63, can be used for by described proxy gateway equipment, described private data being decrypted.
Further, in order to export the described private data after deciphering.
Described receiving unit 62, specifically can be used for receiving described security server and is sent to institute using data cube computation passage
State the private data of proxy gateway equipment, described private data is the number after the deciphering receiving by described proxy gateway equipment
According to.
Further, described client also includes: ciphering unit 64.
Described ciphering unit 64, can be used for private data to be uploaded being carried out add by described proxy gateway equipment
Close.
Described transmitting element 61, can be also used for for the described private data after encryption being sent to cloud by security server
Server is stored.
Described ciphering unit 64, specifically can be used for, by described proxy gateway equipment, private data to be uploaded being entered
Row data is replaced.
Described transmitting element 61, specifically can be used for for the private data after replacing being sent to cloud clothes by security server
Business device is stored.
Further, described client also includes: storage unit 65.
Described storage unit 65, can be used for for the data replacement corresponding relation of described private data being saved in default storage
In position, the data preserving different private datas in described preset memory locations replaces corresponding relation.
Described decryption unit 63, the private data that specifically can be used for receiving in described proxy gateway equipment interconnection is solved
When close, the data according to the private data preserving in described preset memory locations replaces corresponding relation, to the described private receiving
Ciphertext data carries out data replacement, the private data after being deciphered.
It should be noted that other of each functional unit involved by another kind client provided in an embodiment of the present invention are corresponding
Description, may be referred to the corresponding description in Fig. 1, will not be described here.
Provided in an embodiment of the present invention another kind client, do not effectively guard against measure with current Cloud Server compared with,
Private data to be uploaded can be encrypted by embodiment of the present invention client in advance, is uploaded to Cloud Server afterwards again, protects
In card Cloud Server, user's private data of storage is encryption data, improves the safety of private data, reduces user hidden
The private potential safety hazard revealed, when needing to access the private data of storage in Cloud Server, security server can be according to user
Authentication information carries out authentication, if by checking, obtains corresponding private data and is issued by proxy gateway equipment
To this client, by proxy gateway equipment, it can be decrypted, so that the data after this deciphering of client output display,
And then facilitating user to carry out browsing data, data access process safety is higher.
Further, implementing as Fig. 4 methods described, embodiments provides a kind of security server,
As shown in fig. 7, described security server includes: receiving unit 71, authentication unit 72, acquiring unit 73, transmitting element 74.
Described receiving unit 71, can be used for receiving the access request that client sends, carries in described access request
The authentication information of user, described access request is that described security server is needing to access the private being stored in Cloud Server
Send during ciphertext data.
Described authentication unit 72, can be used for carrying out subscriber authentication according to described authentication information.
Described acquiring unit 73, if can be used for described user pass through authentication, obtain in described Cloud Server with
The corresponding private data of described user, described private data is the proxy gateway equipment encryption being pre-configured with by described client
Data afterwards.
Described transmitting element 74, can be used for for the described private data getting passing through described preset proxy gateway equipment
It is sent to described client.
Further, so that described client exports the described secret after described preset proxy gateway equipment is deciphered
Data.
Further, as shown in figure 8, described cloud server also includes: detector unit 75.
Described detector unit 75, can be used for detecting that current whether there is of described security server is set with described proxy gateway
Data cube computation passage between standby.
Described transmitting element 74, if specifically for described detector unit 75 detect presence with described proxy gateway equipment it
Between data cube computation passage, then utilize described data cube computation passage, by the described private data getting pass through described preset generation
Reason gateway device is sent to described client.
Described transmitting element 71, can be also used for the transmission of described client after described proxy gateway equipment is encrypted
Private data be sent to Cloud Server and stored.
Described transmitting element 71, specifically can be used for carrying out what described client sent by described proxy gateway equipment
Private data after data replacement is sent to Cloud Server and is stored.
It should be noted that other phases of each functional unit involved by a kind of security server provided in an embodiment of the present invention
Should describe, may be referred to the corresponding description in Fig. 4, will not be described here.
A kind of security server provided in an embodiment of the present invention, does not effectively guard against measure phase with current Cloud Server
Private data after encryption to be uploaded can be sent to Cloud Server and be deposited ratio by embodiment of the present invention security server
Storage, it is ensured that the user's private data storing in Cloud Server is encryption data, improves the safety of private data, reduces use
The potential safety hazard of family privacy leakage, when needing to access the private data of storage in Cloud Server, security server can basis
Subscriber authentication information carries out authentication, if by checking, obtains corresponding private data and passes through proxy gateway equipment
It is handed down to this client, by proxy gateway equipment, it can be decrypted, so that after this deciphering of client output display
Data, and then facilitate user to carry out browsing data, data access process safety is higher.
Further, embodiments provide a kind of data access system, as shown in Figure 9, comprising: client 91,
Security server 92.
Described client 91, can be used for when needs access the private data being stored in Cloud Server, to described peace
Full server 82 sends access request.
Described security server 92, can be used for receiving the access request that described client 91 sends, described access request
In carry the authentication information of user, subscriber authentication is carried out according to described authentication information;If described user is led to
Cross authentication, then obtain private data corresponding with described user in described Cloud Server, described private data is by institute
State the data after the proxy gateway equipment encryption that client is pre-configured with;The described private data getting is passed through described preset
Proxy gateway equipment is sent to described client 91.
Described client 91, can be also used for receiving what described security server 92 sent by described proxy gateway equipment
Described private data is simultaneously decrypted, the described private data after being deciphered.
A kind of data access system provided in an embodiment of the present invention, does not effectively guard against measure phase with current Cloud Server
Than, private data to be uploaded can be encrypted by embodiment of the present invention client in advance, is uploaded to Cloud Server afterwards again,
Ensure that the user's private data storing in Cloud Server is encryption data, improve the safety of private data, reduce user
The potential safety hazard of privacy leakage, when need access Cloud Server in storage private data when, security server can according to
Family authentication information carries out authentication, if by checking, obtains corresponding private data and by under proxy gateway equipment
Issue this client, by proxy gateway equipment, it can be decrypted, so that the number after this deciphering of client output display
According to, and then facilitating user to carry out browsing data, data access process safety is higher.
The embodiment of the invention discloses:
A1, a kind of data access method, comprising:
When needing to access the private data being stored in Cloud Server, client sends to access to security server and asks
Ask, in described access request, carry the authentication information of user, so that described security server is tested according to described identity
When card information determines that described user passes through authentication, obtain private data corresponding with described user in described Cloud Server,
Described private data is the data after the proxy gateway equipment encryption being pre-configured with by described client;
The described private data of described security server transmission is received by described proxy gateway equipment and is decrypted, obtain
Described private data to after deciphering.
A 2, the data access method as described in a 1, described by described proxy gateway equipment receive described security service
Described private data that device sends simultaneously carries out decrypted packet and includes:
Receive the private data that described security server is sent to described proxy gateway equipment using data cube computation passage, institute
State the data that private data is after described proxy gateway equipment is deciphered.
A 3, the data access method as described in a 1, methods described also includes:
By described proxy gateway equipment, private data to be uploaded is encrypted;
Described private data after encryption is sent to Cloud Server by security server stored.
A 4, the data access method as described in a 2, described by described proxy gateway equipment to secret number to be uploaded
According to be encrypted including:
By described proxy gateway equipment, data replacement is carried out to private data to be uploaded;
Described by encryption after described private data pass through security server be sent to Cloud Server carry out storage inclusion:
Private data after replacing is sent to Cloud Server by security server stored.
A 5, the data access method as described in a 4, methods described also includes:
The data of described private data is replaced corresponding relation be saved in preset memory locations, described preset memory locations
In preserve different private datas data replace corresponding relation;
When the private data receiving in described proxy gateway equipment interconnection is decrypted, according in described preset memory locations
The data of the private data preserving replaces corresponding relation, carries out data replacement to the described private data receiving, is deciphered
Private data afterwards.
B6, a kind of data access method, comprising:
Security server receives the access request that client sends, and carries the authentication of user in described access request
Information, described access request is that described security server sends when needing to access the private data being stored in Cloud Server
's;
Subscriber authentication is carried out according to described authentication information;
If described user passes through authentication, obtain private data corresponding with described user in described Cloud Server,
Described private data is the data after the proxy gateway equipment encryption being pre-configured with by described client;
The described private data getting is sent to described client by described proxy gateway equipment, so that described
Client obtains the described private data after described proxy gateway equipment is deciphered.
B 7, the data access method as described in b 6, described by the described private data getting pass through described preset generation
Before reason gateway device is sent to described client, methods described also includes:
Detect the current data cube computation passage that whether there is and described proxy gateway equipment between of described security server;
Described the described private data getting is sent to described client bag by described preset proxy gateway equipment
Include:
If existing, utilize described data cube computation passage, the described private data getting is passed through described preset agency
Gateway device is sent to described client.
B 8, the data access method as described in b 6, methods described also includes:
The private data after described proxy gateway equipment is encrypted that described client is sent is sent to Cloud Server
Stored.
B 9, the data access method as described in b 8, described being set the transmission of described client by described proxy gateway
Private data after standby encryption is sent to Cloud Server to carry out storage and includes:
It is sent to what described client sent by the private data that described proxy gateway equipment is carried out after data replacement
Cloud Server is stored.
C10, a kind of client, comprising:
Transmitting element, for when needing to access the private data being stored in Cloud Server, sending to security server
Access request, carries the authentication information of user in described access request, so that described security server is according to described
When authentication information determines that described user passes through authentication, obtain secret corresponding with described user in described Cloud Server
Data, described private data is the data after the proxy gateway equipment encryption being pre-configured with by described client;
Receiving unit, for receiving, by described proxy gateway equipment, the described secret number that described security server sends
According to;
Decryption unit, for being decrypted to described private data by described proxy gateway equipment, after being deciphered
Described private data.
C 11, the client as described in c 10,
Described receiving unit, is sent to described agency specifically for receiving described security server using data cube computation passage
The private data of gateway device, described private data is the data after described proxy gateway equipment is deciphered.
C 12, the client as described in c 10, described client also includes: ciphering unit;
Described ciphering unit, for being encrypted to private data to be uploaded by described proxy gateway equipment;
Described transmitting element, is additionally operable to for the described private data after encryption to be sent to Cloud Server by security server
Stored.
C 13, the client as described in c 12,
Described ciphering unit, specifically for by described proxy gateway equipment, carrying out data to private data to be uploaded
Replace;
Described transmitting element, enters specifically for the private data after replacing is sent to Cloud Server by security server
Row storage.
C 14, the client as described in c 13, described client also includes: storage unit;
Described storage unit, is saved in preset memory locations for the data of described private data is replaced corresponding relation
In, the data preserving different private datas in described preset memory locations replaces corresponding relation;
Described decryption unit, when the private data specifically for receiving in described proxy gateway equipment interconnection is decrypted,
Data according to the private data preserving in described preset memory locations replaces corresponding relation, to the described private data receiving
Carry out data replacement, the private data after being deciphered.
D15, a kind of security server, comprising:
Receiving unit, for receiving the access request of client transmission, carries the identity of user in described access request
Checking information, described access request is that described security server is sent out when needing and accessing the private data being stored in Cloud Server
Send;
Authentication unit, for carrying out subscriber authentication according to described authentication information;
Acquiring unit, if for described user pass through authentication, obtain in described Cloud Server with described user couple
The private data answered, described private data is the data after the proxy gateway equipment encryption being pre-configured with by described client;
Transmitting element, for being sent to described client by the described private data getting by described proxy gateway equipment
End, so that described client obtains the described private data after described proxy gateway equipment is deciphered.
D 16, the security server as described in d 15, described security server also includes: detector unit;
Described detector unit, whether there is and described proxy gateway equipment between for detecting that described security server is current
Data cube computation passage;
Described transmitting element, if detect between presence and described proxy gateway equipment specifically for described detector unit
Data cube computation passage, then utilize described data cube computation passage, and the described private data getting is passed through described preset to act on behalf of net
Pass equipment is sent to described client.
D 17, the security server as described in d 15,
Described transmitting element, is additionally operable to the secret after described proxy gateway equipment is encrypted sending described client
Data is activation is stored to Cloud Server.
D 18, the security server as described in d 17,
Described transmitting element, carries out data by described proxy gateway equipment and replaces specifically for send described client
Private data after changing is sent to Cloud Server and is stored.
E19, a kind of data access system, comprising: client as described in any one of c10-c14 and as arbitrary in d15-d18
Security server described in.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion described in detail in certain embodiment
Point, may refer to the associated description of other embodiment.
It is understood that the correlated characteristic in said method and device can mutually reference.In addition, in above-described embodiment
" first ", " second " etc. be for distinguishing each embodiment, and do not represent the quality of each embodiment.
Those skilled in the art can be understood that, for convenience and simplicity of description, the system of foregoing description,
Device and the specific work process of unit, may be referred to the corresponding process in preceding method embodiment, will not be described here.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system
Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use various
Programming language realizes the content of invention described herein, and the description above language-specific done is to disclose this
Bright preferred forms.
In description mentioned herein, illustrate a large amount of details.It is to be appreciated, however, that the enforcement of the present invention
Example can be put into practice in the case of not having these details.In some instances, known method, structure are not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly it will be appreciated that in order to simplify the disclosure and help understand one or more of each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect an intention that i.e. required guarantor
The application claims of shield more features than the feature being expressly recited in each claim.More precisely, it is such as following
Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
The claims following specific embodiment are thus expressly incorporated in this specific embodiment, wherein each claim itself
All as the separate embodiments of the present invention.
Those skilled in the art are appreciated that and the module in the equipment in embodiment can be carried out adaptively
Change and they are arranged in one or more equipment different from this embodiment.Can be the module in embodiment or list
Unit or assembly be combined into a module or unit or assembly, and can be divided in addition multiple submodule or subelement or
Sub-component.In addition to such feature and/or at least some of process or unit exclude each other, can adopt any
Combination is to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed
Where method or all processes of equipment or unit are combined.Unless expressly stated otherwise, this specification (includes adjoint power
Profit requires, summary and accompanying drawing) disclosed in each feature can carry out generation by the alternative features providing identical, equivalent or similar purpose
Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiment means to be in the present invention's
Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint
One of meaning can in any combination mode using.
The all parts embodiment of the present invention can be realized with hardware, or to run on one or more processor
Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (dsp) are realizing a kind of data access method according to embodiments of the present invention, device
And some or all functions of some or all parts in system.The present invention is also implemented as execution institute here
(for example, computer program and computer program produce for some or all equipment of method of description or program of device
Product).Such program realizing the present invention can store on a computer-readable medium, or can have one or more
The form of signal.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or to appoint
What other forms provides.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference markss between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can come real by means of the hardware including some different elements and by means of properly programmed computer
Existing.If in the unit claim listing equipment for drying, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.