High in the clouds secret authentication platform and its method for building up
Technical field
The invention belongs to encrypted authentication system technical field.Specifically traditional encryption and authentication service are changed to cloud
Encryption authentication platform.
Background technology
In anti-fake certificate field, it is security consideration, traditional method is that each enterprise has a set of independent service server
And encryption equipment, and the trustship machine room of oneself is deployed in, isolate with outer net to ensure safety, block diagram is as shown in Figure 1.Traditional scheme
In, due to encryption equipment to be guaranteed and outer net physical isolation, so the service server of enterprise must be all placed in trustship with encryption equipment
In machine room, composition Intranet connection.Then overall by service server by fire wall opening service.The drawbacks of this technology
It is that physical LAN is connected due to service server to be guaranteed and encryption equipment to be so that a unification cannot be shared by each enterprise
Service server, also cannot be deployed in the service server of oneself in cloud virtual machine.
Content of the invention
The technical problem to be solved in the present invention be provide a kind of can and meanwhile service multiple enterprises application high in the clouds secret certification
Platform.
For solving above-mentioned technical problem, the present invention is adopted the following technical scheme that:High in the clouds secret authentication platform, including client
End, cloud virtual main frame and some trustship machine rooms;Described cloud virtual main frame includes cloud fire wall and service server;Described
Trustship machine room include enterprise's encryption equipment and router;Client sends business to the service server of cloud virtual main frame please
Ask, and receive the response data of high in the clouds service server;Enterprise's encryption equipment is isolated with outer net, is wired at trustship machine room special
Router on, the router by set VPN set up with cloud virtual main frame in service server secure connection, so as to
Service server is allowd to call the certification encryption and decryption functions of encryption equipment.
The high in the clouds secret authentication platform method for building up of the present invention, comprises the steps:
(1)Service server is disposed beyond the clouds, enterprise's applications client sends service request to high in the clouds service server, and connects
Receive the response data of the service server of cloud virtual main frame;
(2)The safety certification encryption equipment of enterprise is placed on its privately owned physics machine room, is isolated with outer net;The wired company of enterprise's encryption equipment
It is connected on the special router of machine room;
(3)Special router sets up the secure connection with the service server of cloud virtual main frame by setting VPN, so that
Obtain the certification encryption and decryption functions that service server can call encryption equipment;
(4)Service server is placed beyond the clouds, multiple enterprises can share a business platform, be given by account authority system
To distinguish, a high in the clouds encryption authentication platform is established.
Beneficial effects of the present invention:Service server unified plan beyond the clouds, can be serviced multiple enterprises by the present invention simultaneously
Application.The encryption equipment of each enterprise is deployed in the trustship machine room of enterprises to guarantee the cryptosecurity of each enterprise.Enterprise is each
From encryption equipment VPN initiated by the router of carry be connected to high in the clouds service server, it is ensured that channel security.
Description of the drawings
Fig. 1 is traditional anti-fake certificate platform block diagram.
Fig. 2 is the block diagram of the authentication platform of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings technical scheme is elaborated.
High in the clouds secret authentication platform, including client, cloud virtual main frame and some trustship machine rooms;Described cloud virtual
Main frame includes cloud fire wall and service server;Described trustship machine room includes enterprise's encryption equipment and router;Client is to cloud
The service server of end fictitious host computer sends service request, and receives the response data of high in the clouds service server;Enterprise's encryption equipment
Isolate with outer net, be wired on the special router of trustship machine room, the router is set up and cloud virtual by setting VPN
The secure connection of the service server in main frame, so that service server can call the certification encryption and decryption work(of encryption equipment
Energy.
The high in the clouds secret authentication platform method for building up of the present invention, comprises the steps:
(1)Service server is disposed beyond the clouds, enterprise's applications client sends service request to high in the clouds service server, and connects
Receive the response data of the service server of cloud virtual main frame;
(2)The safety certification encryption equipment of enterprise is placed on its privately owned physics machine room, is isolated with outer net;The wired company of enterprise's encryption equipment
It is connected on the special router of machine room;
(3)Special router sets up the secure connection with the service server of cloud virtual main frame by setting VPN, so that
Obtain the certification encryption and decryption functions that service server can call encryption equipment;
(4)Service server is placed beyond the clouds, multiple enterprises can share a business platform, be given by account authority system
To distinguish, a high in the clouds encryption authentication platform is established.
Embodiment described above is only that the preferred embodiment of the present invention is described, the not design to the present invention
It is defined with scope, on the premise of without departing from design concept of the present invention, in this area, ordinary skill technical staff is to this
The various modifications that bright technical scheme is made and improvement all should fall into protection scope of the present invention, the skill being claimed of the present invention
Art content, has all been documented in technical requirements book.