CN106789891A - A kind of various dimensions software authorization control method suitable for IaaS cloud platform - Google Patents
A kind of various dimensions software authorization control method suitable for IaaS cloud platform Download PDFInfo
- Publication number
- CN106789891A CN106789891A CN201611031651.2A CN201611031651A CN106789891A CN 106789891 A CN106789891 A CN 106789891A CN 201611031651 A CN201611031651 A CN 201611031651A CN 106789891 A CN106789891 A CN 106789891A
- Authority
- CN
- China
- Prior art keywords
- cloud platform
- certificate
- authority
- user
- management end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The present invention relates to soft ware authorization technical field, particularly a kind of various dimensions software authorization control method suitable for IaaS cloud platform.The method of the present invention is the restrictive condition of the dimension selection certificate at certificates constructing interface as needed;Then Generate Certificate;When, when first time cloud platform is used, certificate is uploaded after user's purchase certificate of authority, login formally uses cloud platform;Then when user uses cloud platform, management end is by calling certificate verification interface;Management end obtains the bright key of file encryption by asymmetric bright key, and certificate content is obtained by the bright key of file encryption;Then management backstage reads and authorizes relevant information and data;And then whether parsing user's current operation is within the scope of authority.The present invention solves the control of various dimensions soft ware authorization;Can be used for the soft ware authorization control of IaaS cloud platform.
Description
Technical field
The present invention relates to soft ware authorization technical field, particularly a kind of various dimensions soft ware authorization suitable for IaaS cloud platform
Control method.
Background technology
With the development of cloud computing, domestic cloud computing producer emerges in large numbers one after another, and facility is service based on IaaS cloud platform
Platform is even more in government industry, IDC data centers, medium-sized and small enterprises popularization;It greatly improves infrastructure resources utilization rate, drop
The operation cost of Di Liao enterprises.But the deployment particularity based on IaaS cloud platform, its authorization brings not to producer always
Few puzzlement, and each cloud producer develops one's own soft ware authorization mode according to the service needed of oneself, general point with
Under it is several:
1st, limited by physical machine quantity, that is, cloud platform can only be deployed in the user for buying cloud platform the number for authorizing limitation
Within amount;
2nd, limited by physical cpu, authorized by limiting the physical cpu number of cloud platform virtualization;
3rd, virtual machine quantity is limited, i.e., is authorized by the maximum virtual machine quantity that can be managed of cloud platform.
There is following drawback in above several ways:
1st, limited by physical machine or quantity, it will usually promote user to purchase configuration physical machine high such that it is able to create
Or manage more virtual machines.
2nd, limited by physical cpu, although solve allocation problem high, but user can be promoted by the way of hyperthread core
To increase virtual machine quantity.
3rd, by limiting virtual machine quantity, client will improve every configuration of virtual machine so that customer resources utilization rate
Decline.
In order to from truly realize to IaaS cloud platform soft ware authorization control, it is necessary to a kind of software of various dimensions is awarded
Power control method, this method should be able to be directed to the control of the use characteristic offer various dimensions of IaaS cloud platform, such as limit single
The configuration of individual physical node, limits the combinations such as the number of hyperthread core, and product is coordinated with this in the sale of different clients.
The content of the invention
Present invention solves the technical problem that being to provide a kind of various dimensions soft ware authorization control suitable for IaaS cloud platform
Method, solves the single control method of IaaS cloud platform soft ware authorization at this stage, and being that cloud platform is legal authorizes and use safely
A kind of flexible safe control method is provided.
The present invention solve above-mentioned technical problem technical scheme be:
Described method is the restrictive condition of the dimension selection certificate at certificates constructing interface as needed;Then generate,
Transmission, using, checking certificate.
Described method specifically includes following steps:
Step 1:The restrictive condition of certificate is selected at product certification generation interface;
Step 2:Click Generates Certificate, and certificates constructing software preserves relevant information with file mode, and is added using symmetrical
Close algorithm for encryption, and decruption key is encrypted by asymmetric arithmetic;
Step 3:User buys the certificate of authority;
Step 4:User uploads certificate when first time is using cloud platform, and login formally uses cloud platform;
Step 5:When user uses cloud platform, management end is by calling certificate verification interface;
Step 6:Management end obtains the bright key of file encryption by asymmetric bright key, is obtained in certificate by the bright key of file encryption
Hold;
Step 7:Management end backstage is read and authorizes relevant information and data,
Step 8:Whether parsing user's current operation is currently demonstrate,proved when virtual machine is created within the scope of authority, it is necessary to parse
Whether book exceeds cloud platform mandate for cloud platform virtual machine quantity, the resource size of establishment;
Step 9:If in the scope of authority, allowing client to enter next operating procedure;If exceeding the scope of authority, return
Beyond the cloud platform scope of authority, producer please be contact.
Described product certification generation interface, is the administration interface for being responsible for generating cloud platform certificate specially;
Described restrictive condition include product version, authorize time range, limit physics number of nodes, virtual machine quantity,
Physical cpu quantity, thread CPU quantity, the configuration of separate unit physical machine highest, the configuration of separate unit virtual machine highest;
Described physical node, refers to for doing the physical server for virtualizing;
Described thread CPU, refers to the threaded core number of CPU, i.e., can be carried using physical server after Hyper-Threading
The threaded core number of confession, is 2 times of physical core calculation;
Described highest configuration, refers to maximum support how much core how many G internal memories of CPU, does not limit storage here.
Described management end refers to responsible generation task, transmission task, reception task feedback in cloud computing solution
Service control management module, the module is only responsible for generation task, and irresponsibility is pragmatic existing.
Described authorization is divided to simultaneously or two kinds;
Described authorization, refers to take to take the mode of one or require many inside all mandate restrictive conditions
Plant combination verification mode;During multiple combination mode, it is desirable to which the behavior of user must authorize ability quilt in the range of restrictive conditions all
Allow operation.
Method of the present invention scalability is good, with the development of IaaS technologies, can at any time add a kind of authorization control plan
Slightly.The method of the present invention is safe, and certificate uses two layers of cipher mode, while the control mode of various dimensions, it is to avoid Ke Hutong
Illegal operation is crossed to be licensed.The inventive method flexibility is good, can take different mandate plans according to different clients
Slightly, such as desktop cloud client, the configuration mode of virtual machine quantity and each calculate node can be authorized, can user use
Legal mandate, can ensure that the performance for using again.
Brief description of the drawings
The present invention is further described below in conjunction with the accompanying drawings:
Fig. 1 is flow chart of the invention.
Specific embodiment
As shown in figure 1, the inventive method comprises the following steps:
Step 1:In product certification generation interface selection product version, time range is authorized, limit physics number of nodes, it is empty
The limitations such as plan machine quantity, physical cpu quantity, thread CPU quantity, the configuration of separate unit physical machine highest, the configuration of separate unit virtual machine highest
Condition.Following methods are the main program logics for generating encrypted certificate:
Step 2:Click Generates Certificate, and certificates constructing software preserves relevant information with file mode, and is added using symmetrical
Close algorithm for encryption, and decruption key is encrypted by asymmetric arithmetic.
Here symmetric encipherment algorithm uses AES, rivest, shamir, adelman to use RSA.
Step 3:User buys the certificate of authority.
Step 4:User uploads certificate when first time is using cloud platform, and login formally uses cloud platform.
Upload certificate will certificate upload to cloud platform management server and specify engineering catalogue, facilitate cloud platform management end to read
Take, if cloud platform management end does not find certificate file when startup, during user login management platform, will be switched on user
Credential interface is passed, is facilitated user to upload certificate and is operated.The following is certificate upload code:
Step 5:When user uses cloud platform, management end is by calling certificate verification interface.
Step 6:Management end obtains the bright key of file encryption by asymmetric bright key, is obtained in certificate by the bright key of file encryption
Hold.Core code is verified the following is certificate:
Step 7:Management end backstage is read and authorizes relevant information and data, reads authorization, and authorization is divided to simultaneously or two
Kind.
Step 8:, it is necessary to parse current when whether parsing user's current operation creates virtual machine within the scope of authority, such as
Whether certificate exceeds cloud platform mandate for cloud platform virtual machine quantity, the resource size of establishment.
Step 9:If in the scope of authority, allowing client to enter next operating procedure;If exceeding the scope of authority, return
Beyond the cloud platform scope of authority, producer please be contact.
Claims (6)
1. a kind of various dimensions software authorization control method suitable for IaaS cloud platform, it is characterised in that:Described method be
Certificates constructing interface dimension as needed selects the restrictive condition of certificate;Then generate, transmission, using, checking certificate.
2. various dimensions software authorization control method according to claim 1, it is characterised in that:Described method is specifically included
Following steps:
Step 1:The restrictive condition of certificate is selected at product certification generation interface;
Step 2:Click Generates Certificate, and certificates constructing software preserves relevant information with file mode, and is calculated using symmetric cryptography
Method is encrypted, and decruption key is encrypted by asymmetric arithmetic;
Step 3:User buys the certificate of authority;
Step 4:User uploads certificate when first time is using cloud platform, and login formally uses cloud platform;
Step 5:When user uses cloud platform, management end is by calling certificate verification interface;
Step 6:Management end obtains the bright key of file encryption by asymmetric bright key, and certificate content is obtained by the bright key of file encryption;
Step 7:Management end backstage is read and authorizes relevant information and data,
Step 8:Whether user's current operation is parsed within the scope of authority, when virtual machine is created, it is necessary to parse current certificates pair
In cloud platform virtual machine quantity, whether the resource size of establishment exceeds cloud platform mandate;
Step 9:If in the scope of authority, allowing client to enter next operating procedure;If exceeding the scope of authority, return exceeds
The cloud platform scope of authority, please contact producer.
3. method according to claim 2, it is characterised in that:
Described product certification generation interface, is the administration interface for being responsible for generating cloud platform certificate specially;
Described restrictive condition includes product version, authorizes time range, limits physics number of nodes, virtual machine quantity, physics
CPU quantity, thread CPU quantity, the configuration of separate unit physical machine highest, the configuration of separate unit virtual machine highest;
Described physical node, refers to for doing the physical server for virtualizing;
Described thread CPU, refers to the threaded core number of CPU, i.e., can be provided using physical server after Hyper-Threading
Threaded core number, is 2 times of physical core calculation;
Described highest configuration, refers to maximum support how much core how many G internal memories of CPU, does not limit storage here.
4. method according to claim 2, it is characterised in that:
Described management end refers to responsible generation task, transmission task, the business of reception task feedback in cloud computing solution
Control management module, the module is only responsible for generation task, and irresponsibility is pragmatic existing.
5. method according to claim 3, it is characterised in that:
Described management end refers to responsible generation task, transmission task, the business of reception task feedback in cloud computing solution
Control management module, the module is only responsible for generation task, and irresponsibility is pragmatic existing.
6. the method according to any one of claim 2 to 5, it is characterised in that:Described authorization is divided to simultaneously or two kinds;
Described authorization, refers to take to take the mode of one or require various groups inside all mandate restrictive conditions
Close verification mode;During multiple combination mode, it is desirable to which the behavior of user must just be allowed in the range of all mandate restrictive conditions
Operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611031651.2A CN106789891A (en) | 2016-11-22 | 2016-11-22 | A kind of various dimensions software authorization control method suitable for IaaS cloud platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611031651.2A CN106789891A (en) | 2016-11-22 | 2016-11-22 | A kind of various dimensions software authorization control method suitable for IaaS cloud platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106789891A true CN106789891A (en) | 2017-05-31 |
Family
ID=58971477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611031651.2A Pending CN106789891A (en) | 2016-11-22 | 2016-11-22 | A kind of various dimensions software authorization control method suitable for IaaS cloud platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106789891A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109561095A (en) * | 2018-06-20 | 2019-04-02 | 安徽省泰岳祥升软件有限公司 | Micro services authorization management method and device |
| WO2019109943A1 (en) * | 2017-12-05 | 2019-06-13 | 北京金山云网络技术有限公司 | Cloud platform management method and apparatus, electronic device and readable storage medium |
| CN110855668A (en) * | 2019-11-14 | 2020-02-28 | 浙江九州云信息科技有限公司 | Method and system for managing authorization certificate of container cloud platform |
| CN113282371A (en) * | 2021-05-27 | 2021-08-20 | 杭州迪普科技股份有限公司 | Performance management method and device of virtualized network equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101916415A (en) * | 2010-08-06 | 2010-12-15 | 西北工业大学 | On-demand service method for software license in cloud computing platform |
| CN102324009A (en) * | 2011-09-07 | 2012-01-18 | 上海普元信息技术股份有限公司 | Software copyright control system based on cloud computing platform and method thereof |
| CN102509034A (en) * | 2011-09-30 | 2012-06-20 | 广东电子工业研究院有限公司 | Software license control device and method |
| CN103491097A (en) * | 2013-09-30 | 2014-01-01 | 华中师范大学 | Software authorization system based on public key cryptosystem |
| US20160147981A1 (en) * | 2013-07-25 | 2016-05-26 | Siemens Healthcare Diagnostics Inc. | Anti-piracy Protection for Software |
-
2016
- 2016-11-22 CN CN201611031651.2A patent/CN106789891A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101916415A (en) * | 2010-08-06 | 2010-12-15 | 西北工业大学 | On-demand service method for software license in cloud computing platform |
| CN102324009A (en) * | 2011-09-07 | 2012-01-18 | 上海普元信息技术股份有限公司 | Software copyright control system based on cloud computing platform and method thereof |
| CN102509034A (en) * | 2011-09-30 | 2012-06-20 | 广东电子工业研究院有限公司 | Software license control device and method |
| US20160147981A1 (en) * | 2013-07-25 | 2016-05-26 | Siemens Healthcare Diagnostics Inc. | Anti-piracy Protection for Software |
| CN103491097A (en) * | 2013-09-30 | 2014-01-01 | 华中师范大学 | Software authorization system based on public key cryptosystem |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019109943A1 (en) * | 2017-12-05 | 2019-06-13 | 北京金山云网络技术有限公司 | Cloud platform management method and apparatus, electronic device and readable storage medium |
| CN109561095A (en) * | 2018-06-20 | 2019-04-02 | 安徽省泰岳祥升软件有限公司 | Micro services authorization management method and device |
| CN110855668A (en) * | 2019-11-14 | 2020-02-28 | 浙江九州云信息科技有限公司 | Method and system for managing authorization certificate of container cloud platform |
| CN113282371A (en) * | 2021-05-27 | 2021-08-20 | 杭州迪普科技股份有限公司 | Performance management method and device of virtualized network equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10790980B2 (en) | Establishing trust in an attribute authentication system | |
| CN108683747B (en) | Resource obtaining, distributing and downloading method, device, equipment and storage medium | |
| CN104969201B (en) | For calling the safe interface of privileged operation | |
| US11038698B2 (en) | Securing a path at a selected node | |
| US10833860B2 (en) | Shared key processing by a host to secure links | |
| Liu et al. | Authorized public auditing of dynamic big data storage on cloud with efficient verifiable fine-grained updates | |
| EP4102387A1 (en) | System of enclaves | |
| US11025413B2 (en) | Securing a storage network using key server authentication | |
| US11038671B2 (en) | Shared key processing by a storage device to secure links | |
| Pradeep et al. | An efficient framework for sharing a file in a secure manner using asymmetric key distribution management in cloud environment | |
| US20210119784A1 (en) | Securing a path at a node | |
| CN112671720B (en) | Token construction method, device and equipment for cloud platform resource access control | |
| CN106789891A (en) | A kind of various dimensions software authorization control method suitable for IaaS cloud platform | |
| US20220141039A1 (en) | Certificate based security using post quantum cryptography | |
| CN103051455A (en) | Method for realizing delegation of cipher function of TCM (trusted cryptographic module) under cloud computing environment | |
| US20150082027A1 (en) | Drm method and drm system for supporting offline sharing of digital contents | |
| Chalse et al. | A new technique of data integrity for analysis of the cloud computing security | |
| CN103401894A (en) | Streaming media DRM (Digital Rights Management) cloud service system with browser/server architecture and implementation method thereof | |
| US20200296089A1 (en) | Validating containers on a microservice framework | |
| US9755832B2 (en) | Password-authenticated public key encryption and decryption | |
| Kumar et al. | Multi-authentication for cloud security: A framework | |
| CN113452521B (en) | Block chain state password adaptation method, state password adapter, system and device | |
| Gaikwad et al. | Providing storage as a service on cloud using OpenStack | |
| CN103746798A (en) | Data access control method and data access control system | |
| CN109918938A (en) | A kind of storage, querying method and the device of cloud computing platform user data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170531 |
|
| WD01 | Invention patent application deemed withdrawn after publication |